Towards Assuring EU AI Act Compliance and Adversarial Robustness of LLMs
Tomas Bueno Momcilovic, Beat Buesser, Giulio Zizzo, Mark Purcell, Dian Balta
TL;DR
The paper addresses the challenge of ensuring EU AI Act compliance and adversarial robustness for LLM-based systems, where standards are underdeveloped and models are highly dynamic. It proposes a framework that combines ontologies, assurance cases (GSN), and factsheets to structure duties, defenses, provenance, and testing against adversarial prompts, enabling auditable, continuous assessment. A principal contribution is mapping EUAIA duties to robustness requirements and formalizing them in an OWL ontology linked to a narrative factsheet for traceability. The work aims to provide engineers and regulators with a complete, up-to-date snapshot of safety, security, and regulatory compliance, with future work focusing on automating argument generation and experimental validation.
Abstract
Large language models are prone to misuse and vulnerable to security threats, raising significant safety and security concerns. The European Union's Artificial Intelligence Act seeks to enforce AI robustness in certain contexts, but faces implementation challenges due to the lack of standards, complexity of LLMs and emerging security vulnerabilities. Our research introduces a framework using ontologies, assurance cases, and factsheets to support engineers and stakeholders in understanding and documenting AI system compliance and security regarding adversarial robustness. This approach aims to ensure that LLMs adhere to regulatory standards and are equipped to counter potential threats.