Compliance
EU AI Act: Prompt-Injection Defence as a Compliance Cost Line
High-risk systems must meet Article 15 cybersecurity and robustness requirements. Prompt-injection defence is one of the named control families.
Art. 15
Cybersecurity and robustness
Aug 2026
General-purpose AI rules date
Quote
Vendor pricing reality
DPIA
Pairs with GDPR
“High-risk AI systems shall be designed and developed in such a way that they achieve an appropriate level of accuracy, robustness and cybersecurity throughout their lifecycle.”
Where prompt-injection defence lands
- Article 15 explicitly references resilience against attempts to manipulate the model, which covers prompt-injection.
- Logged guardrail decisions provide Article 12 record-keeping evidence.
- Red-team evidence supports the Article 9 risk-management requirement.
- The EU AI Act pairs with GDPR DPIAs where personal data is in scope.
For the GDPR cost side, see gdprcompliancecost.com.
Last verified June 2026Source: vendor pricing pages. See /methodology.