ENISA refreshed its Threat Landscape methodology, a useful reference for risk registers and runtime monitoring planning in AI deployments subject to the EU AI Act and the NIS2 Directive.
Why this matters
The updated methodology provides a structured approach to threat identification and risk assessment that aligns with EU cybersecurity requirements. It supports deployers' operational risk management and incident preparedness.
Impact on obligations
Deployer
Use the ENISA Threat Landscape to update risk registers, monitoring procedures, and incident drills. Link risk assessments to transparency logs.
What to evidence
- Updated risk registers
- Monitoring procedures
- Incident drills linked to transparency logs
Key artefacts explained:
- DSSE: Dead Simple Signing Envelope — portable signature format
- STH: Signed Tree Head — tamper-evident checkpoint in transparency log
- TSA: Time-Stamp Authority — independent timestamp receipt
- WORM: Write Once Read Many — immutable storage for audit trails