The classic trap
Article 102 is a coordination provision: it grafts the high-risk AI requirements of Chapter III, Section 2, of the AI Act onto aviation security regulation (Regulation EC 300/2008). The trap for affected operators (airports, security equipment vendors, screening providers) is to assume that compliance with aeronautical technical specifications is enough. In reality, as soon as a piece of security equipment embeds an AI system (automatic threat detection at checkpoints, baggage imaging analysis, behavioural recognition), it becomes a high-risk AI system that must satisfy both bodies of rules. The EU AI Office supervises the general-purpose AI dimension, and the CNPD remains competent for personal data processed by such equipment (body imaging, passenger biometric data).
The Chapter III Section 2 obligations that attach to your security equipment
When security equipment integrates AI, you inherit the following obligations on top of the standard aviation approval:
- A documented risk management system maintained across the full lifecycle of the detection AI.
- Training data governance: quality, representativeness, absence of bias in baggage image or body scan datasets.
- Complete technical documentation demonstrating conformity before the equipment is placed on the market.
- Traceability through automatic event logging throughout the system lifetime.
- Transparency and information for the airport operator deploying the system.
- Effective human oversight: an agent must be able to override the detection AI decision.
- Accuracy, robustness and cybersecurity proportionate to the security use case.
The concrete risk: a vendor delivers an AI detection gate compliant with EASA specifications but lacking an AI Act risk management system, and the deploying airport finds itself exposed during a cross security-AI inspection.
How Luxgap automates this risk
Our Luxgap HighRisk Compliance Mapper makes it impossible to deploy non-compliant AI security equipment by automatically mapping each embedded AI system against the seven requirements of Chapter III, Section 2. The tool queries your asset repositories (CMDB, EASA inventory, Odoo vendor contracts, Azure Sentinel logs) to identify any equipment that combines sectoral regulation with high-risk AI, then generates the cross-compliance grid with no form to fill in.
- Automatically detects each piece of security equipment embedding an AI component by cross-referencing your technical inventory and vendor contracts.
- Maps each system against the seven Chapter III Section 2 requirements (risk management, data governance, documentation, logging, transparency, human oversight, robustness) and flags gaps.
- Verifies with your vendors the presence of AI Act technical documentation and extended CE marking before any commissioning.
- Calculates a cross security-AI compliance score and prioritises the gaps most exposed during an inspection.
- Produces a timestamped PDF report, enforceable before the AI market surveillance authority and the EU AI Office, demonstrating that AI requirements were taken into account in equipment approval.
- Alerts in real time via Teams as soon as a new AI device is added to your estate without a complete compliance file.
Available as a complement to a Luxgap CISO or DPO mandate or as a dedicated SaaS module depending on your scope. Request a tailored quote and our teams will prepare a demonstration on your actual equipment estate, with a free blank audit within 48h to measure your exposure before any commitment.