-
AI Privacy Risk Testing and Compliance Support
RISE Research Institutes Of Sweden
Your AI models might be leaking personal data or trade secrets. GDPR and the AI Act expect you to check this — not hope for the best. We deliver reproducible and defensible testing, so your decisions — and your audits — rest on evidence instead of assumptions.
Organisations that build or deploy AI models must meet strict privacy and cybersecurity obligations under GDPR, the EU AI Act, and sector‑specific rules. Models can unintentionally memorise and leak personal data through attacks such as membership inference, data reconstruction, and data extraction — creating real compliance and reputational risks.
GDPR requires organisations to prevent downstream exposure of personal data and to honour the Right to be Forgotten, which in practice demands testing whether individual training data still leaves detectable traces inside a model.
Beyond privacy, AI models may also reveal proprietary or confidential business information, turning leakage into an IP and cybersecurity risk, not just a data‑protection issue. The EU AI Act reinforces this by requiring testing under foreseeable misuse, including privacy‑relevant attacks.
LeakPro provides structured, empirical stress‑testing of AI models to measure privacy and IP leakage, validate privacy‑enhancing technologies, and generate audit‑ready evidence for DPIAs, GDPR, and AI Act compliance.
This service maps to the following articles within AI-act:
• Article 9 Risk management system — Continuous lifecycle risk management to keep your AI compliant and under control.
• Article 10 Data and Data Governance — Validate that your training data meets state-of-the-art privacy and security standards.
• Article 15 Accuracy, robustness and cybersecurity — Proactively detect and mitigate confidentiality attacks before they become real risks.
The audit reports constitute evidence that feeds into the technical documentation (Article 11 — Technical documentation, Annex IV).
How can the service help you?
• Detect leakage of personal data, sensitive attributes, or proprietary information.
• Check data traceability to support GDPR Right‑to‑be‑Forgotten obligations.
• Validate and tune synthetic data, federated learning, and differential privacy.
• Provide quantitative leakage‑risk indicators for audits, DPIAs, and procurement.
• Advise on privacy‑resilient AI design already at investment and planning.
How the service will be delivered
Logistics
• Delivered via RISE secure environments or customer infrastructure.
• Supports models across text, tabular, image, time‑series and graph modalities.
• Option for iterative collaboration during model development or one‑off audits.
Delivery period
Engagements are planned in phases depending on the scope, starting with a general assessment (qualitative), followed by attack simulation (quantitative) and reporting.
Duration
• Short engagement: 3–6 weeks
• Complex model audits or PET optimization: 2–4 months
Customer requirement
• Provide intended use-case, regulatory context, and risk appetite
• Documentation of model development and system environment.
• Optional: Access to model artefacts and training data for technical study.
Deliveries
• Tailored attack suite configuration
• Execution of privacy and IP leakage attacks
• PET tuning recommendations
• Compliance‑aligned summary (reporting evidence for GDPR, AI Act, etc)
Output
• Technical leakage‑risk metrics
• Training data traceability assessment (Right‑to‑be‑Forgotten)
• Harm‑oriented explanation for DPIAs
• Recommendations for mitigation and governance
View service →
-
Patient-to-Pipeline: Regulatory-Compliant Clinical Data Collection
Fraunhofer Gesellschaft Zur Forderung Der Angewandten Forschung Ev (Fraunhofer)
**Who Can Benefit:**
- MedTech & AI Companies: For obtaining high-quality, ethically sourced clinical datasets to fuel algorithm development without navigating hospital bureaucracy.
- Clinical Researchers: For systematic, regulation-compliant data collection with full documentation and audit trail.
**Key Features:**
- End-to-end management of ethical approval processes (ethics committee submission, informed consent design)
- Prospective data collection within Universitätsklinikum Erlangen clinical departments
- Expert clinical annotation and ground truth labeling by domain specialists
- Full GDPR compliance with pseudonymization/anonymization pipelines
- Structured data output compatible with downstream AI training and analysis workflows
**Possible Applications:**
- Wearable Sensor Studies (e.g. Cardiology): Prospective collection of continuous ECG, PPG, or blood pressure data from cardiac patients for digital biomarker development and remote monitoring algorithm training.
- Motion & Gait Analysis (Biomechanics): Systematic acquisition of IMU, force plate, and motion capture data in clinical and sports lab settings for movement disorder assessment, rehabilitation tracking, or athletic performance evaluation.
- Neurological Signal Acquisition: Collection of EEG, EMG, or tremor sensor data from neurological patient cohorts to support AI-based diagnostic or therapy monitoring tools.
- Real-World Evidence Datasets: Longitudinal data collection from ambulatory patients in everyday settings, enabling the development of algorithms that generalize beyond controlled lab environments.
- Athletic Performance & Injury Prevention: Structured data gathering during sports science testing protocols to build datasets for injury risk prediction, load monitoring, and return-to-play decision support.
- Multi-Modal Clinical Datasets: Combined collection of sensor data, imaging, lab values, and patient-reported outcomes to enable holistic, multi-modal AI model development.
**Who We Are:**
The **Fraunhofer Insitute for Integrated Circuits (Fraunhofer IIS)** has established the **"Center for Sensor Technology and Digital Medicine" (CEMDIS)** in cooperation with the Universitätsklinikum Erlangen and the Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) to enhance modern healthcare through **innovative sensor technology** and **digital solutions**. This center focuses on integrating **innovative medical technologies** such as **wearables** and **robotic systems** to support **medical diagnostics**, **patient monitoring** and **evaluating patient-specific therapies** by providing digital health solutions für real-life healthcare. Located at the Universitätsklinikum Erlangen, it offers unique infrastructures for the **development**, **integration**, and **validation** of novel health technologies, providing companies opportunities for **technological advancements**. For more information, visit the [Fraunhofer IIS website](https://www.iis.fraunhofer.de/de/ff/sse/health/zentrum-sensorik-medizin.html).
View service →
-
RISE Cyber Range – Cybersecurity Training, Testing, and Penetration Testing Environment
RISE Research Institutes Of Sweden
RISE Cyber Range is a secure and realistic training and testing environment. The service also includes controlled penetration testing. Organizations can use the environment to practice and evaluate their ability to prevent, detect, and manage cyberattacks. The service is designed to be understandable even for non-technical decision-makers. It provides a clear picture of an organization’s cybersecurity maturity.
RISE Cyber Range uses highly realistic IT and OT environments. These environments are used to identify technical vulnerabilities through penetration testing. They are also used to improve incident response capabilities. The service strengthens collaboration between technical teams, management, and business functions.
How can the service help you?
The service helps organizations to:
- Perform penetration testing
- Train staff using realistic cyber incident scenarios
- Test technical safeguards and processes in a safe environment
- Evaluate organizational readiness and decision-making under pressure
- Identify improvement areas before real incidents occur
How the service will be delivered
Logistics: The Cyber Range environment is provided by RISE and can be delivered on-site, remotely, or as a hybrid solution depending on customer needs. Delivery period: Delivery is planned in close cooperation with the customer and can be conducted as a single engagement or as a series of recurring exercises over time. Duration: The duration of the exercises ranges from a few hours to several days, depending on the scenario and desired level of depth. Customer requirement: The customer is expected to provide high-level information about their organization, relevant threat scenarios, and participants for the exercise. Deliveries: RISE delivers a fully configured cyber range environment, scenario-driven attacks, facilitation, and technical and methodological support throughout the engagement. Output: After completion of the service, the customer receives structured feedback in the form of observations, analysis, and recommendations.
Service customization
The service can be customized to meet the customer's specific needs, technical environment and level of maturity in cybersecurity. The assessment process begins with a joint meeting where the customer and a technical team from RISE discuss different options and tailor a service that is designed based on the customer's needs.
View service →
-
TEF-Gateway
Karolinska Institutet (KI)
Comprehensive assessment of healthcare AI startups and SMEs across four readiness dimensions—technical, regulatory, organisational, and market—delivering a prioritised roadmap to close identified gaps.
The service includes:
Technical Readiness Assessment
Evaluation of AI model maturity, data pipeline robustness, validation status, deployment architecture, and scalability for clinical or production environments.
Regulatory Readiness Assessment
Review of compliance posture against the EU AI Act, MDR requirements, GDPR obligations, and status of ethical approvals.
Organisational Readiness Assessment
Assessment of team competencies, governance structures, quality management systems, and post-market surveillance capability.
Market Readiness Assessment
Review of product-market fit, go-to-market strategy, reimbursement pathways, value proposition clarity, and competitive positioning.
Gap Analysis & Roadmap
Structured mapping of gaps between current and target state across all dimensions, with prioritised recommendations, indicative timelines, and a follow-up session.
View service →