AI Act Article 15 — how are teams actually implementing accuracy/robustness checks for high-risk systems?

The EU AI Act Article 15 requires high-risk AI systems to achieve appropriate levels of accuracy, robustness, and cybersecurity throughout their lifecycle. In practice, what does 'appropriate' mean for your risk assessments? We've been debating internally whether this maps to established ML validation frameworks (like ISO/IEC 25059) or whether the AI Act demands something fundamentally different from traditional model validation. Specific questions: 1. Are you using existing ML testing frameworks, or building custom compliance test suites? 2. How do you handle the 'throughout lifecycle' requirement — continuous monitoring or periodic reassessment? 3. Has anyone mapped AI Act Art. 15 requirements to existing SOC 2 or ISO 27001 controls? Jurisdiction: EU, DE We're trying to operationalize this before the phased enforcement kicks in. Would love to hear what other practitioners are doing.