EU AI Act · Article 27 · Fundamental Rights Impact Assessment

Article 27 of the EU AI Act: FRIA Explained

Article 27 introduces the Fundamental Rights Impact Assessment (FRIA) — a document certain deployers of high-risk AI must complete before first use, to surface and mitigate risks to people's rights.

What Article 27 requires

The FRIA describes the deployment process and intended purpose, the period and frequency of use, the categories of people affected, the specific risks of harm to those people, the human-oversight measures, and the steps to take if risks materialise. Where a DPIA already exists, the FRIA can complement it.

Who it binds

Deployers that are public bodies or private operators providing public services, and deployers using high-risk systems for creditworthiness/credit scoring or life and health insurance risk assessment.

Key points

  • Required before first use, by specific deployers only.
  • Distinct from a GDPR DPIA, though the two can be aligned.
  • Focuses on impact to people's fundamental rights.

FAQ

Who has to do a FRIA?

Public bodies and private providers of public services deploying high-risk AI, plus deployers using high-risk AI for credit scoring or life/health insurance risk assessment.

Related articles

See which articles apply to your systems

Run the free 2-minute checker — deterministic, no sign-up.

Run the free check