A Fundamental Rights Impact Assessment (FRIA) is a mandatory process for certain institutions, such as banks, insurers, and public service providers, when using high-risk AI systems under the Artificial Intelligence Act.
Certain institutions, such as banks and insurance companies, are required to perform a Fundamental Rights Impact Assessment (FRIA) when using high-risk AI systems. This is a requirement of article 27 of the Artificial Intelligence Act (‘the AI Act’). It ensures that AI deployment respects fundamental rights, democracy, and the rule of law, requiring assessments before implementation in areas like biometrics, education, and law enforcement.
Five Key Steps in conduction a FRIA
A FRIA focuses on risk management. Risks to affected individuals should be identified, their likelihood and severity assessed, and mitigants should be defined to control those risks. The first step should be to check whether a FRIA is required at all. Organisations should make sure their assessment at least contains the following steps:1. Check whether existing FRIAs and DPIAs can be used (a FRIA complements existing DPIA’s).
2. Describe the AI System
- The processes in which the AI system will be used.
- The period of time during which the AI system will be used.
- The frequency with which the AI system is intended to be used.
- The categories of natural persons and groups likely to be affected by its use in the specific context.
3 . Identify Risks
- Specific risks to fundamental rights.
- Potential discrimination based on sex, race, religion, etc.
- Risks to privacy, freedom of expression, and other rights.
4. Define Mitigation Measures
- Human oversight measures.
- Internal governance and complaint mechanisms.
- Measures to address and rectify potential discrimination and harm.
5. Notification
- The relevant market surveillance authority should be notified of the results.
- The template questionnaire (to be developed by the AI Office) must be filled out and submitted
To support this process, we are pleased to present the “BDO Legal Guide to the Fundamental Rights Impact Assessment”. This publication provides a structured approach to conducting a FRIA, outlining key steps such as determining whether an assessment is required, describing the AI system, identifying risks, and implementing oversight mechanisms.