Quick answer

Article 27 requires certain deployers of high-risk AI to conduct a fundamental rights impact assessment (FRIA) before deploying the system. This mainly applies to public bodies and private entities providing public services.

Updated June 2026 · MmowW AI Compliance

Article 27: When You Need a Fundamental Rights Impact Assessment

What Is a FRIA?

A Fundamental Rights Impact Assessment (FRIA) is an evaluation you conduct before deploying a high-risk AI system to understand how it might affect people's basic rights. Think of it as asking: could this AI system unfairly discriminate against people? Could it violate their privacy? Could it affect their access to essential services?

The concept is similar to other impact assessments businesses already do — like data protection impact assessments under GDPR. If you've done one of those before, the FRIA process will feel familiar.

Who Needs to Do One

FRIAs are primarily required for public bodies and private entities that provide public services when they deploy high-risk AI. This includes government agencies, healthcare providers, educational institutions, and companies that provide essential services like banking, insurance, or utilities.

If you're a small private business that doesn't provide public services, you may not be strictly required to conduct a FRIA. However, doing one voluntarily is good practice if your AI system makes decisions that significantly affect people.

What a FRIA Should Cover

A FRIA should describe the deployer's processes that use the AI system, how long and how frequently the system will be used, what categories of people will be affected, the specific risks to fundamental rights, any measures you'll take to mitigate those risks, and how you'll monitor the system's impact over time.

You should also consider the particular risks to vulnerable or marginalized groups. An AI system that works well for the general population might still produce unfair outcomes for certain groups.

Conducting a FRIA in Practice

You don't need an army of lawyers to conduct a FRIA, though legal input is helpful. Start by mapping out who will be affected by your AI system and how. Identify the rights that could be at stake — typically privacy, non-discrimination, freedom of expression, and access to services. Assess the likelihood and severity of any negative impacts. Then document the steps you'll take to prevent or mitigate those impacts. Keep this document and update it as you learn more about how the system performs in practice.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.