Fundamental Rights Impact Assessments (FRIAs) under the EU AI Act: What You Need to Know

The upcoming EU AI Act brings significant regulatory changes for organizations deploying high-risk AI systems, especially regarding the need to conduct Fundamental Rights Impact Assessments (FRIAs). These assessments are essential for ensuring compliance and protecting fundamental rights. At Nemko Digital, we offer support to help organizations navigate these new requirements. 

What is a FRIA? 

A FRIA is a systematic process for assessing the potential impact of an action, policy or technology on individuals' fundamental rights. It is particularly relevant in contexts where new technologies such as AI are in use, as these technologies can have profound implications for human rights and ethical standards.  

The aim of the FRIA is to address the potential risks of high-risk AI systems to the fundamental rights of individuals, beyond the technical requirements of the EU AI law, such as conformity assessment. AI providers may not be able to anticipate all deployment scenarios, or the biases and manipulations that AI systems may introduce. Thus, the FRIA serves as a process for organisations to justify and be accountable for why, where and how they use high-risk AI systems. 

A FRIA is a critical tool designed to assess and mitigate potential harms caused by high-risk AI systems, focusing on their impact on individuals' fundamental rights. This process goes beyond technical compliance, requiring organizations to reflect on the broader societal implications of their AI systems, such as the risk of bias, manipulation, or privacy violations. Nemko Digital can help your organization conduct internal FRIAs to ensure your AI deployments meet the highest standards. 

Who Needs to Conduct FRIAs? 

Under the EU AI Act, three main groups must conduct FRIAs: 

Public Authorities: Any government body or public sector entity deploying a high-risk AI system, especially those related to law enforcement or public service.

Private entities providing public services: This includes sectors like education, healthcare, and housing. These services are considered of public nature and have significant implications for individual rights when mistakes are made. 

Operators of high-risk AI systems: Organizations deploying systems for creditworthiness evaluation, insurance risk assessments, and other high-risk applications, and other applications listed under Annex III in the EU AI Act.

Our experts can help you identify whether your organization falls within these categories and guide you through the FRIA process.  

Key Components of a FRIA 

A FRIA should include at least the following: 

Description of Use Detailing the intended purpose of the AI system, including the processes and contexts in which it will be deployed. 

Duration and Frequency: Outlining the timeframe and frequency of the system’s use to understand its potential long-term impact. 

Affected Groups: Identifying the categories of individuals or groups likely to be affected by the AI system, taking into account specific demographics and contexts. 

Risk Assessment: Evaluating the potential risks to individuals’ rights and freedoms, including but not limited to privacy, freedom of expression, and non-discrimination. 

Human Oversight: Describing the measures in place to ensure human oversight, which is critical for maintaining accountability and transparency. 

Mitigation Measures: Listing the steps to be taken to mitigate identified risks, including governance structures and complaint mechanisms.  

A FRIA should be conducted prior to deployment. This ensures the mitigation of risks is done before the system is operational. FRIA’s should be regularly reviewed, and updated whenever there are significant changes to the AI system or the context in which it is deployed. 

FRIA Template by European AI Office 

Conducting FRIA’s can be difficult when an organization lacks expertise on how AI systems negatively affect human rights. Recognizing the complexity, the AI office will provide a FRIA template, instead of through the product safety standards set by CEN/CENELEC’s JTC21. The AI Office will provide a standardized template questionnaire along with an automated tool for doing the assessment under the AI Act.  

The AI Act outlines a phased implementation schedule, with obligations for high-risk AI systems commencing on August 2, 2026. It is anticipated that the FRIA template will be made available before this date to allow organizations sufficient time to comply with the assessment requirements. 

How can we help you? 

If you're unsure whether your organization needs to conduct a FRIA, Nemko Digital is here to help. Taking a proactive approach to AI governance not only ensures compliance but also safeguards individual rights and protects your reputation. 

For many organizations, conducting a FRIA can be daunting—especially when it's the first time. Assessing the broader impact of an AI system isn’t straightforward, but that’s where we come in. 

Let us handle the complexities of AI governance so you can focus on deploying responsible, compliant AI systems. Contact us today to get expert support with FRIAs and build trust in your AI.