Organisation

Identify your organisation

This information appears in the document header and establishes which Article 27 obligation category applies to your organisation.

Organisation name * Please enter your organisation name.

Operator category under Article 27(1) * Select the category that describes your organisation. This determines your FRIA obligation.

Public body or Union institution, body, office, or agency (Article 27(1), first category) Private operator providing a public service, such as utilities or public transport (Article 27(1), second category) Any deployer using a system under Annex III point 5(b): creditworthiness assessment by non-regulated entities (Article 27(1), third category) Any deployer using a system under Annex III point 5(c): risk assessment and pricing for life and health insurance (Article 27(1), third category)

Please select your operator category.

Member State of operation * Please select the Member State of operation.

FRIA file contact person * The name or role responsible for maintaining this FRIA document. Please enter a contact person or role.

AI System

AI system being deployed

Identify the high-risk AI system. This section establishes what is being deployed and in what context, providing the foundation for the rest of the assessment.

AI system name or commercial product designation * Please enter the AI system name.

Provider name * Please enter the provider name.

Intended purpose of the AI system * Describe the task or function the system performs as intended by the provider, and your specific deployment purpose. Please describe the intended purpose.

Planned or actual deployment start date * Please enter the deployment date.

Art. 27(1)(a)

Process and frequency of use

Article 27(1)(a) requires a description of the processes in which the AI system will be used, including the periods and frequency of use.

Description of the process in which the AI system will be used * Describe the operational workflow: who initiates a request, what data is fed to the system, how the output is used, and who acts on it. Please describe the process of use.

Frequency and volume of use * Estimated number of queries, decisions, or interactions per day, week, or month. Please describe the frequency of use.

Art. 27(1)(b)

Deployment period and update cycle

Article 27(1)(b) requires a statement of the periods over which the AI system will be used and how often it will be updated during that period.

Time period over which the AI system is intended to be used * State the planned deployment horizon: a fixed contract term, an indefinite licence, or a specified review point. Please state the deployment period.

Update frequency * How often does the provider update the model, and how often do you review the deployment against this FRIA? Please describe the update frequency.

Art. 27(1)(c)

Categories of persons affected

Article 27(1)(c) requires identification of the categories of natural persons and groups likely to be affected by the deployment of the system in the Union.

Select all categories of persons likely to be affected * Select at least one category. You can add further detail in the text field below.

Customers or service users of the deploying organisation Employees or workers of the deploying organisation Third parties who interact with customers or employees Vulnerable groups, including persons with disabilities and persons in economically precarious situations Minors (persons under 18 years of age)

Please select at least one category of affected persons.

Additional detail on affected groups (optional) Provide further specificity, estimated numbers, or geographic scope if relevant.

Art. 27(1)(d) + (e)

Risks and mitigation measures

Article 27(1)(d) requires identification of the specific risks of harm to fundamental rights likely to impact those categories of persons. Article 27(1)(e) requires a description of the implementation of measures to mitigate those risks.

Specific risks of harm to fundamental rights * Identify the concrete risks: discrimination, privacy intrusion, denial of access to services, freedom from automated profiling, etc. Reference the fundamental rights at stake (Charter of Fundamental Rights, ECHR). Please describe the specific risks to fundamental rights.

Measures implemented to mitigate those risks * For each risk identified above, describe the technical and organisational measures in place. Be specific and auditable. Please describe the mitigation measures.

Art. 27(1)(f) + (g)

Human oversight and complaints

Article 27(1)(f) requires a description of the human oversight measures. Article 27(1)(g) requires a description of the measures for internal governance and for complaints by affected persons.

Human oversight measures in place * Describe who performs oversight, their competence and authority, and the mechanisms by which they can intervene in or override system outputs. This must meet the Article 14 standard. Please describe the human oversight measures.

Internal governance and complaints mechanism * Describe how affected persons can raise concerns, request explanations, or challenge an AI-assisted decision. Include the responsible function and the expected response timeline. Please describe the complaints mechanism.

FRIA Generator