Fundamental Rights Impact Assessment (FRIA)

Last updated: Edit on GitHub

Overview

A Fundamental Rights Impact Assessment (FRIA) documents how a high-risk AI deployment affects Charter rights in your operational context. It complements Annex IV technical documentation: Annex IV explains the system; the FRIA explains the societal and individual impact of using it.

Aikraft provides a guided workflow so compliance teams can keep the FRIA aligned with classification answers and monitoring data — without duplicating free-text in three places.

Note: This workflow captures operational evidence; it does not replace legal sign-off from counsel where your sector requires it.

When to start a FRIA in Aikraft

The app prompts you to open a FRIA draft when:

  • A system is classified high-risk, and
  • The questionnaire indicates fundamental rights are engaged (for example employment, creditworthiness, or access to essential services).

You can also start manually from Document → Fundamental rights if your legal team requests it for a borderline case.

Workflow steps

1. Scope and context

Pre-filled from your system profile:

  • Name, domain, and deployment geography
  • Summary of automated vs human decisions
  • Data categories processed

Add free-text describing workflow integration — who sees model output, what happens on override, and appeal paths.

2. Rights mapping

Use the built-in checklist aligned to common Charter articles for high-risk categories. For each selected right:

  • Describe how the deployment engages it (not generic boilerplate)
  • Link supporting evidence (for example HR policy PDFs uploaded under Attachments)

Aikraft flags unchecked high-risk categories where rights mapping is empty.

3. Mitigations

Document technical and organisational measures:

  • Human oversight design (who can reject or correct)
  • Accuracy and robustness checks you run in production
  • Monitoring rules (cross-links to Monitoring setup)

Mitigations should mirror claims in your Annex IV draft; if they diverge, the review panel highlights the mismatch.

4. Review and sign-off

By default, only Compliance Officers (see Team and roles) may mark a FRIA Approved. Approvals are timestamped and appear in the audit log.

Linking to Annex IV

In Document → Annex IV, section Human oversight, use Insert from FRIA to pull mitigation bullets. The insert creates a tracked reference — if the FRIA changes, Annex IV shows a stale reference badge until you reconcile.

Export

Approved FRIAs can be exported as PDF appendices bundled with the Annex IV export or as a standalone document for data protection files.