Article 27 FRIA: Fundamental Rights Impact Assessment

Article 27 requires certain deployers of high-risk AI systems to run a fundamental rights impact assessment (FRIA) before deployment. The scope is narrower than most readings: only public bodies and Annex III(5)(b)+(c) credit / life-health insurance deployers are explicitly in.

FRIA is the most discussed and most over-applied Article in the EU AI Act. Article 27(1) sets a narrow scope: bodies governed by public law and private entities providing public services, plus explicit deployers of Annex III(5)(b) creditworthiness AI and (5)(c) life/health insurance AI. HR is NOT in the explicit list, Annex III(4) sits in Article 27 only through the public-body route. This topic indexes the practical FRIA writing: the six things it must cover, how it differs from a GDPR DPIA, the notification step to market surveillance authorities, and how to scope a first FRIA without over-engineering.

1. 1
   14 minFeatured

   EU AI Act Article 27 FRIA: How to Run a Fundamental Rights Impact Assessment

   Article 27 requires certain deployers of high-risk AI systems to run a fundamental rights impact assessment (FRIA) before deployment. Who's actually in scope is narrower than most read it. This guide covers the 6 things a FRIA must cover, how it differs from a GDPR DPIA, the notification step, and how to scope your first FRIA without over-engineering it.

   Read article
2. 2
   14 minFeatured

   EU AI Act for Credit Scoring AI: Annex III(5)(b), Article 27 FRIA, and Consumer Credit Law

   Credit-scoring AI is one of the few use cases that REQUIRES an Article 27 FRIA under the EU AI Act. This guide covers Annex III(5)(b) classification, the FRIA process, GDPR Article 22 automated-decision rights, the Consumer Credit Directive interaction, and the 2 December 2027 deadline.

   Read article
3. 3
   15 minFeatured

   EU AI Act for Healthcare AI: Medical Devices, Diagnostics, and Clinical Decision Support

   Healthcare AI sits at the intersection of two regimes: the EU AI Act + sectoral product law (MDR / IVDR). This guide covers Annex I embedded high-risk classification, the dual conformity assessment route, Article 73 incident reporting on top of MDR vigilance, and the 2 August 2028 deadline post-Omnibus.

   Read article
4. 4
   14 minFeatured

   EU AI Act for HR Teams: What Recruitment, Performance Review, and Worker Management AI Needs

   Recruitment AI, CV screening, performance scoring, promotion and termination AI, gig allocation, and worker monitoring all sit in Annex III(4) high-risk territory under the EU AI Act. This guide covers what HR teams need to do under Article 26, when an Article 27 FRIA is required, and how to scope a 90-day HR AI compliance ramp.

   Read article
5. 5
   14 min

   EU AI Act Compliance Checklist: 10 Steps Before the High-Risk Deadline

   A practical 10-step compliance checklist for the EU AI Act. From AI inventory to ongoing monitoring: everything your business needs before enforcement begins.

   Read article