AI Governance Library

A Guide to Fundamental Rights Impact Assessments (FRIA)

This guide supports organisations in conducting Fundamental Rights Impact Assessments under the EU AI Act, outlining criteria, methodologies, and a phased process to identify, assess, mitigate, and monitor AI-related risks to fundamental rights.
Jakub Szarmach
3 min read
A Guide to Fundamental Rights Impact Assessments (FRIA)
A Guide to Fundamental Rights Impact Assessments FRIA
A Guide to Fundamental Rights Impact Assessments FRIA.pdf
2 MB
download-circle

⚡ Quick Summary

This guide by the Danish Institute for Human Rights and the European Center for Not-for-Profit Law is one of the most operational interpretations of Article 27 AI Act to date. It translates the abstract obligation to conduct a Fundamental Rights Impact Assessment into a concrete, governance-ready process. What makes it stand out is its strong anchoring in international human rights law, especially the EU Charter, ECHR, and UN Guiding Principles on Business and Human Rights. Rather than treating FRIA as a compliance checkbox, the document frames it as a decision-making milestone that should meaningfully influence whether and how a high-risk AI system is deployed. The emphasis on stakeholder participation, documentation, mitigation planning, and post-deployment monitoring positions FRIA as a living governance instrument rather than a static report.

🧩 What’s Covered

The guide is structured around five phases that together form a full FRIA lifecycle. It begins with planning and scoping, stressing early timing (ideally pre-procurement), budget allocation, and the composition of a multidisciplinary FRIA team. Three team models are compared—in-house, externalised, and hybrid—highlighting trade-offs between credibility, accountability, and institutional learning.

A detailed context analysis follows, covering deployment context, system features, and governance arrangements. This section is particularly useful for aligning FRIA with procurement, vendor management, and internal AI governance policies.

The core of the document is the impact assessment and mitigation phase, where deployers are guided to develop realistic “typical” and “worst-case” scenarios. These scenarios are explicitly mapped against affected fundamental rights, with practical examples such as border control and migration systems. The guide provides a structured methodology for assessing severity and likelihood, taking into account scope, gravity, irreversibility, and vulnerability of affected groups.

Mitigation measures are categorised into organisational, technical, and contractual safeguards, with strong attention to human oversight, complaint mechanisms, and provider obligations. The guide then moves to deployment decisions and public reporting, offering a clear framework for deciding when deployment should not proceed—especially where absolute rights are implicated.

Finally, it covers monitoring, review, and stakeholder consultation as ongoing duties. The stakeholder engagement section is unusually detailed, offering concrete guidance on who to involve, how, and at which stage, reinforcing participation as a substantive right rather than a procedural formality.

đź’ˇ Why it matters?

This guide effectively operationalises the AI Act’s fundamental rights ambition. It bridges legal theory and organisational practice, showing how FRIA can be embedded into procurement, governance, and accountability structures. For deployers struggling to distinguish FRIA from DPIA, it clearly positions them as complementary but distinct tools, expanding the risk lens beyond data protection to the full spectrum of fundamental rights. In practice, this document sets a de facto benchmark for what regulators, courts, and civil society may later consider a “meaningful” FRIA.

âť“ What’s Missing

While methodologically strong, the guide offers limited sector-specific shortcuts for smaller organisations with constrained resources. More worked examples outside the public-sector and migration context—such as employment, education, or insurance—would increase usability for private deployers. Additionally, the interaction between FRIA outputs and conformity assessments or quality management systems under the AI Act could be made more explicit.

đź‘Ą Best For

Public authorities deploying high-risk AI systems, private entities delivering essential public services, and compliance, legal, and AI governance professionals responsible for implementing Article 27 AI Act obligations in a defensible, human-rights-based way.

đź“„ Source Details

Danish Institute for Human Rights (DIHR) & European Center for Not-for-Profit Law (ECNL), A Guide to Fundamental Rights Impact Assessments (FRIA) under the EU Artificial Intelligence Act, December 2025. Funded by the European Artificial Intelligence & Society Fund.

đź“ť Thanks to

DIHR, ECNL, AlgorithmWatch, Michele Loi, and the broader community of human rights scholars and civil society experts who contributed to shaping this guide.

Guide
About the author
Jakub Szarmach

Jakub Szarmach

Read next

Understanding 42001 – Guide for Australian Business

The AI Regulatory Capability Framework and Self-Assessment Tool

Introductory Guidance to AI Controls Matrix (AICM) v1.0

Supervision of Artificial Intelligence in Finance: Challenges, Policies and Practices

Strengthening AI Governance Through Techno-Legal Framework

AI Governance Library

Curated Library of AI Governance Resources

AI Governance Library

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to AI Governance Library.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.