Impact & Fundamental Rights - AI Governance Hub

ISO × NIST × EU

// theme · impact-assessment

Impact & Fundamental Rights

Open in explorer →

Assessing impact on people, fundamental rights, fairness.

// Do once → satisfies all three

ONE AI Impact Assessment template that doubles as a Fundamental Rights Impact Assessment (FRIA) for in-scope deployers.

FRIA is the most prescriptive impact assessment. Use its field list as the master template and the ISO/NIST impact requirements drop out.

ISO 42001

Cl.6.1.4 · Cl.8.4 · Annex A.5

NIST AI RMF

MAP 5.1 · MAP 5.2

EU AI Act

Art.27

// Evidence auditors expect

✓ AI System Impact Assessment (ISO Cl.6.1.4 / Annex A.5)
✓ Fundamental Rights Impact Assessment (EU Art.27) for deployers
✓ Stakeholder consultation evidence for affected groups
✓ Re-assessment trigger list (change in purpose, data, population)

// Common pitfalls

⚠ Skipping FRIA because 'we're not public sector' - Art.27 also covers essential services and several deployers.
⚠ Impact assessment done by the dev team alone with no affected-stakeholder input.
⚠ No re-assessment when intended purpose or user population shifts.

ISO 42001

8

Cl.6.1.4 + Annex A.5 require AI system impact assessment on individuals, groups and society.

Needs and expectations of interested parties

Identify interested parties (users, regulators, affected persons) and their requirements.

AI risk assessment

Define and apply a process to identify, analyse and evaluate AI risks.

AI system impact assessment

Assess potential consequences for individuals, groups and society throughout the AI lifecycle.

AI system impact assessment (operational)

Conduct impact assessments at planned intervals and on change.

AI system impact assessment process

Establish a process to assess the potential impacts of AI systems on people and society.

Documentation of impact assessments

Document the results of AI system impact assessments and keep them available for review.

Assessing AI system impact on individuals and groups

Assess potential impacts of AI systems on individuals and groups of individuals.

Assessing societal impacts

Assess potential societal impacts of AI systems beyond direct users.

NIST AI RMF

4

MAP 5.1/5.2 cover impact on people and the environment within the MAP function.

Stakeholder engagement & communications

Mechanisms for stakeholder feedback and communication.

Potential benefits examined

Benefits to mission and stakeholders examined against costs/risks.

Likelihood & magnitude of impacts characterised

Impacts on individuals, groups, communities, society characterised.

Fairness & bias evaluated

AI system is evaluated for fairness and harmful bias.

EU AI Act

2

Art.27 obliges certain deployers (public bodies, essential services) to perform a Fundamental Rights Impact Assessment before use.

Prohibited AI practices

Bans manipulative AI, social scoring, untargeted scraping for face DBs, certain biometric uses, etc.

Fundamental rights impact assessment (FRIA)

Certain deployers of high-risk AI must perform a Fundamental Rights Impact Assessment.

// What now?

Open “Impact & Fundamental Rights” in the Explorer →

Continue to a related theme · Third Parties & Supply Chain →