Glossary term
FRIA
Also: Fundamental Rights Impact Assessment
Mandatory assessment under EU AI Act Art. 27 for deployment of specific high-risk AI systems. Required for public bodies and private deployers of essential services before first use.
Content: description of deployment, purpose, duration, frequency, affected groups, specific fundamental-rights risks, level of human oversight, mitigation measures including internal governance and complaint mechanisms.
Distinction from DPIA: FRIA focuses on fundamental-rights impact beyond data protection (discrimination, self-determination, fairness). DPIA focuses on data-protection risk under GDPR Art. 35. Both can complement each other.
Practice: FRIA is usually performed interdisciplinarily (legal, data protection, business, IT, compliance, potentially ethics board). The outcome must be documented before first deployment.
Related terms
EU AI Act
World's first comprehensive AI law. Four risk classes: prohibited, high-risk, limited (transparency)…
AI Act Risk Categories
Four-tier classification under the EU AI Act: prohibited (Art. 5), high-risk (Annex I/III), limited …
DPIA
Mandatory assessment under GDPR Art. 35 where processing is likely to result in high risk to the rig…
FIDO2
Open authentication standard of FIDO Alliance and W3C, comprising WebAuthn (browser/platform interfa…
AI Act Conformity Assessment
Procedure to demonstrate that a high-risk AI system complies with the EU AI Act before being placed …
Audit-ready decision
A decision whose record is structured, evidence-backed and stakeholder-signed to a level that a thir…
BAIT
BaFin circular that concretises IT requirements for credit institutions. Specifies MaRisk AT 7.2 for…
BCM
Discipline for maintaining critical business processes during disruptions. Standards: ISO 22301, BSI…