What are the practical steps for conducting a Fundamental Rights Impact Assessment (FRIA) as potentially required by Article 27, and what should the report include?

Okay, here's the complete, corrected answer, without any meta-comments, and incorporating the accurate interpretation of Recital 96:

Practical Steps for Conducting a FRIA:

  1. Determine Applicability (Article 27(1)):
  2. Define the Scope (Article 27(1)(a) and (b)):
  3. Identify Affected Persons and Groups (Article 27(1)(c)):
  4. Identify Specific Risks of Harm (Article 27(1)(d)):
  5. Describe Human Oversight Measures (Article 27(1)(e)):
  6. Describe Measures to be Taken (Article 27(1)(f)):
  7. Complement Other Assessments (Recital 96, Paragraphs 372, 373):
  8. Document and Update:

What the FRIA Report Should Include:

  1. Executive Summary: A brief overview of the AI system, its intended use, the key findings of the FRIA, and the main mitigation measures.
  2. Scope of the Assessment: As defined in Step 2.
  3. Affected Persons and Groups: As identified in Step 3.
  4. Risk Assessment: The risk register (from Steps 4 and 6), including:
  5. Human Oversight Measures: As described in Step 5.
  6. Internal Governance and Complaint Mechanisms: As described in Step 6.
  7. Relationship to Other Assessments: Explanation of how the FRIA complements other assessments, clarifying the broad scope beyond just DPIAs.
  8. Conclusion: A summary of the overall assessment and any remaining risks.