Article 27 of Regulation (EU) 2024/1689 introduces the fundamental rights impact assessment (FRIA), an obligation that sits on the deployer side — not the provider side — for specific Annex III high-risk AI systems. It applies to deployers that are bodies governed by public law, deployers that are private entities providing public services, and deployers of high-risk AI systems referred to in Annex III points 5(b) (credit scoring, except fraud detection) and 5(c) (life and health insurance pricing). It does NOT apply to deployments of Annex III point 2 systems (critical infrastructure). The assessment must be performed before deployment and notified to the market surveillance authority. Where a DPIA under Art. 35 GDPR already covers the relevant elements, the FRIA complements rather than replaces it.
€249 one-time payment · 12 PDF documents in ZIP · 45 minutes · 100% in your browser
Article 27 is one of the few obligations that sits primarily on deployers, not providers. The scope is narrow but the consequences are real: a FRIA must be performed before the first use and updated whenever an element changes.
No. FRIA scope under Art. 27(1) is narrower than general high-risk classification. It applies to (i) deployers that are bodies governed by public law, (ii) private entities providing public services, and (iii) deployers of Annex III points 5(b) (credit scoring) and 5(c) (insurance). High-risk AI systems in Annex III points 1, 2, 3, 4, 6, 7, 8 — outside the public-service context — do NOT trigger a FRIA for the deployer.
Art. 27(4) — where the Art. 35 GDPR DPIA already covers the relevant Art. 27 elements, the FRIA shall complement that DPIA. The two assessments are distinct obligations under different regulations: the DPIA assesses processing of personal data; the FRIA assesses impact on fundamental rights of the AI deployment. They can share inputs and be performed jointly, but neither replaces the other.
Art. 27(2) — the FRIA applies to the first use. But if, during the use of the high-risk AI system, the deployer considers that any of the elements listed in paragraph 1 has changed or is no longer up to date, the deployer shall take the necessary steps to update the information. Changes to processes, frequency, affected groups, identified risks or oversight arrangements all trigger updates.
Answer these four questions to determine your obligations.
12 PDF documents generated from your inputs. Each cites the article of Regulation (EU) 2024/1689 it fulfils.
Identifies whether your system is prohibited (Art. 5), high-risk (Art. 6 + Annex III) or subject to transparency obligations (Art. 50).
The 9 blocks of Annex IV in full: system description, training data, validation, performance metrics, risk management, human oversight. Art. 11 + Annex IV.
Signable document conforming to Art. 47 and Annex V.
Key application dates: 2 Feb 2025, 2 Aug 2025, 2 Aug 2026, 2 Aug 2027. Art. 113.
Executive summary of compliance status for authorities or commercial buyers. Art. 43 procedure.
QMS structure covering the 13 aspects required by Art. 17.
Document for the entity deploying your system, conforming to Art. 13.
Verifiable evidence list, cross-referenced to every Annex IV block.
Notification protocol conforming to Art. 73 (15 days general / 10 days death / 2 days widespread).
Training plan conforming to Art. 4, in force since 2 February 2025.
Plan structure required by Art. 72 and integrated into the technical documentation under Annex IV(9).
Template under Art. 27 for public bodies, private entities providing public services, and Annex III 5(b)(c) deployers.
See before you buy — Download a sample dossier (PDF, fictional company) — Real structure, real articles, real format. Fictional data.
Generated from your inputs, in your browser. No data leaves your machine.
12 documents. 45 minutes. €249. The documentation your system needs before being placed on the market.
If your system falls under Art. 43(1) (Annex III point 1 biometrics with notified-body route, or Annex I products), you will need third-party conformity assessment. That is a separate process. AICheck does not replace it.
We do not sell audits. We do not sell consultancy. We sell the tool that structures your documentation under Annex IV.
Article 99 of Regulation (EU) 2024/1689. Chapter XII (Penalties) applies from 2 August 2025.
Art. 99(3). Up to €35 million or 7% of total worldwide annual turnover, whichever is higher. For SMEs and start-ups: whichever is lower (Art. 99(6)).
Art. 99(4). Includes failure to draw up technical documentation under Art. 11 + Annex IV. Covers obligations of providers (Art. 16), deployers (Art. 26), authorised representatives (Art. 22), importers (Art. 23), distributors (Art. 24), notified bodies (Art. 31, 33, 34) and transparency under Art. 50.
Art. 99(5). Applies when information provided to notified bodies or national competent authorities is wrong or misleading.
If you operate multiple AI systems and need to document them all under Annex IV, contact us for volume pricing at hello@solidwaretools.com.
Request volume pricingAICheck produces a document structured under Article 11 and Annex IV of Regulation (EU) 2024/1689 from the information you provide. The accuracy, truthfulness and completeness of that information is your responsibility as provider of the AI system.
We guarantee that the document structure follows Article 11 and Annex IV of Regulation (EU) 2024/1689 and that the legal references cited are correct as of the last verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a given case, nor by a commercial buyer in a procurement process.
AICheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.
Twelve documents. Annex IV fully structured. Regulation (EU) 2024/1689. Your data does not leave your machine. The ZIP you download is yours to keep.