Working draftPending AI Office template under Article 27(5)

Article 27 FRIA Template

Fundamental Rights Impact Assessment under Regulation (EU) 2024/1689, Article 27. Working template pending publication of the official AI Office questionnaire under Article 27(5). The six inputs below reproduce the wording of Article 27(1) verbatim. Free to use and adapt.

Section A — Organisation and system details

Organisation name
[entry]
Date of assessment
[entry]
AI system name and version
[entry]
Provider (if different from deployer)
[entry]
Member State(s) of deployment
[entry]
Annex III category
[entry]
Article 27 basis (public body / private entity providing public services / deployer of Annex III 5(b) or 5(c) system)
[entry]

Section B — The six Article 27(1) inputs

1

Description of deployer processes

A description of the deployer’s processes in which the high-risk AI system will be used in line with its intended purpose.

[free text]
2

Period and frequency of use

A description of the period of time within which, and the frequency with which, each high-risk AI system is intended to be used.

[free text]
3

Categories of affected persons and groups

The categories of natural persons and groups likely to be affected by its use in the specific context.

[free text]
4

Specific risks of harm

The specific risks of harm likely to have an impact on the categories of natural persons or groups.

[free text]
5

Human oversight measures

A description of the implementation of human oversight measures, according to the instructions for use.

[free text]
6

Risk materialisation response

The measures to be taken in the case of the materialisation of those risks, including the arrangements for internal governance and complaint mechanisms.

[free text]

Section C — Sign-off and filing status

Author
[entry]
Reviewer
[entry]
Sign-off date
[entry]
Article 27(2) notification to market surveillance authority (sent / pending / not applicable)
[entry]
Related GDPR Article 35 DPIA reference (per Article 27(3): the FRIA "shall complement" the DPIA where obligations overlap)
[entry]
Next review date
[entry]

Need a written read on your specific AI surface?

ActComply runs the Article 27 scope check end to end. Send us one surface and we return a written analysis on whether FRIA attaches, what Article 26 deployer obligations apply, and how the DPIA overlap works.

Assess your AI systems free →

Related guides

More EU AI Act compliance pieces from ActComply.

EU AI Act Compliance Checklist

All 27 obligations across high risk, limited risk, general provider, and GPAI categories.

EU AI Act Risk Classification

Walk through the four risk tiers and how to classify your AI system.

High Risk AI Systems

Annex III categories and what counts as high risk under the AI Act.

Omnibus Update

How the May 2026 provisional agreement shifts high risk deadlines, and what stays unchanged.

Article 26 Deployer Obligations

All twelve Article 26 obligations attaching to every deployer of a high risk system on August 2.

Article 27 FRIA Scope

Who the Fundamental Rights Impact Assessment actually applies to, and what fills the gap when it doesn't.

Article 50 Transparency Obligations

Provider and deployer obligations across chatbots, generative content, emotion recognition, and deep fakes.

Article 25(1)(b) Substantial Modification

When a deployer becomes a provider through substantial modification, and what crossing the line costs.

GPAI Provider Obligations

Article 53 + 55 obligations for general purpose AI model providers, plus the 10 July 2025 Code of Practice.

One page when printed. Free to use and adapt.