DARR
MR-067 Governance & process Organization scope

Absence of AI impact assessment

The deployer runs no defined process to evaluate and record the likely effects of an AI system on people, groups, and wider society throughout its life cycle.

Risk family
Governance & process
MIT domain
n/a (ISO-derived)
MIT subdomain
n/a
AI type
GPAI, Agentic, Classical_ML
Scope
Organization
Source standard
ISO/IEC 23894 + 42001 (gap analysis)

Provenance

Source standard
ISO/IEC 23894 + 42001 (gap analysis)
Source frameworks
ISO/IEC 42001:2023
ISO/IEC references
42001 Annex A, A.5.2 to A.5.5
EU AI Act articles
Art. 27
Nearest MIT-derived risk
MR-043 Inadequate AI governance: generic; impact assessment is a specific, auditable, often legally required process.

Framework crosswalk

Every framework item mapped to this risk. Items marked partial overlap only in part; definitions appear on hover where the source licence permits.

Sourcesframeworks that contributed to the register
ISO 420012
  • A.5.2 ISO/IEC 42001 Annex A A.5.2
  • A.5.5 ISO/IEC 42001 Annex A A.5.5
EU AI Act1
  • Art. 27
Cross-checksframeworks mapped in to test coverage
IBM1
  • ibm-impact-on-affected-communities Impact on affected communities partial

Part of the Deployer AI Risk Register, an open-source resource developed by MindXO. Version 1.0, 3 July 2026. Derived from the MIT AI Risk Repository (V4, December 2025) under CC BY 4.0; an independent derivative work, not endorsed by or affiliated with MIT. Sub-risk decomposition references MITRE ATLAS™ v5.6.0 (© 2021-2026 The MITRE Corporation, reproduced and distributed with permission). ISO/IEC and EU AI Act references are by number only. License: CC BY 4.0. Full attribution and licensing.