DARR
MR-072 Regulatory compliance Organization scope

Failure to conduct a fundamental rights impact assessment

A deployer that is a public body, a private provider of public services, or a deployer of certain Annex III systems does not perform (or update, or notify the authority of) the required fundamental-rights impact assessment before putting a high-risk system into use.

Risk family
Regulatory compliance
MIT domain
n/a (EU-derived)
MIT subdomain
n/a
AI type
GPAI, Agentic, Classical_ML
Scope
Organization
Source standard
EU AI Act 2024/1689 (gap analysis)

Provenance

Source standard
EU AI Act 2024/1689 (gap analysis)
Source frameworks
EU AI Act 2024/1689
EU AI Act articles
Art. 27
Nearest MIT-derived risk
MR-067 Absence of AI impact assessment (the ISO-derived process risk; Art. 27 is the specific fundamental-rights, public-service variant with a notification duty).

Framework crosswalk

Every framework item mapped to this risk. Items marked partial overlap only in part; definitions appear on hover where the source licence permits.

Sourcesframeworks that contributed to the register
EU AI Act1
  • Art. 27

Part of the Deployer AI Risk Register, an open-source resource developed by MindXO. Version 1.0, 3 July 2026. Derived from the MIT AI Risk Repository (V4, December 2025) under CC BY 4.0; an independent derivative work, not endorsed by or affiliated with MIT. Sub-risk decomposition references MITRE ATLAS™ v5.6.0 (© 2021-2026 The MITRE Corporation, reproduced and distributed with permission). ISO/IEC and EU AI Act references are by number only. License: CC BY 4.0. Full attribution and licensing.