Fundamental rights impact assessments
Some deployers have to assess what a high-risk system could do to people's fundamental rights before they use it. This duty falls on a specific set of deployers.
Updated May 2026
What the duty is
A fundamental rights impact assessment works through who a high-risk system could affect and how, what could go wrong, and the safeguards you will put in place. It sits under Article 27.
When it applies
This is conditional, and narrower than the others. It applies if you are a public body, a private provider of public services, or you use high-risk AI for creditworthiness or for life and health insurance. If none of those describe you, it is unlikely to be on your roadmap.
Marking it done
Complete the assessment where it applies, then mark the duty done on your roadmap. Public authorities may also need to register the system; see registering in the EU database.
Veillo is compliance tooling, not a law firm. Even counsel-reviewed content is general reference, not legal advice on your specific situation.
High-risk AI usually involves personal data, which can trigger a data protection impact assessment under GDPR Article 35. How Veillo tracks the DPIA duty.
Certain deployers, mainly public authorities, must register their use of a high-risk system in the EU's public database under Article 49.
How the roadmap derives your duties from your register, how the weighted health score is calculated, and how to work through it.
Still need help?
Get in touch and a human will answer, or book a short walkthrough.