FRIA Mandatory Requirements

Understand when FRIA is mandatory and each actor's responsibilities in the AI system chain.

When is FRIA Mandatory?

FRIA is mandatory when both conditions are met:

1. System Classified as High-Risk

The AI system is listed in Annex III of the AI Act (8 categories)

2. Implementation or Distribution

The system will be placed on market in EU after May 12, 2025

8 High-Risk Categories (Annex III)

Systems that mandatorily require FRIA

1. 👤 Remote Biometric

Identification of people through remote biometric characteristics

2. ⚖️ Criminal Risk

Risk assessment of recidivism in criminal justice systems

3. 💳 Credit Scoring

Automated assessment of credit risk for individuals

4. 💼 Recruitment

Automated filtering and selection of job candidates

5. 🏠 Essential Services

Determination of access to housing, health, education, social welfare

6. 🚔 Law Enforcement

Assistance to authorities in crime detection and investigation

7. 📋 Legal Compliance

Monitoring compliance with regulations by individuals

8. 🎯 Behavior Influence

Systems influencing human behavior by distorting judgment

Prohibited Systems (Article 5)

Warning: These systems are completely prohibited in the EU from February 12, 2025.

1. Real-Time Remote Biometric ID

Video surveillance (except serious crimes with judicial order)

2. Sensitive Characteristic Categorization

Classification by race, religion, disability, sexual orientation

3. Social Scoring Systems

Mass social surveillance and behavioral scoring

4. Vulnerability Exploitation

Manipulation of children, disabled people or vulnerable groups

Responsibilities by Actor

Each actor has specific responsibilities

ActorObligations
Provider• Conduct FRIA before implementation
• Technical documentation
• Compliance testing
• Continuous monitoring
User• Verify provider compliance
• Register system if required
• Report incidents
• Ensure transparency
Distributor• Verify compliance
• Maintain documentation available
• Inform about risks

Application Timeline

The AI Act comes into force in 4 phases:

Phase 1: February 2025 - Prohibitions

February 12, 2025: Prohibited systems become illegal

Phase 2: May 2025 - High-Risk (Providers)

May 12, 2025: Providers must ensure FRIA and compliance

Phase 3: August 2026 - Distributors

August 12, 2026: Downstream responsibilities expand

Phase 4: August 2027 - Full Application

August 12, 2027: Full application (Mandatory Code of Conduct)

Penalties

Non-compliance results in significant penalties:

⚠️ Administrative Penalties

  • €7.5M or 1.5% global turnover - general breaches
  • €15M or 3% global turnover - false information
  • €30M or 6% global turnover - high-risk violations

✓ Preventive Measures

  • Conduct FRIA before implementation
  • Maintain complete documentation
  • Regular compliance testing
  • Continuous monitoring

Next Steps

Validate Requirement

Confirm if FRIA is mandatory for your system.

Learn Methodology

Study the 8-step FRIA methodology.

View Methodology →

Request Assessment

Contact us for specialized FRIA assessment.

Contact →

Need to Know if FRIA is Mandatory?

Send a brief message and we will respond within 24 hours.

By submitting this form, you authorise the processing of your personal data in accordance with our Privacy Policy.