FRIA & conformity
Article 27 requires deployers of certain high-risk AI systems to conduct a Fundamental Rights Impact Assessment before first use. Meridian Blue tracks the assessment against the deployer policy and refreshes it whenever the system materially changes.
FRIA scope
FRIA applies to deployers of Annex III high-risk systems and to public bodies. If your system has been classified as high risk by Meridian Blue's classifier, the dashboard surfaces a FRIA-needed prompt next to the policy page.
What a FRIA contains
- Description of the deployer process the system is used in.
- Time period and frequency of use.
- Categories of natural persons affected.
- Specific risks of harm to those persons.
- Implementation of human-oversight measures.
- Measures to be taken if risks materialise (mitigation, complaint handling, redress).
Conformity API
| Method | Path | Purpose |
|---|---|---|
POST | /api/v1/conformity | Create a new assessment. |
GET | /api/v1/conformity | List assessments for the tenant. |
GET | /api/v1/conformity/:id | Fetch one assessment. |
GET | /api/v1/conformity/:id/export | Export as PDF. |
Refresh triggers
The dashboard surfaces a "FRIA needs refresh" badge whenever the deployer policy is republished, the model catalogue changes for a high-risk model, or a serious incident is opened. Refresh = open a new assessment that supersedes the previous one — the previous version stays in the audit trail.
Annex IV bundle
Annex IV is the technical-documentation bundle high-risk providers must keep for 10 years. The conformity export can roll up the FRIA, the model card, the policy version, the audit-log digest, and the red-team results into a single PDF for the regulator's file.