It’s a common misconception that FRIA responsibilities lie solely with AI providers. While providers develop and place high-risk AI systems on the market, deployers, organizations using these systems, also have distinct obligations under the EU AI Act.
Practical guidance:
- Deployers must conduct a FRIA before operational use of high-risk AI systems.
- Assess the system in the context of your organization’s unique operational environment.
- Document mitigation strategies applied in deployment to demonstrate compliance.
Example: A hospital deploying an AI diagnostic tool initially relied entirely on the provider’s FRIA. Regulators later requested proof of assessment in the hospital context. Without an independent deployer, FRIA, the hospital faced temporary suspension of the system.
Why it matters: Both providers and deployers share responsibility. Ignoring deployer obligations is a compliance blind spot with significant operational and reputational risks.