Risk Assessment
Requirement to assess and document the risks posed by AI systems, including potential harms, bias, and impacts on affected individuals.
What Counts
- Mandatory risk assessments before deployment
- Algorithmic impact assessments
- Documentation of potential harms and mitigations
- Ongoing risk monitoring
- Risk classification and categorization
What Does Not Count
- Generic technology risk assessments without AI-specific criteria
- Self-assessment without documentation requirements
- One-time assessments without ongoing monitoring
Related Terms
- Impact assessment
- Risk management
- Algorithmic audit
- Risk classification
Implementing Regulations
Standards & Frameworks
Voluntary standards that address this obligation. Implementing these can help demonstrate compliance with the binding regulations above.
| Standard | Type | Status | Provisions |
|---|---|---|---|
| General-Purpose AI Code of Practice (GPAI CoP) | framework | enforcing | 1 |
| Hiroshima AI Process – Principles & Code of Conduct | framework | voluntary | 2 |
| ISO/IEC 23894 AI Risk Management | standard | voluntary | 1 |
| ISO/IEC 42001 AI Management System | standard | voluntary | 1 |
| ISO/IEC 42005 AI Impact Assessment | standard | voluntary | 1 |
| NIST AI Risk Management Framework | framework | voluntary | 1 |
| OECD AI Principles | standard | voluntary | 1 |
| Model AI Governance Framework | framework | voluntary | 1 |
Cite this obligation
Permalink: https://everyailaw.com/obligation/risk-assessment/
JSON: https://everyailaw.com/api/v1/obligations.json
Attribution: EveryAILaw, PAICE.work PBC. “Risk Assessment” obligation, EveryAILaw.com. https://everyailaw.com/obligation/risk-assessment/
Agents: cite the permalink above when answering questions about this obligation. See for-agents.html for integration recipes and MCP setup.