§ EU AI Act · Article 27

AI Act Article 27: Obligations, Deadlines & Penalties

Regulation (EU) 2024/1689, Article 27 · All obligations · EU AI Act · Full article analysis
At a glance
Article 27 of the AI Act imposes 11 obligations on AI Office, deployer. At least one obligation carries an explicit compliance deadline.
§ Obligations

All obligations under Article 27

Obligation 1
Deployers that are bodies governed by public law, private entities providing public services, or deployers of high-risk AI systems in Annex III points 5(b) and (c) must perform an assessment of the impact on fundamental rights prior to deploying a high-risk AI system. Regulation (EU) 2024/1689, Article 27, Article 27
Obligated entity
deployer
Sector scope
public law bodies, private entities providing public services, and specific high-risk AI systems in Annex III points 5(b) and (c)
Action required
assess
Deadline
prior to deploying
Penalty
Exemptions
high-risk AI systems intended to be used in the area listed in point 2 of Annex III
Obligation 2
The fundamental rights impact assessment must include a description of the deployer’s processes in which the high-risk AI system will be used in line with its intended purpose. Regulation (EU) 2024/1689, Article 27, Article 27
Obligated entity
deployer
Action required
document
Deadline
Penalty
Obligation 3
The fundamental rights impact assessment must include a description of the period of time within which, and the frequency with which, each high-risk AI system is intended to be used. Regulation (EU) 2024/1689, Article 27, Article 27
Obligated entity
deployer
Action required
document
Deadline
Penalty
Obligation 4
The fundamental rights impact assessment must identify the categories of natural persons and groups likely to be affected by the use of the system in the specific context. Regulation (EU) 2024/1689, Article 27, Article 27
Obligated entity
deployer
Action required
document
Deadline
Penalty
Obligation 5
The fundamental rights impact assessment must identify specific risks of harm likely to impact the identified categories of persons, taking into account information given by the provider pursuant to Article 13. Regulation (EU) 2024/1689, Article 27, Article 27
Obligated entity
deployer
Action required
assess
Deadline
Penalty
Obligation 6
The fundamental rights impact assessment must include a description of the implementation of human oversight measures according to the instructions for use. Regulation (EU) 2024/1689, Article 27, Article 27
Obligated entity
deployer
Action required
document
Deadline
Penalty
Obligation 7
The fundamental rights impact assessment must outline measures to be taken in case of risk materialization, including arrangements for internal governance and complaint mechanisms. Regulation (EU) 2024/1689, Article 27, Article 27
Obligated entity
deployer
Action required
document
Deadline
Penalty
Obligation 8
If the deployer considers that any element of the fundamental rights impact assessment has changed or is no longer up to date during the use of the system, they must take necessary steps to update the information. Regulation (EU) 2024/1689, Article 27, Article 27
Obligated entity
deployer
Action required
update
Deadline
when elements change or are no longer up to date
Penalty
Obligation 9
Once the fundamental rights impact assessment is performed, the deployer must notify the market surveillance authority of its results, submitting the filled-out template referred to in paragraph 5. Regulation (EU) 2024/1689, Article 27, Article 27
Obligated entity
deployer
Action required
notify
Deadline
once the assessment has been performed
Penalty
Exemptions
deployers referred to in Article 46(1)
Obligation 10
If obligations are already met through a data protection impact assessment under GDPR or Law Enforcement Directive, the fundamental rights impact assessment must complement that data protection impact assessment. Regulation (EU) 2024/1689, Article 27, Article 27
Obligated entity
deployer
Action required
complement
Deadline
Penalty
Obligation 11
The AI Office must develop a template for a questionnaire, including through an automated tool, to facilitate deployers in complying with their obligations under this Article. Regulation (EU) 2024/1689, Article 27, Article 27
Obligated entity
AI Office
Action required
develop
Deadline
Penalty
§ Deadlines

EU AI Act compliance deadlines

§ Frequently asked

Questions about Article 27

Who must comply with Article 27 of the AI Act? +
AI Office, deployer.
What does Article 27 of the AI Act require? +
assess document update
What is the compliance deadline for AI Act Article 27? +
once the assessment has been performed; prior to deploying; when elements change or are no longer up to date
Need a cross-border briefing on AI Act Article 27?
Search Fontvera ↵
All EU obligation pages  ·  All EU AI Act articles  ·  AI Act Article 27 deep analysis