Skip to main content
EU AI Act Article 27 requires deployers of high-risk AI systems to conduct a Fundamental Rights Impact Assessment (FRIA) before putting the system into use. MeshAI provides structured FRIA creation, storage, and audit trail integration.

When Is a FRIA Required?

A FRIA is required when:
  • The agent is classified as high or unacceptable risk
  • The agent is used by a public body or private entity providing public services
  • The agent performs profiling of natural persons

Required Fields

Article 27 specifies six assessment areas. MeshAI enforces all six:
FieldArticle 27 ReferenceDescription
(a) Deployer’s processesArt. 27(3)(a)Description of the deployer’s processes in which the AI system will be used
(b) Frequency and scopeArt. 27(3)(b)Period of use and frequency — how often and for how many people
(c) Categories of personsArt. 27(3)(c)Categories of natural persons and groups likely to be affected
(d) Specific risks of harmArt. 27(3)(d)Specific risks of harm likely to impact the identified categories
(e) Human oversight measuresArt. 27(3)(e)Description of human oversight measures implemented
(f) Measures if risks materializeArt. 27(3)(f)Actions to be taken if risks materialize, including governance arrangements

Create a FRIA

curl -X POST https://api.meshai.dev/agents/agt_abc123/fria \
  -H "Authorization: Bearer msh_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "processes": "The AI agent reviews job applications and ranks candidates for the HR team. It processes CVs, cover letters, and assessment results.",
    "frequency_and_scope": "Used daily by 5 HR managers. Processes approximately 500 applications per month across all open positions.",
    "categories_of_persons": "Job applicants — includes EU residents of all ages and backgrounds applying for positions at our company.",
    "specific_risks": "Risk of discriminatory bias in candidate ranking based on gender, age, ethnicity, or disability. Risk of qualified candidates being excluded due to model limitations.",
    "human_oversight_measures": "All AI-ranked lists are reviewed by a human HR manager before any hiring decision. The agent cannot reject candidates — it only suggests rankings. Weekly bias audits are conducted.",
    "risk_mitigation_measures": "If bias is detected: immediately suspend the agent, notify affected applicants, conduct manual review of all affected applications, retrain or replace the model, and report to the DPO."
  }'

{
  "success": true,
  "data": {
    "id": "fria_abc123",
    "agent_id": "agt_abc123",
    "version": 1,
    "status": "draft",
    "processes": "The AI agent reviews job applications and ranks candidates...",
    "frequency_and_scope": "Used daily by 5 HR managers...",
    "categories_of_persons": "Job applicants...",
    "specific_risks": "Risk of discriminatory bias...",
    "human_oversight_measures": "All AI-ranked lists reviewed by a human...",
    "risk_mitigation_measures": "If bias is detected: suspend agent...",
    "created_at": "2026-03-17T10:00:00Z",
    "created_by": "user@company.com"
  }
}

Submit a FRIA

After review, submit the FRIA to mark it as finalized: 
curl -X POST https://api.meshai.dev/agents/agt_abc123/fria/fria_abc123/submit \
  -H "Authorization: Bearer msh_YOUR_API_KEY"
Submitting a FRIA:
  • Changes the status from draft to submitted
  • Creates an audit event (fria.created)
  • Increments the readiness score component for this agent

Get a FRIA

curl https://api.meshai.dev/agents/agt_abc123/fria \
  -H "Authorization: Bearer msh_YOUR_API_KEY"

Versioning

FRIAs are versioned. When you update a FRIA, a new version is created and the previous version is preserved: 
curl -X PUT https://api.meshai.dev/agents/agt_abc123/fria/fria_abc123 \
  -H "Authorization: Bearer msh_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "specific_risks": "Updated risk assessment after bias audit..." }'
This creates version 2 while preserving version 1 in the audit trail.