HH4AI: A methodological Framework for AI Human Rights impact assessment under the EUAI ACT
Paolo Ceravolo, Ernesto Damiani, Maria Elisa D'Amico, Bianca de Teffe Erb, Simone Favaro, Nannerel Fiano, Paolo Gambatesa, Simone La Porta, Samira Maghool, Lara Mauri, Niccolo Panigada, Lorenzo Maria Ratto Vaquer, Marta A. Tamborini
TL;DR
The paper tackles the challenge of assessing AI systems' impact on fundamental rights within the EU regulatory landscape by proposing the HH4AI Fundamental Rights Impact Assessment (FRIA) framework. FRIA adopts a gate-based methodology that maps AI systems to rights domains (data governance, human oversight, fairness) and uses driver-based filtering to focus evaluation effort, complemented by Phase 1 checklists and Phase 2 impact scenarios. The authors clarify how the approach aligns with the EU AI Act and harmonizes with existing ISO/IEEE/NIST standards, while acknowledging gaps and the need for iterative refinement. A healthcare triage case study demonstrates how FRIA guides risk identification, remediation planning, and governance improvements, illustrating practical regulatory compliance and ethical risk management. The framework aims to deliver a scalable, transparent tool for organizations to assess, mitigate, and communicate AI risks to fundamental rights across diverse domains and lifecycles.
Abstract
This paper introduces the HH4AI Methodology, a structured approach to assessing the impact of AI systems on human rights, focusing on compliance with the EU AI Act and addressing technical, ethical, and regulatory challenges. The paper highlights AIs transformative nature, driven by autonomy, data, and goal-oriented design, and how the EU AI Act promotes transparency, accountability, and safety. A key challenge is defining and assessing "high-risk" AI systems across industries, complicated by the lack of universally accepted standards and AIs rapid evolution. To address these challenges, the paper explores the relevance of ISO/IEC and IEEE standards, focusing on risk management, data quality, bias mitigation, and governance. It proposes a Fundamental Rights Impact Assessment (FRIA) methodology, a gate-based framework designed to isolate and assess risks through phases including an AI system overview, a human rights checklist, an impact assessment, and a final output phase. A filtering mechanism tailors the assessment to the system's characteristics, targeting areas like accountability, AI literacy, data governance, and transparency. The paper illustrates the FRIA methodology through a fictional case study of an automated healthcare triage service. The structured approach enables systematic filtering, comprehensive risk assessment, and mitigation planning, effectively prioritizing critical risks and providing clear remediation strategies. This promotes better alignment with human rights principles and enhances regulatory compliance.