FRIA & AI Policy Pack 2026 — EU AI Act Article 27 Fundamental Rights Impact Assessment Template, AI Use Policy, Vendor Assessment, Incident Log & Board Briefing (Word · Excel · PDF)

From "we deploy high-risk AI" to a documented, defensible position

Article 27 of the EU AI Act (Regulation (EU) 2024/1689) requires certain deployers of high-risk AI to complete a Fundamental Rights Impact Assessment before first use — and from 2 August 2026 to notify their market surveillance authority of the results. This pack hands you the FRIA template and the governance documents that should sit around it.

What you get (one ZIP, five files)

• FRIA Template (Word — the centerpiece). Built section by section against Article 27(1)(a)–(f): a description of your deployment process and its frequency; the categories of natural persons and groups affected (including vulnerable groups); the specific risks to fundamental rights with likelihood and severity; the human-oversight measures in line with the provider's instructions; and the mitigation, internal-governance and complaint mechanisms. Every section carries plain-language completion guidance, an identification table and a sign-off block — plus the scope test so you know whether you even need one, and how it complements a GDPR DPIA.
• Organisational AI Use Policy (Word). A starter policy you adapt to your organisation: purpose and scope, principles, permitted and prohibited uses (including Article 5 bans and "no shadow AI"), an approval workflow keyed to risk tier, data-handling rules, human-oversight and verification expectations, incident reporting, and training to satisfy the Article 4 AI-literacy duty.
• Vendor / AI-Supplier Assessment (Excel). A structured due-diligence questionnaire across regulatory status, documentation and conformity, transparency, data and security, and governance — each question rated pass / pass-with-caveat / gap / fail, rolling up to an overall approve/condition/reject verdict.
• AI Incident Log (Excel). Capture AI-related incidents, near-misses and malfunctions with type, severity, scope, action taken, root cause, notification status and lessons — with conditional colouring and a note on the Article 73 serious-incident reporting duty.
• Board Briefing One-Pager (PDF). A one-page brief for the board and executive team: what the Act is, why it matters to us, the clock, and exactly what you're asking leadership to back.

How to use it

Adopt the policy and approval workflow first. Assess your key AI vendors. Complete a FRIA for each high-risk deployer use, keep it live as things change, and log incidents as they happen. Take the board briefing into your next leadership meeting.

• Clear about scope. These are operational templates that structure the work. They are not legal advice and do not guarantee compliance; engage a qualified professional for legal questions specific to your organisation.
• Made transparently. Built by frontier AI, checked by an independent AI reviewer, and backed by a named human — Tomás Dostal Freire, 15+ years in technology leadership (ex-CIO & Head of Business Transformation at Miro; earlier Netflix, Google, Booking.com), based in Amsterdam. If a file doesn't work as described, message me and I'll make it right.
• Instant download. File-issue guarantee — if anything doesn't work as described, message me and I'll fix or replace it.

Instant download. Made in the EU for the EU. Quality guaranteed.