Ai High Risk

Enhanced Obligations (Art. 37)

  • Conduct an Algorithmic Impact Assessment before implementation.

  • Register the system in accordance with the Law’s regulations.

  • Perform periodic technical audits, including through the National Algorithmic Audit Platform.

  • Ensure meaningful human oversight in decisions that affect fundamental rights.

  • Maintain technical and legal traceability and explainability, adapted to different user profiles.

  • Implement protocols for updates, security, incident reporting, and response to affected parties.

  • Accredit training data as representative, ethical, verifiable, and bias-free.

  • Guarantee individuals the right to access, question, and appeal automated decisions that affect them.

Algorithmic Impact Assessment (AIA)


The Algorithmic Impact Assessment (AIA) is a mandatory preliminary analysis for AI systems classified as high risk or operating in sensitive sectors such as health, justice, finance, education, public security, mobility, urban services, and social development.Its purpose is to identify, document, and mitigate risks before the system is deployed, thereby ensuring the protection of fundamental rights. (Art. 49)


Minimum Components of the AIA

  • Purpose and Context of Use: What is the AI used for, and in what environment?

  • Data Types and Sources: Origin, quality, and processing of the information.

  • Affected Populations: Groups with specific vulnerabilities (e.g., gender, age, disability, ethnicity).

  • Potential Risks: Impacts on human rights, health, property, dignity, and privacy.

  • Mitigation Measures: Human oversight protocols, contingency plans, and review mechanisms.

Note: For systems with continuous learning capabilities, the AIA must be regularly updated to reflect changes in data or usage.

  • The National Registry of AI Systems (RENSIA) is the public database where high-risk systems and those operated by public entities must be registered.

  • Essential Requirement:
    Obtain a risk determination issued by the National Algorithmic Audit Platform.

  • Registration Steps:

  • Complete the Algorithmic Impact Assessment (AIA) and obtain the risk determination.

  • Submit the documentation file to the competent authority.

  • Receive validation and a registration number.

  • Every high-risk system must maintain a continuous and auditable technical record. The log must:

  • Identify the system and its version.

  • Record relevant events and automated decisions.

  • Maintain a chronology of inputs and outputs.

  • Be available for audits (internal, external, or judicial).

  • Ensure data retention for at least five years.

Failure to maintain this record is considered an obstruction of accountability..