+44 (0) 121 582 0192 [email protected]


In the exponentially evolving landscape of artificial intelligence (AI), the European Draft AI Act has emerged as a pivotal framework, particularly concerning High-Risk AI Systems (HRAIS). Still, in its draft stage, this Act is set to revolutionise how AI is integrated into our daily lives and businesses, strongly focusing on safeguarding data privacy and ethical AI practices.


High-Risk AI Systems (HRAIS) and Their Impact

The Draft AI Act has meticulously categorised various AI systems as high-risk due to their potential implications on individuals’ rights and freedoms. This classification includes AI systems designed for

Recruitment:  selection of natural persons, notably when advertising vacancies, screening or filtering applications;

Performance management: making employee decisions for promotions, task assignment, and terminations of work-related contractual relationships,

Creditworthiness evaluation: Establishing an individuals credit score

Insurance premium determination: These systems, by their very nature, handle sensitive personal data and have the potential to influence significant life decisions.

The Act emphasises that AI systems in recruitment, for instance, streamline the process and pose risks such as unconscious bias or data privacy breaches. Similarly, AI systems assessing creditworthiness or setting insurance premiums must be meticulously regulated to prevent discrimination or misuse of personal data.


Prohibited AI Practices

The Act further delineates certain AI practices as outright prohibited, except under statutory exceptions. This includes using AI systems that exploit vulnerabilities due to

Age, Disability, or Socio-economic status and social scoring practices that might lead to discrimination. These prohibitions underscore the Act’s commitment to ethical AI use, ensuring that AI systems enhance rather than harm societal values.


Data Protection Impact Assessments

A cornerstone of the Draft AI Act is the mandatory Data Protection Impact Assessment (DPIA) for HRAIS. This assessment is a rigorous process that evaluates how these AI systems process data, the risks associated with them, and the measures in place to mitigate these risks. DPIAs are crucial in identifying potential data privacy issues before they occur, ensuring compliance with data protection laws and bolstering public trust in AI technologies.


Transparency In AI Systems

Transparency in the processing of personal data stands as a fundamental principle under the GDPR, and this principle is wholly applicable to AI technologies engaged in such data processing. Attaining the necessary degree of transparency presents a unique challenge when dealing with AI.


The Role of Formiti Data Privacy Services

As AI permeates various sectors, the complexity of navigating these regulations and ensuring compliance grows exponentially. This is where Formiti Data Privacy Services steps in. Our expertise lies in guiding organisations through the intricacies of the Draft AI Act and implementing compliant, ethical AI systems. We provide tailored solutions, from conducting DPIAs to advising on AI system design, ensuring your AI initiatives are innovative and respectful.



The European Draft AI Act is a significant step towards responsible and ethical AI usage, strongly emphasising protecting personal data and preventing discriminatory practices. As the AI landscape evolves, staying abreast of these regulations and understanding their implications is paramount for businesses. Formiti Data Privacy Services stands ready to assist in navigating these challenges, ensuring that your organisation complies with these emerging regulations and harnesses AI’s potential responsibly and ethically.