Skip to content

§22 Fundamental Rights Impact Assessment (FRIA) Protocol

Version: v3.0

Defines the Fundamental Rights Impact Assessment (FRIA) document format, conformance prerequisite, and ML-DSA-65 signing for EU AI Act notified body submission.

Overview

EU AI Act Art. 27 requires deployers of high-risk AI systems to conduct a Fundamental Rights Impact Assessment before deployment. Annex IV specifies the technical file that must accompany a conformity assessment submission to a notified body. RCAN §22 defines a machine-readable FRIA document that can be generated automatically from live conformance data, signed with the robot's ML-DSA-65 identity key, and submitted as part of that technical file.

The FRIA document is generated by the castor fria generate CLI command, which sources data from ConformanceChecker.run_all(), the robot identity in the RCAN config, and robot-memory.md hardware observation entries. A print-ready HTML companion is generated alongside the canonical JSON artifact.

Conformance: FRIA generation is required at L2+ (Secure tier and above). Deployments where conformance.score < 80 or any safety.* check fails are blocked unless --force is used (which sets prerequisite_waived: true).

Document Schema

{
  "schema": "rcan-fria-v1",
  "spec_ref": "https://rcan.dev/spec/section-22",
  "generated_at": "2026-04-10T14:32:01.123Z",
  "system": {
    "rrn": "RRN-000000000001",
    "rrn_uri": "rrn://org/robot/model/id",
    "robot_name": "my-robot",
    "opencastor_version": "2026.4.10.0",
    "rcan_version": "3.0",
    "agent_provider": "anthropic",
    "agent_model": "claude-sonnet-4-6"
  },
  "deployment": {
    "annex_iii_basis": "safety_component",
    "intended_use": "indoor autonomous navigation",
    "prerequisite_waived": false
  },
  "conformance": {
    "score": 87,
    "pass": 24,
    "warn": 2,
    "fail": 0,
    "checks": [
      { "check_id": "safety.estop_configured", "category": "safety", "status": "pass", "detail": "ESTOP configured" }
    ]
  },
  "human_oversight": {
    "hitl_configured": true,
    "confidence_gates_configured": true,
    "estop_configured": true
  },
  "hardware_observations": [
    { "id": "mem-abc01", "text": "Left motor stalls at 50% duty under load", "confidence": 0.82, "tags": ["motor"] }
  ],
  "signing_key": {
    "alg": "ml-dsa-65",
    "kid": "rpi5-key-001",
    "public_key": "<base64url ML-DSA-65 public key>"
  },
  "sig": {
    "alg": "ml-dsa-65",
    "kid": "rpi5-key-001",
    "value": "<base64url signature>"
  }
}

Field Reference

Field Type Required Description
schema string MUST Always "rcan-fria-v1". Identifies document type.
spec_ref string MUST Always "https://rcan.dev/spec/section-22". Provides stable citation URL for notified bodies.
generated_at string MUST ISO-8601 UTC timestamp of document generation.
system.rrn string MUST Robot Registration Number (RRN). Must match config metadata.rrn.
system.rrn_uri string SHOULD RRN URI form (rrn://org/category/model/id). Recommended for §21 registry lookup.
system.robot_name string MUST Human-readable robot name from config.
system.opencastor_version string MUST Runtime version that generated this document.
system.rcan_version string MUST RCAN protocol version the robot implements.
system.agent_provider string MUST AI provider (e.g. "anthropic", "google").
system.agent_model string MUST AI model identifier.
deployment.annex_iii_basis string MUST EU AI Act Annex III classification basis. See valid values below.
deployment.intended_use string MUST Free-text description of the deployment context.
deployment.prerequisite_waived boolean MUST true if the conformance gate was bypassed with --force. Notified bodies must treat waived documents as provisional.
conformance.score integer MUST Conformance score (0–100). Must be ≥ 80 for L2+ deployments unless prerequisite_waived.
conformance.pass/warn/fail integer MUST Count of checks by status.
conformance.checks array MUST Full list of ConformanceResult entries with check_id, category, status, detail, fix (if applicable).
human_oversight.hitl_configured boolean MUST true if HiTL authorization gates are enabled (§8).
human_oversight.confidence_gates_configured boolean MUST true if per-scope confidence thresholds are set (§16.2).
human_oversight.estop_configured boolean MUST true if emergency stop is configured.
hardware_observations array SHOULD HARDWARE_OBSERVATION entries from robot memory with confidence ≥ 0.30. Supports Art. 17 quality management evidence.
signing_key object SHOULD ML-DSA-65 public key reference. Required for L2+ deployments. Omitted when --skip-sign is used.
sig object SHOULD ML-DSA-65 signature over canonical JSON (sort_keys, no whitespace, sig field absent). Required for L2+ deployments.

Annex III Classification Bases

The deployment.annex_iii_basis field must be one of the following values, corresponding to the EU AI Act Annex III category under which the system is classified as high-risk.

Value Article Description
safety_component Annex III §1 Safety components of products covered by Union harmonisation legislation
biometric Annex III §2 Biometric identification and categorisation
critical_infrastructure Annex III §3 Critical infrastructure management and operation
education Annex III §4 Education and vocational training
employment Annex III §5 Employment, workers management and access to self-employment
essential_services Annex III §6 Access to and enjoyment of essential private services and public services and benefits
law_enforcement Annex III §7 Law enforcement
migration Annex III §8 Migration, asylum and border control management
administration_of_justice Annex III §9 Administration of justice and democratic processes
general_purpose_ai Annex III §10 General-purpose AI systems

Conformance Prerequisite

Before generating a FRIA document, the runtime verifies two conditions:

  • Conformance score ≥ 80/100 (100 − (failures × 10) − (warnings × 3))
  • Zero safety.* check failures

If either condition fails, the command exits with a list of blocking checks and their recommended fixes. The --force flag bypasses the gate and sets prerequisite_waived: true in the document — this field is visible to the notified body and indicates the document is provisional.

# Conformance gate blocks generation when score < 80 or safety failures exist:
$ castor fria generate --config bot.yaml --annex-iii safety_component
FRIA generation blocked  conformance gaps must be resolved:
  [safety.estop_configured] Emergency stop not configured
    Fix: Set safety.emergency_stop in config

Use --force to generate despite conformance gaps.

Signing (ML-DSA-65)

The FRIA document is signed with the robot's ML-DSA-65 identity key — the same key used for RCAN message signing (§16.6). The signature covers the canonical JSON of the document with the sig field absent:

  • Serialisation: json.dumps(doc, sort_keys=True, separators=(',', ':'))
  • Algorithm: ML-DSA-65 (NIST FIPS 204) — post-quantum secure
  • Key binding: signing_key.kid identifies the key used
  • Verification: use signing_key.public_key (base64url ML-DSA-65 public key)

Signing is required at L2+. Use --skip-sign only for development and testing — unsigned documents omit the sig and signing_key fields entirely.

EU AI Act Article Mapping

FRIA Section EU AI Act Provision Description
conformance block Art. 9 Risk management system — conformance score and check evidence
system block Art. 13 Transparency — system identity, model, provider
human_oversight block Art. 14 Human oversight — HiTL, confidence gates, ESTOP
hardware_observations Art. 17 Quality management — observed hardware behaviour
Full document + sig Art. 27 FRIA obligation for public sector deployers
spec_ref citation Annex IV Technical documentation — citable specification reference

Safety Benchmarks Integration

The safety_benchmarks field is embedded in the FRIA document to provide quantitative evidence of runtime safety performance. Benchmark results are generated by castor safety benchmark and referenced inline. When overall_pass: true, the field satisfies the Art. 15 performance and accuracy evidence requirement for notified body review. See §23 Safety Benchmark Protocol for the full schema.

"safety_benchmarks": {
  "ref": "safety-benchmark-20260411.json",
  "generated_at": "2026-04-11T09:00:00.000Z",
  "mode": "synthetic",
  "overall_pass": true,
  "results": {
    "estop":           { "min_ms": 0.3, "mean_ms": 1.2, "p95_ms": 4.1,  "pass": true },
    "bounds_check":    { "min_ms": 0.1, "mean_ms": 0.4, "p95_ms": 0.9,  "pass": true },
    "confidence_gate": { "min_ms": 0.05,"mean_ms": 0.1, "p95_ms": 0.3,  "pass": true },
    "full_pipeline":   { "min_ms": 0.4, "mean_ms": 1.8, "p95_ms": 5.2,  "pass": true }
  }
}

Compliance Package

A complete EU AI Act Art. 43 compliance submission for an Annex III system consists of the following companion artifacts, each with its own machine-readable schema and CLI generation command.

Document Schema Article Generated by
FRIA rcan-fria-v1 Art. 43 castor fria generate
Safety Benchmark rcan-safety-benchmark-v1 Art. 15 castor safety benchmark
Instructions for Use rcan-ifu-v1 Art. 13 castor ifu generate
Incident Log rcan-incidents-v1 Art. 72 castor incidents
EU Register Submission rcan-eu-register-v1 Art. 49 castor eu-register

v3.0 Breaking Change: Annex III Registration Prerequisite

v3.0 Breaking Change: REGISTRY_REGISTER for Annex III systems now requires metadata.compliance.fria_ref. Registration attempts without this field are rejected.

Prior to v3.0, REGISTRY_REGISTER accepted registrations for Annex III systems without a FRIA reference. From v3.0, the registry enforces that a signed FRIA document reference must be present in metadata.compliance.fria_ref before registration is accepted.

{
  "metadata": {
    "rrn": "rrn://org/robot/model/id",
    "robot_name": "my-robot",
    "compliance": {
      "annex_iii_basis": "safety_component",
      "fria_ref": "fria-20260411-signed.json"
    }
  }
}

CLI Reference

# Generate FRIA for a safety-critical deployment
castor fria generate \
  --config bob.rcan.yaml \
  --annex-iii safety_component \
  --intended-use "Indoor autonomous navigation" \
  --output fria-bob-2026.json

# Output:
# FRIA artifact: fria-bob-2026.json
# HTML companion: fria-bob-2026.html

Outputs:

  • fria-{rrn}-{date}.json — Signed canonical JSON artifact (citable in Annex IV technical file)
  • fria-{rrn}-{date}.html — Print-ready HTML companion for notified body submission