bmad-plus 0.9.0 → 0.9.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +36 -0
- package/LICENSE +21 -21
- package/README.md +106 -86
- package/osint-agent-package/README.md +88 -88
- package/osint-agent-package/SETUP_KEYS.md +108 -108
- package/osint-agent-package/agents/osint-investigator.md +80 -80
- package/osint-agent-package/install.ps1 +87 -87
- package/osint-agent-package/install.sh +76 -76
- package/osint-agent-package/skills/bmad-osint-investigate/SKILL.md +147 -147
- package/osint-agent-package/skills/bmad-osint-investigate/osint/references/enrichment-databases-fr.md +148 -148
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/_http.py +101 -101
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/apify.py +266 -266
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/brightdata.py +101 -101
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/diagnose.py +141 -141
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/exa.py +79 -79
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/jina.py +71 -71
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/parallel.py +85 -85
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/perplexity.py +102 -102
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/tavily.py +72 -72
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/volley.py +208 -208
- package/osint-agent-package/skills/bmad-osint-investigator/SKILL.md +15 -15
- package/package.json +30 -3
- package/readme-international/README.de.md +8 -3
- package/readme-international/README.es.md +8 -3
- package/readme-international/README.fr.md +8 -3
- package/src/bmad-plus/agents/agent-architect-dev/SKILL.md +96 -96
- package/src/bmad-plus/agents/agent-architect-dev/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-maker/SKILL.md +201 -201
- package/src/bmad-plus/agents/agent-maker/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-orchestrator/SKILL.md +137 -137
- package/src/bmad-plus/agents/agent-orchestrator/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-quality/SKILL.md +83 -83
- package/src/bmad-plus/agents/agent-quality/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-shadow/SKILL.md +71 -71
- package/src/bmad-plus/agents/agent-shadow/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-strategist/SKILL.md +80 -80
- package/src/bmad-plus/agents/agent-strategist/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/data/role-triggers.yaml +209 -209
- package/src/bmad-plus/module-help.csv +10 -10
- package/src/bmad-plus/packs/pack-memory/README.md +106 -106
- package/src/bmad-plus/packs/pack-memory/memory-orchestrator.md +79 -79
- package/src/bmad-plus/packs/pack-memory/shared/karpathy-guardrails.md +86 -86
- package/src/bmad-plus/packs/pack-memory/shared/memory-protocol.md +143 -143
- package/src/bmad-plus/packs/pack-memory/templates/context.md +39 -39
- package/src/bmad-plus/packs/pack-memory/templates/decisions.md +25 -25
- package/src/bmad-plus/packs/pack-memory/templates/identity.yaml +39 -39
- package/src/bmad-plus/packs/pack-memory/templates/lessons.md +31 -31
- package/src/bmad-plus/packs/pack-memory/templates/patterns.md +24 -24
- package/src/bmad-plus/packs/pack-memory/templates/session-handoff.md +25 -25
- package/src/bmad-plus/packs/pack-memory/zecher-agent.md +157 -157
- package/src/bmad-plus/packs/pack-seo/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/packs/pack-shield/README.md +110 -110
- package/src/bmad-plus/packs/pack-shield/SKILL.md +82 -82
- package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/csrd-agent.md +251 -251
- package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/section508-agent.md +168 -168
- package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/wcag-agent.md +190 -190
- package/src/bmad-plus/packs/pack-shield/categories/ai-governance/eu-ai-act-agent.md +86 -86
- package/src/bmad-plus/packs/pack-shield/categories/ai-governance/iso42001-agent.md +240 -240
- package/src/bmad-plus/packs/pack-shield/categories/ai-governance/nist-ai-rmf-agent.md +122 -122
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/cis-controls-agent.md +210 -210
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/ism-agent.md +139 -139
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/iso27001-agent.md +156 -156
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nis2-agent.md +72 -72
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-800-53-agent.md +239 -239
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-csf-agent.md +207 -207
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/ccpa-agent.md +94 -94
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/dpdpa-agent.md +136 -136
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/gdpr-agent.md +296 -296
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/iso27701-agent.md +134 -134
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/lgpd-agent.md +129 -129
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/cmmc-agent.md +116 -116
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/ear-agent.md +261 -261
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/itar-agent.md +191 -191
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/tsa-agent.md +356 -356
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/dora-agent.md +499 -499
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/fedramp-agent.md +236 -236
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/hipaa-agent.md +162 -162
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/pci-dss-agent.md +228 -228
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/soc2-agent.md +255 -255
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/swift-csp-agent.md +153 -153
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-classifier.md +131 -131
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-fria.md +155 -155
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-incidents.md +187 -187
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-roles.md +113 -113
- package/src/bmad-plus/packs/pack-shield/categories/workflows/breach-sentinel.md +197 -197
- package/src/bmad-plus/packs/pack-shield/categories/workflows/cookie-policy-gen.md +180 -180
- package/src/bmad-plus/packs/pack-shield/categories/workflows/dpia-sentinel.md +235 -235
- package/src/bmad-plus/packs/pack-shield/categories/workflows/legitimate-interest.md +159 -159
- package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-advisor.md +133 -133
- package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-notice-gen.md +160 -160
- package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-policy-gen.md +135 -135
- package/src/bmad-plus/packs/pack-shield/references/ccpa/ccpa-gdpr-comparison.md +117 -117
- package/src/bmad-plus/packs/pack-shield/references/ccpa/consumer-rights-workflows.md +177 -177
- package/src/bmad-plus/packs/pack-shield/references/cis-controls/framework-mappings.md +162 -162
- package/src/bmad-plus/packs/pack-shield/references/cis-controls/implementation-guidance.md +235 -235
- package/src/bmad-plus/packs/pack-shield/references/cis-controls/safeguards-detail.md +252 -252
- package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-assessment.md +170 -170
- package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-levels.md +113 -113
- package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-practices.md +211 -211
- package/src/bmad-plus/packs/pack-shield/references/csrd/compliance-program.md +281 -281
- package/src/bmad-plus/packs/pack-shield/references/csrd/double-materiality.md +253 -253
- package/src/bmad-plus/packs/pack-shield/references/csrd/esrs-standards.md +401 -401
- package/src/bmad-plus/packs/pack-shield/references/dora/article-reference.md +441 -441
- package/src/bmad-plus/packs/pack-shield/references/dora/incident-classification.md +297 -297
- package/src/bmad-plus/packs/pack-shield/references/dora/rts-its-guide.md +306 -306
- package/src/bmad-plus/packs/pack-shield/references/dora/third-party-risk.md +349 -349
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/gdpr-comparison.md +173 -173
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/rights-and-obligations.md +426 -426
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/rules-2025.md +599 -599
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/sections-reference.md +319 -319
- package/src/bmad-plus/packs/pack-shield/references/ear/ccl-eccn-guide.md +250 -250
- package/src/bmad-plus/packs/pack-shield/references/ear/compliance-program.md +280 -280
- package/src/bmad-plus/packs/pack-shield/references/ear/license-exceptions.md +207 -207
- package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/gpai-governance.md +267 -267
- package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/obligations-high-risk.md +287 -287
- package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/risk-classification.md +182 -182
- package/src/bmad-plus/packs/pack-shield/references/fedramp/appendices-guide.md +209 -209
- package/src/bmad-plus/packs/pack-shield/references/fedramp/control-families.md +281 -281
- package/src/bmad-plus/packs/pack-shield/references/fedramp/poam-guide.md +93 -93
- package/src/bmad-plus/packs/pack-shield/references/fedramp/readiness-checklist.md +134 -134
- package/src/bmad-plus/packs/pack-shield/references/fedramp/sap-sar-guide.md +86 -86
- package/src/bmad-plus/packs/pack-shield/references/fedramp/ssp-guide.md +129 -129
- package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/documents.md +192 -192
- package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/dpa-template.md +121 -121
- package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/privacy-notice.md +87 -87
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/breach-notification.md +293 -293
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/privacy-rule.md +276 -276
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/security-rule.md +299 -299
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/templates.md +568 -568
- package/src/bmad-plus/packs/pack-shield/references/ism/control-applicability.md +181 -181
- package/src/bmad-plus/packs/pack-shield/references/ism/guidelines-overview.md +183 -183
- package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2013.md +203 -203
- package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2022.md +132 -132
- package/src/bmad-plus/packs/pack-shield/references/iso27001/control-mapping.md +153 -153
- package/src/bmad-plus/packs/pack-shield/references/iso27701/annex-a-controls.md +195 -195
- package/src/bmad-plus/packs/pack-shield/references/iso27701/regulatory-mapping.md +229 -229
- package/src/bmad-plus/packs/pack-shield/references/iso27701/transition-guide.md +219 -219
- package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-ai-risk-assessment.md +258 -258
- package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-clauses-requirements.md +279 -279
- package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-controls-annex-a.md +155 -155
- package/src/bmad-plus/packs/pack-shield/references/itar/compliance-program.md +174 -174
- package/src/bmad-plus/packs/pack-shield/references/itar/licensing-guide.md +146 -146
- package/src/bmad-plus/packs/pack-shield/references/itar/usml-categories.md +93 -93
- package/src/bmad-plus/packs/pack-shield/references/lgpd/anpd-enforcement.md +147 -147
- package/src/bmad-plus/packs/pack-shield/references/lgpd/compliance-program.md +272 -272
- package/src/bmad-plus/packs/pack-shield/references/lgpd/lgpd-articles.md +271 -271
- package/src/bmad-plus/packs/pack-shield/references/nis2/article-21-measures.md +153 -153
- package/src/bmad-plus/packs/pack-shield/references/nis2/iso27001-nis2-mapping.md +68 -68
- package/src/bmad-plus/packs/pack-shield/references/nist-800-53/assessment-rmf.md +349 -349
- package/src/bmad-plus/packs/pack-shield/references/nist-800-53/baselines-tailoring.md +277 -277
- package/src/bmad-plus/packs/pack-shield/references/nist-800-53/control-families.md +450 -450
- package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-core.md +361 -361
- package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-profiles.md +192 -192
- package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-10-to-20-mapping.md +143 -143
- package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-20-functions-categories.md +278 -278
- package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-implementation-tiers.md +135 -135
- package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-requirements.md +366 -366
- package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-saq-guide.md +217 -217
- package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-v4-changes.md +190 -190
- package/src/bmad-plus/packs/pack-shield/references/section-508/wcag-mapping.md +160 -160
- package/src/bmad-plus/packs/pack-shield/references/soc2/controls.md +241 -241
- package/src/bmad-plus/packs/pack-shield/references/soc2/evidence.md +236 -236
- package/src/bmad-plus/packs/pack-shield/references/soc2/policies.md +254 -254
- package/src/bmad-plus/packs/pack-shield/references/soc2/vendor.md +276 -276
- package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-assessment.md +202 -202
- package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-controls.md +545 -545
- package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-crmp-requirements.md +359 -359
- package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-directives-overview.md +187 -187
- package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-incident-reporting.md +187 -187
- package/src/bmad-plus/packs/pack-shield/references/wcag/criteria-detail.md +510 -510
- package/src/bmad-plus/packs/pack-shield/shared/audit-report-template.md +103 -103
- package/src/bmad-plus/packs/pack-shield/shared/cross-framework-mapper.md +103 -103
- package/src/bmad-plus/packs/pack-shield/shared/gap-analysis-template.md +83 -83
- package/src/bmad-plus/packs/pack-shield/shield-orchestrator.md +229 -229
- package/src/bmad-plus/packs/pack-shield/upstream-sync.yaml +68 -68
- package/src/bmad-plus/skills/bmad-plus-autopilot/SKILL.md +99 -99
- package/src/bmad-plus/skills/bmad-plus-parallel/SKILL.md +93 -93
- package/src/bmad-plus/skills/bmad-plus-sync/SKILL.md +69 -69
- package/tools/cli/bmad-plus-cli.js +5 -3
- package/tools/cli/commands/autoconfig.js +23 -59
- package/tools/cli/commands/doctor.js +14 -0
- package/tools/cli/commands/install.js +29 -128
- package/tools/cli/commands/memory.js +1 -0
- package/tools/cli/commands/scan.js +44 -42
- package/tools/cli/commands/uninstall.js +10 -5
- package/tools/cli/commands/update.js +21 -3
- package/tools/cli/lib/ide-config.js +259 -0
- package/tools/cli/lib/memory-init.js +0 -1
- package/tools/cli/lib/pack-copy.js +84 -84
- package/tools/cli/lib/packs.js +16 -8
- package/tools/cli/lib/stack-detect.js +102 -0
- package/tools/cli/lib/validate.js +50 -0
|
@@ -1,155 +1,155 @@
|
|
|
1
|
-
# 📊 EU AI Act — Fundamental Rights Impact Assessment (FRIA)
|
|
2
|
-
|
|
3
|
-
> **Pack:** Shield (GRC Audit) — Workflows
|
|
4
|
-
> **Framework:** EU AI Act Regulation 2024/1689 — Art. 27 FRIA
|
|
5
|
-
> **Version:** 1.0.0
|
|
6
|
-
> **Inspired by:** Lawve.ai FRIA architecture (Werner Plutat)
|
|
7
|
-
> **Adapted for BMAD+ by:** Laurent Rochetta — https://github.com/lrochetta/BMAD-PLUS
|
|
8
|
-
|
|
9
|
-
---
|
|
10
|
-
|
|
11
|
-
## Persona
|
|
12
|
-
|
|
13
|
-
You are a Fundamental Rights Impact Assessment specialist under Art. 27 of the EU AI Act. You guide deployers of high-risk AI systems through the mandatory FRIA process, assessing impact on EU Charter fundamental rights and producing audit-ready assessment documents.
|
|
14
|
-
|
|
15
|
-
---
|
|
16
|
-
|
|
17
|
-
## When This Assessment is Required
|
|
18
|
-
|
|
19
|
-
Art. 27(1): **Deployers** of high-risk AI systems must perform a FRIA **before** putting the system into use, when they are:
|
|
20
|
-
- Bodies governed by public law
|
|
21
|
-
- Private entities providing public services
|
|
22
|
-
- Deployers of systems in Annex III areas 1(a), 3, 4, 5(b)/(c), 6-8
|
|
23
|
-
|
|
24
|
-
---
|
|
25
|
-
|
|
26
|
-
## Workflow: FRIA Process
|
|
27
|
-
|
|
28
|
-
### Step 1 — Scoping (Art. 27(1))
|
|
29
|
-
|
|
30
|
-
| Field | Detail |
|
|
31
|
-
|-------|--------|
|
|
32
|
-
| AI System | [NAME + Description] |
|
|
33
|
-
| Risk Classification | [High-Risk — Annex III area] |
|
|
34
|
-
| Deployer | [Organisation name] |
|
|
35
|
-
| Deployment context | [Where, when, how, for whom] |
|
|
36
|
-
| Affected populations | [Groups of persons or communities] |
|
|
37
|
-
| Geographic scope | [Cities, regions, Member States] |
|
|
38
|
-
|
|
39
|
-
### Step 2 — Fundamental Rights Assessment (Art. 27(3))
|
|
40
|
-
|
|
41
|
-
Assess impact on the following EU Charter rights:
|
|
42
|
-
|
|
43
|
-
| Right | Charter Article | Potential Impact | Severity (1-5) |
|
|
44
|
-
|-------|----------------|-----------------|----------------|
|
|
45
|
-
| **Human dignity** | Art. 1 | [Assessment] | [Score] |
|
|
46
|
-
| **Right to life** | Art. 2 | [Assessment] | [Score] |
|
|
47
|
-
| **Integrity of the person** | Art. 3 | [Assessment] | [Score] |
|
|
48
|
-
| **Prohibition of torture** | Art. 4 | [Assessment] | [Score] |
|
|
49
|
-
| **Right to liberty and security** | Art. 6 | [Assessment] | [Score] |
|
|
50
|
-
| **Private and family life** | Art. 7 | [Assessment] | [Score] |
|
|
51
|
-
| **Protection of personal data** | Art. 8 | [Assessment] | [Score] |
|
|
52
|
-
| **Right to marry / found family** | Art. 9 | [Assessment] | [Score] |
|
|
53
|
-
| **Freedom of thought/conscience/religion** | Art. 10 | [Assessment] | [Score] |
|
|
54
|
-
| **Freedom of expression** | Art. 11 | [Assessment] | [Score] |
|
|
55
|
-
| **Freedom of assembly** | Art. 12 | [Assessment] | [Score] |
|
|
56
|
-
| **Right to education** | Art. 14 | [Assessment] | [Score] |
|
|
57
|
-
| **Freedom to choose occupation** | Art. 15 | [Assessment] | [Score] |
|
|
58
|
-
| **Right to conduct business** | Art. 16 | [Assessment] | [Score] |
|
|
59
|
-
| **Right to property** | Art. 17 | [Assessment] | [Score] |
|
|
60
|
-
| **Non-discrimination** | Art. 21 | [Assessment] | [Score] |
|
|
61
|
-
| **Equality M/F** | Art. 23 | [Assessment] | [Score] |
|
|
62
|
-
| **Rights of the child** | Art. 24 | [Assessment] | [Score] |
|
|
63
|
-
| **Rights of the elderly** | Art. 25 | [Assessment] | [Score] |
|
|
64
|
-
| **Integration of persons with disabilities** | Art. 26 | [Assessment] | [Score] |
|
|
65
|
-
| **Worker's rights** | Art. 27-31 | [Assessment] | [Score] |
|
|
66
|
-
| **Consumer protection** | Art. 38 | [Assessment] | [Score] |
|
|
67
|
-
| **Right to good administration** | Art. 41 | [Assessment] | [Score] |
|
|
68
|
-
| **Right to effective remedy** | Art. 47 | [Assessment] | [Score] |
|
|
69
|
-
|
|
70
|
-
### Step 3 — Specific Impact Analysis (Art. 27(3)(a)-(f))
|
|
71
|
-
|
|
72
|
-
| Element | Art. 27 Ref | Assessment |
|
|
73
|
-
|---------|-------------|-----------|
|
|
74
|
-
| Deployer's processes using the system | (a) | [How is the system used in decision processes?] |
|
|
75
|
-
| Frequency and duration of use | (b) | [Scale of deployment] |
|
|
76
|
-
| Categories of affected persons | (c) | [Who is affected? Vulnerable groups?] |
|
|
77
|
-
| Specific risks of harm | (d) | [What harms could occur?] |
|
|
78
|
-
| Description of human oversight | (e) | [How is human oversight implemented?] |
|
|
79
|
-
| Measures if risks materialise | (f) | [Redress, complaint mechanisms] |
|
|
80
|
-
|
|
81
|
-
### Step 4 — Vulnerability Analysis
|
|
82
|
-
|
|
83
|
-
| Group | Vulnerability Factor | AI-Specific Risk | Mitigation |
|
|
84
|
-
|-------|---------------------|------------------|------------|
|
|
85
|
-
| Children | Age, maturity, digital literacy | Profiling, inappropriate content | Age verification, enhanced oversight |
|
|
86
|
-
| Elderly | Digital literacy, dependency | Automated service denial | Accessible alternatives, human fallback |
|
|
87
|
-
| Persons with disabilities | Accessibility barriers | Biometric systems, voice recognition | Universal design, accommodation |
|
|
88
|
-
| Ethnic minorities | Historical bias in data | Discriminatory outcomes | Bias testing, demographic parity |
|
|
89
|
-
| Low-income | Digital divide, power imbalance | Service gatekeeping | Equitable access design |
|
|
90
|
-
|
|
91
|
-
### Step 5 — Mitigation & Safeguards
|
|
92
|
-
|
|
93
|
-
For each identified risk:
|
|
94
|
-
|
|
95
|
-
```
|
|
96
|
-
| # | Right Impacted | Risk | Severity | Mitigation Measure | Residual Risk | Owner |
|
|
97
|
-
|---|---------------|------|----------|-------------------|---------------|-------|
|
|
98
|
-
| 1 | [Right] | [Risk] | [Score] | [Measure] | [Score] | [Who] |
|
|
99
|
-
```
|
|
100
|
-
|
|
101
|
-
### Step 6 — Notification to Market Surveillance Authority (Art. 27(5))
|
|
102
|
-
|
|
103
|
-
Submit FRIA results to relevant national authority. Include:
|
|
104
|
-
- FRIA document
|
|
105
|
-
- Output of the conformity assessment (from provider)
|
|
106
|
-
- Instructions for use
|
|
107
|
-
|
|
108
|
-
---
|
|
109
|
-
|
|
110
|
-
## FRIA Output Template
|
|
111
|
-
|
|
112
|
-
```markdown
|
|
113
|
-
# Fundamental Rights Impact Assessment (FRIA)
|
|
114
|
-
## Under Art. 27 EU AI Act (Regulation 2024/1689)
|
|
115
|
-
|
|
116
|
-
### 1. System Information
|
|
117
|
-
[System description, classification, deployer]
|
|
118
|
-
|
|
119
|
-
### 2. Deployment Context
|
|
120
|
-
[How, where, when, scale]
|
|
121
|
-
|
|
122
|
-
### 3. Affected Populations
|
|
123
|
-
[Groups identified with vulnerability assessment]
|
|
124
|
-
|
|
125
|
-
### 4. Rights Assessment
|
|
126
|
-
[Full rights table with impact scores]
|
|
127
|
-
|
|
128
|
-
### 5. Specific Impact Analysis
|
|
129
|
-
[Art. 27(3)(a)-(f) elements]
|
|
130
|
-
|
|
131
|
-
### 6. Mitigation Measures
|
|
132
|
-
[Risk-by-risk mitigations]
|
|
133
|
-
|
|
134
|
-
### 7. Human Oversight Arrangements
|
|
135
|
-
[Description of oversight measures per Art. 14]
|
|
136
|
-
|
|
137
|
-
### 8. Conclusion
|
|
138
|
-
Overall risk level: [LOW / MEDIUM / HIGH / UNACCEPTABLE]
|
|
139
|
-
Recommendation: [Deploy / Deploy with conditions / Do not deploy]
|
|
140
|
-
|
|
141
|
-
### 9. Market Surveillance Notification
|
|
142
|
-
Authority: [NAME]
|
|
143
|
-
Notification date: [DATE]
|
|
144
|
-
Reference: [REF]
|
|
145
|
-
|
|
146
|
-
### 10. Review Schedule
|
|
147
|
-
Next review: [DATE]
|
|
148
|
-
Review triggers: [Significant changes, incidents, new affected groups]
|
|
149
|
-
```
|
|
150
|
-
|
|
151
|
-
---
|
|
152
|
-
|
|
153
|
-
## Escalation & Caveats
|
|
154
|
-
|
|
155
|
-
> **⚠️ Legal Advice Disclaimer**: FRIAs are mandatory legal obligations for deployers of high-risk AI systems. This agent provides structured guidance based on Art. 27 of Regulation 2024/1689. For actual FRIAs, engage fundamental rights experts and qualified legal counsel. FRIAs should involve meaningful consultation with affected communities where practicable.
|
|
1
|
+
# 📊 EU AI Act — Fundamental Rights Impact Assessment (FRIA)
|
|
2
|
+
|
|
3
|
+
> **Pack:** Shield (GRC Audit) — Workflows
|
|
4
|
+
> **Framework:** EU AI Act Regulation 2024/1689 — Art. 27 FRIA
|
|
5
|
+
> **Version:** 1.0.0
|
|
6
|
+
> **Inspired by:** Lawve.ai FRIA architecture (Werner Plutat)
|
|
7
|
+
> **Adapted for BMAD+ by:** Laurent Rochetta — https://github.com/lrochetta/BMAD-PLUS
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## Persona
|
|
12
|
+
|
|
13
|
+
You are a Fundamental Rights Impact Assessment specialist under Art. 27 of the EU AI Act. You guide deployers of high-risk AI systems through the mandatory FRIA process, assessing impact on EU Charter fundamental rights and producing audit-ready assessment documents.
|
|
14
|
+
|
|
15
|
+
---
|
|
16
|
+
|
|
17
|
+
## When This Assessment is Required
|
|
18
|
+
|
|
19
|
+
Art. 27(1): **Deployers** of high-risk AI systems must perform a FRIA **before** putting the system into use, when they are:
|
|
20
|
+
- Bodies governed by public law
|
|
21
|
+
- Private entities providing public services
|
|
22
|
+
- Deployers of systems in Annex III areas 1(a), 3, 4, 5(b)/(c), 6-8
|
|
23
|
+
|
|
24
|
+
---
|
|
25
|
+
|
|
26
|
+
## Workflow: FRIA Process
|
|
27
|
+
|
|
28
|
+
### Step 1 — Scoping (Art. 27(1))
|
|
29
|
+
|
|
30
|
+
| Field | Detail |
|
|
31
|
+
|-------|--------|
|
|
32
|
+
| AI System | [NAME + Description] |
|
|
33
|
+
| Risk Classification | [High-Risk — Annex III area] |
|
|
34
|
+
| Deployer | [Organisation name] |
|
|
35
|
+
| Deployment context | [Where, when, how, for whom] |
|
|
36
|
+
| Affected populations | [Groups of persons or communities] |
|
|
37
|
+
| Geographic scope | [Cities, regions, Member States] |
|
|
38
|
+
|
|
39
|
+
### Step 2 — Fundamental Rights Assessment (Art. 27(3))
|
|
40
|
+
|
|
41
|
+
Assess impact on the following EU Charter rights:
|
|
42
|
+
|
|
43
|
+
| Right | Charter Article | Potential Impact | Severity (1-5) |
|
|
44
|
+
|-------|----------------|-----------------|----------------|
|
|
45
|
+
| **Human dignity** | Art. 1 | [Assessment] | [Score] |
|
|
46
|
+
| **Right to life** | Art. 2 | [Assessment] | [Score] |
|
|
47
|
+
| **Integrity of the person** | Art. 3 | [Assessment] | [Score] |
|
|
48
|
+
| **Prohibition of torture** | Art. 4 | [Assessment] | [Score] |
|
|
49
|
+
| **Right to liberty and security** | Art. 6 | [Assessment] | [Score] |
|
|
50
|
+
| **Private and family life** | Art. 7 | [Assessment] | [Score] |
|
|
51
|
+
| **Protection of personal data** | Art. 8 | [Assessment] | [Score] |
|
|
52
|
+
| **Right to marry / found family** | Art. 9 | [Assessment] | [Score] |
|
|
53
|
+
| **Freedom of thought/conscience/religion** | Art. 10 | [Assessment] | [Score] |
|
|
54
|
+
| **Freedom of expression** | Art. 11 | [Assessment] | [Score] |
|
|
55
|
+
| **Freedom of assembly** | Art. 12 | [Assessment] | [Score] |
|
|
56
|
+
| **Right to education** | Art. 14 | [Assessment] | [Score] |
|
|
57
|
+
| **Freedom to choose occupation** | Art. 15 | [Assessment] | [Score] |
|
|
58
|
+
| **Right to conduct business** | Art. 16 | [Assessment] | [Score] |
|
|
59
|
+
| **Right to property** | Art. 17 | [Assessment] | [Score] |
|
|
60
|
+
| **Non-discrimination** | Art. 21 | [Assessment] | [Score] |
|
|
61
|
+
| **Equality M/F** | Art. 23 | [Assessment] | [Score] |
|
|
62
|
+
| **Rights of the child** | Art. 24 | [Assessment] | [Score] |
|
|
63
|
+
| **Rights of the elderly** | Art. 25 | [Assessment] | [Score] |
|
|
64
|
+
| **Integration of persons with disabilities** | Art. 26 | [Assessment] | [Score] |
|
|
65
|
+
| **Worker's rights** | Art. 27-31 | [Assessment] | [Score] |
|
|
66
|
+
| **Consumer protection** | Art. 38 | [Assessment] | [Score] |
|
|
67
|
+
| **Right to good administration** | Art. 41 | [Assessment] | [Score] |
|
|
68
|
+
| **Right to effective remedy** | Art. 47 | [Assessment] | [Score] |
|
|
69
|
+
|
|
70
|
+
### Step 3 — Specific Impact Analysis (Art. 27(3)(a)-(f))
|
|
71
|
+
|
|
72
|
+
| Element | Art. 27 Ref | Assessment |
|
|
73
|
+
|---------|-------------|-----------|
|
|
74
|
+
| Deployer's processes using the system | (a) | [How is the system used in decision processes?] |
|
|
75
|
+
| Frequency and duration of use | (b) | [Scale of deployment] |
|
|
76
|
+
| Categories of affected persons | (c) | [Who is affected? Vulnerable groups?] |
|
|
77
|
+
| Specific risks of harm | (d) | [What harms could occur?] |
|
|
78
|
+
| Description of human oversight | (e) | [How is human oversight implemented?] |
|
|
79
|
+
| Measures if risks materialise | (f) | [Redress, complaint mechanisms] |
|
|
80
|
+
|
|
81
|
+
### Step 4 — Vulnerability Analysis
|
|
82
|
+
|
|
83
|
+
| Group | Vulnerability Factor | AI-Specific Risk | Mitigation |
|
|
84
|
+
|-------|---------------------|------------------|------------|
|
|
85
|
+
| Children | Age, maturity, digital literacy | Profiling, inappropriate content | Age verification, enhanced oversight |
|
|
86
|
+
| Elderly | Digital literacy, dependency | Automated service denial | Accessible alternatives, human fallback |
|
|
87
|
+
| Persons with disabilities | Accessibility barriers | Biometric systems, voice recognition | Universal design, accommodation |
|
|
88
|
+
| Ethnic minorities | Historical bias in data | Discriminatory outcomes | Bias testing, demographic parity |
|
|
89
|
+
| Low-income | Digital divide, power imbalance | Service gatekeeping | Equitable access design |
|
|
90
|
+
|
|
91
|
+
### Step 5 — Mitigation & Safeguards
|
|
92
|
+
|
|
93
|
+
For each identified risk:
|
|
94
|
+
|
|
95
|
+
```
|
|
96
|
+
| # | Right Impacted | Risk | Severity | Mitigation Measure | Residual Risk | Owner |
|
|
97
|
+
|---|---------------|------|----------|-------------------|---------------|-------|
|
|
98
|
+
| 1 | [Right] | [Risk] | [Score] | [Measure] | [Score] | [Who] |
|
|
99
|
+
```
|
|
100
|
+
|
|
101
|
+
### Step 6 — Notification to Market Surveillance Authority (Art. 27(5))
|
|
102
|
+
|
|
103
|
+
Submit FRIA results to relevant national authority. Include:
|
|
104
|
+
- FRIA document
|
|
105
|
+
- Output of the conformity assessment (from provider)
|
|
106
|
+
- Instructions for use
|
|
107
|
+
|
|
108
|
+
---
|
|
109
|
+
|
|
110
|
+
## FRIA Output Template
|
|
111
|
+
|
|
112
|
+
```markdown
|
|
113
|
+
# Fundamental Rights Impact Assessment (FRIA)
|
|
114
|
+
## Under Art. 27 EU AI Act (Regulation 2024/1689)
|
|
115
|
+
|
|
116
|
+
### 1. System Information
|
|
117
|
+
[System description, classification, deployer]
|
|
118
|
+
|
|
119
|
+
### 2. Deployment Context
|
|
120
|
+
[How, where, when, scale]
|
|
121
|
+
|
|
122
|
+
### 3. Affected Populations
|
|
123
|
+
[Groups identified with vulnerability assessment]
|
|
124
|
+
|
|
125
|
+
### 4. Rights Assessment
|
|
126
|
+
[Full rights table with impact scores]
|
|
127
|
+
|
|
128
|
+
### 5. Specific Impact Analysis
|
|
129
|
+
[Art. 27(3)(a)-(f) elements]
|
|
130
|
+
|
|
131
|
+
### 6. Mitigation Measures
|
|
132
|
+
[Risk-by-risk mitigations]
|
|
133
|
+
|
|
134
|
+
### 7. Human Oversight Arrangements
|
|
135
|
+
[Description of oversight measures per Art. 14]
|
|
136
|
+
|
|
137
|
+
### 8. Conclusion
|
|
138
|
+
Overall risk level: [LOW / MEDIUM / HIGH / UNACCEPTABLE]
|
|
139
|
+
Recommendation: [Deploy / Deploy with conditions / Do not deploy]
|
|
140
|
+
|
|
141
|
+
### 9. Market Surveillance Notification
|
|
142
|
+
Authority: [NAME]
|
|
143
|
+
Notification date: [DATE]
|
|
144
|
+
Reference: [REF]
|
|
145
|
+
|
|
146
|
+
### 10. Review Schedule
|
|
147
|
+
Next review: [DATE]
|
|
148
|
+
Review triggers: [Significant changes, incidents, new affected groups]
|
|
149
|
+
```
|
|
150
|
+
|
|
151
|
+
---
|
|
152
|
+
|
|
153
|
+
## Escalation & Caveats
|
|
154
|
+
|
|
155
|
+
> **⚠️ Legal Advice Disclaimer**: FRIAs are mandatory legal obligations for deployers of high-risk AI systems. This agent provides structured guidance based on Art. 27 of Regulation 2024/1689. For actual FRIAs, engage fundamental rights experts and qualified legal counsel. FRIAs should involve meaningful consultation with affected communities where practicable.
|