This paper examines the relationship between Human Rights Due Diligence (HRDD), as established under the Corporate Sustainability Due Diligence Directive (CSDDD), and Fundamental Rights Impact Assessments (FRIA) under the EU Artificial Intelligence Act. While both instruments rely on risk- based, ex ante accountability mechanisms, they operate at different levels: HRDD provides an enterprise- wide framework for identifying and managing human rights risks, whereas FRIA focuses on the deployment-specific impacts of high-risk AI systems. The paper argues that these mechanisms should be understood as functionally complementary components of a multi-layered system of risk governance. Through a doctrinal analysis and the case study of AI-driven credit scoring, it demonstrates how risks to fundamental rights emerge both at the stages of system design and deployment, requiring coordinated regulatory responses. It further highlights existing gaps in the alignment of the two regimes and considers ongoing legislative developments, including the Digital Omnibus initiative, as a potential avenue for improving coherence. The paper concludes that integrating HRDD and FRIA is essential to ensure effective and context-sensitive protection of fundamental rights in the age of artificial intelligence.
M. Fasciglione, Governing AI Risks Across Regulatory Layers: Human Rights Due Diligence and Fundamental Rights Impact Assessment in EU Law, lceonline (www.lceonline.eu), 1/2026
Marco Fasciglione
2026
Abstract
This paper examines the relationship between Human Rights Due Diligence (HRDD), as established under the Corporate Sustainability Due Diligence Directive (CSDDD), and Fundamental Rights Impact Assessments (FRIA) under the EU Artificial Intelligence Act. While both instruments rely on risk- based, ex ante accountability mechanisms, they operate at different levels: HRDD provides an enterprise- wide framework for identifying and managing human rights risks, whereas FRIA focuses on the deployment-specific impacts of high-risk AI systems. The paper argues that these mechanisms should be understood as functionally complementary components of a multi-layered system of risk governance. Through a doctrinal analysis and the case study of AI-driven credit scoring, it demonstrates how risks to fundamental rights emerge both at the stages of system design and deployment, requiring coordinated regulatory responses. It further highlights existing gaps in the alignment of the two regimes and considers ongoing legislative developments, including the Digital Omnibus initiative, as a potential avenue for improving coherence. The paper concludes that integrating HRDD and FRIA is essential to ensure effective and context-sensitive protection of fundamental rights in the age of artificial intelligence.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
