What is an AI risk assessment?

An AI risk assessment identifies what could go wrong with your AI system, how likely it is, how serious the impact would be, and what you're doing to prevent it. It covers technical risks (accuracy, bias, security), operational risks (system failures, data quality), legal risks (GDPR violations, AI Act non-compliance), and ethical risks (fairness, transparency, human oversight). It's a living document that should be reviewed regularly, not a one-time exercise.

Is an AI risk assessment the same as a DPIA?

No, but they overlap. A DPIA focuses specifically on data protection risks to individuals under GDPR. An AI risk assessment covers a broader scope — including technical performance, bias, safety, and business risks — as required by the EU AI Act's risk management system (Article 9). For most AI systems processing personal data, you need both. The good news: about 60% of the content overlaps, so doing one makes the other easier.

How often should I reassess AI risks?

At minimum: after any significant change to the AI system (new model, new data source, new use case), after an incident or near-miss, annually as a baseline review, and when regulations change. For high-risk AI systems under the EU AI Act, continuous monitoring is required — not just periodic review. In practice, quarterly reviews with ad-hoc assessments for changes works well for most SMEs.

What AI risks should I assess?

Key risk categories: accuracy and reliability (does it give correct outputs?), bias and fairness (does it treat groups differently?), security (can it be attacked or manipulated?), privacy (does it protect personal data?), transparency (can you explain how it works?), human oversight (can humans intervene?), robustness (does it handle edge cases?), and legal compliance (does it meet GDPR and AI Act requirements?). Score each by likelihood and impact.

How much does a professional AI risk assessment cost?

A professional AI risk assessment costs £2,000-£5,000 for a single AI system. Complex systems with multiple models or high-risk classifications cost £5,000-£10,000. This typically includes risk identification, scoring, mitigation planning, and documentation. DIY is possible using frameworks like NIST AI RMF or ISO 42001, but takes significant internal time and may miss AI-specific risks if you don't have the expertise.

AI Risk Assessment: How to Evaluate Your AI System Before Regulators Do

Here's the thing about AI risk assessments: nobody does them until they have to. Then they scramble.

The EU AI Act makes risk assessment mandatory for high-risk AI systems under Article 9. The ICO already expects it for any AI system processing personal data under GDPR. And enforcement is ramping up — the EU AI Office is operational, the ICO has a dedicated AI team, and the first round of fines is coming.

If you've got an AI system in production and you haven't formally assessed its risks, you're running blind. Not just from a compliance standpoint. You genuinely don't know what could go wrong, how bad it could get, or whether your mitigations are adequate.

Let's fix that. I'll walk you through exactly how to run an AI risk assessment — what to look at, how to score it, how to document it, and what frameworks to use. No jargon-heavy theory. Just a practical process you can start this week.

Why You Need to Do This Now

Three things are converging:

The EU AI Act (August 2, 2026). High-risk AI systems need a full risk management system under Article 9. That's not a one-time assessment — it's continuous risk management throughout the AI system's lifecycle. If you're building or deploying AI that touches employment, credit, education, or essential services, you're in scope. If you haven't started your conformity assessment, the risk assessment is step one.

GDPR enforcement on AI. The ICO and EU DPAs aren't waiting for the AI Act. They're using existing GDPR powers — Articles 5, 22, 25, and 35 — to go after AI systems today. A DPIA is required for high-risk processing. And the first question in any DPIA is: what are the risks?

Client expectations. Enterprise buyers and public sector procurement are starting to ask for evidence of AI risk management. Not theoretical commitments — actual documentation. If you can't produce a risk assessment, you lose the deal.

The window between "best practice" and "legal requirement" is closing fast. Do it now while you can control the pace, rather than later when a regulator's setting the deadline.

The 8 Risk Categories You Need to Assess

Every AI system has risks across these eight categories. Some will be more relevant than others depending on your system, but you need to at least consider all of them.

1. Accuracy and Reliability

Does your AI system produce correct outputs? How often does it get things wrong? What happens when it does?

This isn't just about model accuracy metrics. It's about real-world reliability. A chatbot with 95% accuracy on your test set might still hallucinate confidently when customers ask unexpected questions. A document processing system that works perfectly on clean PDFs might fall apart on scanned handwritten forms.

What to check: Error rates in production (not just testing), types of errors (false positives vs. false negatives), impact of errors on end users, performance degradation over time (model drift).

2. Bias and Fairness

Does your AI system treat different groups of people differently? If it does, is that difference justified?

This is where a lot of businesses get caught. Bias doesn't have to be intentional. A recruitment AI trained on historical hiring data will replicate historical biases. A credit scoring model trained on postcode data picks up socioeconomic proxies for race and ethnicity.

What to check: Disparate impact across protected characteristics (gender, race, age, disability), training data composition, proxy variables that correlate with protected characteristics, whether bias testing has actually been done.

3. Security

Can your AI system be attacked, manipulated, or exploited?

AI systems have attack surfaces that traditional software doesn't. Prompt injection, adversarial inputs, data poisoning, model extraction — these aren't theoretical. They're happening today. If your AI system makes decisions that affect people or money, someone will eventually try to game it.

What to check: Prompt injection vulnerabilities (especially for LLM-based systems), adversarial input resilience, access controls on model and training data, logging and anomaly detection, supply chain risks (third-party models and APIs).

4. Privacy

Does your AI system protect personal data?

This overlaps heavily with your DPIA requirements, but the AI-specific risks go further. Training data might contain personal data that's hard to remove. Language models can memorise and regurgitate personal information from their training set. Inference data gets processed and stored in ways that might not match your privacy notice.

What to check: Personal data in training data, data minimisation (are you collecting more than you need?), retention periods for inference data, cross-border data transfers (especially with US-hosted AI APIs), consent mechanisms and legal basis.

5. Transparency

Can you explain how your AI system works? Can users understand what's happening?

The EU AI Act requires transparency at multiple levels. Users need to know they're interacting with AI. People affected by AI decisions need to understand how those decisions were made. And for high-risk systems, you need technical documentation explaining the system's logic.

What to check: User notification (do people know they're interacting with AI?), explainability (can you explain individual decisions?), documentation quality, information provided to affected individuals under GDPR Article 22.

6. Human Oversight

Can humans intervene when the AI gets it wrong?

This is a hard requirement under the AI Act for high-risk systems (Article 14). But it's good practice for any AI system making consequential decisions. The question isn't just "can a human override it?" — it's whether the human has enough information, authority, and time to actually do so.

What to check: Override mechanisms, human review for high-stakes decisions, alert systems for anomalies, whether human oversight is genuine or just a rubber stamp, training for human reviewers.

7. Robustness

Does your AI system handle edge cases, unexpected inputs, and changing conditions?

Production environments are messy. Users will input things you didn't anticipate. Data distributions will shift. External APIs will go down. A robust system degrades gracefully. A fragile one fails silently — which is worse than failing loudly, because nobody notices until the damage is done.

What to check: Edge case handling, graceful degradation, fallback mechanisms, monitoring for data drift, behaviour under load, recovery from failures.

8. Legal Compliance

Does your AI system meet GDPR, AI Act, and sector-specific requirements?

This is the catch-all category. Beyond privacy and transparency, you need to consider: Are your automated decisions lawful under GDPR Article 22? Does your risk classification under the AI Act match reality? Are there sector-specific regulations you're missing (financial services, healthcare, employment)?

What to check: GDPR compliance (lawful basis, rights management, automated decision-making), AI Act classification and obligations, sector-specific regulations, contractual obligations, insurance requirements.

How to Score Risks: The Likelihood × Impact Matrix

Identifying risks is step one. Scoring them is step two. You need a consistent method for prioritising — otherwise you'll either treat everything as catastrophic or ignore real threats.

The standard approach is a likelihood × impact matrix. It's simple, it's widely recognised by regulators, and it works.

Likelihood Scale (1-5)

Score	Label	Description
1	Rare	Could happen in theory, but hasn't and probably won't
2	Unlikely	Has happened elsewhere, but unlikely for your system
3	Possible	Could realistically happen within the next 12 months
4	Likely	Has happened to similar systems or early warning signs exist
5	Almost certain	Has already happened or is expected

Impact Scale (1-5)

Score	Label	Description
1	Negligible	Minor inconvenience, no lasting effect
2	Minor	Limited harm, easily reversible
3	Moderate	Significant harm to individuals or the business
4	Major	Serious harm, regulatory investigation likely
5	Severe	Irreversible harm, large-scale regulatory action, existential business risk

Risk Score

Multiply likelihood by impact. That gives you a score from 1-25.

1-4 (Low): Accept and monitor. Document the risk, note why it's low, review quarterly.
5-9 (Medium): Mitigate. Implement controls to reduce likelihood or impact. Review monthly.
10-15 (High): Prioritise. Significant mitigation needed before the system operates. Review weekly during mitigation.
16-25 (Critical): Stop. The system shouldn't operate until the risk is reduced. Immediate action required.

This isn't just for show. Regulators expect to see a structured approach. If an incident happens and you can show you identified the risk, scored it, and implemented proportionate mitigations — that's a fundamentally different conversation than "we didn't think about it."

Practical Walkthrough: Assessing a Customer Service AI Chatbot

Let's make this concrete. Say you've built an AI chatbot for customer service. It handles enquiries, processes returns, and escalates complaints. It uses an LLM API (like GPT-4 or Claude) with retrieval-augmented generation pulling from your knowledge base.

Here's how the risk assessment might look for three of the eight categories:

Accuracy and Reliability

Risk: Chatbot provides incorrect information about return policies or product specifications, leading to customer complaints or financial loss.

Likelihood: 4 (Likely) — LLM hallucination is well-documented, and RAG systems can retrieve wrong documents.

Impact: 3 (Moderate) — Incorrect information could lead to lost revenue and customer churn, but most errors are catchable before they cause serious harm.

Risk score: 12 (High)

Mitigations: RAG retrieval confidence thresholds (don't answer if confidence is below 0.8), human escalation for financial queries above £100, weekly accuracy audits on a sample of conversations, feedback loop for customers to flag incorrect answers.

Residual risk after mitigations: 6 (Medium) — Acceptable.

Bias and Fairness

Risk: Chatbot provides different quality of service based on customer name, language patterns, or other proxies for protected characteristics.

Likelihood: 2 (Unlikely) — The system responds to queries, not customer demographics. But underlying LLM biases could affect tone or helpfulness.

Impact: 3 (Moderate) — Discriminatory service delivery could trigger complaints and regulatory scrutiny.

Risk score: 6 (Medium)

Mitigations: Regular audits comparing response quality across demographic proxies, standardised response templates for common queries, bias testing with synthetic inputs representing diverse customer bases.

Residual risk after mitigations: 3 (Low) — Acceptable.

Privacy

Risk: Customers share personal data (addresses, payment details, health information) in chat, which gets processed by a third-party LLM API and potentially logged.

Likelihood: 5 (Almost certain) — Customers will share personal data in support conversations. That's inevitable.

Impact: 4 (Major) — Personal data sent to a US-based API without adequate safeguards is a GDPR violation. A breach affecting customer data triggers mandatory notification.

Risk score: 20 (Critical)

Mitigations: PII detection and redaction before sending to the LLM API, data processing agreement with the API provider, EU-hosted API endpoints where available, clear privacy notice at the start of each conversation, automatic data deletion after retention period.

Residual risk after mitigations: 8 (Medium) — Acceptable, but needs ongoing monitoring.

That's the pattern. Repeat across all eight categories. Document everything.

Which Framework Should You Use?

You don't have to start from scratch. Three frameworks are worth knowing about:

NIST AI Risk Management Framework (AI RMF)

Best for: US-facing businesses, general-purpose AI risk management, organisations that want a flexible framework.

The NIST AI RMF gives you a structured approach across four functions: Govern, Map, Measure, Manage. It's voluntary, well-documented, and widely referenced. The Playbook (companion document) gives specific actions for each function.

Cost: Free. The framework and all supporting materials are publicly available.

Limitation: It's not designed for EU AI Act compliance specifically. You'll need to map its outputs to AI Act requirements separately.

ISO/IEC 42001 (AI Management System)

Best for: Organisations that want certifiable AI governance, businesses already familiar with ISO management systems (ISO 27001, ISO 9001).

ISO 42001 provides a management system standard for AI. It covers risk assessment, but also governance structure, policies, and continuous improvement. It's the closest thing to a certification standard for AI governance right now.

Cost: The standard costs around £150 to purchase. Certification audits run £5,000-£15,000 depending on scope. Implementation costs vary widely.

Limitation: Heavy for SMEs. If you've never implemented an ISO management system, this is a big lift.

EU AI Act Article 9 (Risk Management System)

Best for: Any business deploying high-risk AI in the EU. This isn't optional — it's the law from August 2026.

Article 9 requires a risk management system that's established, documented, maintained, and updated throughout the AI system's lifecycle. It specifically requires: identification and analysis of known and reasonably foreseeable risks, estimation and evaluation of risks, adoption of risk management measures, and testing to ensure residual risks are acceptable.

Cost: Compliance is mandatory. The cost of implementing it depends on your system's complexity — £2,000-£10,000 for most SMEs.

Limitation: The technical standards are still being finalised. Some requirements are clear, others need interpretation.

My Recommendation

For most SMEs, use the EU AI Act Article 9 requirements as your baseline (since you'll need to comply anyway), supplement with NIST AI RMF for practical guidance on risk identification and measurement, and consider ISO 42001 only if you need formal certification for enterprise sales.

The eight-category framework I outlined above covers everything these three frameworks require. It's designed to be practical rather than theoretical.

DIY vs. Professional: What It Costs

Doing It Yourself

Time investment: 40-80 hours for a single AI system, spread across risk identification workshops, scoring, mitigation planning, and documentation.

Direct costs: Minimal. The frameworks are free (except ISO 42001 standard document at £150). Your main cost is staff time.

Where it works: You have an AI-literate team, your system is relatively simple (a chatbot, a document processor), and you're comfortable interpreting regulatory requirements.

Where it breaks down: Complex systems, high-risk classifications, limited internal AI expertise. Getting the risk classification wrong is expensive — either you over-invest in compliance you don't need, or you under-invest and face penalties.

Hiring a Professional

Cost: £2,000-£5,000 for a standard AI system. £5,000-£10,000 for complex or high-risk systems.

What you get: Risk identification across all categories, structured scoring with regulatory alignment, mitigation roadmap, documentation ready for regulator review, and ongoing support for updates.

Where it makes sense: Your AI system touches personal data, employment, finance, or other sensitive areas. You need documentation that will stand up to regulatory scrutiny. You'd rather spend 40 hours running your business than learning risk assessment methodology.

The return on investment is straightforward. A professional assessment costs less than the cheapest regulatory fine (which starts at €7.5 million under the AI Act, or 1.5% of global turnover). It's insurance that also improves your system.

How to Document It

Your risk assessment documentation needs to include:

System description — What the AI system does, how it works, who it affects.
Risk register — Every identified risk with its category, description, likelihood, impact, and score.
Mitigation measures — What you're doing about each risk, who's responsible, and by when.
Residual risk — The risk score after mitigations. Is it acceptable?
Review schedule — When you'll reassess (quarterly minimum, plus after any significant change).
Version history — Dated record of all changes. Regulators want to see this.

Keep it as a living document. A risk assessment that was done once in March 2026 and never updated is almost worse than not having one — it shows you knew about the risks and chose not to monitor them.

What Happens If You Don't Do This

Let me be direct.

Under the EU AI Act, failure to maintain a risk management system for a high-risk AI system can result in fines of up to €35 million or 7% of global annual turnover. For SMEs, penalties are proportionate — but proportionate to what could be a six-figure fine is still painful.

Under GDPR, deploying an AI system without adequate risk assessment (where a DPIA was required) is a violation of Article 35. Fines up to €20 million or 4% of turnover. The ICO has issued enforcement notices for exactly this.

Beyond fines, there's the operational risk. An AI system that fails in production — biased decisions, data breach, wrong outputs — damages customer trust and your reputation. The risk assessment is how you prevent that.

Next Steps

If you've got an AI system in production or development, here's what to do this week:

Classify your system under the EU AI Act risk categories. Our conformity assessment guide walks you through this.
Run through the eight risk categories above. Even a rough first pass is better than nothing.
Score each risk using the likelihood × impact matrix. Be honest — underscoring risks doesn't make them go away.
Document everything. A risk register doesn't have to be fancy. A spreadsheet works. Just make it structured and dated.
If your system processes personal data, you'll also need a DPIA. Here's how to write one for AI systems.

If you want someone to handle the risk assessment for you — or if you need both the AI build and the compliance documentation — that's what we do. We build AI systems that work and document them so they're compliant from day one. No separate compliance firm needed.

Get in touch and we'll scope your risk assessment. No obligation, no sales pitch — just an honest assessment of where you stand and what you need.