The AI System Assessor conducts discovery, classification, risk assessment, and AISDP compilation for each system. The Assessor examines each system against the Article 3(1) definition, classifies within risk tiers, performs gap assessment for brownfield systems, and assembles the AISDP from engineering artefacts. The role must combine regulatory and technical understanding.

The Assessor is responsible (R in RACI) for risk classification, risk assessment, and conformity assessment. The Assessor is consulted © on FRIA, architecture review, PMM operation, and serious incident reporting. Functional independence from the development team is required during the conformity assessment phase.

For small organisations, one to two Assessors cover the portfolio. For medium organisations, two to four Assessors are dedicated. For large enterprises, multiple Assessors are organised by business domain. The Assessor’s competence framework ensures regulatory, technical, and audit methodology knowledge.

Key outputs

• Classification, risk assessment, and AISDP compilation responsibility
• Functional independence from development during assessment
• Competence across regulatory, technical, and audit domains
• RACI “R” for classification, risk, and conformity assessment