Public authority deployers (or persons acting on their behalf) register themselves and their use of the system. Section C requires the deployer’s identity and contact details, the submitter’s details, the URL of the system’s existing EU database entry (linking to the provider’s registration), a summary of the FRIA findings under Article 27, and a summary of the DPIA under GDPR Article 35 where applicable.
The deployer registration creates a chain from the provider’s system entry to each public authority’s specific use. This enables oversight of how high-risk systems are deployed across the public sector. For organisations that are both provider and deployer, both Section A and Section C registrations are required.
The FRIA and DPIA summaries in the deployer registration should be substantive enough to demonstrate that the assessments were conducted, without disclosing sensitive operational detail. The Legal and Regulatory Advisor reviews the summaries before submission.
Key outputs
- Deployer registration linking to provider’s EU database entry
- FRIA and DPIA summaries included
- Dual registration for provider-deployer organisations
- Module 11 AISDP evidence