ReadSafety.com
Home/Glossary/AI Impact Assessment
Glossary · AI Governance

AI Impact Assessment

Definition

ISO 42001's signature artifact: a structured analysis of the consequences an AI system may have for individuals, groups, and society — performed before deployment and revisited through the system's life.

How it differs from risk assessment

Classic risk assessment asks what could go wrong for the organization; the impact assessment asks what the system could do to the people it touches — unfair or discriminatory outcomes, privacy harm, safety failures, manipulation, exclusion from services, erosion of oversight. ISO 42001 requires both lenses, and the impact assessment feeds the risk treatment: harms you identified become risks you must treat.

It is the standard's answer to the accountability question — someone, by name, considered the consequences and accepted the residuals.

Anatomy of a credible assessment

A workable structure: system profile (purpose, model type, data, deployment context, users); affected parties (direct users, subjects of decisions, third parties); harm analysis (per party: what could go wrong, severity, likelihood — including for vulnerable groups); mitigations (data quality checks, bias testing, thresholds, human review points, appeal routes, monitoring); residual impact and the accountable owner's signed acceptance; review triggers (model changes, drift alerts, incidents, new uses).

Common audit finding in the young 42001 market: assessments written after deployment as paperwork. The document's timestamps versus the system's launch date is the first thing an auditor compares. Practice building a risk register hands-on in our AI Interactive Lab.

Go deeper, free.

Every standard this term appears in has a free clause-by-clause guide on ReadSafety.com — and when you're ready for certification, USQC provides accredited third-party audits.

Browse the guidesCertify with USQC