Framework Convention on AI, Human Rights, Democracy and Rule of Law (CETS 225) — Risk Assessment

Q: Does Framework Convention on AI, Human Rights, Democracy and Rule of Law (CETS 225) require Risk Assessment?

Yes. Framework Convention on AI, Human Rights, Democracy and Rule of Law (CETS 225) addresses Risk Assessment through 1 provision.

Does Framework Convention on AI, Human Rights, Democracy and Rule of Law (CETS 225) require Risk Assessment?

Council of Europe • enacted

Yes — 1 provision

Requirements at a glance

This regulation imposes 6 specific requirements for Risk Assessment across 1 provision:

Lifecycle risk identification — Identify, assess, prevent, and mitigate risks to human rights, democracy, and rule of law across the AI lifecycle
Proportionality — Measures must be proportionate to the severity and probability of potential impacts
Graduated approach — Risk management must be differentiated based on context and intended use
Pre-deployment testing — AI systems must be tested before first use and when significantly modified
Iterative monitoring — Risk assessment must be applied continuously throughout the AI lifecycle
Moratoria assessment — States must assess the need for moratoria or bans on AI uses incompatible with human rights, democracy, or rule of law

Risk and Impact Management (Article 16) #

Obligation:

Risk Assessment

pending

Effective:

Invalid Date

Risk tier:

all

Scope:

providers, deployers

high-impactcross-domainupcoming

Article 16 goes further than most voluntary frameworks by requiring States to assess whether specific AI uses should be subject to moratoria or outright bans — a tool available under binding international law that has no equivalent in current national AI regulations.

Requirements

Requirement	Details
Lifecycle risk identification	Identify, assess, prevent, and mitigate risks to human rights, democracy, and rule of law across the AI lifecycle
Proportionality	Measures must be proportionate to the severity and probability of potential impacts
Graduated approach	Risk management must be differentiated based on context and intended use
Pre-deployment testing	AI systems must be tested before first use and when significantly modified
Iterative monitoring	Risk assessment must be applied continuously throughout the AI lifecycle
Moratoria assessment	States must assess the need for moratoria or bans on AI uses incompatible with human rights, democracy, or rule of law

Penalties

Violation	Fine
Non-compliance	Binding treaty — enforcement through domestic implementation and Conference of the Parties oversight

View full regulation View obligation Obligation matrix