22 Jul 2025
by Gavin Jones

Why Consider AI System Impact Assessments?

Artificial intelligence system impact assessments (AI-SIAs) are documented processes for identifying individuals and groups impacted by an AI system. Common-use impact assessments are already found in the context of business, the environment, finance, human rights, IT, privacy, personally identifiable information and security.

To help frame the benefits of these assessments and their use in relation to AI, here we introduce one of the available frameworks: BS ISO/IEC 42005:2025 AI System Impact Assessment. This document provides standardised global guidelines for organisations to evaluate the societal, individual and organisational effects of an AI system, thereby ensuring the outputs of deployed AI systems are safe.

To mitigate the negative outputs and consequences of AI system usage or deployments, a structured approach – aligned with the requirements in BS ISO/IEC 42001:2023 (AI management systems) and BS EN ISO/IEC 23894:2024 (managing bias) – is provided across two aspects.

The first is how to develop and implement AI-SIAs based on the following stages:

  1. process documenting
  2. organisational management process integration
  3. AI-SIA timing
  4. AI-SIA scope
  5. responsibility allocation
  6. threshold establishment for sensitive and restricted uses
  7. performing the AI-SIA
  8. AI-SIA results analysis
  9. recording and reporting
  10. process approval
  11. monitoring and review

The second aspect? Is about how to document AI systems using comprehensive recording protocols addressing scope, technical specifications, functionality, data quality metrics, algorithms, deployment parameters, stakeholder identification, impact analysis and risk mitigation.

Technical Implementation

Standardised documentation protocols assist the analysis of AI functionality, capability and purpose framed by the development of AI-SIAs across both these domains. Comprehensive information can then be provided on data provenance, quality metrics and AI processing methodology particularly where there are regulatory requirements applicable to the AI system.

The most prominent global AI legislation, the EU’s AI Act, includes Article 27 that requires detailed documentation with information about the purpose of an AI system deployment for authorities to assess compliance. There is guidance within the standard on, for example, document algorithms and models used in AI system development elaborating on how to develop relevant processes, and performance metrics and validation procedures of said systems.

Impact Analysis Approach

The approach provided also identifies actual and reasonably foreseeable effects, which require systematic evaluation of benefits and potential harms, to meet fundamental ethical and organisational needs. To do this, the guidelines provide, for example, an analysis of systemic failures and misuse scenarios to exploit AI benefits and mitigate AI harm.

Existing Standards Integration and Challenges

A pre-emptive approach is taken in 42005 by identifying risks before AI deployment and simplifying the justification of AI-related decisions. It does this using matrices that map relevant clauses across BS ISO/IEC 42001:2023[1] and BS EN ISO/IEC 23894:2024. This helps clarify confusion between the concepts of “risk” assessment and “system impact” assessment. AI-SIAs are about identifying foreseeable impacts and AI risk assessments focus on setting strategies for mitigation. As such, there is a comparison between both approaches in BE EN ISO/IEC 23894:2024 and BS ISO/IEC 42005:2025 based on system and organisational levels in regard to societal, individual and organisational impacts, as well as potential events and the likelihood of events occurring.

Further challenges for organisations deploying or using AI are that AI-SIAs are not easily tied to commercial need and financial qualification. Fundamental and human rights, for example, can be perceived as long-term considerations which are not easily quantifiable, and often misunderstood and feared by organisations keen to make profit. To resolve this lack of understanding, a modifiable visual guide for impact assessment alignment between existing assessments (including those for human rights and business) and AI-SIAs is provided.

Regulatory, Geographical, Cultural and Environmental Contexts

Increasingly, the geo-regulatory coupling of AI systems requires in-depth understanding of legal context and the need for co-existent approaches to culture, geography and environment. The approach in BS ISO/IEC 42005:2025 provides guidance for these contexts to demonstrate systematic risk evaluation and stakeholder analysis across multiple jurisdictions due to its multilateral content development processes.

Implementation Benefits

The direct benefits of implementing AI-SIAs bring about an overall improvement of AI system outputs. For example, it minimises hidden bias in some AI systems that could take the form of pejorative visual and verbal outputs or the omission of critical and overlooked demographic groups. Identifying these trends in stereotyping that could unintentionally downplay or overlook key groups could result in dire consequences (see this forbes article and this techUK article).

Conclusion

As part of a growing list of governance and policy assets available to those deploying and providing AI systems, AI-SIAs can provide analytical frameworks and approaches to SIAs supported through technical rigor.

 


[1] https://www.gov.uk/government/consultations/ai-management-essentials-tool/guidance-for-using-the-ai-management-essentials-tool

Related topics

Authors

Gavin Jones

Gavin Jones

Lead Standards Developer Manager, AI and Quantum, British Standards Institute, British Standards Institute