Harmonising risk assessments for high-risk AI systems under the GDPR and the AI Act

Artificial intelligence (AI) is transforming industries, unlocking unprecedented opportunities while posing significant challenges in areas such as data privacy, fairness and accountability, especially in high-risk applications. To address these concerns, the European Union (EU) has established a dual regulatory framework comprising the General Data Protection Regulation (GDPR) and the Artificial Intelligence Act (AI Act). These frameworks employ risk-based mechanisms, including data protection impact assessments (DPIAs), fundamental rights impact assessments (FRIAs) and conformity assessments (CAs). This paper explores the interplay between these regulatory frameworks, focusing on their distinct scopes and the potential for harmonising risk management strategies. By analysing the practical benefits and challenges of integrating these assessments, the study identifies pathways to streamline compliance. The proposed strategy emphasises the importance of organisational context mapping, cross-functional collaboration, unified templates and continuous risk oversight. The findings demonstrate that harmonising these frameworks not only ensures legal compliance but also enhances operational efficiency, fosters stakeholder trust and supports responsible AI and data governance. This research provides actionable insights for organisations navigating overlapping regulatory requirements, enabling them to balance compliance with the advancement of AI technologies. This paper is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.