An algorithmic impact assessment is a documented process for analyzing how an AI system might affect people before and after it is put into use, so that potential harms can be identified and reduced. It borrows from older tools such as environmental and data-protection impact assessments, applying the same logic to automated decision-making: examine the intended use, the data, the affected populations, and the foreseeable risks, then record what was done to address them.
Impact assessments have moved from best practice into law. Colorado’s 2024 AI Act requires deployers of high-risk AI systems to complete impact assessments and conduct annual reviews to ensure their systems are not causing algorithmic discrimination, and requires developers to supply documentation supporting those assessments. The European Union’s AI Act, in its high-risk tier, similarly obliges providers to carry out risk assessment and management, maintain data-quality controls, log activity, and ensure human oversight before a system reaches the market. The international standard ISO/IEC 42001 likewise builds AI system impact assessment into its management-system requirements.
The point of an impact assessment is to make accountability concrete and reviewable rather than relying on vague assurances that a system is “fair.” For businesses, it is increasingly the document that regulators, auditors, and courts will ask to see, which makes performing one carefully an essential part of deploying AI in regulated settings.