The free tool we developed to assess the risks of generative AI applications has been expanded to include an AI Act Check and a small DPIA and translated into German.
We released the first version of our "Generative AI Risk Assessment" (GAIRA) tool as free open source in autumn 2023. It is already being used by a number of companies to assess and document risks in connection with generative AI applications; at the Schulthess "Data Privacy" conference in Zurich in March, for example, various speakers referred to it in their presentations on AI governance. In January 2024, we expanded the tool to include "GAIRA Light", a simplified check for applications that are unlikely to pose a high risk. However, the tool was previously available only in English.
We have now added two new functions:
- AI Act Check: With the "AI Act Check", it is possible to assess whether a company with a specific AI application is subject to the "EU AI Act" and how it is (e.g. which role and whether a high-risk AI system is present) by answering a few questions. The most important obligations are also listed. The AI Act Check is integrated into "GAIRA Light" and also available as a separate worksheet.
- Data Protection Impact Assessment (DPIA): A DPIA was already integrated in "GAIRA Comprehensive", the tool for AI applications with higher risks. We have now also added a simple DPIA to GAIRA Light so that it can be carried out in one go with the rest of the risk assessment. GAIRA Light also includes a threshold check, i.e. it also checks whether a DPIA is really necessary.
Both features are still marked as beta tests. It is expected to last 1-2 months. We are happy to receive feedback.
Furthermore, with the exception of the optional worksheet "Compliance Checks", we have also translated the tool into German. The German translation is included in the same Excel file. GAIRA can be downloaded free of charge from here. The one-pager with a quick guide has also been adapted and can be obtained from here; with regard to the DPIA, we have increased the required time of completion from 60 to 90 minutes. However, a DPIA does not have to be carried out in all cases. The one-pager also contains a questionnaire with the most important points of "GAIRA Light" so that those who want to implement an AI application can check in advance whether they have thought of the important points.
We published detailed instructions for risk assessments already in February 2024 here as part of our AI blog series. All parts of the AI blog series can be accessed here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
