Microsoft · Responsible AI Report 2025

AI Impact Assessment Requirements

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Before launching AI systems, Microsoft must assess what harms they could cause to people and take steps to reduce those harms — and this review continues while the system is in use.

Consumer impact (what this means for users)

This provision creates a procedural safeguard that should reduce the likelihood of harmful, biased, or unsafe AI features reaching consumers — but the assessments are conducted internally by Microsoft and results are not routinely made public, limiting external verification.

Cross-platform context

See how other platforms handle AI Impact Assessment Requirements and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Impact assessments are the primary mechanism for catching harmful AI outcomes before they affect consumers; without rigorous pre-deployment review, biased or unsafe AI systems can cause widespread harm before being corrected.

View original clause language
Microsoft commits to conducting impact assessments for AI systems prior to deployment, evaluating potential harms to individuals and affected communities, assessing fairness and bias risks, and implementing mitigation measures proportionate to identified risks before and during the lifecycle of AI system deployment.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: AI impact assessment requirements engage EU AI Act Art. 9 (risk management system for high-risk AI), Art. 10 (data governance requirements), and Art. 17 (quality management system). GDPR Art. 35 requires data protection impact assessments (DPIAs) for high-risk processing including systematic profiling and large-scale processing of sensitive data. NIST AI RMF Map and Measure functions address impact assessment methodology. UK ICO guidance on AI and data protection also applies to UK deployments.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    FTC has jurisdiction over inadequate pre-deployment AI risk assessment where consumer harm results from insufficient review of biased or unsafe AI systems.
    File a complaint →
  • State AG
    State attorneys general can investigate AI harms resulting from inadequate impact assessments under state consumer protection and unfair business practice statutes.
    File a complaint →

Provision details

Document information
Document
Responsible AI Report 2025
Entity
Microsoft
Document last updated
March 5, 2026
Tracking information
First tracked
March 5, 2026
Last verified
April 27, 2026
Record ID
CA-P-003119
Document ID
CA-D-00004
Evidence Provenance
Source URL
https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/msc/documents/presentations/CSR/Responsible-AI-Transparency-Report-2025-vertical.pdf
Wayback Machine
View archived versions →
SHA-256
99c61ee37f0300e932720498b6db37eb5eaf309ded7c40585a2fd7f70c4ce999
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Microsoft | Document: Responsible AI Report 2025 | Record: CA-P-003119
Captured: 2026-03-05 09:35:48 UTC | SHA-256: 99c61ee37f0300e9…
URL: https://conductatlas.com/platform/microsoft/responsible-ai-report-2025/ai-impact-assessment-requirements/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document