What Is an Algorithmic Impact Assessment?
What Is an AIA v3.0 Algorithmic Impact Assessment?
An AIA is a mandatory risk evaluation required by the Government of Canada under the Directive on Automated Decision-Making (DADM). It determines the impact level of an automated system and prescribes corresponding mitigation requirements.
Little to no impact
Automated decisions with minimal downstream consequences on eligibility or access.
Moderate impact
Decisions affecting rights, access, or service eligibility with limited scope.
High impact
Significant decisions affecting health, liberty, financial well-being, or safety.
Very high impact
Decisions with irreversible or high-consequence effects on eligibility, enforcement, or access.
How the AIA fits into the Directive on Automated Decision Making (DADM)
The DADM is the legal framework. It requires federal institutions to assess the risks of any automated system before it makes or supports decisions that affect people. The AIA is how that requirement gets fulfilled in practice.
The DADM tells you that you must assess your system. The AIA tells you what to assess, how to score it, and what mitigations your impact level requires. Under the Directive on Automated Decision-Making, federal institutions must complete and publish an AIA before an automated decision system goes into production. Without the DADM, the AIA has no enforcement authority behind it.
Official references
- Directive on Automated Decision Making (Treasury Board of Canada)
- AIA JSON Schema (Canada GitHub repository)
- IT Security Risk Management Lifecycle (ITSG-33)
- Algorithmic Impact Assessment (Canada.ca) English | Français