GDPR Article 22 + EU AI Act automated decision-making

GDPR Article 22 grants data subjects the right not to be subject to solely automated decisions with legal effect. The EU AI Act Article 14 + Article 26(2) human-oversight requirements effectively codify this into the AI Act for high-risk AI.

GDPR Article 22 and the EU AI Act overlap heavily for high-risk AI making decisions about natural persons. Credit-scoring AI is the cleanest case, Annex III(5)(b) high-risk plus Article 22 automated-decision-making rights plus EU Consumer Credit Directive Article 18 explainability. HR AI under Annex III(4) hits Article 22 the moment a recruitment or termination decision is solely automated. The practical pattern is meaningful human review in the loop OR an Article 22(2) exception (necessary for contract, authorised by law, explicit consent).

1. 1
   14 minFeatured

   EU AI Act for Credit Scoring AI: Annex III(5)(b), Article 27 FRIA, and Consumer Credit Law

   Credit-scoring AI is one of the few use cases that REQUIRES an Article 27 FRIA under the EU AI Act. This guide covers Annex III(5)(b) classification, the FRIA process, GDPR Article 22 automated-decision rights, the Consumer Credit Directive interaction, and the 2 December 2027 deadline.

   Read article
2. 2
   14 minFeatured

   EU AI Act for HR Teams: What Recruitment, Performance Review, and Worker Management AI Needs

   Recruitment AI, CV screening, performance scoring, promotion and termination AI, gig allocation, and worker monitoring all sit in Annex III(4) high-risk territory under the EU AI Act. This guide covers what HR teams need to do under Article 26, when an Article 27 FRIA is required, and how to scope a 90-day HR AI compliance ramp.

   Read article
3. 3
   15 minFeatured

   EU AI Act for Healthcare AI: Medical Devices, Diagnostics, and Clinical Decision Support

   Healthcare AI sits at the intersection of two regimes: the EU AI Act + sectoral product law (MDR / IVDR). This guide covers Annex I embedded high-risk classification, the dual conformity assessment route, Article 73 incident reporting on top of MDR vigilance, and the 2 August 2028 deadline post-Omnibus.

   Read article
4. 4
   16 min

   Is Your AI Tool High-Risk? How to Classify AI Under the EU AI Act

   Find out if your AI tools are high-risk under the EU AI Act. Annex III categories explained with real examples: ChatGPT, Copilot, Salesforce, and more.

   Read article
5. 5
   14 min

   EU AI Act Compliance Checklist: 10 Steps Before the High-Risk Deadline

   A practical 10-step compliance checklist for the EU AI Act. From AI inventory to ongoing monitoring: everything your business needs before enforcement begins.

   Read article