GDPR Article 22 and Automated Decision-Making

by Nick Clark | Published April 25, 2026 | PDF

GDPR Article 22 establishes EU rights against fully-automated decision-making and profiling. Governance-chain substrate supports architectural compliance for emerging autonomous-decision operations.

Article 22 Frame

GDPR Article 22 establishes data subject right against decisions based solely on automated processing including profiling, with exceptions and safeguards. Emerging EU AI Act provisions extend the framework.

Architecture Implications

Autonomous decision operations affecting individuals require structural support for human-in-the-loop substantiation, data subject rights, and emerging incident reconstruction.

Architectural Mapping

Operator-intent substrate supports meaningful-human-control demonstration. Composite admissibility supports human-in-the-loop authority composition. Audit-grade lineage supports data subject right operations.

Article 22 Evolution

Article 22 enforcement maturation, emerging EU AI Act integration, and emerging cross-jurisdiction harmonization push toward structurally-supported architecture.

Nick Clark Invented by Nick Clark Founding Investors: Devin Wilkie