Automated decision explanation and appeal

ai-decision-explanationDomain: ai-transparencyType: process

Description

Automated-decision explanation obligations sit at an awkward intersection: the regulation wants a meaningful description of why an algorithm reached a particular outcome for a particular person, the algorithm in question is often a model whose internal logic is genuinely not human-interpretable at the per-decision level, and the person asking is usually adverse to the decision. GDPR Article 22 was the first regulation to take this seriously, with its right to obtain human intervention, express a point of view, and contest the outcome; the Colorado AI Act extended it into consumer-facing high-risk AI with an explicit consumer-notice and appeal architecture. The shape is similar across the family: the explanation has to be meaningful enough that the person can decide whether to appeal, and the appeal route has to be real enough that overturning the algorithm is a possible outcome rather than a procedural fiction. A working explanation-and-appeal system has four parts. The decision-classification taxonomy comes first: which automated decisions actually fall within the regulated category (consequential decisions in employment, housing, lending, insurance, healthcare, educational opportunities, and essential government services under Colorado AI Act post-SB 26-189 (seven domains; "legal services" was removed when SB 26-189 repealed and replaced SB 24-205); decisions producing legal or similarly significant effects under GDPR Article 22). The explanation template comes second, and the engineering work here is real: the template needs the input factors that drove the decision, the relative weight of those factors at a level a non-specialist can act on, and an honest statement of what the system did and did not consider. The appeal channel comes third, with a documented service-level for response and a human reviewer with authority and data to overturn the algorithm; the reviewer cannot simply re-run the model. The case log comes fourth, because regulators evaluate the appeal system by looking at overturn rates and reasoned dispositions, not by reading the policy. The thresholds and timelines are concrete. Colorado AI Act under SB 26-189 (repealing and replacing SB 24-205 in May 2026) retains consumer-facing decision notices for ADMT but on a narrower "materially influences" trigger than SB 24-205. The new framework takes effect 2027-01-01; specific notice timing and content requirements pending Colorado AG rulemaking. GDPR Article 22 has been in force since 2018-05-25; the operational standard for what counts as meaningful information has tightened through the Schufa ruling (CJEU C-634/21, 2023) and subsequent guidance, with the court holding that automated credit-scoring outputs are themselves automated decisions when they functionally determine the downstream outcome. California AB 2013 layers a training-data documentation requirement under the explanation system, because explaining a decision now implicitly includes explaining what the model was trained on. The operational asymmetry worth naming is that the explanation system is built by ML and product engineers but tested by the worst possible auditor: a person who lost something and wants it back. The system has to survive that audit. Black-box scoring with a one-line rejection notice does not survive it, even with a human ostensibly in the loop, because the human reviewer has no basis to overturn the algorithm without the same information the affected person is entitled to. The Control therefore tends to surface adverse downstream design constraints on the model itself, not just on the disclosure layer above it.

Applicability

Applies when: features include automated-decisions.

How predicates are evaluated

Required by (6 regulations)

Colorado AI Act
SB 26-189 retains consumer-facing decision notices for ADMT but on a narrower "materially influences" trigger than SB 24-205; specific notice timing and content requirements pending AG rulemaking. The right-to-appeal infrastructure remains but is scoped to the seven covered domains.
Colorado AI Act (SB 26-189, repealing and replacing SB 24-205); effective 2027-01-01; codification sections pending Governor signature and AG rulemaking
Source →
GDPR
Article 22 gives data subjects the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects them, with rights to obtain human intervention, express a point of view, and contest the decision. Articles 13(2)(f), 14(2)(g), and 15(1)(h) require meaningful information about the logic involved.
Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation); in force 2018-05-25
California AB 2013
AB 2013 requires developers of generative AI systems to publish documentation describing the data used to train the system, including sources, categories of data, and whether the data included personal information. The documentation feeds the explanation surface when a downstream deployer is asked why a model reached a particular outcome.
California AB 2013 (generative AI training data transparency); effective 2026-01-01 for systems made available to Californians
Source →
Illinois AIVIA
Supplies the explanation of how the AI works and what general characteristics it evaluates that AIVIA requires before the interview.
Illinois Artificial Intelligence Video Interview Act
Source →
EU AI Act
EU AI Act transparency and human-oversight provisions for high-risk systems support a right to an explanation of automated decisions.
Regulation (EU) 2024/1689 of the European Parliament and of the Council
NYC LL144
NYC Local Law 144 candidate-notice duties are supported by the ability to explain how an automated employment decision tool assessed a candidate.
NYC Local Law 144 of 2021; codified at NYC Admin. Code § 20-870 et seq.; implementing rules at 6 RCNY § 5-300 et seq.
Source →

Evidence formats

per-decision explanation template with input factors and relative weights
consumer-notice copy delivered before a regulated automated decision
appeal-channel SOP including service-level response time and reviewer authority
human-review case log with decision, reviewer reasoning, and disposition
decision-classification taxonomy mapping product features to regulated categories
training-data documentation referenced by the explanation template

Magist provides legal information based on publicly available regulatory sources. It does not constitute legal advice and does not create an attorney-client relationship. Consult a licensed attorney in your jurisdiction before making compliance decisions.

Description

Required by (6 regulations)

Colorado AI Act

SB 26-189 retains consumer-facing decision notices for ADMT but on a narrower "materially influences" trigger than SB 24-205; specific notice timing and content requirements pending AG rulemaking. The right-to-appeal infrastructure remains but is scoped to the seven covered domains.

Colorado AI Act (SB 26-189, repealing and replacing SB 24-205); effective 2027-01-01; codification sections pending Governor signature and AG rulemaking

Source →

GDPR

Article 22 gives data subjects the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects them, with rights to obtain human intervention, express a point of view, and contest the decision. Articles 13(2)(f), 14(2)(g), and 15(1)(h) require meaningful information about the logic involved.

Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation); in force 2018-05-25

California AB 2013

AB 2013 requires developers of generative AI systems to publish documentation describing the data used to train the system, including sources, categories of data, and whether the data included personal information. The documentation feeds the explanation surface when a downstream deployer is asked why a model reached a particular outcome.

California AB 2013 (generative AI training data transparency); effective 2026-01-01 for systems made available to Californians

Source →

Illinois AIVIA

Supplies the explanation of how the AI works and what general characteristics it evaluates that AIVIA requires before the interview.

Illinois Artificial Intelligence Video Interview Act

Source →

EU AI Act

EU AI Act transparency and human-oversight provisions for high-risk systems support a right to an explanation of automated decisions.

Regulation (EU) 2024/1689 of the European Parliament and of the Council

NYC LL144

NYC Local Law 144 candidate-notice duties are supported by the ability to explain how an automated employment decision tool assessed a candidate.

NYC Local Law 144 of 2021; codified at NYC Admin. Code § 20-870 et seq.; implementing rules at 6 RCNY § 5-300 et seq.

Source →

Evidence formats

per-decision explanation template with input factors and relative weights

consumer-notice copy delivered before a regulated automated decision

appeal-channel SOP including service-level response time and reviewer authority

human-review case log with decision, reviewer reasoning, and disposition

decision-classification taxonomy mapping product features to regulated categories

training-data documentation referenced by the explanation template