Algorithmic recommendation transparency program

algorithmic-transparency-programDomain: ai-transparencyType: mixed

Description

Algorithmic transparency obligations have converged on a similar shape across DSA Article 27, China's Internet Information Service Algorithmic Recommendation Management Provisions, the EU AI Act high-risk-use-case disclosures, and the emerging US state AI rules. When a platform uses algorithmic ranking or recommendation, users get four things: notice that the system is in use, a description of the main parameters in plain language, a non-personalized or opt-out alternative, and (where the audience includes minors) enhanced safeguards turned on by default. The shape is consistent enough across regimes that a single program design typically satisfies all of them, with per-jurisdiction adjustments at the disclosure-language layer rather than at the architectural layer. Implementation decomposes into four operational pieces. The terms-of-service disclosure names the systems in use with enough specificity that a user reading the disclosure can understand which product surfaces are algorithmically ranked rather than chronological or editorial. The main-parameters explanation in the help center or settings translates the model's actual input features into language a non-technical user can read; the EDPB and CNIL guidance on what counts as a "meaningful explanation" has been pulling toward concrete examples rather than abstract parameter lists, and recent DSA enforcement against VLOPs has called out summary-level disclosures as inadequate. The non-personalized mode plumbing is usually the harder-than-it-looks operational piece because most product surfaces have implicit personalization (sort order, default tab, suggested-content carousel placement, search-result re-ranking) that has to be explicitly turned off; a flag at the user-settings layer that does not propagate through the actual ranking pipeline has been called out specifically. The auditing layer watches outputs for discriminatory pricing or content patterns and is the piece operators most commonly under-budget; regulators have begun asking for evidence of monitoring rather than just policy, and the "we have a written policy" answer has stopped being sufficient. The minor-safeguard layer (downgraded personalization, no-addiction defaults, opt-out by default for under-18 users) typically sits on top of the age-determination Control rather than running independently, which makes age-verification quality a load-bearing input for the algorithmic-transparency program rather than a separate concern. The statutory anchors define both the disclosure obligation and the audit expectation per regime. DSA (Regulation (EU) 2022/2065) Article 27 sets the recommender-system parameter-disclosure obligation for all online platforms, with Article 38 layering the VLOP-specific non-profiling-alternative requirement. China's Internet Information Service Algorithmic Recommendation Management Provisions Articles 16-21 (jointly issued by CAC, MIIT, MPS, and SAMR, effective March 1, 2022) cover disclosure, user opt-out, no-discriminatory-pricing, content labeling, no-addiction design, and minor protections. The Regulations on the Protection of Minors in Cyberspace (State Council Order No. 766, effective January 1, 2024) layer the China minor-specific obligations. EU AI Act (Regulation (EU) 2024/1689) covers high-risk algorithmic uses. Colorado AI Act under SB 26-189 (repealing and replacing SB 24-205 in May 2026; effective 2027-01-01) sets the US-state parallel as a narrower notice-and-disclosure regime for ADMT in seven covered consequential-decision domains. The original SB 24-205 consumer-impact-assessment expectations and discriminatory-outcome prohibition were eliminated; AG rulemaking will operationalize the surviving disclosure framework. Evidence formats that satisfy a regulator inquiry include the ToS section disclosing algorithmic-recommendation use plus main parameters, the non-personalized alternative UI surface (toggle or option), the algorithmic-content labeling SOP plus sample labels, the discrimination and fairness audit reports, and the minor-account algorithmic-protection configuration documentation.

Applicability

Applies when: features include ai-recommendations, algo-feeds, automated-decisions, or ai-content-gen.

How predicates are evaluated

Required by (4 regulations)

Algorithm Provisions
Internet Information Service Algorithmic Recommendation Management Provisions Articles 16-21: disclosure, user opt-out, no-discriminatory-pricing, content labeling, no-addiction design, minor protections.
Provisions on the Management of Algorithmic Recommendations in Internet Information Services (jointly issued by CAC, MIIT, MPS, and SAMR; effective March 1, 2022)
Minors Online Protection
Regulations on the Protection of Minors in Cyberspace (promulgated by the State Council, Order No. 766, effective January 1, 2024)
Colorado AI Act
SB 26-189 narrowed scope to ADMT consumer-facing disclosure and adverse-decision notices in seven covered consequential-decision domains. Recommendation systems that do not materially influence consequential decisions in covered domains are out of scope. AG rulemaking will define the operational mechanics.
Colorado AI Act (SB 26-189, repealing and replacing SB 24-205); effective 2027-01-01; codification sections pending Governor signature and AG rulemaking
Source →
DSA
DSA Article 27 recommender-system parameter disclosure + Article 38 VLOP non-profiling alternative.
Regulation (EU) 2022/2065 of the European Parliament and of the Council (Digital Services Act)
Source →

Fulfilled by (8)

credo-ai · partial · medium effort · $$$
Credo AI Governance Platform documents ranking models + audits for fairness + supports DSA Article 27 disclosure scaffolding.
fiddler-ai · partial · medium effort · $$$
Fiddler AI Observability for algorithmic auditability + bias monitoring on recommendation models.
holistic-ai · partial · medium effort · $$$
Holistic AI auditing platform covers algorithmic risk + DSA + EU AI Act + Colorado AI Act assessments.
babl-ai · partial · medium effort · $$$
BABL AI independent algorithm audits per NYC LL144 + emerging EU + state requirements.
eticas · partial · medium effort · $$
Eticas AI auditing focused on ranking + classifier fairness + bias remediation.
In-house build · high effort
ML team owns model documentation + non-personalized alternative implementation + minor-account safeguards + ongoing fairness telemetry.
onetrust-dpia-automation · partial · medium effort · $$$
Automates DPIA / AI-impact workflows; outputs feed transparency reporting.
trustarc-assessment-manager · partial · medium effort · $$$
AI impact assessment templates aligned to EU AI Act / Colorado AI Act.

Magist does not accept payment from vendors. Methodology.

Evidence formats

ToS section disclosing algorithmic-recommendation use + main parameters
non-personalized alternative UI surface (toggle / option)
algorithmic-content labeling SOP + sample labels
discrimination / fairness audit reports
minor-account algorithmic-protection configuration documentation

Magist provides legal information based on publicly available regulatory sources. It does not constitute legal advice and does not create an attorney-client relationship. Consult a licensed attorney in your jurisdiction before making compliance decisions.

Description

Required by (4 regulations)

Algorithm Provisions

Internet Information Service Algorithmic Recommendation Management Provisions Articles 16-21: disclosure, user opt-out, no-discriminatory-pricing, content labeling, no-addiction design, minor protections.

Provisions on the Management of Algorithmic Recommendations in Internet Information Services (jointly issued by CAC, MIIT, MPS, and SAMR; effective March 1, 2022)

Minors Online Protection

Regulations on the Protection of Minors in Cyberspace (promulgated by the State Council, Order No. 766, effective January 1, 2024)

Colorado AI Act

SB 26-189 narrowed scope to ADMT consumer-facing disclosure and adverse-decision notices in seven covered consequential-decision domains. Recommendation systems that do not materially influence consequential decisions in covered domains are out of scope. AG rulemaking will define the operational mechanics.

Colorado AI Act (SB 26-189, repealing and replacing SB 24-205); effective 2027-01-01; codification sections pending Governor signature and AG rulemaking

Source →

DSA

DSA Article 27 recommender-system parameter disclosure + Article 38 VLOP non-profiling alternative.

Regulation (EU) 2022/2065 of the European Parliament and of the Council (Digital Services Act)

Source →

Fulfilled by (8)

credo-ai · partial · medium effort · $$$

Credo AI Governance Platform documents ranking models + audits for fairness + supports DSA Article 27 disclosure scaffolding.

fiddler-ai · partial · medium effort · $$$

Fiddler AI Observability for algorithmic auditability + bias monitoring on recommendation models.

holistic-ai · partial · medium effort · $$$

Holistic AI auditing platform covers algorithmic risk + DSA + EU AI Act + Colorado AI Act assessments.

babl-ai · partial · medium effort · $$$

BABL AI independent algorithm audits per NYC LL144 + emerging EU + state requirements.

eticas · partial · medium effort · $$

Eticas AI auditing focused on ranking + classifier fairness + bias remediation.

In-house build · high effort

ML team owns model documentation + non-personalized alternative implementation + minor-account safeguards + ongoing fairness telemetry.

onetrust-dpia-automation · partial · medium effort · $$$

Automates DPIA / AI-impact workflows; outputs feed transparency reporting.

trustarc-assessment-manager · partial · medium effort · $$$

AI impact assessment templates aligned to EU AI Act / Colorado AI Act.

Magist does not accept payment from vendors. Methodology.