Inferensys

Glossary

Right to Explanation

A data subject's legal right under GDPR to receive meaningful information about the logic involved in an automated decision that produces legal or similarly significant effects.
Data scientist building training data pipeline on laptop, data preprocessing visible, technical workspace.
GDPR AUTOMATED DECISION-MAKING

What is Right to Explanation?

The Right to Explanation is a data subject's legal entitlement under Article 22 of the GDPR to receive meaningful information about the logic involved in an automated decision that produces legal or similarly significant effects on them.

The Right to Explanation mandates that controllers of solely automated decision-making systems, including profiling, must provide data subjects with meaningful information about the logic involved, the significance, and the envisaged consequences. This right is triggered when an algorithmic decision produces legal effects—such as denying a loan application—or similarly significant impacts like e-recruiting without human intervention.

Fulfilling this right requires more than exposing raw model weights or source code. Controllers must provide counterfactual explanations that describe how a change in the subject's input features would have altered the outcome. This intersects with model explainability techniques like SHAP and LIME, and is operationally supported by automated decision logging and contestability mechanisms that allow users to challenge and seek human review of algorithmic determinations.

RIGHT TO EXPLANATION

Core Components of the Right

The fundamental building blocks that constitute a legally compliant and technically meaningful right to explanation under GDPR.

01

Solely Automated Decision Identification

The trigger condition for the right to explanation. A decision qualifies as solely automated when it is made entirely by an algorithm without any meaningful human intervention. This includes decisions where a human merely rubber-stamps an algorithmic output without the authority or competence to override it. The right applies only when such decisions produce legal effects (e.g., denial of a loan) or similarly significant effects (e.g., e-recruiting rejection).

02

Meaningful Information About the Logic Involved

The core disclosure obligation. Controllers must provide meaningful information about the reasoning process, which goes beyond a complex mathematical formula. This requires:

  • The categories of data used in the decision
  • The weighting and relevance of key features
  • The general logic of the model in plain language
  • Counterfactual explanations showing how changing inputs would alter the outcome This is not a right to full algorithmic transparency or source code disclosure.
03

Significance and Envisaged Consequences

The forward-looking disclosure component. Data subjects must be informed of the envisaged consequences of the automated processing for their specific situation. This requires the controller to articulate:

  • The intended purpose of the decision
  • The real-world impact on the individual's rights and freedoms
  • Foreseeable outcomes based on the model's output This transforms the explanation from a technical description into a practical, human-understandable narrative about what the decision means for the person.
04

Safeguards and Contestability

The procedural rights that operationalize the explanation. GDPR Article 22(3) mandates that controllers implement suitable measures to safeguard the data subject, including:

  • The right to obtain human intervention from a qualified reviewer
  • The ability to express one's point of view and contest the decision
  • A clear mechanism for appeal that is accessible and timely These safeguards ensure the explanation is not merely a static document but an active, actionable right.
05

Ex-Ante vs. Ex-Post Explanation

The temporal dimension of the right. GDPR implies two distinct phases of explanation:

  • Ex-ante transparency: Information provided before processing begins, covering the existence of automated decision-making and the logic involved at a general level (Articles 13-14)
  • Ex-post explanation: Specific information provided after a decision is made, including the actual reasoning for a particular outcome and the right to contest it (Article 22 and Recital 71) Effective compliance requires both pre-decision notice and post-decision granularity.
06

Trade Secret Limitations

The legal boundary on disclosure. The right to explanation is not absolute and must be balanced against the controller's legitimate interest in protecting trade secrets and intellectual property. However, Recital 63 clarifies that trade secrets cannot be used to refuse all information to the data subject. Controllers must find a middle ground, providing sufficiently detailed explanations without revealing proprietary model architectures or sensitive business logic that would cause competitive harm.

RIGHT TO EXPLANATION

Frequently Asked Questions

Clear answers to the most common questions about the legal and technical dimensions of algorithmic explainability under GDPR and the EU AI Act.

The Right to Explanation is a data subject's legal entitlement under Articles 13-15 and 22 of the General Data Protection Regulation (GDPR) to receive meaningful information about the logic involved in automated decision-making that produces legal or similarly significant effects. This right mandates that controllers disclose the existence of automated processing, provide meaningful details about the logic used, and explain the significance and envisaged consequences of the processing for the individual. It is not merely a right to see source code; rather, it requires a functional explanation that allows the data subject to understand and contest the decision. The Article 29 Working Party guidelines emphasize that controllers must provide a simple way for individuals to obtain human intervention, express their point of view, and contest the decision. This right is triggered when a decision is solely automated—meaning no meaningful human intervention occurs—and produces a legal effect, such as automatic denial of a credit application, or a similarly significant effect, like e-recruiting practices that filter candidates without human review.

REGULATORY COMPARISON

Right to Explanation vs. Related Transparency Mandates

Distinguishing the GDPR Right to Explanation from adjacent algorithmic transparency and accountability obligations under EU law.

FeatureRight to Explanation (GDPR Art. 22 & 15)Algorithmic Impact Assessment (EU AI Act)Model Card Disclosure

Primary Legal Basis

GDPR Articles 13-15, 22; Recital 71

EU AI Act Article 9, Annex IV

Voluntary standard (Meta, Google, Hugging Face)

Triggering Event

Solely automated decision producing legal or similarly significant effects

Deployment of a high-risk AI system per Annex III classification

Model release or publication

Target Audience

Individual data subject

Regulatory authority and public

Downstream developers and auditors

Mandatory Content

Meaningful information about the logic involved, significance, and envisaged consequences

Risk assessment, human oversight measures, accuracy metrics, and fundamental rights impact

Intended use, evaluation results, limitations, and ethical considerations

Enforceability

Legally binding; fines up to 4% of global annual turnover

Legally binding; fines up to €35M or 7% of global annual turnover

Timing of Disclosure

Ex-ante (at time of decision) and ex-post (upon data subject request)

Ex-ante (before market placement or putting into service)

At model release or update

Technical Depth Required

Layperson-comprehensible explanation of logic

Detailed technical documentation suitable for competent authorities

Semi-technical; benchmarks and intended use cases

Human Review Requirement

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.