GDPR Article 22 — Automated Decision-Making
GDPR Article 22 — Automated Decision-Making — 75% covered.
4 requirements · 3 enforced · 0 designed · 0 advisory · 0 deferred.
Source: Article 22 of the GDPR (Regulation (EU) 2016/679) gives data subjects the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects, save in specified cases where suitable safeguards must apply — including the right to obtain human intervention, to express their point of view, and to contest the decision (Recital 71), and the right to meaningful information about the logic involved (Articles 13–15). In insurance, an automated underwriting decline or claims denial is a similarly-significant-effect decision. KYE Protocol™ governs whether an AI-assisted decision in scope may PROCEED — under a recorded named-authority (the safeguard of human involvement), with a recorded adverse-action reason-code (meaningful information about the logic), and an appeal / contestability record (the right to human intervention and to contest). KYE does not make the underwriting decision, price the risk, or replace the human reviewer. · License: Regulation (EU) 2016/679 is published in the Official Journal of the EU; KYE registry paraphrases each requirement's intent and cites the article / recital for mapping purposes only.
By category
| Category | Reqs | Enforced | Designed | Advisory | Deferred | Coverage |
|---|---|---|---|---|---|---|
| Human involvement / named-authority safeguard (Art. 22(3)) | 1 | 1 | 0 | 0 | 0 | 100% |
| Right to contest & human intervention (Recital 71) | 1 | 1 | 0 | 0 | 0 | 100% |
| Meaningful information about the logic / adverse-action reason (Art. 13–15) | 1 | 1 | 0 | 0 | 0 | 100% |
| Lawful basis, substantive decision & pricing on the merits | 1 | 0 | 0 | 0 | 0 | 0% |
Every requirement → the KYE™ artefact that enforces it
| ID | Title | Status | KYE™ enforcement |
|---|---|---|---|
gdpr-automated-decision.art22-human-involvement-safeguard |
A similarly-significant automated decision proceeds only under a recorded named-authority (human-involvement safeguard) | enforced | audit_events: kye.purpose.request.v1, kye.purpose.admissibility.v1, kye.evidence.decision_map.v1engines: internal, internalrule_packs: kye:rule-pack:insurance-underwriting-claimsdictionaries: internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
gdpr-automated-decision.art22-contest-human-intervention |
The data subject's right to contest and to human intervention is recorded as an appeal / contestability record | enforced | audit_events: kye.evidence.pack.v1, kye.replay.context_seal.v1, kye.replay.proof.v1engines: internal, internalrule_packs: kye:rule-pack:insurance-underwriting-claimsconstitution_refs: constitution/13-RESILIENCE-LOOP.md, constitution/21-DELEGATED-AUDITABILITY.md |
gdpr-automated-decision.art13-15-meaningful-information-logic |
The data subject receives meaningful information about the logic — a recorded adverse-action reason-code | enforced | audit_events: kye.evidence.decision_map.v1, kye.evidence.pack.v1engines: internal, internalrule_packs: kye:rule-pack:insurance-underwriting-claimsconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
gdpr-automated-decision.lawful-basis-substantive-decision |
Lawful basis for the processing, the substantive decision, and risk pricing on the merits | out-of-scope | (no enforcement cited) |