Bridging the Transparency Gap: A Comparative Analysis of The Right to Explanation Under the EU AI Act and the GDPR
Keywords:
AI Act, GDPR, Right to Explanation, Algorithmic Transparency, High-Risk AIAbstract
The integration of algorithmic decision-making into critical societal functions has precipitated a shift in the legal landscape, necessitating a robust framework for accountability. This research paper explores the evolving concept of the Right to Explanation within European Union law, specifically focusing on the transition from the General Data Protection Regulation (GDPR) to the recently enacted AI Act. While Article 22 of the GDPR initially established safeguards against automated processing, its effectiveness has been constrained by the inherent opacity of black box systems and judicial ambiguity regarding the depth of disclosure required. This study provides a comparative legal analysis of Articles 86 and 85 of the AI Act alongside the existing GDPR framework and relevant jurisprudence from the Court of Justice of the European Union, such as the Schufa case. It examines how the AI Act attempts to bridge the transparency gap by introducing a specific right to receive an explanation for decisions made by high-risk AI systems and establishing new procedural avenues for market surveillance. The paper argues that while the AI Act expands the scope of individual rights and shifts the regulatory focus toward systemic oversight, it also introduces new tensions between the need for technical clarity and the protection of commercial interests. Ultimately, the research assesses whether this dual-regulatory approach successfully resolves the technical-legal tension of algorithmic transparency or if the complexities of modern machine learning continue to challenge the core principles of due process and effective judicial protection in the digital age.
References
Aboy, M., Minssen, T., & Vayena, E. (2024). Navigating the EU AI Act: implications for regulated digital medical products. Npj Digital Medicine, 7(1), 237. https://doi.org/10.1038/s41746-024-01232-3
Ahmed, S. S. (2024). Mastering the Digital frontier: the intersection of generative AI and human rights in the digital age. UCP Journal of Law & Legal Education, 2(2), 73–94. https://doi.org/10.24312/ucp-jlle.02.02.271
Ahmed, S. S. (2025a). Digital Authoritarianism and Human Rights: Reconciling national security and the right to privacy. International Journal of Law, Ethics, and Technology, 2025–2025(4), 79–93. https://heinonline.org/HOL/Page?handle=hein.journals/ijlet2025&id=559
Ahmed, S. S. (2025b).
Jurisdictional Challenges in Cloud Computing: Data Sovereignty and International Agreements
SSRN Electronic Journal. https://doi.org/10.2139/ssrn.5505698Ahmed, S. S. (2026a). Cross-Border surveillance and the right to privacy: legal remedies in the age of 5G and LOT. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.6000814
Ahmed, S. S. (2026b, April 30). Judicial oversight in the age of AI: Can the CJEU effectively review automated risk assessments? Retrieved May 22, 2026, from https://journal.suit.edu.pk/index.php/sjls/article/view/1207
Ahmed, S. S., & Imam, J. (2025). The role of Generative Artificial intelligence in Judicial Decision-Making Process. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.5267928
Ahmed, S. S., Dar, A., & Fatima, S. (2026). Reconciling the GDPR Right to Erasure with the Architecture of Large Language Models. In Pakistan Journal of Law, Analysis and Wisdom (Vol. 5, Issue 5). http://pjlaw.com.pk
Ahmed, S. S., Haider, S., & Javed, M. S. (2026, March 31). AI Literacy as a Core Competency: Should Prompt Engineering for Lawyers be a Mandatory Course? Retrieved May 22, 2026, from https://pjlaw.com.pk/index.php/Journal/article/view/v5i3-01-13
Ahmed, S. S., Imam, M. J., & Iftikhar, M. S. (2025). Leveraging Artificial Intelligence in Cross-Cultural Mediation: Enhancing neutrality and efficiency in dispute resolution. journals.umt.edu.pk. https://doi.org/10.32350/lpr.41.08
Ahmed, S. S., Javed, M. S., & Haider, S. (2025). Algorithmic Discrimination and the Law: Regulating Bias in AI Decision-Making. Pakistan Journal of Humanities and Social Sciences, 13(4), 220–229. https://doi.org/10.52131/pjhss.2025.v13i4.3086
Ali, S., Abuhmed, T., El-Sappagh, S., Muhammad, K., Alonso-Moral, J. M., Confalonieri, R., Guidotti, R., Del Ser, J., Díaz-Rodríguez, N., & Herrera, F. (2023). Explainable Artificial Intelligence (XAI): What we know and what is left to attain Trustworthy Artificial Intelligence. Information Fusion, 99, 101805. https://doi.org/10.1016/j.inffus.2023.101805
Batalla, A. (2018). Safeguards for the right not to be subject to a decision based solely on automated processing (Article 22 GDPR). European Journal of Law and Technology, 8(3). http://ejlt.org/index.php/ejlt/article/view/570
Brkan, M. (2018). Do algorithms rule the world? Algorithmic decision-making and data protection in the framework of the GDPR and beyond. International Journal of Law and Information Technology, 27(2), 91–121. https://doi.org/10.1093/ijlit/eay017
Case C-203/22 Magistrat der Stadt Wien v Dun & Bradstreet Austria GmbH ECLI:EU:C: 2025:117. Retrieved from < https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:62022CJ0203>
Case C-634/21 SCHUFA Holding (Scoring) [2023] ECLI:EU:C:2023:957. Retrieved from < https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:62021CJ0634>
Custers, B., & Heijne, A. (2022). The right of access in automated decision-making: The scope of article 15(1)(h) GDPR in theory and practice. Computer Law & Security Review, 46, 105727. https://doi.org/10.1016/j.clsr.2022.105727
Erdogan, I. (2024). Artificial intelligence and EU law enforcement. In M. Scholten, I. Martín Delgado, & L. Arroyo Jiménez (Eds.), European Papers: Vol. Vol. 9 (pp. 956–977). https://doi.org/10.15166/2499-8249/794
Gal, M. S., & Aviv, O. (2020). The competitive effects of the GDPR. Journal of Competition Law & Economics, 16(3), 349–391. https://doi.org/10.1093/joclec/nhaa012
Gasiola, G. G. (2025). Rebuilding the pyramid: The AI Act’s risk-based approach using a binary decision diagram. Computer Law & Security Review, 58, 106189. https://doi.org/10.1016/j.clsr.2025.106189
Gauci, I. (2025, July 23). Secrecy without oversight: How trade secrets could potentially undermine the AI Act’s transparency mandate. Oxford Law Blogs. https://blogs.law.ox.ac.uk/oblb/blog-post/2025/07/secrecy-without-oversight-how-trade-secrets-could-potentially-undermine-ai
Granmar, C. G. (2024). AI-Based Decision-Making and the human oversight requirement under the AI Act. In YSEC yearbook of socio-economic constitutions (pp. 181–209). https://doi.org/10.1007/16495_2024_68
Greenstein, S., & Zamboni, M. (2025). Navigating the legislative dilemma: evaluating the EU AI Act’s approach to regulating emerging technologies. The Theory and Practice of Legislation, 13(3), 312–352. https://doi.org/10.1080/20508840.2025.2513177
Hamon, R., Junklewitz, H., Sanchez, I., Malgieri, G., & De Hert, P. (2022). Bridging the gap between AI and explainability in the GDPR: Towards Trustworthiness-by-Design in Automated Decision-Making. IEEE Computational Intelligence Magazine, 17(1), 72–85. https://doi.org/10.1109/mci.2021.3129960
Hornung, G., & Link, H. (2025, December 22). Individual rights in the AI Act - the rights to lodge a complaint and to explanation of the Decision-Making process in individual cases. https://www.jipitec.eu/jipitec/article/view/445
Hulok, M. (2025). The EU model of AI governance: regulating artificial intelligence through law and policy. ERA Forum, 26(4), 527–547. https://doi.org/10.1007/s12027-025-00869-1
Juliussen, B. A. (2025). The right to an explanation under the GDPR and the AI Act. In Lecture notes in computer science (pp. 184–197). https://doi.org/10.1007/978-981-96-2071-5_14
Kätliin Kelder, K. (n.d.). On the Relative Importance of the AI Act Right to Explanation. Montaigne Centre Blog. Retrieved January 10, 2026, from https://blog.montaignecentre.com/en/on-the-relative-importance-of-the-ai-act-right-to-explanation/
Metikoš, L., & Ausloos, J. (2025). The right to an explanation in practice: insights from case law for the GDPR and the AI Act. Law Innovation and Technology, 17(1), 205–240. https://doi.org/10.1080/17579961.2025.2469349
Nannini, L. (2024). Habemus a Right to an Explanation: so What? – A Framework on Transparency-Explainability Functionality and Tensions in the EU AI Act. Proceedings of the AAAI/ACM Conference on AI Ethics and Society, 7, 1023–1035. https://doi.org/10.1609/aies.v7i1.31700
Rana, A. A. (2020). Admissibility of Evidence Produced via Modern Devices and Techniques: A Look in Pakistani Prospective. International Journal of Research, 8, 67-77.
Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) [2024] OJ L2024/1689, Arts 85, 86. Retrieved from <https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202401689>
Salih, A. M., Raisi‐Estabragh, Z., Galazzo, I. B., Radeva, P., Petersen, S. E., Lekadir, K., & Menegaz, G. (2024). A perspective on explainable artificial intelligence methods: SHAP and LIME. Advanced Intelligent Systems, 7(1). https://doi.org/10.1002/aisy.202400304
Sancho, D. (2020). Automated Decision-Making under Article 22 GDPR. In Cambridge University Press eBooks (pp. 136–156). https://doi.org/10.1017/9781108347846.005
Singh, K., Chatterjee, S., & Mariani, M. (2024). Applications of generative AI and future organizational performance: The mediating role of explorative and exploitative innovation and the moderating role of ethical dilemmas and environmental dynamism. Technovation, 133, 103021. https://doi.org/10.1016/j.technovation.2024.103021
Thouvenin, F., Früh, A., & Henseler, S. (2022). Article 22 GDPR on Automated Individual Decision-Making: Prohibition or data subject right? European Data Protection Law Review, 8(2), 183–198. https://doi.org/10.21552/edpl/2022/2/6
View of individual rights in the AI Act - the rights to lodge a complaint and to explanation of the Decision-Making process in individual cases. (n.d.). https://www.jipitec.eu/jipitec/article/view/445/444
Voigt, P., & Von Dem Bussche, A. (2017). The EU General Data Protection Regulation (GDPR). https://doi.org/10.1007/978-3-319-57959-7
Wachter, S. (2024). Limitations and loopholes in the EU AI Act and AI Liability Directives: what this means for the European Union, the United States, and beyond. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.4924553
Wörsdörfer, M. (2023). Mitigating the adverse effects of AI with the European Union’s artificial intelligence act: Hype or hope? Global Business and Organizational Excellence, 43(3), 106–126. https://doi.org/10.1002/joe.22238
Wulf, A. J., & Seizov, O. (2022). “Please understand we cannot provide further information”: evaluating content and transparency of GDPR-mandated AI disclosures. AI & Society, 39(1), 235–256. https://doi.org/10.1007/s00146-022-01424-z
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Syed Shaharyar Ahmed , Qurat Ul Ain Cheema, Saman Fatima
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
LEGALOPEDIA EDUCATINIA (PVT) LTD