No. In their current form, the obligations placed upon businesses and public authorities are necessary, intelligent, and politically reassuring, but not sufficient. They create a compliance perimeter; they do not yet guarantee substantive justice. That distinction matters more than many policymakers admit.
The publication of the Council of Europe handbook is significant because it confirms a strategic truth often ignored during the AI gold rush: public governance is not another software deployment cycle. When an AI system recommends prison risk, flags welfare fraud, prioritises police patrols, or scores visa applications, it is not merely processing data. It is reallocating rights, burdens, and state power. The spreadsheet has become sovereign.
Current obligations across European Union and wider European governance frameworks generally revolve around impact assessments, transparency notices, procurement duties, human oversight, data protection, and anti-discrimination principles. These are important guardrails. They reduce chaos. They produce paperwork. Sometimes they even improve behaviour. But paperwork has never been a reliable substitute for justice.
The core weakness is structural. Most legal obligations today regulate process, while the real danger lies in outcomes. A public authority may perform an algorithmic impact assessment, document risks, appoint a responsible officer, and still deploy a system that wrongly denies housing benefits to thousands of citizens. It may satisfy formal obligations while violating substantive fairness. Bureaucracies have always excelled at appearing compliant while remaining harmful; AI simply automates the tradition.
Take the justice system. The handbook correctly highlights the black-box problem. If an accused person cannot meaningfully challenge the basis of a risk score, sentencing recommendation, or evidentiary classification, then the right to a fair trial is weakened, regardless of how elegant the procurement documentation looked. “Human in the loop” is often presented as a cure-all. It is not. If the human merely rubber-stamps the machine recommendation under time pressure, institutional hierarchy, or misplaced faith in technology, the loop becomes theatre.
This phenomenon has been documented repeatedly in behavioural science: humans tend to over-trust automated outputs, especially when systems appear quantitative. Numbers possess a false moral authority. A judge may distrust a witness but trust a dashboard. That is not progress; it is numerically formatted superstition.
In policing, predictive systems create a second-order risk. They learn from historical enforcement data. Historical enforcement data often reflects historical bias. Thus the machine can convert yesterday’s unequal policing into tomorrow’s optimised patrol map. The result is a feedback loop where over-policed communities generate more recorded incidents, which justify more policing, which generates more data, and so on. Silicon Valley calls this machine learning. Older political traditions called it entrenchment.
For welfare and public benefits, automated fraud detection presents an especially dangerous asymmetry. Errors by the citizen are punished immediately. Errors by the state are corrected slowly, if ever. If a vulnerable family loses benefits because an opaque risk model misclassifies them, the harm is immediate: rent arrears, food insecurity, debt, humiliation. Later appeals processes, even if successful, do not fully repair that damage. Administrative latency can be as destructive as administrative malice.
Are current obligations enough to prevent flagrant denial of justice? Only if one assumes that institutions have equal capacity, incentives, and technical literacy. They do not.
Many public authorities procure systems from private vendors whose commercial incentives are misaligned with democratic accountability. Vendors optimise for sales cycles, margins, renewals, and reputational messaging. Governments often lack internal expertise to interrogate model design, training data provenance, error rates across subgroups, drift risks, or explainability claims. This creates a familiar dynamic: the seller knows more than the buyer, yet the buyer exercises coercive power over citizens. It is a remarkably inefficient way to run a democracy.
Businesses themselves face fragmented obligations. Some sectors have strong duties under privacy, discrimination, consumer, labour, or product regimes. But cross-border AI governance remains uneven, enforcement capacity limited, and penalties sporadic. Large firms can absorb compliance costs more easily than smaller competitors, which sometimes turns regulation into a moat rather than a moral constraint.
What would be sufficient? Not perfection, but stronger operational obligations tied to rights protection.
First, mandatory contestability. Any materially adverse public decision influenced by AI should trigger a fast, accessible right to human reconsideration with authority to overturn the automated result. Not a chatbot. Not a ticketing queue. A real accountable decision-maker.
Second, evidentiary transparency proportionate to impact. If liberty, livelihood, immigration status, child protection, or essential benefits are affected, the subject should know what factors drove the decision, what data was used, and how to challenge inaccuracies. Trade secrecy cannot become a veil for state coercion.
Third, outcome auditing. Regulators should examine not only whether forms were completed, but whether systems generate disparate error rates, geographic distortions, procedural delays, or systematic over-enforcement. Compliance theatre ends when metrics become public.
Fourth, procurement reform. Public bodies should not buy black boxes for sovereign functions. If a system cannot be independently tested, stress-tested, and meaningfully explained, it should not decide matters of rights.
Fifth, liability clarity. Today responsibility can dissolve into a triangle: vendor blames authority, authority blames vendor, operator blames model. Citizens need a visible defendant. Justice dislikes smoke.
Sixth, institutional capability. Many governments need internal data scientists, auditors, legal technologists, and judges trained in algorithmic evidence. Without state competence, regulation remains decorative.
There is also a deeper philosophical issue. Public governance historically derives legitimacy from reasons. A citizen asks: why was I fined, denied, searched, ranked, or excluded? The state answers with reasons that can be debated. AI systems often replace reasons with correlations. “Because the model predicted so” is not a democratic justification. It is an abdication wrapped in statistics.
Some executives argue that AI reduces human bias, inconsistency, and cost. They are partly right. Human administration can be arbitrary, discriminatory, slow, and expensive. But replacing flawed humans with flawed systems at scale is not reform. It is acceleration.
Europe, to its credit, is at least asking the right questions earlier than many jurisdictions. The Council of Europe handbook reflects an important maturation: AI governance is no longer only about innovation incentives, compute races, or startup valuations. It is about constitutional order. That is where serious societies eventually arrive.
My view is blunt. Current obligations are a foundation, not a safeguard sufficient in themselves. They can reduce abuse, but they cannot reliably prevent flagrant denial of justice unless backed by enforcement, technical capacity, remedies, transparency, and political courage. Rights without remedies are brochures. Oversight without expertise is ceremony. AI without accountability is simply bureaucracy with better branding.
A. Dina
