In forceEU
GDPR Article 22 — Automated Individual Decision-Making
GDPR Article 22 grants data subjects the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects. Data controllers deploying AI for such decisions must implement safeguards including human intervention, explanation, and contestation rights.
Jurisdiction
EU
Enforcement
May 25, 2018
Maximum penalty
Up to €20M or 4% of global annual turnover
Key obligations
- 01Lawful basis for automated decision-making
- 02Data Protection Impact Assessment (DPIA)
- 03Meaningful information about the logic involved
- 04Right to human intervention
- 05Right to contest the decision
Vendors that support GDPR Art. 22
Sorted by coverage level. Full coverage shown first.
4 vendors
| Vendor | HQ | Founded | Size | Pricing | Coverage | Last verified |
|---|---|---|---|---|---|---|
| Arthur | New York, United States | 2018 | 51-200 | Shield has a free tier; enterprise monitoring is contact-only. | Partial | Apr 21, 2026 |
| CalypsoAI | San Mateo, United States | 2018 | 51-200 | Enterprise only. | Partial | Apr 21, 2026 |
| Holistic AI | London, United Kingdom | 2020 | 51-200 | Enterprise-only with modular pricing by use case. | Partial | Apr 21, 2026 |
| Fiddler AI | Palo Alto, United States | 2018 | 51-200 | Contact for pricing | Partial | Apr 21, 2026 |
Compare across industries
See which vendors support GDPR Art. 22 in your sector.
GDPR Art. 22 in Defense & National SecurityGDPR Art. 22 in EducationGDPR Art. 22 in Employment & HRGDPR Art. 22 in Financial ServicesGDPR Art. 22 in Government & Public SectorGDPR Art. 22 in HealthcareGDPR Art. 22 in InsuranceGDPR Art. 22 in Legal ServicesGDPR Art. 22 in Retail & E-commerceGDPR Art. 22 in SaaS & Technology
Last verified April 21, 2026. Informational summary only — not legal advice. Consult qualified counsel for specific obligations.