GDPR Art. 22 vendors for Government & Public Sector
Vendors that support GDPR Article 22 — Automated Individual Decision-Making and explicitly serve government & public sector customers. Listings verified April 28, 2026.
| Vendor | HQ | Founded | Size | Pricing | Last verified |
|---|---|---|---|---|---|
| Drata | San Francisco, US | 2020 | 501-1000 | Contact for pricing | Apr 24, 2026 |
| Giskard | Paris, France | 2021 | 11-50 | Contact for pricing | Apr 24, 2026 |
| CalypsoAI | Dublin, IE | 2018 | 51-200 | Enterprise licensing; contact sales for quote, depending on deployment (SaaS/on-prem/hybrid) and plan. | Apr 26, 2026 |
| Naaia | Louveciennes, FR | 2021 | 11-50 | No public pricing tiers; demo and quote requested via website. | Apr 27, 2026 |
| 2021.AI | Copenhagen, DK | 2016 | 51-200 | Contact for pricing | Apr 27, 2026 |
About GDPR Art. 22
Article 22 of the EU General Data Protection Regulation gives data subjects the right not to be subject to a decision based solely on automated processing — including profiling — that produces legal effects concerning them or similarly significantly affects them. The right applies across the EU and EEA and has been in force since May 25, 2018. The European Data Protection Board's Guidelines 1/2024 (adopted December 2024) clarify the scope, including how it applies to large language models and recommender systems. The CJEU's SCHUFA ruling (Case C‑634/21, December 2023) confirmed that automated credit scoring constitutes a "decision" under Article 22 where the score effectively determines whether a loan or contract is granted. Enforcement is by national Data Protection Authorities; penalties for Article 22 violations fall under the GDPR's higher tier — up to €20 million or 4% of worldwide annual turnover.
Read framework guide →About Government & Public Sector
Federal, state, and local agencies. Covered by OMB M-24-10, state AI governance orders, and procurement requirements for safety-impacting AI.
See all government & public sector vendors →