**Questions? [[Contact us!]]** ## Introduction With automated decision making, there is no human involvement. A decision is made by artificial intelligence, based on data, in a automatic way without intervention. [[Profiling]] can be part of an automated decision making process. ## Relevant legislation ### [[GDPR]] In principle, automated decision making is not allowed under the GDPR if the decisions have legal consequences or a significant impact on the individual (art. 22 GDPR). Exceptions: - Essential for a contract between the individual and a data [[Controller]]; - Allowed by relevant Union or Member State law, with measures to protect the individual's rights and interests; or - Explicit consent of the individual. _More information in the_ [_EDPB guidelines_](https://ec.europa.eu/newsroom/article29/items/612053)_._ ### [[AI Act]] There should be human oversight implemented when AI systems make automated decisions that have legal consequences or a significant impact on the individual on which the system is used. This human oversight should prevent or minimise the risks to health, safety, fundamental rights or environment that can occur when a high risk AI system is used (art. 14(2) AI Act). ### [[MDR]] According to the regulation, software that is intended to be used for medical purposes, such as diagnosis, prevention, monitoring, treatment, or alleviation of disease, falls under the scope of the MDR - (see: [[Medical device|medical devices]]). This includes software that incorporates automated decision-making algorithms for medical purposes. It is important to note that the MDR is primarily concerned with the safety and performance of medical devices, and it addresses automated decision-making within that context. It does not include specific rules or detailed provisions regarding automated decision-making processes.