Judicial Oversight in the Age of AI: Can the CJEU Effectively Review Automated Risk Assessments?

Authors

  • Syed Shaharyar Ahmed Research Assistant, Vrije Universiteit Amsterdam, Netherlands

Keywords:

Automated Risk Assessment (ARA), Judicial Review, CJEU, Artificial Intelligence, Article 47 CFREU, Algorithmic Accountability, EITAS

Abstract

The European Union’s security architecture is undergoing a profound algorithmic turn, transitioning from reactive law enforcement to preemptive, risk-based border control. Instruments like the European Travel Information and Authorisation System (ETIAS) and the upgraded Europol mandate increasingly rely on Automated Risk Assessments (ARA) and Machine Learning to flag high-risk individuals before a crime is committed. This article critically examines whether the Court of Justice of the European Union (CJEU) possesses the epistemic competence to effectively review these opaque, probabilistic determinations. The paper argues that the CJEU’s traditional administrative law standards, specifically the deferential manifest error of assessment test and the human in the loop safeguard, are structurally inadequate for the age of AI. The technical opacity of Black Box algorithms, combined with the proprietary nature of risk indicators, creates a blind spot in judicial protection that threatens the essence of Article 47 of the Charter of Fundamental Rights. By analyzing recent jurisprudence and the emerging AI Act, this article proposes a normative shift from a substantive review of outcomes to a procedural review of algorithmic design. It advocates for a new techno-judicial standard of scrutiny, necessitating the reversal of the burden of proof, strict explainability mandates for high-stakes adjudication, and the appointment of court-mandated technical experts. Ultimately, the article posits that without these procedural innovations, the CJEU risks becoming a rubber stamp for a Technological Leviathan, leaving the fundamental rights of data subjects without an effective remedy.

References

Ahmed, S. S. (2024). Mastering the Digital frontier: the intersection of generative AI and human rights in the digital age. UCP Journal of Law & Legal Education, 2(2), 73–94. https://doi.org/10.24312/ucp-jlle.02.02.271

Ahmed, S. S. (2026). Cross-Border surveillance and the right to privacy: legal remedies in the age of 5G and LOT. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.6000814

Ahmed, S. S., Haider, S., & Javed, M. S. (2026). AI Literacy as a Core Competency: Should Prompt Engineering for Lawyers be a Mandatory Course? Pakistan Journal of Law, Analysis and Wisdom, 5(3), 1–13. https://pjlaw.com.pk/index.php/Journal/article/view/v5i3-01-13/v5i3-01-13

Ahmed, S. S., Javed, M. S., & Haider, S. (2025). Algorithmic Discrimination and the Law: Regulating Bias in AI Decision-Making. Pakistan Journal of Humanities and Social Sciences, 13(4), 220–229. https://doi.org/10.52131/pjhss.2025.v13i4.3086

Almada, M., & Petit, N. (2022). The EU AI Act: Between product safety and Fundamental rights. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.4308072

Alon-Barkat, S., & Busuioc, M. (2022). Human–AI interactions in public sector decision making: “Automation bias” and “Selective adherence” to algorithmic advice. Journal of Public Administration Research and Theory, 33(1), 153–169. https://doi.org/10.1093/jopart/muac007

Amelung, N., & Machado, H. (2025). Dancing in the Dark: Policy transformations through obfuscating contestations in the case of Prüm II. Università Degli Studi Di Roma “Unitelma Sapienza.” https://doi.org/10.15166/2499-8249/854

Bellanova, R., & Glouftsios, G. (2020). Controlling the Schengen Information System (SIS II): the infrastructural politics of fragility and maintenance. Geopolitics, 27(1), 160–184. https://doi.org/10.1080/14650045.2020.1830765

Case C-12/03 P, Commission v Tetra Laval BV [2005] ECR I-00987. Retrieved from < https://curia.europa.eu/juris/document/document.jsf?text=&docid=81100&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=4841105>.

Case C-634/21, OQ v Land Hessen (Schufa), Judgment of 7 December 2023, EU:C:2023:948. Retrieved from < https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:62021CJ0634>.

Case C-817/19, Ligue des droits humains v Conseil des ministres (PNR), Judgment of 21 June 2022, EU:C:2022:491. Retrieved from < https://curia.europa.eu/juris/document/document.jsf;jsessionid=30A1658C04750DE6AED9D786C635F77A?text=&docid=261282&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=4811260>.

Case T-13/99, Pfizer Animal Health SA v Council [2002] ECR II-03305. Retrieved from < https://curia.europa.eu/juris/showPdf.jsf?text=&docid=47642&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=4842431>.

Charter of Fundamental Rights of the European Union [2012] OJ C326/391. Retrieved from < https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A12012P%2FTXT>.

Covilla, J. C. (2024). Artificial intelligence and administrative discretion: Exploring adaptations and boundaries. European Journal of Risk Regulation, 16(1), 36–50. https://doi.org/10.1017/err.2024.76

Del Rio, J. S., Moctezuma, D., Conde, C., De Diego, I. M., & Cabello, E. (2016). Automated border control e-gates and facial recognition systems. Computers & Security, 62, 49–72. https://doi.org/10.1016/j.cose.2016.07.001

Dwivedi, Y. K., Hughes, L., Ismagilova, E., Aarts, G., Coombs, C., Crick, T., Duan, Y., Dwivedi, R., Edwards, J., Eirug, A., Galanos, V., Ilavarasan, P. V., Janssen, M., Jones, P., Kar, A. K., Kizgin, H., Kronemann, B., Lal, B., Lucini, B., . . . Williams, M. D. (2019). Artificial Intelligence (AI): Multidisciplinary perspectives on emerging challenges, opportunities, and agenda for research, practice and policy. International Journal of Information Management, 57, 101994. https://doi.org/10.1016/j.ijinfomgt.2019.08.002

Ekeh, A. H., Apeh, C. E., Odionu, C. S., & Austin-Gabriel, B. (2025). Automating legal compliance and contract management: Advances in data analytics for risk assessment, regulatory adherence, and negotiation optimization. Engineering and Technology Journal, 10(01). https://doi.org/10.47191/etj/v10i01.26

Goodfellow, I., Bengio, Y., & Courville, A. (2016). Deep learning. In MIT Press eBooks. https://dl.acm.org/citation.cfm?id=3086952

Haitsma, L. M. (2023). Regulating algorithmic discrimination through adjudication: the Court of Justice of the European Union on discrimination in algorithmic profiling based on PNR data. Frontiers in Political Science, 5. https://doi.org/10.3389/fpos.2023.1232601

Imam, M. J., & Ahmed, S. S. (2025). The role of Generative Artificial intelligence in Judicial Decision-Making Process. UCP Journal of Law & Legal Education, 3(1), 112–137. https://doi.org/10.24312/ucp-jlle.03.01.305

Jeandesboz, J., Alegre, S., & Vavoula, N. (2017). European Travel Information and Authorisation System (ETIAS): Border management, fundamental rights and data protection. Dépôt Institutionnel De L’Université Libre De Bruxelles (Université Libre De Bruxelles). http://hdl.handle.net/2013/ULB-DIPOT:oai:dipot.ulb.ac.be:2013/264396

Joined Cases C-402/05 P and C-415/05 P, Yassin Abdullah Kadi and Al Barakaat International Foundation v Council and Commission (3 September 2008) [2008] ECR I-6351. Retrieved from < https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:62005CJ0402>.

Kochenov, D. V., & Butler, G. (2021). Independence of the Court of Justice of the European Union: Unchecked Member States power after the Sharpston Affair. European Law Journal, 27(1–3), 262–296. https://doi.org/10.1111/eulj.12434

Lazcoz, G., & De Hert, P. (2023). Humans in the GDPR and AIA governance of automated and algorithmic systems. Essential pre-requisites against abdicating responsibilities. Computer Law & Security Review, 50, 105833. https://doi.org/10.1016/j.clsr.2023.105833

Matheu-García, S. N., Hernández-Ramos, J. L., Skarmeta, A. F., & Baldini, G. (2018). Risk-based automated assessment and testing for the cybersecurity certification and labelling of IoT devices. Computer Standards & Interfaces, 62, 64–83. https://doi.org/10.1016/j.csi.2018.08.003

Palmiotto, F. (2024). When is a decision automated? A taxonomy for a fundamental rights analysis. German Law Journal, 25(2), 210–236. https://doi.org/10.1017/glj.2023.112

Papadaki, M. (2019). Substantive and Procedural Rules in International Adjudication: Exploring their Interaction in Intervention before the International Court of Justice. In Nomos Verlagsgesellschaft mbH & Co. KG eBooks (pp. 37–64). https://doi.org/10.5771/9783845299051-37

Pollman, T. (2016). Introduction to essays on technology in courtrooms and judicial chambers. Legal Writing: The Journal of the Legal Writing Institute, 21, 1–3. https://legalwritingjournal.scholasticahq.com/article/25152

Rabeharisoa, V., & Paterson, F. (2024). Non-Manipulable Things? Maintaining a Techno-Judicial imaginary on sealed biological samples in the French criminal justice. Engaging Science Technology and Society, 9(3). https://doi.org/10.17351/ests2023.1329

Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) [2018] OJ L236/1. Retrieved from < https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32018R1240>.

Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226. Retrieved from < https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32018R1240>.

Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 establishing a framework for interoperability between EU information systems in the field of borders and visa [2019] OJ L 135, 27 and Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration [2019] OJ L 135, 85, or more simply in footnotes as (EU) 2019/817 and (EU) 2019/818. Retrieved from < https://eur-lex.europa.eu/eli/reg/2019/818/oj/eng>.

Roeben, V. (2019). Judicial Protection as the Meta-norm in the EU Judicial Architecture. Hague Journal on the Rule of Law, 12(1), 29–62. https://doi.org/10.1007/s40803-019-00085-3

Saeed, W., & Omlin, C. (2023). Explainable AI (XAI): A systematic meta-survey of current challenges and future opportunities. Knowledge-Based Systems, 263, 110273. https://doi.org/10.1016/j.knosys.2023.110273

Ulbricht, L. (2018). When Big Data Meet Securitization. Algorithmic Regulation with Passenger Name Records. European Journal for Security Research, 3(2), 139–161. https://doi.org/10.1007/s41125-018-0030-3

Vavoula, N. (2025). The future of digitalisation in EU law enforcement: enhanced exchanges of personal data, privatisation and algorithmisation. Università Degli Studi Di Roma “Unitelma Sapienza.” https://doi.org/10.15166/2499-8249/851

Wachter, S., Mittelstadt, B., & Floridi, L. (2017). Why a right to explanation of automated Decision-Making does not exist in the General Data Protection Regulation. International Data Privacy Law, 7(2), 76–99. https://doi.org/10.1093/idpl/ipx005

Downloads

Published

2026-04-30

How to Cite

Ahmed, S. S. (2026). Judicial Oversight in the Age of AI: Can the CJEU Effectively Review Automated Risk Assessments?. Sarhad Journal of Legal Studies, 2(01), 42–57. Retrieved from https://journal.suit.edu.pk/index.php/sjls/article/view/1207

Issue

Vol. 2 No. 01 (2026): January-June 2026

Section

Articles

License

Copyright (c) 2026 Syed Shaharyar Ahmed

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.