¹ Regulation (EU) 2024/1689 of the European Parliament and of the Council laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act), OJ L 2024/1689.

² See, e.g., F Palmiotto, “The AI Act Roller Coaster: The Evolution of Fundamental Rights Protection in the Legislative Process and the Future of the Regulation” (2025) 16(2) European Journal of Risk Regulation 770, where further references are also provided.

³ See Art. 113 for the varying timeframes of applicability of the different provisions of the AI Act.

⁴ C N Pehlivan, N Forgó and P Valcke (eds), The EU Artificial Intelligence (AI) Act: A Commentary (Kluwer 2024); J Schuett, “Risk Management in the Artificial Intelligence Act” (2024) 15(2) European Journal of Risk Regulation 367; O Mir, “The AI Act from the Perspective of Administrative Law: Much Ado About Nothing?” (2024) 16(1) European Journal of Risk Regulation 63; I Carnat, “Addressing the Risks of Generative AI for the Judiciary: The Accountability Framework(s) under the EU AI Act” (2024) 55 Computer Law & Security Review 106067; E Leinarte, “The Classification of High-Risk AI Systems Under the EU Artificial Intelligence Act” (2024) 1 Journal of AI Law and Regulation 262.

⁵ CETS No. 225 (Vilnius 05/09/2024).

⁶ See Full list – Treaty Office.

⁷ To enter into force five ratifications including at least three by Member States of the CoE, are required.

⁸ K Stuurman and E Lachaud, “Regulating AI. A Label to Complete the Proposed Act on Artificial Intelligence” (2022) 44 Computer Law and Security Review 1. It is necessary to also await the Commission’s clarification of the concept of AI system in the guidelines on the practical implementation of the AI Act to be drawn up (see Art. 96(1)(f) AI Act). See also Miguel Ángel Presno Linera and Anne Meuwese, “Regulating AI from Europe: a Joint Analysis of the AI Act and the Framework Convention on AI” (2025) The Theory and Practice of Legislation 1, 10.

⁹ Vienna Convention on the Law of Treaties of 23 May 1969, entered into force on 27 January 1980. United Nations, Treaty Series, vol. 1155, p. 331. I approach treaty interpretation as an interactive process structured on the basis of the text, context, object and purpose of a treaty and guided by good faith. See Campbell McLachlan, Principle of Systemic Integration in International Law (Oxford University Press 2024).

¹⁰ On the ambiguity of human rights law, see I Kusche, “Possible Harms of Artificial Intelligence and the EU AI Act: Fundamental Rights and Risk” (2024) Journal of Risk Research 1. On the uncertainty inherent in the proportionality test that grounds human rights law, see L Enqvist and M Naarrijärvi, “Discretion, Automation, and Proportionality” in M Suski (ed), The Rule of Law and Automated Decision-Making (Springer 2023) 147.

¹¹ J Ziller, “The Council of Europe Framework Convention on Artificial Intelligence vs. the EU Regulation: Two Quite Different Legal Instruments” (CERIDAP 2/2024), 202, where it is explained that the CoE AI Convention will likely function as an interpretative document for the European Court of Human Rights.

¹² It is a standard interpretative practice of the European Court of Human Rights to use external sources, including other CoE treaties, when interpreting the European Convention on Human Rights. E Voeten, “Why Cite External Legal Sources? Theory and Evidence from the European Court of Human Right” in C Giorgetti and M Pollack (eds), Beyond Fragmentation: Cross-Fertilization, Cooperation, and Competition among International Courts (Cambridge University Press 2022) 162.

¹³ See also Art. 27(2) of the CoE AI Convention that acknowledges the special relationship between the Convention and the EU AI Act. See also Council Decision (EU) 2024/2218 of 28 August 2024 on the signing, on behalf of the European Union, of the Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law: “The Convention is to be implemented in the Union exclusively through Regulation (EU) 2024/1689 and other relevant Union acquis, where applicable.”

¹⁴ C McCrudden, “Pluralism of Human Rights Adjudication,” in L Lazarus, C McCrudden, N Bowles (eds), Reasoning Rights: Comparative Judicial Engagement (Hart Publishing, 2014). See also M Delmas-Marty, Towards a Truly Common Law: Europe as a Laboratory for Legal Pluralism (translated by N Norberg) (Cambridge University Press).

¹⁵ See also N Krisch, “The Open Architecture of European Human Rights Law” (2008) 71(2) The Modern Law Review 183.

¹⁶ For clarifications of the role of Explanatory Reports for interpreting CoE treaties as related to the Vienna Convention on the Law of Treaties, (1969) Treaty Series, 1155, 331. see Section II.

¹⁷ In the future, the work of the Conference of the Parties, composed of official representatives of the Parties to the Convention to determine the extent to which its provisions are being implemented, will also assist the interpretation. See Article 23 of the CoE AI Convention.

¹⁸ Vienna Convention on the Law of Treaties of 23 May 1969, entered into force on 27 January 1980. United Nations, Treaty Series, vol. 1155, p. 331.

¹⁹ See the Preamble of the treaty.

²⁰ CoE Ad hoc Committee on Artificial Intelligence (CAHAI) Feasibility Study, CAHAI(2020)23, 17 December 2020, para 20.

²¹ As part of its efforts to reconcile innovation and regulation for the benefit of human rights, the CoE has also adopted Protocol to amend the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (CETS No. 223), 10 November 2018. See Section V.3.e below.

²² The AI Act has been inspired by product safety regimes. See F Palmiotto, “The AI Act Roller Coaster: The Evolution of Fundamental Rights Protection in the Legislative Process and the Future of the Regulation” (2025) European Journal of Risk Regulation 1, 8; O Mir, “The AI Act from the Perspective of Administrative Law: Much Ado about Nothing?” (2024) European Journal of Risk Regulation 1, 3. Concerns have been expressed as to how AI-related risks, which concern ethical and fundamental rights issues, are addressed through harmonisation techniques which were developed to address health and safety concerns. See S de Vries et al, “Internal Market 3.0: The Old ‘New Approach’ for Harmonising AI Regulation” in G Robinson (et al, eds) “Future-proof Regulation and Enforcement for the Digitalised Age” (2023) 8 European Papers, Journal of Law and Integration 3.

²³ See first recital in the Preamble of the CoE AI Convention.

²⁴ See 129th Session of the CoE Committee of Ministers (Helsinki, 16–17 May 2019), CM/Del/Dec(2019)1346/1.5, CM/Del/Dec(2019)1346/1.5

²⁵ See 1353rd meeting, 11 September 2019 of the CoE Committee of Ministers, CM/Del/Dec(2019)1353/1.5-app, CM/Del/Dec(2019)1353/1.5-app

²⁶ CAHAI(2020)23, Strasbourg 17 December 2020.

²⁷ A review of the complete list of the CoE treaties available here Full list – Treaty Office shows that the adoption of Framework Conventions is the exception.

²⁸ A comparison between the CoE AI Convention and Convention 108+ for the Protection of Individuals with Regard to the Processing of Personal Data, reveals the different levels of specificities. For example, the CoE AI Convention does not contain a provision similar to Art. 9 of Convention 108+. See Section V.3.e below.

²⁹ Feasibility Study, CAHAI(2020)23, para 134–9.

³⁰ Feasibility Study, CAHAI(2020)23, para 138.

³¹ CM(2023)131-addfina, 1680ade00f

³² Here references are given starting with the first one CAI(2022)06_rev, Strasbourg, 22 April 2022, 1680a6d912; CAI(2022)10, Strasbourg, 23 September 2022, 1680a83eaa; CAI(2023)03, Strasbourg, 13 January 2023, 1680a9cc4f; CAI(2023)05, Strasbourg, 3 February 2023, 1680aa182f; CAI(2023)11, Strasbourg, 21 April 2023, https://rm.coe.int/cai-2023-11-list-of-decisions/1680ab068f; CAI(2023)14, Strasbourg, 2 June 2023, 1680ab71a5; CAI(2023)23, Strasbourg, 26 October 2023, 1680ad13c6; CAI(2023)27, Strasbourg, 8 December 2023, 1680adc984; CAI(2024)04, Strasbourg, 26 January 2024, 1680ae51d8; CAI(2024)09, Strasbourg, 14 March 2024, 1680aef19f.

³³ StateWatch has published a document that contains some States’ positions on the Zero Draft coe-artificial-intelligence-convention-compilation-of-comments-8-9-22.pdf

³⁴ These were informal meetings for resolving contentious issues. See CAI(2023)14, Strasbourg, 2 June 2023, 1680ab71a5: “Instruct the Secretariat to organise a series of informal meetings of the Drafting Group to explore possible solutions to some of the outstanding issues in the draft Framework Convention, during the period from June to December 2023.”

³⁵ The author of this article sent specific enquiries to CAI Secretariat. On 1 April 2025, the author received the following e mail “Please note that only the documents available on our website are open for public consultation. The preparatory works, including the positions of different states, are not publicly accessible.” E-mail on file with the author.

³⁶ CAI(2023)05, Strasbourg, 3 February 2023, 1680aa182f: “Instruct the Secretariat to make the revised ‘Zero Draft’ public, with the information that this is a document prepared by the Chair and the Secretariat and does not reflect the final outcome of negotiations in the Committee.”

³⁷ CAI(2023)05, Strasbourg, 3 February 2023, 1680aa182f: “Take note of the opening remarks of Mr Thomas Schneider, Chair of the CAI. In his remarks, the Chair referred to the recent breaches of confidentiality of meetings and documents of the CAI, including references having been made to specific positions of Delegations. He emphasized that such actions were unacceptable. He reiterated the requirements under Resolution CM/Res (2021)3 ‘on intergovernmental committees and subordinate bodies, their terms of references and working methods,’ adopted by the Committee of Ministers on 12 May 2021. The Chair further explained that the need for confidentiality of meetings and documents of the CAI was not to curtail transparency, but because international negotiations require the ability for Delegates to make statements or take positions without being quoted in public. Transparency and inclusivity are important aspects of modern policy making and in the case of the CAI, they can and will be ensured in appropriate ways.” (emphasis added).

³⁸ The Zero Draft can be accessed here coe-artificial-intelligence-convention-zero-draft-30-6-22.pdf.

³⁹ The Revised Zero Draft can be accessed here 1680aa193f.

⁴⁰ 1680abde66.

⁴¹ Convention on AI and human rights (draft December 2023) | Digital Watch Observatory.

⁴² CM(2024)52-prov1 available 1680aee411.

⁴³ CM/Del/Dec(2024)1497/10.1, 1497th meeting, 30 April 2024, CM/Del/Dec(2024)1497/10.1.

⁴⁴ See, for example, the involvement of the European Network of National Human Rights Institutions here Draft Convention on AI, Human Rights, Democracy and Rule of Law finalised: ENNHRI raises concerns – ENNHRI and the following civil society statement CSO-COE-Statement_07042023_Website.pdf.

⁴⁵ See Council Decision (EU) 2022/2349 of 21 November 2022 authorising the opening of negotiations on behalf of the EU for a CoE convention on artificial intelligence, human rights, democracy and the rule of law.

⁴⁶ ‘The CAHAI therefore recommended that the instrument, “though obviously based on Council of Europe standards, be drafted in such a way that it facilitates accession by States outside of the region that share the aforementioned standards.”

⁴⁷ See the Civil Society Statement CSO-COE-Statement_07042023_Website.pdf See also here US obtains exclusion of NGOs from drafting AI treaty – Euractiv.

⁴⁸ See CoE Parliamentary Assembly Recommendation 417 (1965) of 25 January 1965 for publication of the preparatory works. However, “[i]n view of the confidentiality of the experts’ working documents, the Committee of Ministers could not accept this proposal.” Jörg Polakiewicz, Treaty-making in the Council of Europe (Council of Europe Publishing, 1999), 26.

⁴⁹ Reply by the Committee of Ministers to Recommendation 417 (1965), adopted during the 145th meeting of the Ministers’ Deputies in October 1965, cited in Jörg Polakiewicz, Treaty-making in the Council of Europe, (Council of Europe Publishing, 1999), 26.

⁵⁰ J Polakiewicz, Treaty-making in the Council of Europe, (Council of Europe Publishing, 1999), 26. The CoE Committee of Ministers authorises the publication of the Explanatory Report.

⁵¹ J Polakiewicz, note 50, 26.

⁵² Ibid, 27.

⁵³ See Article 32, Vienna Convention on the Law of Treaties.

⁵⁴ Art. 4(1) Zero Draft CAI(2022)07 Restricted, 30 June 2022; Art. 4(2), Revised Zero Draft, CAI(2023)01, 6 January 2023.

⁵⁵ Here I make a distinction between, on the one hand, general references to human rights, human rights obligations or impact on human rights (that are multiple in the Consolidated Working Draft and in the final version of the CoE AI Convention), and, on the other, conferral of concrete rights specifically relevant to the application of AI systems. Such concrete rights include, for example, the right to know that one interacts with an AI system or the right to choose not to interact.

⁵⁶ Art. 7(1) Zero Draft.

⁵⁷ Art. 7(2) Zero Draft; Article 20(1) Revised Zero Draft.

⁵⁸ Art. 7(4) Zero Draft. Article 20(2) Revised Zero Draft.

⁵⁹ Yet, see Art. 14(2) of the Consolidated Working Draft that stipulated that “any person has the right to know that one is interacting with an AI system rather than with a human unless obvious from the circumstances and context of use and, where appropriate, shall provide for the option of interacting with a human in addition to, or instead of, such system.” (emphasis added) Compare this proposal in the Consolidated Working Draft with the final version as reflected in Article 15(2) of the AI Convention that contains no reference to a right and to an option to choose not to interact with AI.

⁶⁰ Similarly to private entities and individuals, public authorities can be providers when they develop an AI system and put it into service (Art. 2(3), AI Act). Similarly to private entities and individuals, public authorities can be also deployers of AI systems when they use the systems (Art. 2(4), AI Act.). See O Mir, “The AI Act from the Perspective of Administrative Law: Much Ado about Nothing?” (2024) European Journal of Risk Regulation 1, 9.

⁶¹ Draft Articles on Responsibility of States for International Wrongful Acts with Commentaries, Yearbook of International Law Commission, 2001, Vol.II, Part Two.

⁶² Explanatory Report to the CoE AI Convention, para 27.

⁶³ Ibid, para 28 (emphasis added).

⁶⁴ The formulation used in Art. 3(1)(a), CoE AI Convention. Explanatory Report to the CoE AI Convention, para 28.

⁶⁵ Explanatory Report to the CoE AI Convention, para 27.

⁶⁶ Explanatory Report to the CoE AI Convention, para 28.

⁶⁷ It has been well established in the ECtHR’s case law that States are not absolved of their human rights law obligations by delegating certain services to private bodies (see, e.g., Costello-Roberts v United Kingdom App no 13134/ 87 (ECHR, 25 March 1993); Dodov v Bulgaria App no 59548/00 (ECHR, 17 January 2008) para 80; Storck v Germany no 61603/00 (ECHR, 16 June 2005) para 103; O’Keeffe v Ireland [GC] App no 35810/09 (ECHR, 28 January 2014) para150. This is especially so when these services are considered to be public services. Yet, the meaning of public services and relatedly, the meaning of public powers, is not unambiguous. One way will be to say that public functions are the ones that the State has historically performed. For a more in-depth discussion, see J Thomas, Public Rights, Private Relations (Oxford University Press 2015) 41.

⁶⁸ States are obliged to make a declaration which of these two options they have chosen. Norway has made a declaration that it has made the first choice.

⁶⁹ Explanatory Report to the CoE AI Convention, para 29 (emphasis added).

⁷⁰ CoE Ad hoc Committee on Artificial Intelligence (CAHAI) Feasibility Study, CAHAI(2020)23, 17 December 2020, para 91.

⁷¹ Vladislava Stoyanova, Positive Obligations under the European Convention on Human Rights. Within and Beyond Boundaries (Oxford University Press 2023); Claire Loven, Fundamental Rights Violations by Private Actors and the Procedure before the European Court of Human Rights. A Study of Verticalised Cases (Intersentia 2022).

⁷² These positive obligations are without prejudice to other obligations (positive or negative) under human rights treaties. See third paragraph in Article 3(1)(b) of the CoE AI Convention.

⁷³ See, generally, V Stoyanova, Positive Obligations under the European Convention on Human Rights. Within and Beyond Boundaries (Oxford University Press 2023). Many scholars have argued that it is precisely positive obligations in human rights law that demand from States to better regulated AI systems so that harms can be prevented. See L McGregor, D Murray and V Ng, “International Human Rights Law as a Framework for Algorithmic Accountability” (2019) 68 International & Comparative Law Quarterly 309; L Lane, “Clarifying Human Right Standards Through Artificial Intelligence Initiatives” (2022) 71(4) International and Comparative Law Quarterly 915.

⁷⁴ The Explanatory Report to the treaty is useful in better understanding what is meant by the “lifecycle” of the system. In particular, this lifecycle includes (1) planning and design, (2) data collection and processing, (3) development of artificial intelligence systems, including model building and/or fine-tuning existing models for specific tasks, (4) testing, verification and validation, (5) supply/making the systems available for use, (6) deployment, (7) operation and monitoring, and (8) retirement. See Explanatory Report, para 15.

⁷⁵ See also Arts. 9 and13 of the CoE AI Convention that refer to “adverse impacts on human rights.”

⁷⁶ See Arts. 3(1) and14(2)(a) CoE AI Convention.

⁷⁷ T Mahler, ‘Between Risk Management and Proportionality: The Risk-Based Approach in the EU Artificial Intelligence Act Proposal’ in L Colonna and S Greenstein (ed), Law in the Era of Artificial Intelligence. Nordic Yearbook of Law and Informatics 247.

⁷⁸ Explanatory Report, para 17.

⁷⁹ Ibid.

⁸⁰ Ibid.

⁸¹ According to the Explanatory Report, para 18, these spheres included “distribution of social welfare benefits, decisions on the creditworthiness of potential clients, staff recruitment and retention processes, criminal justice procedures, immigration, asylum procedures and border control, policing, and targeted advertising and algorithmic content selection.”

⁸² See E Leinarte, “The Classification of High-Risk AI Systems Under the EU Artificial Intelligence Act” (2024) 3 Journal of AI Law and Regulation 262; M Almada and N Petit, “The EU AI Act: Between the rock of product safety and the hard place of fundamental rights” (2025) 62(1) Common Market Law Review 85.

⁸³ Art. 12, Zero Draft CAI(2022)07, 30 June 2022.

⁸⁴ Art. 13, Zero Draft CAI(2022)07, 30 June 2022.

⁸⁵ Art. 14, Zero Draft CAI(2022)07, 30 June 2022.

⁸⁶ See the Revised Zero Draft CAI(2023)01, 6 January 2023.

⁸⁷ See Annex III of the EU AI Act.

⁸⁸ See the exclusion of AI systems related to the protection of States’ national security interests and national defence, as stipulated in Art. 3(2) and (4) CoE AI Convention. “National security” is distinguished from “public security.” See Explanatory report, para 32.

⁸⁹ The comparison presented here has certain limitations that should be openly acknowledged. The analysis in this section focuses specifically on Art. 6(3) of the EU AI Act, which sets out the classification rules for high-risk AI systems. It does not attempt to provide a comprehensive examination of the Act’s overall risk-based approach. For example, practices prohibited under Art. 5 of the AI Act – a provision that does not allow for general derogations – are not addressed.

⁹⁰ Notably, the AI systems included in Annex III may increase or decrease, since new systems can be added or systems can be removed from the list. The addition of new examples of high-risk systems is meant to ensure flexibility as to how the technology is regulated given that it might develop very rapidly. Art. 97 AI Act allows the Commission to adopt delegated acts under Art. 290 TFEU to amend some of its provisions (the scrutiny by the Council and the European Parliament is still required). Annex III can be also an object of such amendments whose areas the Commission can extend (only in the framework of the eight existing areas) in accordance with the substantive criteria set out in Art. 7 AI Act. The Commission can also change the exception of Art. 6(3) AI Act.

⁹¹ This threshold does not apply to AI systems that profile natural persons. Art. 6(3) third sentence stipulates that “an AI system referred to in Annex III shall always be considered to be high-risk where the AI system performs profiling of natural persons.”

⁹² The objective of this provision is to reduce the regulatory burden of the AI Act: “the significance of the output of the AI system in relation to the decision or action taken by a human, as well as the immediacy of the effect, should also be taken into account when classifying AI systems as high risk.” See Second Presidency Compromise text (11124/22, 15.7.2022) at page 4, AIA-CZ-1st-Proposal-15-July.pdf For a more detailed analysis of Art. 6 of the AI Act, see also Emilija Leinarte, ‘The Classification of High-Risk AI Systems Under the EU Artificial Intelligence Act’ (2024) 3 Journal of AI Law and Regulation 262, where the legislative process of Art. 6(3) of the AI Act is described and it is explained how the co-legislators “differed on both the threshold for risk and methodology for assessing it.”

⁹³ See, generally, S Steel, “Legal Causation and AI” in E Lim and P Morgan (eds), The Cambridge Handbook of Private Law and Artificial Intelligence (Cambridge University Press, 2024) 189.

⁹⁴ I use the terms “fundamental rights” and “human rights” interchangeably.

⁹⁵ L Enqvist and M Naarrijärvi, “Discretion, Automation, and Proportionality” in M Suski (eds) The Rule of Law and Automated Decision-Making (Springer 2023) 147.

⁹⁶ See also Art. 6(6) AI Act that empowers the Commission to add new or to modify these four conditions upon evidence that AI systems listed in Annex III do not pose “a significant risk of harm to health, safety or fundamental rights of natural persons.” This can be interpreted as a possibility of deregulation. See also Art. 6(7) of the Act that can be viewed as a possibility for further regulation. It obliges the Commission to amend these four conditions by deleting any of them “where there is concrete and reliable evidence that this is necessary to maintain the level of protection of health, safety and fundamental rights.”

⁹⁷ See Art. 6(5) AI Act that stipulates that the Commission no later than 2 February 2026 has to issue guidance including practical examples of AI systems that are high-risk and not high-risk.

⁹⁸ See also F Palmiotto, “When Is a Decision Automated? A Taxonomy for a Fundamental Rights Analysis” (2024) German Law Journal 1, 11, where it is noted “Worryingly, the new version of the AI Act seems to suggest that fundamental rights are unaffected when AI systems do not have a prevalent role in decision-making.”

⁹⁹ Explanatory report, para 13 (emphasis added).

¹⁰⁰ There are generally two lines of contributions: one argues that human rights law is not helpful, and another one argues that human rights law is well-equipped to face harms that might be caused by AI systems. For examples of the first one see S A Teo, “How Artificial Intelligence Systems Challenge the Conceptual Foundations of the Human Rights Legal Framework” (2022) 40(1) Nordic Journal of Human Rights 216; in-Y Liu, “AI Challenges and the Inadequacy of Human Rights Protections” (2021) 40 Criminal Justice Ethics 2; H-Y Liu, “The Digital Disruption of Human Rights Foundations” in M Susi (ed), Human Rights, Digital Society and the Law: A Research Companion (Routledge 2019). For scholarship that fits within the second line (i.e., human rights law is useful), see L McGregor, D Murray and V Ng, “International Human Rights Law as a Framework for Algorithmic Accountability” (2019) 68 International and Comparative Law Quarterly 309; E Donahoe and M MacDuffee Metzger, “Artificial Intelligence and Human Rights” (2019) 30 Journal of Democracy 115.

F Palmiotto, “When Is a Decision Automated? A Taxonomy for a Fundamental Rights Analysis” (2024) German Law Journal 1; S Demkova, “The EU’s Artificial Intelligence Laboratory and Fundamental Rights” in M Fink (ed), Redressing Fundamental Rights Violations by the EU: The Promise of the ‘Complete System of Remedies (Cambridge University Press, 2025) 391.

¹⁰¹ See Art. 5 of the CoE AI Convention for the third gap. As to the fourth gap, see Arts. 23 and 25.

¹⁰² The third legal gap identified in the Feasibility Study and meant to be addressed by the CoE AI Convention, concerns the wider social impact from the deployment of AI systems (see CoE Ad hoc Committee on Artificial Intelligence (CAHAI) Feasibility Study, CAHAI(2020)23, 17 December 2020, para 86). This impact transcends human rights law that is focused on the individual and on more specific harms that affect specific identifiable individuals. This impact relates to broader questions about the operation of liberal democracies, including, for example, how AI systems might interfere with electoral processes and democratic institutions. The fourth legal gap identified in the Feasibility Study concerns the “lack of common norms at international level,” which is an obstacle for the trade of AI systems and for mutual trust. CoE Ad hoc Committee on Artificial Intelligence (CAHAI) Feasibility Study, CAHAI(2020)23, 17 December 2020, para 88.

¹⁰³ CoE Ad hoc Committee on Artificial Intelligence (CAHAI) Feasibility Study, CAHAI(2020)23, 17 December 2020, para 84.

¹⁰⁴ CoE Ad hoc Committee on Artificial Intelligence (CAHAI) Feasibility Study, CAHAI(2020)23, 17 December 2020, para 84. Concretisation would imply specifying that, for example, the right to fair trial includes a right to challenge evidence obtained with the help of an AI system.

¹⁰⁵ V Stoyanova, “Framing Positive Obligations under the European Convention on Human Rights Law: Mediating between the Abstract and the Concrete” (2023) 23(3) Human Rights Law Review 1. See also M Ambrus, “The European Court of Human Rights as Governor of Risk” M Ambrus, R Rayfuse and W Werner (eds) Risk and Regulation of Uncertainty in International Law (Oxford University Press, 2017) 100.

¹⁰⁶ See V Stoyanova, Positive Obligations under the European Convention on Human Rights. Within and Beyond Boundaries (Oxford University Press 2023); L Lavrysen, Human Rights in a Positive State (Intersentia 2016).

¹⁰⁷ States’ positive obligations under human rights law to regulate activities by taking preventing or mitigating measures are not absolute in the sense of requiring the result of prevention and mitigation to be always achieved.

¹⁰⁸ The distinction between obligations of means and obligations of result “rests on the extent to which international law encroaches upon the state machinery by instructing state organs to conform to a particular behaviour.” A Ollino, Due Diligence Obligations in International Law (Cambridge University Press, 2022) 77; V Stoyanova, “Framing Positive Obligations under the European Convention on Human Rights Law: Mediating between the Abstract and the Concrete” 23(3) (2023) Human Rights Law Review 1.

¹⁰⁹ A conceptual distinction exists between the assessment that measures constitute an interference with important interests protected by human rights law and the assessment whether these measures constitute a violation of human rights law. See J Gerards and H Senden, “The structure of fundamental rights and the European Court of Human Rights” (2009) 7(4) International Journal of Constitutional Law 619.

¹¹⁰ On the different standards of causation as also related to the use of AI systems, see Sandy Steel, “Legal Causation and AI” in E Lim and P Morgan (eds), The Cambridge Handbook of Private Law and Artificial Intelligence (2024 Cambridge University Press) 189.

¹¹¹ CAI(2023)18, 7 July 2023.

¹¹² Art. 4, Consolidated Working Draft CAI(2023)18, 7 July 2023; Art. 3, Draft Framework Convention CAI(2023)28, 18 December 2023.

¹¹³ Draft Framework Convention, CAI(2023)28, 18 December 2023.

¹¹⁴ Arts. 8, 14 Draft Framework Convention, CAI(2023)28, 18 December 2023.

¹¹⁵ Ibid.

¹¹⁶ Art. 14, Draft Framework Convention, CAI(2023)28, 18 December 2023.

¹¹⁷ Ibid.

¹¹⁸ Art. 15(1), Draft Framework Convention, CAI(2023)28, 18 December 2023.

¹¹⁹ CoE Ad hoc Committee on Artificial Intelligence (CAHAI) Feasibility Study, CAHAI(2020)23, 17 December 2020, para 85.

¹²⁰ CoE Ad hoc Committee on Artificial Intelligence (CAHAI) Feasibility Study, CAHAI(2020)23, 17 December 2020, para 85.

¹²¹ On the difficulties in establishing such causal links, see Sandy Steel, “Legal Causation and AI” in E Lim and P Morgan (eds), The Cambridge Handbook of Private Law and Artificial Intelligence (2024 Cambridge University Press) 189.

¹²² Explanatory Report, para 49.

¹²³ Ibid, para 51.

¹²⁴ At the time of writing, the European Court of Human Rights has not delivered a judgment concerning harm that might have been caused by the usage of AI-systems. The closest areas covered so far in the Court’s case law related to new technologies, concern mass surveillance and retention of data (see Centrum för Rättvisa v Sweden [GC] App no 35252/08 (ECHR, 25 May 2021) and facial recognition technologies (Glukhin v Russia App no 11519/20 (ECHR, 4 July 2023)). There is well-developed body of case law by the Court regarding data protection, which can be of relevance if the Court were to review usage of AI-systems (See Guide to the Case-Law of the European Court of Human Rights Data Protection (31 August 2024).). National courts, however, have made innovative interpretative advances. See M (Adamantia) Rachovitsa and N Johann “The Human Rights Implications of the Use of AI in the Digital Welfare State: Lessons Learned from the Dutch Syri Case” (2022) 22 Human Rights Law Review 10.

¹²⁵ An important interpretative technique used by the European Court of Human Rights is resort to external legal frameworks, including EU law and CoE treaties, to determine the scope of the obligations under the ECHR. See Use of Council of Europe treaties in the case-law of the European Court of Human Rights (CoE, 2011).

¹²⁶ CoE Ad hoc Committee on Artificial Intelligence (CAHAI) Feasibility Study, CAHAI(2020)23, 17 December 2020, para 99.

¹²⁷ See also Article 9, Revised Zero Draft CAI(2023)01, 6 January 2023 that included the following clarification in its text as to human dignity: “in particular the ability to reach informed decisions free from undue influence, manipulation or detrimental effects which may adversely affect the right to freedom of expression and assembly, democratic participation and the exercise of other relevant human rights and fundamental freedoms as a result of the inappropriate application of an artificial intelligence system.”

¹²⁸ Explanatory Report, para 53.

¹²⁹ Ibid, para 55.

¹³⁰ By way of comparison, it can be mentioned that the EU AI Act refers to dignity and individual autonomy in its preamble, but not in its actual provisions. It does oblige deployers under certain conditions to inform natural persons that “they are subject to the use of the high-risk AI system.” See Article 26, EU AI Act. The possibility to refused to be subject to the use of a system is not, however mentioned.

¹³¹ Art. 7, Draft Framework Convention CAI(2023)28, 18 December 2023.

¹³² Yet, see para 108 from the CoE Ad hoc Committee on Artificial Intelligence (CAHAI) Feasibility Study, CAHAI(2020)23, 17 December 2020: “they [those affected by the decision] should receive an explanation of how decisions that impact them are reached. While an explanation as to why a system has generated a particular output is not always possible, in such a case, the system’s auditability should be ensured. While business secrets and intellectual property rights must be respected, they must be balanced against other legitimate interests. Public authorities must be able to audit AI systems when there are sound indication of non-compliance to verify compliance with existing legislation. Technical burdens of transparency and explainability must not unreasonably restrict market opportunities, especially where risks to human rights, democracy and rule of law are less prominent. A risk-based approach should hence be taken, and an appropriate balance should be found to prevent or minimise the risk of entrenching the biggest market players and/or crowding out and, in so doing, decreasing innovative socially beneficial research and product development.”

¹³³ Explanatory Report, para 60 (emphasis added).

¹³⁴ Ibid, para 69.

¹³⁵ It is not clear why the text refers to both “accountability” and “responsibility.” The first one is normally associated with “broader and vaguer mechanisms.” See Samantha Besson, “Theorizing International Responsibility Law, an Introduction” in Samantha Besson (eds) Theories of International Responsibility Law (Cambridge University Press, 2022) 1, 8.

¹³⁶ Explanatory Report, para 66.

¹³⁷ Article 14(2), CoE AI Convention.

¹³⁸ Ibid.

¹³⁹ For details see the last paragraph in Section V.2.

¹⁴⁰ Explanatory Report, para 99.

¹⁴¹ See, generally, J Gerards and E Brems, “Introduction” in E Brems and J Gerards (eds), Shaping Rights in the ECHR. The Role of the European Court of Human Rights in Determining the Scope of Human Rights (Cambridge University Press, 2013).

¹⁴² See, generally, J Gerards and E Brems (eds), Procedural Review in European Fundamental Rights Cases (Cambridge University Press, 2017).

¹⁴³ E Brems, “Procedural Protection: an Examination of Procedural Safeguards Read into Substantive Convention Rights” in E Brems and J Gerards (eds), Shaping Rights in the ECHR. The Role of the European Court of Human Rights in Determining the Scope of Human Rights (Cambridge University Press, 2013) 137.

¹⁴⁴ Note should be also taken of the Conference of the Parties, which is composed of representatives of the Parties to the Convention and can be considered as the oversight mechanisms at the CoE level. Yet, Article 23 of the treaty does not characterise the Conference of the Parties as a body with oversight mandate. Article 23 rather stipulates inter alia that the Parties shall consult with view to make “specific recommendations concerning the interpretation and application” of the treaty. Making such recommendations arguably entails some level of oversight.

¹⁴⁵ See E Erken, The procedural participation of non-governmental organisations and national human rights institutions within the European Convention system and beyond: An empirical study (Doctoral thesis Utrecht University).

¹⁴⁶ See the contrast with Article 15 (Supervisory authorities) of the Convention 108+, where it is stipulated the supervisory authorities “shall have the powers to issue decisions with respect to violations of the provisions of this Convention and may, in particular, impose administrative sanctions” and that “shall have the power to engage in legal proceedings.”

¹⁴⁷ Art. 18, Zero Draft CAI(2022)07, 30 June 2022.

¹⁴⁸ Art. 29, Revised Zero Draft CAI(2023) 01, 6 January 2023.

¹⁴⁹ Art. 25, Consolidated Working Draft CAI(2023)18, 7 July 2023.

¹⁵⁰ Art. 26, Draft Framework Convention, CAI(2023)28, 18 December 2023.

¹⁵¹ Explanatory report, para 142.

¹⁵² See Section V.3.f below.

¹⁵³ Explanatory report, para 71.

¹⁵⁴ Ibid, para 115.

¹⁵⁵ For a comprehensive study, see, e.g., J Gerards and R Xenidis, “Algorithmic discrimination in Europe: Challenges and opportunities for gender equality and non-discrimination law” (European Commission Report, 2020).

¹⁵⁶ See, e.g., S Wachter, B Mittelstadt and C Russell, “Why fairness cannot be automated: Bridging the gap between EU non-discrimination law and AI” (2021) 41 Computer Law & Security Review 105567.

¹⁵⁷ Art. 5(3) of the Zero Draft, CAI(2022)07, 30 June 2022; Art. 12 of the Revised Zero Draft CAI(2023)01, 6 January 2023.

¹⁵⁸ Art. 9(2), Consolidated Working Draft CAI(2023) 18, 7 July 2023. Not changed in Draft Framework Convention CAI(2023)28, 18 December 2023.

¹⁵⁹ Explanatory report, para 77.

¹⁶⁰ Ibid, para 81: Art. 11 of the treaty “is not intended to endorse or require any particular regulatory measures in any given jurisdiction.”

¹⁶¹ Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108) Strasbourg 28/01/1981, as amended with Protocol CETS No. 223 Strasbourg 10/10/2018. The aim of the Protocol of amendment is to modernise and improve the Convention (ETS No. 108), taking into account the new challenges to the protection of individuals with regard to the processing of personal data which have emerged since the Convention was adopted in 1980.

¹⁶² Regulation 2016/679/EU of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data [2016] OJ L 119.

¹⁶³ Data protection regulations as a legal response have been useful for specifying how data can be collected, processed and stored. These regulations also provide rights to the data subjects. See Lena Enqvist, “Rule-based versus AI-driven Benefits Allocation: GDPR and AIA Act Implications and Challenges for Automation in Public Social Security Administration” (2024) 33(2) Information and Communications Technology Law 222.

¹⁶⁴ Recital (10), EU AI Act.

¹⁶⁵ McGregor, Murray and Ng, “International Human Rights Law as a Framework for Algorithmic Accountability” (2019) 68 International and Comparative Law Quarterly 314, 320, 325

¹⁶⁶ These principles can be important for the interpretation of Art. 8(2) ECHR. See, for example, the judgment by the District Court of the Hague, SyRI, 6 March 2020, para 6.41.

¹⁶⁷ There are many exceptions, however. Regarding Art. 22 GDPR see Case C-634/21 OQ v Land Hessen (Schufa) [2023].

¹⁶⁸ Art. 9(1)(a), Convention 108+.

¹⁶⁹ E Renieris, Beyond Data: Reclaiming Human Rights at the Dawn of the Metaverse (MIT Press 2023); F Palmiotto, “When Is a Decision Automated? A Taxonomy for a Fundamental Rights Analysis” (2024) German Law Journal 1.

¹⁷⁰ S Demkova, “The EU’s Artificial Intelligence Laboratory and Fundamental Rights” in M Fink (ed), Redressing Fundamental Rights Violations by the EU: The Promise of the ‘Complete System of Remedies (Cambridge University Press, 2025) 391, 415: “[…] data protection law guarantees data subjects’ rights with substantial number of exception and limitations, which is evident from the long list of exceptions to the general prohibition on processing special categories of personal data in Article 9(2) GDPR. Such a priori exceptions might not be subject to the same proportionality and necessity test as permissible limits to fundamental rights are under Article 52(1) CFR.”

¹⁷¹ See, e.g., C Novelli, F Casolari, P Hacker, G Spedicato and L Floridi, “Generative AI in EU Law: Liability, Privacy, Intellectual Property, and Cybersecurity” (2024) 55 Computer Law and Security Review.

¹⁷² See, e.g., Case C-203/22 Dun & Bradstreet Austria [2025]. The ECtHR’s case law has not yet developed in the area of data processing that includes AI systems. For a useful outline of ECtHR’s cases relevant to data protection and the usage of new technologies, see Guide to the Case-Law – Data protection (31 August 2024) 95.

¹⁷³ It is notable that the text of Art. 12 of the CoE AI Convention does not say that the State Parties take measures to ensure reliability, but only to promote reliability.

¹⁷⁴ Explanatory report, para 84–9.

¹⁷⁵ M C Gamito and C T Marsden, “Artificial intelligence co-regulation? The role of standards in the EU AI Act” (2024) 32 International Journal of Law and Information Technology 1.

¹⁷⁶ Ibid, 1, 7.

¹⁷⁷ Explanatory Report, para 69.

¹⁷⁸ Democracy and rule of law are not addressed here.

¹⁷⁹ Explanatory report, para 106.

¹⁸⁰ It has to be also applied without prejudice to human rights law. See Art. 3(1)(b) of the CoE AI Convention: “When implementing the obligation under this subparagraph, a Party may not derogate from or limit the application of its international obligations undertaken to protect human rights, democracy and the rule of law.”