Intermediate

RTE Legal Basis

A practical guide to rte legal basis for AI engineers and policymakers.

What This Lesson Covers

RTE Legal Basis is a key topic in Right to Explanation. In this lesson you will learn the underlying concept, why it matters specifically for AI engineers and policymakers, the practical approach experienced teams use, and the patterns to avoid. By the end you will be able to engage with rte legal basis in real product and policy decisions.

This lesson belongs to the Privacy & Data Rights category of the AI Ethics & Governance track. Ethics and governance are not optional add-ons — they shape what AI products are allowed to exist, what markets they can enter, and whether the underlying business model holds up under scrutiny.

Why It Matters

Implement the right to explanation. Learn the legal basis (GDPR Article 22), what counts as a meaningful explanation, technical implementation, and edge cases.

The reason rte legal basis deserves dedicated attention is that the gap between AI teams that take ethics and governance seriously and those that don't is widening fast. Two teams shipping similar products can end up in very different positions when regulators, journalists, customers, or affected communities ask the hard questions. Ethics and governance done well are competitive advantages — not just compliance burdens.

💡
Mental model: Treat rte legal basis as a deliberate product and policy decision, not a checkbox. The teams shipping the most trustworthy AI weave ethics into engineering reviews, product roadmaps, and incident playbooks — not into a single offline document that no one reads.

How It Works in Practice

Below is a practical example of how to apply rte legal basis in real AI work. Read it once, then think about how you would adapt it to your specific product, regulatory environment, and stakeholders.

# GDPR Article 22 compliance pattern
from dataclasses import dataclass
from typing import Literal

@dataclass
class AutomatedDecision:
    user_id: str
    decision: Literal["approve", "deny", "review"]
    reason_codes: list[str]      # short codes (e.g. "DTI_HIGH", "FICO_LOW")
    human_readable: str          # plain-language explanation
    was_solely_automated: bool
    human_review_offered: bool
    appeal_url: str
    model_version: str

def make_compliant_decision(applicant) -> AutomatedDecision:
    raw = score_applicant(applicant)
    decision = "approve" if raw > 0.7 else ("review" if raw > 0.4 else "deny")
    reasons = top_reason_codes(applicant, n=4)

    return AutomatedDecision(
        user_id=applicant.id,
        decision=decision,
        reason_codes=reasons,
        human_readable=explain_in_plain_language(reasons),
        was_solely_automated=(decision != "review"),
        human_review_offered=True,                      # Article 22 requirement
        appeal_url=f"/appeals/new?ref={applicant.id}",
        model_version="v3.2.1",
    )

# Article 22: data subject has the right NOT to be subject to a SOLELY automated decision
# AND to obtain human intervention, express their view, and contest the decision

Step-by-Step Walkthrough

  1. Identify the affected stakeholders — Not just users. Affected non-users, regulators, employees, and society at large all have stakes in AI decisions. Ethics is about who is in the room, not just whose voice is loudest.
  2. Ground the decision in a framework — Pick one: NIST AI RMF, ISO 42001, EU AI Act risk categorization, or your internal ethics framework. Ungrounded debate goes in circles.
  3. Get the inputs — Data on bias, customer feedback, regulator signals, comparable cases. Decisions made without inputs are guesses.
  4. Document the decision and the reasoning — Future-you and future regulators will want to know what you decided and why. Architecture Decision Records (ADRs) work well.
  5. Build in re-review cadence — Ethics norms shift faster than code. Set a calendar reminder to re-evaluate at 6 months, 12 months, and after every material change.

When To Use It (and When Not To)

RTE Legal Basis applies when:

  • The AI feature touches people in consequential ways (jobs, money, freedom, health)
  • You operate in a regulated market or one likely to be regulated soon
  • The use case involves protected characteristics, vulnerable populations, or public interest
  • The cost of getting it wrong (in trust, lawsuits, or harm) outweighs the cost of doing it right

It is the wrong move when:

  • A simpler approach (a different feature, a different framing) avoids the ethics challenge entirely
  • You are still iterating on whether the feature should exist at all — decide that first
  • You are using ethics as a smokescreen to delay shipping a feature you privately know is fine
  • The decision is being made unilaterally by people without standing — pause and bring in the right voices
Common pitfall: Teams treat ethics review as a one-time approval rather than an ongoing operating practice. Norms shift, regulations change, and real-world impact often only becomes clear after deployment. Build the review cadence into your release process the way you build security review — not into a one-off document.

Practitioner Checklist

  • Have you identified all affected stakeholders, including non-users?
  • Is the decision grounded in a recognized framework (NIST, ISO, EU AI Act, internal)?
  • Have you measured the relevant fairness, privacy, transparency, and safety metrics?
  • Is there a documented decision record (ADR) with the reasoning, dissent, and alternatives?
  • Is there a plan to monitor real-world impact and re-evaluate?
  • Have you involved the right voices (legal, ethics, impacted communities, regulators where appropriate)?

Next Steps

The other lessons in Right to Explanation build directly on this one. Once you are comfortable with rte legal basis, the natural next step is to combine it with the patterns in the surrounding lessons — that is where ethical practice goes from one-off decisions to an operating system. Ethics is most useful as a system, not as isolated reviews.