REVIEW OF AI RISKS IN THE EUROPEAN UNION PUBLIC SECTOR: TAXONOMY, GOVERNANCE ARCHITECTURE AND CASE STUDIES (2018–2025)
Keywords:
public-sector AI, EU AI Act, risk taxonomy, accountabilityAbstract
European public administrations increasingly deploy artificial intelligence (AI) services for social-benefit and service eligibility screening, fraud and anomaly detection, citizen-service triage, and multilingual document processing. Because these deployments operate inside a complex constitutional and administrative order, the principal risks are not purely technical: they also implicate legality and mandate, proportionality, due process and reasons-giving, equality and non-discrimination, privacy and data protection, cybersecurity, and democratic accountability. This paper reviews AI risks in the European Union (EU) public sector over 2018–2025 by analyzing technical, legal, and policy literature that connects observed risks in administrative practice to the evolving governance architecture. Methodologically, it triangulates EU-level evidence on adoption and capacity constraints, the EU “governance stack” centered on the Artificial Intelligence Act (AI Act) and complemented by the General Data Protection Regulation (GDPR), the Data Governance Act, the Data Act, the Digital Services Act (DSA), the Digital Markets Act (DMA), and Network and Information Security Directive 2 (NIS2), and four selected cases: the Netherlands’ SyRI welfare-fraud analytics, the EU-funded iBorderCtrl border pilot, justice/probation automation debates with Estonia as an illustrative boundary-setting instance, and Madrid’s use and experimentation with facial recognition in mobility/security contexts. The analysis produces a risk taxonomy spanning technical, organizational, legal-accountability, and sovereignty dimensions and maps it to lifecycle duties under the AI Act. The paper concludes that the EU governance architecture is conceptually coherent and comparatively advanced, but its effectiveness will depend on procurement, integrated impact assessments, and sustained capacity-building so that AI adoption delivers public value without shifting risk onto citizens or undermining trust. It also identifies recurring administrative pressure points—such as auditability, logging, human oversight, and vendor dependency—that shape whether lifecycle obligations translate into day-to-day safeguards.
References
AlgorithmWatch. (2020). Spain’s largest bus terminal deployed live face recognition. https://algorithmwatch.org/en/spain-mendez-alvaro-face-recognition/
District Court of The Hague. (2020). Judgment on SyRI.
European Parliament & Council of the European Union. (2016). Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
European Parliament & Council of the European Union. (2022a). Regulation (EU) 2022/868 of 30 May 2022 on European data governance (Data Governance Act).
European Parliament & Council of the European Union. (2022b). Regulation (EU) 2022/2065 of 19 October 2022 on a Single Market for Digital Services (Digital Services Act) and Regulation (EU) 2022/1925 of 14 September 2022 on contestable and fair markets in the digital sector (Digital Markets Act).
European Parliament & Council of the European Union. (2022c). Directive (EU) 2022/2555 of 14 December 2022 on measures for a high common level of cybersecurity across the Union (NIS2 Directive).
European Parliament & Council of the European Union. (2023). Regulation (EU) 2023/2854 of 13 December 2023 on harmonized rules on fair access to and use of data (Data Act).
European Parliament & Council of the European Union. (2024). Regulation (EU) 2024/1689 of 13 June 2024 laying down harmonized rules on artificial intelligence (Artificial Intelligence Act).
Fabri, M. (2024). From court automation to e-justice and beyond in Europe. The International Journal for Court Administration, 15(2).
Tangi, L., van Noordt, C., Combetto, M., Gattwinkel, D., & Pignatelli, F. (2022). AI Watch: European landscape on the use of artificial intelligence by the public sector (EUR 31088 EN). Publications Office of the European Union.
