This article examines the challenges posed by algorithm-assisted decision-making in interoperable EU-wide large-scale IT systems vis-à-vis access to extrajudicial and judicial remedies. Focus is placed on automated risk assessments via profiling and automated data matching introduced in two EU large-scale IT systems, namely ETIAS and the revised VIS, both of which will employ algorithms to assist in the examination of applications for visas and travel authorizations. The article critically assesses the effectiveness of existing safeguards contained in the respective regulations under EU data protection and administrative law in light of European and international efforts to regulate artificial intelligence. By doing so, it makes a threefold contribution: (1) it provides a taxonomy of extrajudicial and judicial remedies provided by EU data protection and administrative law as well as the AI Act; (2) it offers an in-depth assessment of the remedial mechanisms included in the ETIAS and revised VIS rules; and (3) it highlights important shortcomings and suggests possible regulatory solutions. It is argued that the EU’s eagerness to employ advanced technologies in the field of migration management may further undermine the protection of third-country nationals’ fundamental rights, including their right to legal remedies, the latter not being sufficiently adjusted to the new era of algorithm-assisted decision-making.
Common Market Law Review