The classic trap
Article 86 creates an individual right to explanation that many deployers mistake for a single line in their privacy policy. The trap: you deploy a high-risk Annex III system (credit scoring, candidate filtering, social benefit eligibility) and you cannot, when a person asks, explain concretely the role the AI played in the decision and the main elements that drove it. The CNPD remains competent for the personal data dimension (this right overlaps with Article 22 GDPR), and the EU AI Office supervises the general framework. Without per-decision traceability, after-the-fact explanation becomes impossible, and invoking trade secrets does not exempt you.
Why a generic explanation is not enough
The text requires clear and meaningful explanations, not a marketing note about the algorithm. The traps in practice:
- Confusing general transparency (Art. 13, how the system works) with individual explanation (Art. 86, why this person got this decision).
- Failing to log input variables and factor weights at the exact moment of the decision, making it impossible to reconstruct the reasoning months later.
- Believing the paragraph 2 or 3 exception applies when no Union or national legal basis actually covers your specific case.
- Neglecting the interaction with Article 22 GDPR: if the decision is fully automated, the CNPD already expects an explanation, and the AI Act reinforces the requirement.
- Limiting the right to adverse decisions only, without a documented intake and response process within a reasonable timeframe.
How Luxgap automates this risk
Our Luxgap Decision Explainer makes it impossible to be caught unable to explain an algorithmic decision, because it captures the full context of every AI output at the moment it is produced, not after the fact. The tool sits between your high-risk system (scoring model, HR filtering API, eligibility engine) and your business application (Odoo, Workday LU, Salesforce, your core banking), logging for each decision the input variables, dominant factors and triggered threshold in a timestamped register.
- Captures every high-risk system output in real time through a lightweight API connector, binding inputs, score and weighting factors to a unique decision identifier.
- Automatically generates a plain-language explanation, tailored by type (credit refusal, candidate rejection, benefit denial), ready to be sent to the affected person.
- Natively separates Article 13 general transparency from Article 86 individual explanation, and flags overlaps with Article 22 GDPR monitored by the CNPD.
- Detects decisions with legal or significant effect and triggers a traceable response flow with timestamping of the request and the answer.
- Produces a timestamped, sealed PDF explanation file, usable during an inspection, proving you can satisfy the right to explanation.
Available as a complement to a Luxgap DPO or CISO mandate or as a dedicated SaaS module depending on your scope. Request a tailored quote and our teams will prepare a demonstration on your own algorithmic decisions, with a free blind audit within 48h to measure your exposure before any engagement.