Dutch regulator seeks feedback on AI social scoring prohibition

The Dutch Data Protection Authority has released consultation findings on artificial intelligence systems used for social scoring, revealing significant concerns about algorithmic bias and discrimination risks even when such systems operate within the boundaries of the European Union's AI Act. According to a summary published in 2025, respondents emphasized that transparency safeguards alone cannot guarantee limiting unfair outcomes from automated scoring systems.

The consultation addresses Article 5(1)(c) of the AI Act, which prohibits AI-enabled social scoring practices that assess or classify individuals or groups based on their social behavior or personal characteristics, particularly when such assessments lead to detrimental or unfavorable treatment. The prohibition applies broadly across both public and private contexts and is not limited to specific sectors or fields.

Transparency fails to prevent algorithmic over-reliance

Respondents referenced research demonstrating that transparency safeguards in AI systems for social scoring do not guarantee limiting unfair outcomes. While transparency can increase procedural trust, participants tend to over-rely on social scores. This creates risk that groups of individuals with low scores will be treated less favorably, face greater difficulty recovering from negative assessments, and experience increased discrimination risk.

The findings align with broader research on algorithmic bias showing that automated assessment mechanisms perpetuate rather than mitigate social inequality. The consultation emphasized the importance of mechanisms that mitigate such risks, including the possibility to challenge outcomes and independent audits.

Discrimination risks due to risk profiling in social scoring received particular attention. The 2024 report "Blind voor mens en Recht" (Blind for People and Law), which examines the fight against fraud in social security in the Netherlands, illustrates these concerns through documented cases.

Marketing implications for targeted advertising

The prohibition has significant implications for marketing professionals deploying AI-powered targeting and personalization systems. Social scoring systems that assess individuals based on behavioral patterns or personal characteristics could fall under the AI Act's prohibition if they lead to detrimental treatment in advertising contexts.

The Dutch DPA's consultation findings suggest that marketing organizations using AI for audience segmentation, lookalike modeling, or propensity scoring must carefully evaluate whether their systems classify individuals in ways that could trigger the social scoring prohibition. The broad scope of Article 5(1)(c) extends beyond traditional credit scoring or fraud detection to encompass any AI system that evaluates individuals based on social behavior or personal characteristics.

AI-powered advertising tools have proliferated across major platforms throughout 2025, with companies like Meta introducing opportunity score systems that provide 0-100 point ratings for campaign optimization. While these systems focus on advertiser performance rather than individual consumer scoring, the consultation findings raise questions about how AI Act prohibitions might affect future advertising technologies.

The marketing community must monitor these regulatory developments closely as the AI Act's most stringent obligations entered into application on August 2, 2025. Commission guidelines released in July 2025 established specific technical thresholds for determining when an AI model qualifies as a general-purpose system subject to EU regulation, with transparency obligations under Article 50 becoming applicable from August 2, 2026.

Automated bias perpetuates inequality

The consultation highlighted research showing that automated assessment mechanisms perpetuate rather than mitigate social inequality. Respondents noted that social scoring systems can create self-reinforcing cycles where individuals with low scores face increasingly limited opportunities, making it more difficult to improve their assessments over time.

This pattern has particular relevance for advertising systems that use historical behavioral data to predict future actions or preferences. If such systems inadvertently classify individuals into categories that result in reduced access to certain products, services, or opportunities, they could violate the AI Act's social scoring prohibition.

The Dutch research report "Tussen Ambitie en Uitvoering" (Between Ambition and Implementation), published on February 26, 2024, provides extensive context on how automated systems in social security administration have contributed to discrimination. The report examined thirty years of policy development and found that algorithmic risk assessment in fraud detection disproportionately targeted specific demographic groups, leading to systematic disadvantages.

According to the report, media coverage of fraud in social security systems became associated with foreigners or Dutch nationals with migration backgrounds. This framing contributed to a policy environment where fraud was perceived as deliberate and intentional violations primarily committed by specific demographic groups, rather than reflecting the more complex reality that most cases involved errors or minor violations across diverse populations.

German authorities establish compliance framework

The Dutch consultation findings complement comprehensive AI development guidelines published by German data protection authorities in June 2025. The 28-page document established technical and organizational requirements for AI system development and operation, addressing the complete lifecycle from design through productive use.

German authorities emphasized that organizations must ensure training datasets were not created through unlawful means and that dataset sources are properly identified. The guidelines established clear boundaries for automated decision-making systems, specifying that decisions which unfold legal effect toward affected parties or similarly significantly impact them cannot result from random-based processes.

German digital industry representatives expressed concerns in October 2025 about the country's approach to implementing the EU AI Act, highlighting challenges that could affect Germany's competitiveness as an AI development hub. The Bundesverband Digitale Wirtschaft (BVDW), representing over 600 digital economy companies, advocated for clear jurisdictional boundaries and task divisions in enforcement structures.

Cross-border enforcement coordination

The Dutch DPA's consultation on social scoring represents part of a broader European coordination effort on AI regulation enforcement. National data protection authorities across EU member states are developing implementation frameworks for AI Act requirements, with varying approaches emerging across jurisdictions.

Denmark became the first member state to complete national implementation of AI Act requirements in May 2025, designating competent authorities under Article 70. Germany faces an August 2, 2025 deadline for similar designations, with the BVDW raising concerns about proposed coordination structures between different regulatory authorities.

Marketing technology providers operating across multiple European markets face additional complexity as different national authorities interpret AI Act requirements. The prohibition on social scoring applies to AI systems placed on European markets regardless of provider location, meaning international advertising platforms must comply with the strictest interpretations emerging from any EU member state.

The coordination challenges extend beyond national variations to encompass sector-specific interpretations of the social scoring prohibition. Financial services regulators, telecommunications authorities, and advertising standards bodies may develop divergent views on which AI applications constitute prohibited social scoring versus permissible risk assessment or personalization.

Implementation timeline and compliance obligations

The AI Act's implementation schedule creates graduated compliance requirements for different market participants. Enforcement becomes applicable one year later for new models and two years later for existing models placed on the market before August 2025. Transitional provisions require existing model providers to take necessary steps for compliance by August 2, 2027.

Marketing teams utilizing general-purpose AI models for content creation, customer targeting, or campaign optimization must demonstrate compliance with detailed transparency and safety requirements. Copyright compliance requirements particularly impact marketing applications that generate creative content.

The prohibition on social scoring systems took immediate effect when the AI Act entered into force, unlike other provisions with extended implementation periods. Organizations deploying AI systems that could be construed as social scoring must ensure compliance immediately rather than relying on transitional periods.

Platform enforcement mechanisms have expanded throughout 2025, with AI-powered systems now tracking cross-platform compliance violations that could trigger enforcement actions. The Dutch DPA has demonstrated active enforcement of digital regulations through multiple high-profile cases, including a €4.75 million fine against Netflix for data transparency failures and significant penalties for cookie consent violations.

Discrimination concerns extend beyond social security

While the Dutch consultation focused on social scoring in social security contexts, the principles apply broadly across sectors where AI systems evaluate individuals. Marketing applications involving behavioral targeting, credit decisioning for payment plans, employment screening for influencer partnerships, or access to promotional offers could trigger scrutiny under the social scoring prohibition.

The research on algorithmic bias in social security systems documented in the Dutch report provides cautionary lessons for commercial applications. Automated systems designed to detect fraud or abuse in one context can inadvertently create discriminatory patterns when applied at scale, particularly when relying on proxy indicators correlated with protected characteristics.

Research on AI adoption patterns in Germany revealed sharp demographic divisions in workplace technology usage, with age and education creating significant gaps. These adoption patterns suggest that AI systems trained on behavioral data may reflect existing inequalities rather than objective assessments of individual merit or risk.

The consultation findings noted that respondents emphasized the importance of Explainable AI (xAI) techniques that can provide explanations for generated outputs. Marketing organizations deploying AI systems that influence individual treatment or access should implement transparency mechanisms that allow affected individuals to understand and challenge adverse decisions.

Regulatory developments affecting automated decision-making

The Dutch DPA has published comprehensive guidance on meaningful human intervention in algorithmic decision-making, highlighting implementation challenges organizations face when attempting to comply with GDPR Article 22 requirements. The 5-page summary released on June 3, 2025, compiled feedback emphasizing that meaningful human intervention becomes impossible when algorithms rely on incomprehensible data and processes.

Organizations reported challenges with automation bias, where humans overestimate algorithm performance and accuracy. The feedback also highlighted selective automation bias, where assessors follow algorithmic recommendations for certain groups while relying on human judgment for others. These cognitive biases create risks that automated systems perpetuate discrimination even when formal oversight mechanisms exist.

The consultation responses identified the WYSIATI (What-You-See-Is-All-There-Is) problem, which causes people to focus predominantly on visible information while ignoring unknown or forgotten elements. This narrow focus can result in hasty and potentially erroneous conclusions, undermining the effectiveness of human oversight in preventing algorithmic harm.

United States Attorneys General from 44 jurisdictions signed a formal letter in August 2025 demanding enhanced protection of children from predatory AI products, demonstrating that regulatory scrutiny of AI systems extends beyond European borders. The coordinated enforcement action represented the most comprehensive state-level challenge to AI chatbot companies over harm to minors.

Legal frameworks for challenging algorithmic decisions

The Dutch consultation emphasized the importance of mechanisms allowing individuals to challenge outcomes from social scoring systems. Under GDPR Article 22, individuals have the right to not be subject to automated decision-making that produces legal effects or similarly significantly affects them, with exceptions requiring explicit consent or contractual necessity.

Marketing applications that determine eligibility for promotions, pricing tiers, or product access based on automated profiling could trigger these protections. Organizations must implement processes allowing affected individuals to obtain human review of automated decisions and to contest outcomes they believe are incorrect or discriminatory.

The Dutch DPA's enforcement history demonstrates active supervision of AI-related data protection issues. In August 2024, the authority issued warnings about data breaches resulting from employees sharing sensitive personal information with AI chatbots, noting that even officially sanctioned chatbot use may violate data protection laws.

Court rulings on livestream surveillance in January 2025 confirmed that legitimate interest assessments under Article 6(1)(f) GDPR require balancing organizational interests against fundamental rights to privacy and data protection. The judgment established that promotional interests can constitute legitimate interests, but necessity tests often fail when less intrusive alternatives exist.

Industry responses to social scoring prohibition

The marketing technology industry faces significant uncertainty about which existing practices might be construed as prohibited social scoring. Trade associations and legal experts continue developing guidance on compliance boundaries, but definitive interpretations will likely emerge only through enforcement actions and court decisions over coming years.

Some advertising platforms have begun implementing technical controls to prevent social scoring use cases while preserving permissible personalization and optimization functions. These controls include restricting access to certain demographic attributes in audience targeting, implementing algorithmic audits to detect discriminatory patterns, and enhancing transparency about how automated systems classify individuals.

The consultation findings suggest that organizations should conduct regular risk assessments through techniques like red teaming, particularly for publicly available AI systems. Marketing teams deploying AI tools should document decision-making processes, maintain human oversight mechanisms, and prepare to justify that automated classifications serve legitimate purposes without creating detrimental treatment based on protected characteristics.

The prohibition on social scoring systems represents a fundamental constraint on how organizations can leverage AI to evaluate individuals. Unlike compliance obligations that can be satisfied through technical measures or procedural safeguards, the outright prohibition requires organizations to refrain entirely from certain AI applications regardless of how carefully they might be implemented.

Timeline

• February 26, 2024: Dutch research report "Tussen Ambitie en Uitvoering" published, examining thirty years of fraud policy in social security and documenting algorithmic discrimination
• May 2024: German data protection authorities issue first AI and privacy guidelines, establishing foundational principles for AI system compliance
• May 2025: Dutch DPA sets GDPR preconditions for generative AI models, launching consultation on data protection requirements
• June 3, 2025: Dutch DPA publishes consultation responses on meaningful human intervention in algorithmic decision-making
• June 2025: German authorities issue comprehensive AI development guidelines covering complete system lifecycle
• July 18, 2025: European Commission releases AI Act guidelines on general-purpose AI model obligations
• August 2, 2025: AI Act's most stringent obligations enter into application, including Article 5 prohibition on social scoring
• August 2025: U.S. Attorneys General launch coordinated action against AI companies over child safety concerns
• October 10, 2025: German digital association expresses concerns about AI Act implementation approach
• 2025: Dutch DPA releases summary of consultation on AI systems for social scoring, highlighting discrimination risks

Summary

Who: The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) conducted a consultation examining AI systems for social scoring under Article 5(1)(c) of the EU AI Act. Respondents included government institutions, independent foundations, companies, industry organizations, and researchers who provided feedback on implementation challenges and discrimination risks.

What: The consultation addressed the prohibition on AI-enabled social scoring practices that assess or classify individuals or groups based on social behavior or personal characteristics, particularly when leading to detrimental or unfavorable treatment. Respondents raised concerns that transparency safeguards alone cannot prevent unfair outcomes, citing research showing participants over-rely on algorithmic scores and that automated assessment mechanisms perpetuate rather than mitigate social inequality.

When: The Dutch DPA released consultation findings in 2025, following the AI Act's entry into force in August 2024. The prohibition on social scoring systems took immediate effect on August 2, 2025, when the Act's most stringent obligations became applicable. The consultation builds on years of research, including the February 2024 Dutch report "Tussen Ambitie en Uitvoering" examining algorithmic discrimination in social security systems.

Where: The consultation focused on AI systems for social scoring in the Netherlands, but the Article 5(1)(c) prohibition applies broadly across all EU member states in both public and private contexts without sector limitations. The findings have particular relevance for marketing organizations operating across European markets, as the prohibition applies to AI systems placed on European markets regardless of provider location.

Why: The consultation sought practical input on implementing the AI Act's social scoring prohibition amid concerns that automated systems perpetuate discrimination. The 2024 report "Blind voor mens en Recht" demonstrated how fraud detection systems in Dutch social security disproportionately targeted specific demographic groups, creating systematic disadvantages. Respondents emphasized the need for mechanisms to challenge outcomes and conduct independent audits, recognizing that transparency alone cannot guarantee fairness in AI-powered evaluation systems.