Go to content

Finland

Regulation and Doctrinal Challenges of Automated Decision-Making in Public Administration

Sofia Heikkonen, Ida Koivisto and Riikka Koulu

Abstract

In this chapter, we discuss the digital public administration in Finland from the perspective of automated decision-making. The digitalisation of public administration has been kicked into high gear within the last couple of decades and digital technologies have been adopted to assist and replace previous analogic public administrative work. New national legislation enabling the use of automated decision-making has been passed and multiple EU law instruments apply in the field and continue to do so. In this chapter we present, analyse and elaborate the legal landscape of digital public administration in Finland. The overview of the legal landscape shows the importance of understanding the adopted technology not only in relation to the applicable rules, but also in the deeper logics of administrative law as well as the situation-specific requirements within the administrative processes. Our focus is on a new national legislation which allows the use of automated decision-making in Finnish public administration. However, this is not the only framework which is applicable to digital administration. Instead, at the same time, the technologies used in public administration are contextually dependent on the logics of the administrative legal system and the specific material task that the technology is equipped to perform. That being the case, closer Nordic collaboration could be investigated further because of the cultural, linguistic, and legal similarities.

1. Introduction

The administration of Finland is going digital. In recent years, Finland has been taking important steps in digitalisation, although it has not always been easy or unproblematic. The digitalisation of public administration in general and legislation enabling automated decision-making (ADM) specifically have been pressing issues in legal and political discourses. In the wake of the parliamentary election held in spring 2023, new paragraphs in the Administrative Procedure Act and Information Management Act were adopted only days before the end of the previous Prime Minister Sanna Marin’s government. This means that the legislation enabling automated decision-making in public administration finally came into force and effect, although paradoxically, this does not mean the inception of such decision-making, as we will explain later.
This digitalisation enthusiasm is no wonder. Technological development has been astounding in recent decades, enabling both private enterprises and public administration to improve their performance and to make cost savings. Additionally, societally Finland can be considered to be fruitful soil for digital public administration. Its low societal hierarchy, light administration, small population, high societal trust, and self-service culture have paved the way for digitalisation. In the Marin governmental programme, one of the ambitions was to turn Finland’s public administration into the best in the world. To that end, digitalisation was one of the key components. In the programme, the government promised that Finland would develop a legal environment in a way that would enable digitalisation, sustainable development and an extensive culture of experimentation.
Prime Minister Sanna Marin’s government programme, 10 December 2019. p. 107.
Despite this political mandate and high hopes, digitalisation has also faced some hurdles. First, as a member of the EU Finland is subject to EU legislation. This means that the General Data Protection Regulation (GDPR)
Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
 in all its complexities is directly applicable, when it comes to regulating automated decision-making, as we will explain later. Secondly, the compatibility with the national legal system has proven a tough nut to crack. The legislative process has shown how human agents have a legally privileged role in administrative law in terms of both power and responsibility. It is important to emphasise that legal systems do not consist only of legislation and case law but also of concepts and principles with deeper and longer roots in the self-understanding of the system. This is to say that digitalisation forces legislators to ponder some fundamental assumptions of administrative law, which in the analogue world would remain dormant. Recent legislation process has caused some of them to surface, such as the nature of administrative discretion, the concept of an administrative decision, and the personal nature of criminal liability in office. These assumptions have further translated into problems requiring legal solutions.
Besides the obligations laid down in the GDPR, Finland also has national ambitions on how to design a functioning automated administration. The Finnish legal system includes a doctrinal speciality that plays a significant role: the right to good administration. Good administration is a fundamental right in Finland,
Section 21.2 in the Constitution of Finland (hereafter, the Constitution).
 and hence, digital administration must be good digital administration. Nevertheless, good administration is a manifold concept. In addition to a fundamental right, it can also be understood as a vocabulary of ethics, of economic efficiency, and even of societal development.
Varieties of Good Governance: A Suggestion of Discursive Plurality. / Koivisto, Ida. In: International Journal for the Semiotics of Law, No. 27, 2014; From Moral Rules to Individual Rights – and Beyond? The Institutionalisation of Good Administration in Finland and in Europe. / Koivisto, Ida. In: Förvaltningsrättslig tidskrift, No. 1, 2018.
 Importantly, good administration may both legitimise and hinder further digitalisation. Therefore, how good administration is understood as an administrative ideology further affects how the digitalisation of administration is legitimised and imagined in Finland.
Imaginaries of Better Administration: Renegotiating the Relationship between Citizens and Digital Public Power. / Esko, Terhi; Koulu, Riikka. In: Big Data & Society, No. 1, 2023; Miten Hyvä Hallinto Digitalisoidaan? Haaste Oikeustieteelliselle Tutkimukselle. / Koivisto, Ida; Koulu, Riikka. In: Lakimies, No. 118, 2020.
In this chapter, we present, analyse, and problematise the legal landscape of the Finnish digital public administration. By automated decision-making (ADM), we mean making fully automated administrative decisions without immediate human oversight or other involvement. We show that legal requirements on how to regulate the matter come from a variety of directions: from the EU, from international human rights duties, from national constitutional provisions and administrative legal doctrine. Not to mention that what is doable in technology does not automatically translate into acceptable legislation and legal practices. We also show that recently, the main battles over whether, or how, to digitalise administration, have mostly already been fought. However, describing those battles illustrates how the Finnish legal system deals with legal irritants such as ADM. That said, although the ADM legislation is brand new in Finland and therefore lacks case law, it shows that ADM in public administration is possible without sacrificing the integrity and identity of administrative law.
The article is organised as follows. In section 1, we outline the administrative framework in Finland. We begin by describing the public bodies that constitute the various levels of state and local administration. This is to show that many public bodies are  responsible for applying or overseeing the application of administrative legislation, including rules on ADM. In their various roles, these public bodies participate in shaping the adoption of digital and datafied technologies within public administration. Second, we briefly describe the legal sources, including international treaties, primary and secondary legislation of the EU, as well as the national constitutional and administrative legislation. The very fact that so much legislation exists demonstrates that ADM is not deployed within a legal void but instead, it needs to adhere to an extensive pre-existing legal framework.
In section 2, we describe the newly adopted legislation, which enables the use of ADM in public administration. We discuss how the legislative reform focused on issues of discretion, transparency, and personal accountability of civil servants, the last of which is a constitutional prerequisite of all administrative decision-making in Finland. A focal decision made in the reform was to define ADM as a rule-based system. This means excluding data-driven or AI techniques and decision types which require human discretion. Another point of interest in the drafting of the Finnish ADM legislation concerns the scope and framing of digital public administration: the need to establish national rules for ADM led also to regulating more broadly the use of digital systems in terms of information management. As a result, the new general administrative legislation also created new legal concepts, such as ‘a decision to deploy an ADM system’ or ‘processing rules’.
In section 3, we deliberate on the effects of the upcoming Artificial Intelligence Act (AIA) on the Finnish legislation. From the Finnish perspective, one of the main issues concerns the scope of the AIA. The Finnish position was discussed and established in the Parliament in autumn 2023 and is to exclude the inclusion of rule-based systems from the definition of AI in the Act. If rule-based systems were included in the AIA, this would mean regulatory overlap and a potential need to revise the national legislation. So far, this is yet to be seen.
In section 4, we shift the level of abstraction. We discuss and position the challenge ADM poses on Finnish administrative law from two theoretical perspectives: those of legal evolution and socio-technical change. By applying legal philosopher Kaarlo Tuori’s theory of critical legal positivism, we locate these ADM-related challenges not only at the law’s surface level – legislation and cases – but also at the deeper levels of legal culture and the deep structure of the legal system. As it teases out and challenges embedded assumptions about the human subject, accountability, and justification, this analysis provides a theoretical understanding of why ADM invokes so many fundamental questions. Furthermore, we describe how the legal language of automation adopts new, technologically-oriented concepts, which become decisive tools for implementing the principles of good administration into administrative practice. We exemplify these changes by the growing importance of user interfaces and usability metrics for the digitalisation of public administration.
In section 5, we present some preliminary insights on collaboration between the Nordic and Baltic countries in relation to digital administration. In section 6, we provide a short conclusion.
All online sources were last accessed 15 November 2023.

2. The Administrative Framework in Finland

Finland is a sovereign republic, based on democracy, the rule of law, the inviolability of human dignity and the rights and freedoms of individuals.
Sections 1 and 2 in the Constitution.
 It is important to note that the Europeanised constitutional culture in Finland is quite young. Following joining the European Convention on Human Rights (ECHR), Finland renewed its catalogue of fundamental rights. The fundamental rights reform in 1995 confirmed a list of rights, which were included without change in the new Constitution of 2000.
Chapter 2 in the Constitution. See more on the 1995 reform and general Europeanisation of Finnish law, Finland: European Integration and International Human Rights Treaties as Sources of Domestic Constitutional Change and Dynamism. / Ojanen, Tuomas; Salminen, Janne. Ed. / Anneli Albi; Samo Bardutzky. Springer, 2019. p. 359-404.
 In section 2, the Constitution lists 18 basic rights of individuals. These include equality (Section 6), the right to privacy (Section 10), freedom of expression (Section 12), the right of access to information (Section 12), protection of property (Section 15), the right to one’s language and culture (Section 17), the right to work (Section 18), the right to social security (Section 19), and protection under the law (Section 21), among others. All the rights and freedoms listed in the Constitution must be followed in all state actions, including in the administrative field. Furthermore, ratified international human rights agreements have been integrated into the Finnish legal system, providing an avenue for strengthening them in the legal order. The most notable one in this respect is the ECHR and its multiple Protocols.
Unsurprisingly, these domestic rights and liberties are similar to the ones enshrined in the ECHR and the Charter of Fundamental Rights of the European Union (Charter).
One of the objectives for the Constitutional reform was to align the Constitution with the international human rights obligations, see e.g., Perusoikeuskomitean mietintö. Komiteanmietintö 3/1992. Perusoikeusuudistus. Oikeusministeriön lainvalmisteluosaston julkaisu 6/1995 (The Report of the Constitution Committee, Committee Report 3/1992; Hallituksen esitys Eduskunnalle perustuslakien perusoikeussäännösten muuttamisesta HE 309/1993 vp (Government Bill for the Reform of Constitutional Rights).
 While that is the case, the catalogues of rights are not identical. For example, the right to good administration (Section 21 in the Constitution of Finland), is not found in the ECHR. Good administration is an umbrella concept for a set of procedural rules and principles for administrative discretion. The right to good administration in Finland took shape without immediate international influence during the fundamental rights reform. It also had long roots in Finnish ‘ombudsprudence’; the concept and its interpretation served as a predecessor of an Administrative Procedure Act. In recent decades, good administration has become one of the more influential principles governing administration, enabled by its current constitutional status as well as its flexible character. Indeed, in addition to its constitutional components, it can also be understood as a general symbol for sound and ethical administration.
For more on good administration in the Finnish context see e.g., Varieties of Good Governance: A Suggestion of Discursive Plurality. / Koivisto, Ida. In: International Journal for the Semiotics of Law, No. 27, 2014; Good administration can also be discussed from international and EU perspectives as well. See e.g., Good Governance at the Supranational Scale: Globalizing Administrative Law. / Esty, Daniel. In: The Yale Law Journal, No. 115, 2006 (international); The Relationship between the Charter’s Fundamental Rights and the Unwritten General Principles of EU Law: Good Administration as the Test Case. / Hofmann, Herwig; Mihaescu, Bucura. In: European Constitutional Law Review, No. 9, 2013 (EU).
However defined, basic rights and liberties have no bearing without the rule of law. While the rule of law in academic debates has many faces, in the Finnish context the Constitution defines it as the exercise of public powers based in law and in all public activity, the law must be strictly observed (Section 2). The exercise of public powers is a central concept here. Whenever the exercise of public power is in play, it falls within the remits of the stricter legal requirements on its use and general administrative laws become applicable. In accordance with Section 124 of the Constitution, the exercise of public powers can be delegated to private actors as long as the task does not involve a ‘significant exercise of public powers’. Such power can only be vested in public administrations. As mentioned, when public power is used the law must be strictly observed in that activity. This is known as the legality principle. Further, the right of good administration is laid down in Section 21(2) and further defined in the Administrative Procedures Act (APA, hallintolaki).
Hallintolaki (APA) 434/2003.
In the spirit of legal positivism, the fundaments of administrative law should make a coherent entity. From the national perspective, in the Finnish hierarchy of laws, the Constitution takes the highest place.
With the caveat that EU law takes primacy over national law as found in Case 6 /64, Costa v ENEL, ECLI:EU:C:1964:66. 
 What follows is that all other rules must be in line with the Constitution. The Constitution creates frames for the procedure and limits the content of lower-level rules. Considered hierarchically, the lower-level rules consist of firstly, parliamentary acts (eduskuntalaki) and secondly, other decrees and orders imposed by the Finnish government or ministries (asetus).
Finland: European Integration and International Human Rights Treaties as Sources of Domestic Constitutional Change and Dynamism. / Ojanen, Tuomas; Salminen, Janne. Ed. / Anneli Albi; Samo Bardutzky. Springer, 2019. p. 359-404, 400.
 The parliamentary acts can be further separated into general and sectoral laws. In public administration, the general laws are the ones which apply across the board to all actors who use public power. This means that the general administrative laws are applicable also when a private actor performs a public task. These laws include rules relating to transparency
Laki viranomaisen toiminnan julkisuudesta 621/1999 (Freedom of Information Act).
 and language rights,
Kielilaki 423/2003 (Language Act).
 for example. Then again, sectoral laws are targeted legislation regulating the actions of specific public organisations or bodies. These include, for example, laws in relation to taxation.
However, Finland is a Member State of the European Union, which shuffles the traditional hierarchy. This means that the EU laws are applicable and the general principles such as the primacy of EU law
Case 6 /64, Costa v ENEL, ECLI:EU:C:1964:66.
 are binding. It also means that the Charter is applicable when implementing Union law.
Charter of Fundamental Rights of the European Union, OJ C 326/391, article 51(1); Case C-617/10, Åkerberg Fransson, ECLI:EU:C:2013:105. 
 Regarding fundamental rights, on top of being a member state of the European Union as well as the Council of European Union, Finland has signed and ratified six regional and seven international human rights treaties, which have become part of the Finnish legal order.
International Justice Resource Center, https://ijrcenter.org/country-factsheets/country-factsheets-europe/finland-human-rights-factsheet/; Section 65 in the Constitution; Finland has also ratified several Council of Europe protocols.
 Due to the dualistic system, the international treaties are incorporated into the national legal order either by a parliamentary act or by a statute given by the government or a ministry. The choice between the two is governed by whether the legal obligation arising from international law is considered to fall within ‘the scope of law’.
Section 94(1) in the Constitution.
 If the international law obligations fall within the scope, it must be legislated as a parliamentary act. The same stands for EU directives.

2.1 Public bodies and the organisation of administration

Though the Constitution defines fundamental principles and rights, it says less about the organisation of public administration.  In addition to the state administration, the nationwide public services and the services provided by the municipalities form the core of the Finnish public administration system. On top of these two core administrative levels, the level of regional administration also exists, namely the newly adopted for healthcare and social welfare administration. The transnational level, in turn, consists primarily of EU administration. To a degree, this reflects the democratic structures: Democracy in Finland is upheld by parliamentary, presidential, regional, and municipal elections in which all Finnish and European
European citizens who are Finnish residents.
 citizens over 18 years old can vote.
This is the case for Presidential and Parliamentary elections. In regional and municipal elections, the right to vote is limited to those residing in the given areas.
Again, the rule of law – or the principle of legality – plays an important role. The general principles governing all the national levels must be laid down by an act since the activities involve the exercise of public power.
Section 119 in the Constitution.
 Only provisions on the entities of state administration can be laid down by a decree.
Section 119 in the Constitution.
 In this section, we will outline the way in which public administration is construed from an organisational perspective. Thus, we will present the main actors involved in public administration in Finland. Since the organisational structure of the public administration is vast, it demonstrates the complexity of public organisations that potentially could deploy ADM processes. The heterogeneity of the various actors also highlights that digital public administration should not be perceived as one-size-fits-for-all endeavour.
In addition to national public authorities applying national law, national authorities are also responsible for applying European regulations in Finland, which makes them part of the EU’s administrative field. In addition to national authorities, there are some EU-level authorities with information, overview, and regulatory functions in constrained policy fields and situations. The European Commission also has some administrative powers over the Member States, such as the power to initiate infringement procedures in cases of breach of EU law.
Treaty on the Functioning of the European Union, OJ C 326/47, article 258. 
2.1.1 State administration
State administration is divided into central, regional, and local levels, which involves a division of labour between the levels. The central government is responsible for general policy development and legislation that applies nationwide. In the central government, the Prime Minister and Cabinet of Ministers are responsible for leading the government and developing policies. The ministries are responsible for preparation and implementing these policies in their respective areas of responsibility. The central administration upholds the institutions which act nationwide as independent organs, such as the Bank of Finland, the Social Insurance Institution of Finland (KELA), the tax authority (Vero), the immigration authority (Migri), and the customs authority (Tulli), to name a few. Digitalisation applied in these central administrative agencies affects masses of people and forms the core of where the citizens meet the state. 
The regional level of state administration consists of 19 regions that are responsible for implementing policies and regulations that fall under their competence. The Regional State Administrative Agencies (AVI) oversee the implementation of policies and regulation within their regions. The AVIs are responsible for supervising the activities of municipalities, promoting regional development, and providing services that are not provided by the municipalities. In practice, the function of the AVIs in the whole national administrative system remains marginal. During the COVID-19 pandemic, however, the AVIs role became more visible as they were in charge of implementing restrictions of public assembly, events, and the opening times of restaurants, for example.
Tartuntatautilaki 1227/2016, Section 8; Aluehallintovirasto. Mitä tapahtumia aluehallintovirasto voi kieltää? 2 December 2020. https://avi.fi/blogi/kirjoitus/-/blogs/mita-tapahtumia-aluehallintovirasto-voi-kieltaa-konsertit-ja-urheilukisat-kielletty-kauppojen-ale-ruuhkat-jatkuvat.
At the local level municipalities are responsible for implementing policies and regulations and providing basic services to citizens, such as education, public transportation, and certain healthcare and social services at the community level. The municipalities are self-governing entities
Section 121 in the Constitution.
 meaning that the central government has a limited ability to affect the decisions made at the local level. A piece of parliamentary legislation, the Municipalities Act (kuntalaki), provides more detailed rules for the general principles governing municipal administration as well as the duties of the municipalities. There are over 300 municipalities in Finland, and they are run by democratically elected municipal councils. These councils and executive boards govern the municipalities and are responsible for decision-making on local policies and services.
Digitalisation in administration in the municipalities is closer to the citizens’ everyday life from schooling to social services. Recently, the legal duties of the municipalities have been reduced. From 2023 on, the main healthcare, rescue, and social services have been transferred to the newly established welfare service counties which we will return to below. Nevertheless, the municipalities retained the responsibility for promoting the wellbeing of its residents.
Kuntalaki 410/2015, (Municipalities Act), article 1.
2.1.2 Healthcare and social welfare administration
After the recently completed reform, a new level of administration was created. Healthcare, social welfare, and rescue services were transferred from the municipalities to the newly established welfare service counties.
Laki sosiaali- ja terveyshuollon järjestämisestä 612/2021 (Healthcare and social welfare Act); Laki pelastustoimen järjestämisestä 613/2021 (Act on the organisation of rescue services; Laki sosiaali- ja terveydenhuollon sekä pelastustoimen järjestämisestä Uudellamaalla 615/2021(Act on Healthcare, social welfare and organisation of rescue services in Uusimaa).
 Digitalisation at this administrative level refers mostly to the healthcare and social welfare services, which do not engage as much with decision-making but rather with other forms of digitalisation.
Since the beginning of 2023, there are 21 self-governing wellbeing service counties comprising a collection of municipalities with Helsinki being an exception. Helsinki makes up its own wellbeing area with no separate county elections and council. Elsewhere, the highest decision-making power is vested in each wellbeing service county councils, members of which are elected in county elections held every four years. The tasks and functions of the welfare service counties have been written into law. However, as the new organisational structure has been in place only for some months at the time of writing, the effects of the reform are yet to be seen. The counties do not have a taxation rights, which means that they receive all the necessary funding from the state.
2.1.3 Legality control and the courts 
All domestic legislation must be in harmony with the Constitution, which is ensured by constitutionality control. The courts, divided into two branches of administrative and general branches, are responsible for ex post constitutionality control, whereas the Constitutional Law Committee of the Parliament and the Chancellor of Justice exercise ex ante control.
Law drafting may inlclude input of the Consitutional Law Committee (CLC), which considers the constitutionality of the proposed legislation. If the CLC considers the proposal to be unconstitutional, or issues of a constitutional nature arises, the law proposal must be refined so that the constitutionality of the legislation can be assured. The overall legal system must be able to function coherently, which essentially means that new legislation must respect already standing legal principles and doctrines. The CLC functions as one of the main steps to consider the overall compatibility of the new legislation with the foundational legal order. The CLC consists of members of the parliament and frequently hears distinguished legal academics to ensure the quality and accuracy of their work. In the wake of the fundamental rights reform, the mechanisms of constitutionality control were widened to cover also complementary judicial control. However, the parliamentary pre-control remained unchanged.
Section 74 in the Constitution.
The Supreme Court and the Supreme Administrative Court have complementary powers of constitutionality control. The new Constitution brought with it a secondary judicial review mechanism. The courts were given the power to review the constitutionality of Parliamentary acts more widely, i.e., in light of fundamental rights. Previously, the courts’ review power was limited to sub-statutory statutes. According to the Section 106 of the Constitution, if a provision in an act is in ‘evident conflict’ with the constitution, that provision must not be applied in that case. This widening of the courts’ power to conduct judicial reviews has been characterised as being increasingly subordinated to rights-based judicial review.
Rights-Based Constitutionalism in Finland and the Development of Pluralist Constitutional Review. / Lavapuro, Juha; Ojanen, Tuomas; Scheinin, Marten. In: I CON, No. 9, 2011. p. 505-531; Pan-European General Principles of Good Administration in Finland: from Margin to Centre? / Koivisto, Ida. Eds. / Ulrich Stelkens; Agné Andrijauskaite. Oxford University Press, 2020. p. 431-448.
 Since the 1990s, cases concerning fundamental rights have been slowly increasing in the Supreme Court
Korkein oikeus (KKO), Section 98 in the Constitution. The KKO deals with cases relating to civil, commercial and criminal matters.
 and Supreme Administrative Court.
Korkein hallinto-oikeus (KHO), Section 98 in the Constitution. The KHO deals with cases relating to administrative matters.
 In public administration, the Supreme Administrative Court is the main judicial authority. Most of the cases that reach the Supreme Administrative Court concern migration and social welfare issues. Other topics include land use, the environment, taxation and public procurement. Cases relating to digital administration have included the use of e-mail as an avenue for dealing with public administration and public procurement of a digital services, among others.
E-mail case, e.g., KHO 2018:152 (on informing citizens in digital administration); Public procurement case, e.g., KHO 28.1.2020/305 (on objective scoring in public procurement).
 Most of the cases decided in the Supreme Administrative Court are appeals from regional administrative courts.
Korkeimman hallinto-oikeuden historia / Korkein hallinto-oikeus https://www.kho.fi/fi/index/korkeinhallinto-oikeus/historia.html#.
On top of their powers of pre-control and the option of taking actions to the Courts, the Chancellor of Justice and the Parliamentary Ombudsman can review cases relating to public administration. While both judicial oversight bodies have vast powers in relation to reviewing and inspecting the administrative action, the powers do not extend to the ability to change administrative decisions. The Chancellor of Justice (and Deputy Chancellor of Justice) is a historical judicial oversight entity in Finland, dating back to the 1700s.
Ombudsman as a Global Institution: Transnational Governance and Accountability. / Erkkilä, Tero. Palgrave Macmillan, 2020. p. 69.
 It is attached to the government and oversees the legality of the activities of the Government, the President, the courts, and other public officials.
Section 108 in the Constitution.
 The Chancellor can begin an investigation based on a citizen or public official’s complaint or its own initiative.
Laki valtioneuvoston oikeuskanslerista 2000/193 (Act on the Chancellor of Justice), article 3.
 The Chancellor must investigate whether there is a cause for doubt that the public administration under review has acted unlawfully.
Laki valtioneuvoston oikeuskanslerista 2000/193 (Act on the Chancellor of Justice), article 4.
 If the Chancellor finds the administration to have acted unlawfully or failed to follow its duties, they can give an official notice or in more extreme cases press charges. According to a recent act on separation of the duties of the Chancellor and the Parliamentary Ombudsman (laki valtionneuvoston oikeuskanslerin ja eduskunnan oikeusasiamiehen tehtävien jaosta), overseeing the development and maintenance of public administrations automated systems falls within the responsibilities of the Chancellor.
Laki valtioneuvoston oikeuskanslerin ja eduskunnan oikeusasiamiehen tehtävien jaosta (Act on the separation of duties of the Chancellor of Justice and the Parliamentary Ombudsman) 330/2022, article 2(1); more on the history and the separate functions of the Chancellor of Justice and Parliamentary Ombudsman see, Ombudsman as a Global Institution: Transnational Governance and Accountability. / Erkkilä, Tero. Palgrave Macmillan, 2020. Chapter 3.
 Importantly, the Chancellor’s attention to ADM practices in the social insurance institution (KELA)
OKV/21/50/2019.
 was a springboard that fuelled the public conversation on the need to create a legal basis for ADM through national legislation.
2.1.4 Ombudsmen and guidance for digital public administration
Finnish public administration also includes various ombudsmen who provide oversight of their own initiative as well as based on citizen complaints. For ADM, the focal actors are the Parliamentary Ombudsman and Data Protection Ombudsman. In addition, the newly established Information Management Board has certain oversight duties in addition to providing guidance areas of digital public administration.
The ombudsman institution has established legal tradition in Finland, dating back to the Parliamentary Ombudsman. Finland was the first country to copy the historical Swedish legal overseer, the Parliamentary Ombudsman.
OKV/21/50/2019, p. 71.
 Along with the first Finnish Constitution, the Parliamentary Ombudsman was implemented into the Finnish system in 1919 along the lines of what legal comparatists could call a legal transplant.
OKV/21/50/2019, p. 70.
 On top of the Parliamentary Ombudsman, there are several sectoral ombudsmen acting in specified fields. These ombudsmen focus on equality, the rights of children, the rights of elderly, and data protection, for example. All of the ombudsmen’s’ competencies are based on legislation outlining their respective mandates, powers, and tasks.
The Parliamentary Ombudsman is appointed by the Parliament
Section 38 in the Constitution.
 and is tasked to ensure that public officials obey the law and fulfil their obligations when they are performing a public task.
Section 109 in the Constitution.
 This oversight function thus overlaps with that of the Chancellor of Justice. The Ombudsman also submits an annual report of their work for the Parliament including all the observations as well as shortcomings in legislation.
Section 109 in the Constitution.
 Similarly, as the Chancellor of Justice, the Ombudsman may begin an investigation either by a citizen’s request or on their own initiative. In case of finding shortcomings or illegality, depending on the gravity of the situation, the Ombudsman can either give an official notice to the public official, or order a police investigation of the matter. On top of the attention by the Chancellor to ADM practices, the Ombudsman also opened their own initiative inquiry on the ADM practices in the tax authority.
EOAK/3379/2018.
 Thus, both of the main legal overseers were influential in the national discussion on the need to legislate ADM practices in public administration.
The Data Protection Ombudsman is the main authority responsible for ensuring compliance with the rules and obligations of GDPR and the Finnish data protection Act. The current national Data Protection Act that specifies and complements the regulation strengthened the functions of the old Data Protection Ombudsman (DPO), establishment of which dates back to the 1990s.
Finland: A Brief Overview of the GDPR Implementation. / Korpisaari, Päivi. In: European Data Protection Law Review, No. 5, 2019. p. 234.
 The requirements for national supervisory authorities stemming from the GDPR were incorporated into the mandate of the DPO.
Tietosuojalaki 1050/2018 (Data Protection Act) Chapter 3.
 The Finnish DPO monitors and enforces the application of data protection laws, primarily certain aspects of the GDPR, but also multiple national legislation. The DPO’s tasks further include the imposition of administrative fine when a private entity has been found to breach the GDPR.
Other tasks are listed in GDPR, article 57.
 As the GDPR left room for national consideration whether such fines could be imposed on public actors,
GDPR, article 83(7).
 Finland opted not to include such punitive measures in relation to the GDPR. Thus, administrative fines cannot be imposed on a public actor, but the DPO can issue warnings, reprimands, and other non-monetary corrective measures to a public actor who has found to breach the GDPR.
Hallituksen esitys eduskunnalle EU:n yleistä tietosuoja-asetusta täydentäväksi lainsäädännöksi HE 9/2018 (Government Bill for legislation supplementing the EU’s general data protection regulation) p. 103; Tietosuojalaki 1050/2018 (Data Protection Act) Chapter 4.
 The decisions of the DPO can be appealed to the administrative courts.
Finally, the Information Management Board plays a role in overseeing digital public administration, its supervisory rights and duties increasing with the new general legislation on ADM in public administration (discussed below in section 2). The Board is a non-judicial oversight entity with powers to give out recommendations and best practice guidelines. The task of the board is to promote the data security and information management procedures outlined in the Act on Public Administration Information Management. The recommendations and other guidelines are not legally enforceable but provide standards which, when followed, ensure that the public actors fulfil the obligations stemming from the legislation in relation to information management.

2.2 Legal sources of public administration

Having described the organisation of public administration, we proceed to the applicable legal framework and various legal sources as well as doctrines that form the core of administrative law and which contextualise the Finnish ADM reform.
The legal sources of public administration are manifold. They consist of general laws targeting all administration and special laws enacted for specific administrative fields or topics. In addition, administrative law includes overarching principles and concepts, which must be considered in all administrative activity. These fundamental legal doctrines, if you will, emanate from the Constitution, international human rights agreements, and traditional concepts and principles of administrative law. The Constitution and international human rights treaties form a part of the legal sources of the public administration in verbatim. At the same time, however, they perform a dual role through practical adaptation of the doctrines into practice.
The legal framework guiding public administration can be systematised into six levels. These are 1) international human rights treaties, 2) EU law, 3) the Constitution, 4) general parliamentary legislation, and 5) sectoral, field-specific parliamentary legislation, and 6) lower-level laws and norms. The term levels should not be confused with the idea of hierarchy; it is used merely for systematisation purposes.
2.2.1 Constitutional foundations
As mentioned, the Constitution of Finland sits at the top of the national hierarchy of laws. Therefore, all lower-level rules must be in alignment with the Constitution.
Section 106 in the Constitution.
 The Constitution bases the multiple general principles, which must be followed in the use of public power.  These include the obligations that the exercise of public power must be based in law (Section 2.3), equality before the law (Section 6), the right to access public documents (transparency) (Section 12.2), legal protection and good administration (Section 21). In addition, Section 22 of the Constitution provides that public power must ensure that human and fundamental rights are carried through. Furthermore, a delegation of administrative tasks to others not in the public administration is codified in Section 124 of the Constitution, according to which tasks, including the exercise of significant public power, cannot be delegated. These constitutional provisions cover legislation, administration and adjudication, and must be followed in automated decision-making in public administration.
International law in the form of signed and ratified human rights treaties binds the legislator, judicial oversight bodies as well as the public administration in performing its tasks. Further, Finland is a Member State of the EU. That means that EU legislation is applicable and must be followed in the context of public administration. In accordance with the principle of supremacy, EU law takes precedence when a conflict arises between EU and national law. The EU is increasingly legislating on aspects relating to digitalisation, which affects the digital public administration as well. As for now, the most important instrument in this is the GDPR, as we will specify in the following. The Constitution and the principles stemming from it – first and foremost the principles of legality and good administration – must be respected in all tasks relevant to public administration. At the same time, all lower-level laws and norms must be in line with the Constitution.
Other general legislation includes acts which provide more specific guidance on non-discrimination, linguistic rights, or access to information, for example. There is also general legislation which targets a specific part of the administrative procedure, especially in relation to digital public administration. The scope of these laws is technology specific, such as the Act on the Provision of Digital Services, which focuses on the accessibility of public sector applications and websites. Finally, sectoral legislation focuses on specific fields within the public administration, such as the taxation, or immigration services. As is apparent on one hand, the legal landscape of Finnish public administration is manifold and scattered. This is also visible regarding digital public administration. On the other hand, however, the constitutional principles and the doctrines of general administrative law provide a uniting component. Next, we will dive deeper into these different sources of law.
2.2.2 Human Rights Treaties
As mentioned, Finland has ratified six regional and seven international human rights treaties.
 On top of these, Finland has ratified multiple European Convention on Human Rights (ECHR) protocols. Without a doubt, the ECHR has been the most influential treaty; its impact on the Finnish legal order has been transformative, as discussed above.
The ECHR came into force through a parliamentary act 438/1990 and was further complemented by Decree 439/1990 (provisions regarding the act becoming effective). The more important Council of Europe (CoE) conventions for public administration that Finland has ratified are the European Social Charter and the European Charter of Local Self-Government. Both Charters have also been incorporated into the legal system as an act. The status of the incorporating acts in the legal order is the same as any domestic parliamentary act meaning that it is not hierarchically superior. However, Koivisto has pointed out that the hierarchy of norms in this respect is not that straightforward due to the special nature of human rights.
Pan-European General Principles of Good Administration in Finland: from Margin to Centre? / Koivisto, Ida. Eds. / Ulrich Stelkens; Agné Andrijauskaite. Oxford University Press, 2020. p. 431-448.
 Since article 22 of the Constitution states that ‘[t]he public authorities shall guarantee the observance of basic rights and liberties and human rights’, there is distinct weight given to human rights, irrespective of their formal place in the hierarchy of norms.
There have also been instances in which such distinct weight has not been given, see e.g., Pan-European General Principles of Good Administration in Finland: from Margin to Centre? / Koivisto, Ida. Eds. / Ulrich Stelkens; Agné Andrijauskaite. Oxford University Press, 2020, para. 16.15.
The Supreme Court and the Supreme Administrative Court both frequently refer to the ECHR and CoE Conventions and protocols. The case law of the European Court of Human Rights (EcoHR) is frequently followed and upheld in the national system. In digital administrative matters, however, the direct effect of the ECHR is rather marginal.
Pan-European General Principles of Good Administration in Finland: from Margin to Centre? / Koivisto, Ida. Eds. / Ulrich Stelkens; Agné Andrijauskaite. Oxford University Press, 2020, para, 16.21.
 In cases in which there is overlap and more specific EU rules exist, Finland as an EU member state is required to follow the latter. That is the case especially with data protection, where Finland has ratified the CoE Convention on the Protection of Individuals with regard to Automatic Processing of Personal data and the EU has enacted the GDPR. It has been argued that CoE Conventions are given more weight in the law-drafting phase rather than in applying the law.
Mäkinen argues this in relation to the Charter of local self-government in particular. Controlling Nordic Municipalities. / Mäkinen, Eija. In: European Public Law, no 23, 2017. p. 140-141.
 The long-standing practice of transparency and open government in Finland
Transparency in Finland has its roots in 1766. Julkisuusperiaate / Mäenpää, Olli. 4 ed. Alma Talent, 2020. p. 1.
 as well as the influence of GDPR has created a situation in which the ECHR and related laws remain largely relevant but their direct effect in the digital public administration’s legal context is not particularly emphasised. 
2.2.3 EU law with a focus on the GDPR
The EU influences Finnish public administration most through its primary and secondary legislation. From a legal sources perspective, the founding treaties, the charter of fundamental rights and judge-made constitutional principles such as the primacy of EU law, direct effect, principles of equivalence and effectiveness as well as the presumption of validity, directly influences the functioning of national administrative systems.
Hallinto-oikeus. / Mäenpää, Olli. 7 ed. Alma Talent, 2023. p. 50.
 The applicability of EU law has a major influence on the digitalisation of national public administration. It has brought in new legal concepts and placed restrictions. That is the case especially with the GDPR and will be the case with the upcoming Artificial Intelligence Act,
The proposal of 21 April 2021 for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts, COM(2021) 206 final, 2021/0106.
 as we will present below.
In the context of digital public administration, the GDPR are of great importance, especially article 22. Besides its content, it also requires automated decision-making to be based in law in Member States, giving rise to doubts about whether the GDPR itself suffices as a legal basis for the use of ADM in public administration. This resulted in the law drafting on ADM to focus on establishing the legal basis for already existing automation practices in general administrative legislation. Despite the prior use of digital technologies in public administration in Finland, no clear rules governed their use before the GDPR. This was to change as the GDPR specifically conceptualised automated decision-making as a separate regulatory object. In Finland, the use of technology in public administration was not new but it seems that prior to the GDPR, the dominant framing of ADM systems was to consider them as unproblematic tools for organising administrative work and processes. However, now Finland had to legislate nationally on the use of ADM to continue the use of digital technology in administrative decision-making. Additionally, there was domestic pressure to do so, as we will explain later.
Nationally, there have also been tensions between the GDPR and the Finnish Freedom of Information Act.  Similar to other Nordic countries, Finnish public administration emphasises a strong interpretation of publicity and freedom of information. The national Freedom of Information Act is currently being amended to reconcile some of the tensions and issues with parallel interpretation. The committee report on the assessment of regulatory needs is expected in fall 2023.
It is difficult to imagine an ADM process in public administration without the extensive processing of personal data, which makes the GDPR applicable. Indeed, in their daily work, public officials work with personal information constantly, and that does not change when the administration goes digital. If anything, the work intensifies. According to articles 5(1)(a) and 6(1)(c) of the GDPR, all processing of personal data must be based in law. Currently, after the national ADM amendments were enacted, automated-decision making is based in law in Finland. This already shows the importance of the new legislation in relation to GDPR compliance.
The conceptualisation of ADM by the GDPR is of great significance for the national legislation on ADM. ADM is not defined in the GDPR per se. Article 22 regarding automated individual decision-making, including profiling states that:
‘1. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.’
Article 4(2) provides a definition of ‘processing’ which means ‘any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means […].’ Recital 71 clarifies the situation slightly by stating that: 
‘[…] evaluating personal aspects relating to him or her which is based solely on automated processing and which produces legal effects concerning him or her or significantly affects him or her, such as automatic refusal of an online credit application or e-recruiting practices without any human intervention.’
What follows is that lack of human intervention seems to be a decisive factor while article 4 does not specify what is meant by ‘automated’. There are many technical ways in which automation can be executed so that there is no human intervention.
Thus, ADM conducted through rule-based or machine learning systems both seem to fall under article 22 of the GDPR. This distinction between rule-based and machine learning systems has been central in the national legislative process as well as in the debates of the upcoming artificial intelligence regulation. See more below in sections 3 and 4.
 Thus, the term ‘automated’ is not tied to specific computing techniques, but rather seems to be an all-encompassing term for any decision-making done without human intervention.
According to article 22 a person has the right not to be subject to a decision based on automated processing with certain limitations. The article leaves room to manoeuvre for Member States to incorporate ADM, if ‘the decision […] is authorised by […] Member State law to which the controller is subject, and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests.’ In other words, the GDPR leaves room for Member States to include ADM on the conditions that the practice is based in law, it is generally in line with the GDPR, and the rights and freedoms of individuals are protected. Therefore, the use of ADM as well as the protective measures (recital 71) both must be written in law (legislation). Article 22 also requires that the public administration must provide an opportunity for the person to question the decision made in automated processes. The right to redress so that a human public official considers the decision needs to be maintained. Thus, this places limits on the automation of redress. Overall, these are the legal frames that the national legislation must be based on and as we will present in section 2, that was done with varying success.
 The Finnish system of breaches of administrative law by the public administrations traditionally function on the basis of personal accountability of public officials. This includes tort and criminal liability.
Sections 2(3) and 118 in the Constitution. Rikoslaki (criminal code) Chapter 40.
 Finland decided to make use of the room for manoeuvre left for the Member States in the GDRP and release the public administrations from the GDPR administrative fines mentioned in article 83(1).
Tietosuojalaki 1050/2018 (Data Protection Act) article 24.4.
 Instead, the national system of personal tort and criminal liability of public officials was retained as equivalent and effective means to deal with breaches of the GDPR.
Hallituksen esitys eduskunnalle EU:n yleistä tietosuoja-asetusta täydentäväksi lainsäädännöksi HE 9/2018 (Government Bill for legislation supplementing the EU’s general data protection regulation) p. 55-56.
 This approach has been criticised as leaning too much on individual public officials while it could in some circumstances be more beneficial for it to be possible to place a fine on the public administration as a whole. Thus, situations may arise when the accountability of individual public officials can seem excessive.
E.g., Virkavastuu julkishallinnon muuttuvassa toimintaympäristössä / Mäntylä, Niina; Karjalainen, Ville; Korhonen, Nora; Siikavirta, Kristian; Wenander, Henrik; Annola, Vesa. In: Valtioneuvoston selvitys- ja tutkimustoiminnan julkaisusarja, No. 14, 2022, pp. 94-95.
 At the same time, this approach may be subject to change in the future. That is firstly due to the national implementation of the Digital Services Act (DSA)
Regulation 2022/2065 of 19 May 2022 on a Single Market for Digital Services and amending Directive 2000/31/EC (DSA).
 which in the future might include an option to impose a fine on public administrations.
Hallituksen esitys eduskunnalle laiksi verkon välityspalvelujen valvonnasta ja eräiksi muiksi laeiksi HE 70/2023 vp (Government bill on legislation on monitoring of digital services) p. 109.
 Secondly, connected to the discussion on DSA, it remains an open question whether the fines provided in the GDPR should also be charged to public organisations in the future.
Regardless of the significance of the GDPR, the EU’s regulation of technology is still expected to increase. This includes the plans to regulate the use of artificial intelligence. Along with the White Paper on AI,
European Commission (2020) On artificial intelligence – A European approach to excellence and trust. White Paper. COM(2020) 65 final. Brussels 19.2.2020.
 the Commission published its agenda to shape the EU’s digital future in early 2020.
 The political agenda is currently known as ‘A Europe fit for the digital age’, a political strategy that has sprouted and continues to provide legislation relating to multiple aspects digital.
 For example, the data package includes already adopted legislation on data governance
Regulation 2022/868 of 30 May 2022 on European data governance and amending Regulation 2018/1724 (Data Governance Act).
 and the 2022 proposal for a European data act.
Proposal of 23 February 2023 for a Regulation of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act), COM(2022) 68 final, 2022/0047(COD).
 The EU’s target to legislate AI has now moved from being a Commission proposal closer to the trilogue negotiations after the European Parliament adopted its negotiation position on the AIA in June 2023.
On top of enacted and proposed regulations, the EU has also enacted directives which have varying influence on digital public administration. The most notable one is the Web Accessibility Directive which places obligations on digital administrations to follow certain standards in their websites and applications.
Directive 2016/2102 of 26 October 2016 on the accessibility of the websites and mobile application of public sector bodies.
 The directive effectively places guidelines on how to ensure accessibility in public administration online platforms. In practice, all applications and websites must follow the Web Content Accessibility Guidelines (WCAG)
Directive 2016/2102 of 26 October 2016 on the accessibility of the websites and mobile application of public sector bodies. Recitals 37, 41-43, article 6; Accessibility requirements for ICT products and services EN 301 549 v3.2.1. (2021-03) www.etsi.org/deliver/etsi_en/301500_301599/301549/03.02.01_60/en_301549v030201p.pdf.
 which have been created to ensure that accessibility is guaranteed especially for users with special needs, but which also benefit all users.
Web Content Accessibility Guidelines 2.1. (WCAG), Background www.w3.org/TR/WCAG21/.
 The directive was implemented nationally by the Act on the Provision of Digital Services (306/2019) described below.
2.2.4 General administrative legislation and principles of good administration
Above we described the frictions between the GDPR and national legislation that are reflected in relation to governing and regulating ADM use in public administration. In this section, we discuss the general administrative legislation and the principles of good administration it enshrines. The main instruments of general legislation are both the regulatory architecture, into which the legal basis for ADM rules was ultimately embedded, as well as the pre-existing constraints for the regulatory strategy and the ADM use it enables. 
By general legislation we refer to national legislation which is applicable across the whole public administrative field. Most of all, it governs procedural rules in all public administration, whereas the substance of administrative decision-making (what kinds of decisions are being made, what field of policy it is in question) in turn, is regulated by field-specific laws (more below). Some fields of administration, such as taxation, have also their own procedural codes. The APA is of particular importance from the viewpoint of our study. Its provisions regulate administrative procedure and decision-making through a life-span structure. The APA also provides more substance to some Constitutional principles, such as the right to good administration, the right to have a reasoned decision, and the right to be heard. It also specifies the rights of individuals and the obligations of the public officials.
Administrative laws of a general nature are drafted in a way in which they apply across administrative organisations. They reflect and specify constitutional principles which were discussed above. For example, these cover equality before the law (Non-discrimination Act), transparency (Freedom of Information Act), legal protection and good administration (Administrative Procedure Act), linguistic rights (Language Act), electronic processing of administrative matters (Act on Electronic Services and Communication in the Public Sector), and information management (Act on Information Management in Public Administration), to name a few. These general acts are applied unless more specific legislation with the same legal status requires otherwise (lex specialis derogat legi generali).
Hallinto-oikeus. / Mäenpää, Olli. 7 ed. Alma Talent, 2023. p. 128.
 As general legislation, these must be respected in digital administration as well.
Along with the horizontal general legislation, there are sector-specific acts targeting individual public administrations. These lex specialis include multiple laws relating to taxation, migration, social benefits, and many others; typically, administrative branches making masses of administrative decisions on an annual basis. It is important to note that special legislation can be either procedural (special process rules) and/or substantive (governing a specific field of administration). While the special legislation is influential for the individual administrative branch they are targeting (and often influence their digitalisation), in this section, we will focus on the general pieces of legislation applicable horizontally.
The APA is the most important piece of general legislation that applies across public administration. The APA was enacted in 2003, and it replaced its predecessor from 1983. The new APA’s constitutional foundations are in Section 21 of the Constitution. Indeed, the act specifies some important aspects of the protection under the law, fair trial and good administration. The APA states that its purpose is to implement and promote good administration as well as to promote equality and performance of administrative services (article 1). More specifically, Chapter 2 of APA lays down the foundations of good administration which all public administrations and officials must respect. This follows the logic of the Constitution according to which principles relating to fair trial and good administration will be protected by law. In relation to ADM, APA is not a mere frame of reference, but the new ADM legislation included an insertion of a new chapter in the act (Chapter 8b) which we will get back to in section 2.
Chapter 2 of the APA lays down the legal principles of good administration. It is important to note that these principles govern first and foremost administrative discretion. This means a situation whereby a public official reaches a decision among many equally justifiable alternatives. The purpose of the principles is thus to guide the interpretation of vague norms and create institutional support for ethical considerations. This means also that their meaning in interactions other than discretionary decision-making is of less importance. Chapter 2 Section 6 of the APA reads as follows:
‘An authority shall treat equally those to whom it is providing services in administrative matters and shall exercise its competence only for purposes that are acceptable under the law. The acts of an authority shall be impartial and proportionate to the objectives sought. These acts shall protect expectations that are legitimate under the legal order.’
The principles that arise from Section 6 and define good administration can be understood as binding law as they are, but also as norms which are wider in the scope of application than specific legal rules. In short, the core principles are:
    1. Principle of equality – The public official has an obligation to treat all people dealing with the administration equally and consistently.
    2. Principle of adequacy – The public official uses public power only for the purposes defined by law. This principle also aims to ensure that discretion is not misused.
    3. Principle of impartiality – The public official’s actions must be objectively justifiable and impartial.
    4. Principle of proportionality – The public official’s actions must be in line with the purpose of the law.
    5. Principle of trust – The public official must protect the expectations that are justifiable based on the legal order.
    6. The service principle (Section 7 APA) – The public official must seek to arrange the use of its services so that those who receive the administrative services receive it appropriately and the official can perform its duties effectively.
    The Finnish Courts as well as other judicial oversight bodies further define the content, and scope of application of these principles. Furthermore, the APA includes other elements, which can be considered to be elements of good administration: the requirements of service culture, the ability to gain procedural advice, public officials’ obligation to use clear and understandable language, co-operation within administration, transparency of the proceedings, fulfilment of linguistic rights, the right to be heard during the proceedings, the right to get a reasoned decision and the right to redress.
    Hallintolaki ja hyvän hallinnon takeet / Mäenpää, Olli. 5 ed. Edita, 2016, chapter 3; Varieties of Good Governance: A Suggestion of Discursive Plurality / Koivisto, Ida. In: International Journal for the Semiotics of Law, No. 27, 2014.
    2.2.5 ADM and principles of good administration
    In digital public administration in general as well as in ADM specifically, the principles enshrined in the APA continue to be of high relevance. While replacing previously human administrative tasks by an automated system, the public administration must ensure that the principles stemming from the Constitution as well as general laws are respected. The principles in Section 6 may become relevant in varying situations and are arguably hard to code into a digital system, especially if the situation at hand includes discretion. On top of the legal principles, in digital administration, the right to gain advice as well as language rights are of relevance. Due to the gradual change towards digitalising the materials through which public administration is performed or which assist different aspects of it, the judicial oversight bodies have encountered cases where no specific or clear legislation has existed. In many of these instances, the judicial oversight bodies have resorted to the general principles of good administration ultimately enshrined in Chapter 2 of the APA.
    Case OKV/3210/10/2021 Deputy Chancellor of Justice: Migration services had used too formal and hard to understand legal-technical language in documents relating to a person’s right to work. The Deputy Chancellor of Justice found this to be an issue with the principle of proportionality, and the service principle.
    Another case by a Deputy Chancellor of Justice illustrates well resorting to the principle of good administration and the service principle in seemingly unequitable situations arising from the digitalisation of public administration falling outside the scope of any specific legislation.
    OKV/1611/2018.
     In this case, a revamp of an unemployment offices portal had resulted in poor usability when accessed through a mobile phone. Basing the argumentation on the right to good administration and the service principle due to the lack of any specific legislation on the exact matter, the Deputy Chancellor of Justice found the unemployment office to be condemnatory on the issue. The Deputy Chancellor of Justice specified the service principle as meaning that dealing with the public administration must be conducted speedily, flexibly, and easily both for the citizen and the public official. As the right to good administration is not defined exhaustively, the situations that are seen to fall under it are continuously expanded in order to fit in situations, which are not caught by any specific legislation. Increasingly, these situations are related to the digitalisation of public administration. In addition to the principles of good administration, the general administrative legislation defines the scope and space for the discretion of civil servants. During the drafting of the law on the legal basis for ADM, much attention was paid to the relationship between ADM and discretion, which reflects the peculiarity of discretionary norms in administrative legislation. One way to approach discretion is as a conscious choice to delegate decision-making power to the administrative level. While discretion has not been mentioned in the Constitution nor in the APA, its existence can be typically inferred from the style of wording of different provisions, e.g., ‘an authority may grant a subsidy’ means that the public official has the power to decide whether to grant such a subsidy in each case.
    On the one hand, discretion and its legitimate use are a key tenet of general administrative law. On the other, it is a practical question in the day-to-day work of public officials. Whenever an administrative decision includes discretion, the principles stemming from Section 6 are materialised in the decision-making. For example, the requirement that the public official’s actions must be in line with the purpose of the law pushes a public official to ponder the meaning of the law in question and to use their discretionary powers accordingly.
    The APA also governs the lifespan of an administrative decision from beginning to end. This is to say that the APA sets down more specific administrative procedural rules, including how to initiate a matter, and examine the matter, hearing of the parties, requesting, and submitting evidence, informing parties, and stating reasons for decisions, and procedures to request administrative and judicial review. While the APA also provides specific rules on what the administrative decision must contain, the overarching principles highlighted above create the space in which more specific rules function. Thus, when the administration goes digital, the digital processes must also respect these rules. In other words, digital public administration must be good digital public administration.
    2.2.6 Transparency, non-discrimination, and language
    The principle of transparency – or publicity, as it is formally called in Finland – is a constitutional principle, which guides the transparency of the public administration’s activities. Finland, along with the tradition visible in other Nordic Countries, prides itself on vast and long-based transparency in governance activities.
    Julkisuusperiaate. / Mäenpää, Olli. 4 ed. Alma Talent, 2020. p. 1.
     Provisions on transparency of governing bodies activities can be found in the Constitution as well as in the APA. According to Section 12(2) of the Constitution, everyone has the right to gain information on the administration’s public activities. The principle has been codified more specifically in the Freedom of Information Act (FOIA) which effectively bases the constitutional right on more tangible rules. In principle, the public administration’s documents are public and exceptions to the general principle of transparency must be expressly provided by an Act, and they must be necessary.
    Section 12(2) in the Constitution; Laki viranomaisen toiminnan julkisuudesta 621/1999 (Julkisuuslaki, Freedom of Information Act) Section 1.
    As mentioned above, the principle of equality is a constitutional principle as well; rooted in Section 6 of the APA and further specified in the Non-Discrimination Act (NDA, yhden­vertai­suus­laki).
    1325/2014.
     The NDA places an obligation on the public administration to ensure non-discrimination as well as to promote equality in their functions (Section 5); see further below.
    2.2.6.1 Freedom of Information Act (FOIA)
    In practice, the principle of transparency in Finnish administration targets four domains. It includes the transparency of 1) documents and other presentations, 2) administrative process/​decision-making, 3) information provision, and 4) information management.
    Julkisuusperiaate. / Mäenpää, Olli. 4 ed. Alma Talent, 2020. p. 6.
    The right of access to documents is rather broad, also including the right of access to information that is contained in an official document (Section 12 FOIA). While operation of the current FOIA is based on the terminology of access to ‘documents’, the definition of a document is a technical term which encompasses written and visual documents as well as other presentations which are decipherable only by means of a technical device. Understandability is part of the principle of transparency, precisely due to the terminology used in the Constitution. It is not enough that there is a right of access to documents, but those documents must also be understandable.
    How the principle of transparency can be upheld in the digital realm has gained academic interest for some time.
    E.g., Thinking Inside the Box: The Promise and Boundaries of Transparency in Automated Decision-making. / Koivisto, Ida. In: Academy of European Law working papers. No 1, 2020; Seeing without knowing: Limitations of the transparency ideal and its application to algorithmic accountability. / Ananny, Mike; Crawford, Kate. In: New Media & Society, No. 20, 2016. 
     In ADM, the ability to gain information on the decision-making process is inextricably connected to many other fundamental principles, such as legal protection, good administration, and official accountability. Since the operation of the FOIA is based on access to documents, in the digital environment a central question is whether the source code falls under the category of ‘document’. Even though a decision is reached through automated means, the decision and its reasoning are to be provided.
    Including the algorithm that reaches to the decision. Julkisuusperiaate. / Mäenpää, Olli. 4 ed. Alma Talent, 2020. p. 121.
    As the national access to documents regime encompasses not only documents per se but also the information contained within, another question is whether the mere provision of the source code is enough to meet that requirement. Rather, transparency of the source code allows the supervision of the system, but understandability requires more than the visibility of the code.
    Läpinäkyvät Algoritmit? Lähdekoodin Julkisuus ja Laillisuuskontrolli Hallinnon Digitalisaatiossa. / Hakkarainen, Jenni; Koulu, Riikka; Markkanen, Kalle. In: Edilex, No. 18, 2020. p. 45.
     The obligation to state reasons for a decision ensures the ability to scrutinise the public authority on its decision. Since transparency in automated decision-making includes the obligation to state reasons, mere source code would not be enough, but it must also be understandable.
    Läpinäkyvät Algoritmit? Lähdekoodin Julkisuus ja Laillisuuskontrolli Hallinnon Digitalisaatiossa. / Hakkarainen, Jenni; Koulu, Riikka; Markkanen, Kalle. In: Edilex, No. 18, 2020. p. 37-44.
    An amendment to the FOIA is currently underway. As of 2021, the Ministry of Justice has started preparations, and the first stakeholder hearing round has been conducted.
    Oikeusministeriö (Ministry of Justice) Julkisuuslain ajantasaistaminen https://oikeusministerio.fi/hanke?tunnus=OM083:00/2020.
     The objective of the reform is generally to bring the legislation up to date and specifically consider whether the apparent interplay between access to documents/​transparency under the national law and data protection under the GDPR could be clarified. While the conflicts have so far been solved without the need to forfeit the core of either of the rights, a practical adaptation of the transparency legislation and the GDPR has proved to be imaginative and unpredictable.
    Yksityisyyttä vai Avoimuutta? Tietosuojan vaikutus julkisuusperiaatteeseen. / Lindroos-Hovinheimo, Susanna. In: Lakimies, No 5, 2022. p. 752.
     The reform aims to clarify the status quo for public officials and ease the application of the law on one hand, and on the other hand, ensure that the rights to gain information as well as rights ensured in the GDPR are respected.
    2.2.6.2 Non-discrimination Act
    The Constitutional principle of equality which is also rooted in Section 6 of the APA is further specified in the Non-Discrimination Act (NDA, yhdenvertaisuuslaki).
    1325/2014.
     The NDA places an obligation on the public administration to ensure non-discrimination as well as to promote equality in their functions (Section 5). Differentiated treatment is allowed if it is based on an Act or if it has a righteous objective from a human rights perspective. In relation to the latter, that is nonetheless prohibited in relation to the use of public power. In general, the NDA grounds the principle of equality more clearly. Non-discrimination must be upheld in ADM processes as well.
    2.2.6.3 Language Act
    The Language Act (kielilaki),
    423/2003.
     then again, confirms the rights of individuals to use public services in either of the two official languages, Finnish or Swedish.
    The preparatory document for the Language Act mentions that it also meets the requirements from the Nordic Language Convention (Convention 11/1987), Hallituksen esitys Eduskunnalle uudeksi kielilaiksi ja siihen liittyväksi lainsäädännöksi HE 92/2002 vp (Government Bill on legislation for new language act).
     As Finland has two official languages as established in the Constitution, mentioned in the APA and further specified in the Language Act, this aspect must also be respected in digital public administration. In practice, the language requirements may boil down to the technical implementation of the ability to use the digital services in either of the two official languages. Furthermore, the official position of Sámi languages is gaining ground, but the law as it stands today is built around the Constitutional right to maintain and develop their culture. Separate legislation exists which provides the right for Sámi people to use public services in their own language.
    Saamen kielilaki 1086/2003 (Sámi language act) Section 4. However, the position of Sámi languages is considerably weaker than Finnish and Swedish.
    2.2.7 Information Management
    The Information Management Act (IMA, laki julkisen hallinnon tiedonhallinnasta)
    Laki julkisen hallinnon tiedonhallinnasta 906/2019 (IMA); There is a separate legislation for information and document archives and for national archives both of which target the perseverance and discoverability of more historical documents and information; Act on Common Support Services of the Public Administration (517/2016) aims essentially to ensure availability and usability of the internet across the country.
     is a piece of general legislation which targets digital administration more specifically. The objective of the Act is to ensure the principles of transparency and good administration in public administration information and data management. On top of the general information management provisions, the IMA regulates uniformity and information sharing across public services, certain aspects of accessibility, as well as fulfilment of data protection within information management systems. The ADM reform included a new provision in the IMA, to which we will return below.
    2.2.8 Acts on Digital Administration
    Since dealing with public administration is increasingly executed through a digital interface, some legislation applicable to citizens’ interaction with digital public administration has been enacted. The Act on Electronic Services and Communication in the Public Sector (ESCPS, laki sähköisestä asioinnista viranomaistoiminnassa)
    13/2003.
     which specifies actions required from the public and communication from public officials is noteworthy. Since dealing with the public administration in the end is about communication, the ESCPS specifies how that communication should be executed when it comes to providing information and sending as well as receiving electronic messages. As the legislation came into force in 2003, it was drafted with a different technological framework in mind than what we have today. This can be seen from the focus on emails rather than online portals. Nevertheless, the ESCPS still provides a legal framework for when an application is received, for example.
    The Accessibility Directive is nationally implemented in the form of an Act (PDS)
    Laki digitaalisten palvelujen tarjoamisesta 306/2019 (Act on the Provision of Digital Services).
    , which provides more detailed guidance on the requirements of digital public administration services. It is built around four key principles which require the administration’s digital solutions to be 1) perceivable, 2) operational, 3) understandable, and 4) robust. According to PDS article 2, accessibility means the principles and techniques that must be followed in the planning, development, maintenance, and updating the digital services for them to be more accessible. When considering the definition of usability as well as the European Telecommunications Standards Institutes (ETSI) and ultimately WCAG standards that the Directive requires to be followed,
    Accessibility requirements for ICT products and services EN 301 549 V3.2.1 (2021-03) (ETSI standards) www.etsi.org/deliver/etsi_en/301500_301599/301549/03.02.01_60/en_301549v030201p.pdf are built largely on the basis of the WCAG 2.1. standards. The national authorities mention WCAG criteria in their information page for usability www.saavutettavuusvaatimukset.fi/digipalvelulain-vaatimukset/.
     it shows that the PDS emphasises the accessibility of digital services from the point of view of persons with special needs. The national preparatory documents voice similar concerns as the legislator had stated that the objective of the legislation is to promote and support the abilities of persons with special needs to function in the digital administration.

    3. ADM Regulation in Finland

    3.1 What do we mean by automated decision-making?

    One of the difficulties of regulating ADM processes within public administration is that the concept itself orients the regulatory approach to administrative decisions, forcing us to elaborate and assess what constitutes a decision. In the Finnish administrative law doctrine, an administrative decision usually involves the use of public power.
    Public administration can thus be seen as a function established to exercise public power, which can be understood as an obligation for public institutions. In the constitution, the concept of ‘public power’ has a double meaning: it is the subject that does things (e.g., public power must ensure that fundamental rights are upheld), and activity itself (e.g., an authority may use public power). Along with the principle that all use of public power must be based in law, it is specifically targeted to actions by the public administrations when they are using public power.  In a strict sense, public administration uses public power in three main ways:
    1. issuing administrative decisions,
    2. providing general norms, and
    3. using direct force.
    The core of the use of public power is that the public official makes the final decision by applying the law. This is called an administrative decision.
    Administrative decisions include issuing a norm, for example, a decree by a ministry, or an environmental protection order by a municipality. Also, the use of force by a police force, for example, is considered to be a use of public power thus making a decision to use it.
     As mentioned, a significant use of public power can only be exercised by a public administration. Some use of public power can be delegated to private actors,
    Section 124 in the Constitution.
     such as health services through a service voucher, or private pension funds. In addition to public power per se, public administration includes other activities, such as providing services such as health care or education, and it may also engage in financial activities. In other words, the use of public power is at the heart of the public administration but cannot be reduced to it.
    Administrative decisions form the core of administration as a function. It is the most common way in which public power is exercised. About ADM, the concept of administrative decision-making is of great importance precisely because it is this function that is being automated under the new national ADM legislation (discussion in section 2.4.). The features of administrative decisions vary depending on the context and applicable laws. It can be general or specific, delivered electronically, on paper, or verbally. The content can include either providing eligibility for a right or benefit, or a prohibition or restriction. The fixity and legal effects of an administrative decision also vary depending on the context, and different types of administrative decisions have different forms of appeal procedures provided by the applicable laws. An administrative decision is not a static concept but context-dependent and regulated by general and sector-specific laws. Thus, the fluid nature of the concept had to be reconciled in the ADM legislation and it was done through basing the ADM system’s function in law.
    The administrative decision is created through and by the process. The lifespan of the administrative procedure – resulting in an administrative decision and possible appeals – is laid down in the APA.
    434/2003.
     The most common way for an administrative decision to function is that a citizen sends an administrative matter application, which then is decided by the public official either allowing or denying the request.
    Hallintolaki 434/2003 (APA) Part II.
     In most cases, requests for administrative decisions to be rectified can be requested from the originating public administration.
    Most decisions can be appealed in the public administration field that made a decision on the matter, but that is not the case for all. For the purposes of this chapter, we concentrate on the administrative decisions which can be appealed in the original administrative authority.
     The decision must include a guide on how the decision can be appealed.
    Hallintolaki 434/2003 (APA) Section 46.
      If the citizen is unhappy with the result of the rectification request the originating public administration, they can then generally appeal to a regional administrative court. If applicable, the case can move all the way up to the Supreme Administrative Court in accordance with the applicable procedural law rules.
    However, everyday public administration includes various other actions that result in a legally relevant decision. These other functions and actions form the internal administration of the public administration, its human resources, and economic aspects, to name but a few. From our viewpoint, these de facto administrative actions include areas such as education and medical activities. When we discuss the form of digital administration that is subject to specific legislation, it is important to stress that we are talking only about administrative decisions. As for now, other uses of digital tools in public administration are not regulated. This emphasis on administrative decisions may sound self-evident; automated decision-making in public administration means automated administrative decision-making. However, it is not always easy to demarcate administrative decisions from other administrative activities such as prior investigation or, for example, an act of registration. 

    3.2 Background for ADM: Decades of digitalisation efforts in public administration

    It is important to note that the transition to digitalising administration was not sudden. In fact, the long history of digitalisation in Finnish public administration speaks volumes. The digitalisation of administration through a historical lens reveals how before the technological focus was mostly on mass-archiving information and to some extent computational decision-making.
    Hallinnon lainalaisuus ja automatisoitu verohallinto: oikeustieteellinen tutkimus kansalaisen oikeusturvasta teknistyvässä valtionhallinnossa / Kuopus, Jorma. Lakimiesliiton kustannus, 1988; Kolme metodologista ongelmaa: oikeustieteen kehitys, marxilainen lainoppi ja oikeusinformatiikka / Klami, Hannu Tapani. In: Turun yliopiston yksityisoikeuden laitoksen julkaisuja. 1981.
     Scholarly work in this field in Finland has historically predominantly focused on legal informatics.
    This started to take root already in the late 1970’s in Germany and the Nordic countries. Rechtsinformatik. / Reisinger, Leo. Walter De Gruyter, 1977; Miten hyvä hallinto digitalisoidaan? Haaste oikeustieteelliselle tutkimukselle. / Koivisto, Ida; Koulu, Riikka. In: Lakimies, No. 5, 2020. p. 803; Hallinnon lainalaisuus ja automatisoitu verohallinto: oikeustieteellinen tutkimus kansalaisen oikeusturvasta teknistyvässä valtionhallinnossa. / Kuopus, Jorma. Lakimiesliiton kustannus, 1988; Tehokkuus, informaatio ja eurooppalainen oikeusalue. / Pöysti, Tuomas. Helsingin yliopiston oikeustieteellisen tiedekunnan julkaisuja, 1999; ICT-oikeus sähköisessä hallinnossa. / Voutilainen Tomi. Edita, 2009.
     In the 1980s in his doctoral dissertation, Kuopus noted that administrative law as it stood at the time was not able to conceptualise the idea of mass administration.
    Hallinnon lainalaisuus ja automatisoitu verohallinto: oikeustieteellinen tutkimus kansalaisen oikeusturvasta teknistyvässä valtionhallinnossa. / Kuopus, Jorma. Lakimiesliiton kustannus, 1988.
     Relatedly, Pöysti, the current Chancellor of Justice, has explained that the missing definition of mass administration continues to complicate contextualisation and the applicable regulatory field of automation.
    Luottamuksesta hallinnon automaattiseen päätöksentekoon. / Pöysti, Tuomas. Juhlajulkaisu Pekka Vihervuori 1950. Ed. / Kari Kuusiniemi; Outi Suviranta; Veli-Pekka Viljanen. Suomalaisen Lakimiesyhdistyksen julkaisuja, 2020. p. 345-360. 
    Technological change and new innovations have brought new tools for the public administration to incorporate technological solutions into the administrative practises (such as ADM) while the mere fundamental questions on the nature and interconnectedness of law and technology have remained relatively unchanged. Digitalisation has been ongoing for more than 50 years without much fundamental attention from the legislator. Technology-specific legislation in the public administration field prior to the ADM reform largely focussed on data management and protection, and rules on sending and receiving applications electronically (mainly email).
    ADM in the context of public administration means the functional replacement of a human decision-maker with a computational agent which has been created to apply certain rules in assessing the request and providing a decision. ADM has been used in a range of administrative processes in Finland for years. For example, KELA (the social security authority) and Vero (tax authority) have been using automated decision-making systems for some time.
    Hallituksen esitys eduskunnalle julkisen hallinnon automaattista päätöksentekoa koskevaksi lainsäädännöksi HE 145/2022 vp (Government Bill on legislation for automated decision-making in the public administration) p. 25-26.
     It seems that ADM’s inclusion in the public administration has been done gradually to ease the workload (and costs) through auxiliary and in some cases independent decision-making by an automated system.
    Hallituksen esitys eduskunnalle julkisen hallinnon automaattista päätöksentekoa koskevaksi lainsäädännöksi HE 145/2022 vp (Government Bill on legislation for automated decision-making in the public administration) p. 25.
      The incorporation of ADM into the public administration seems to be fuelled with the idea that the technology for ADM has been available and no legislation outright prohibited its use.
    ADM has been used in the context of de facto administrative functions without any basis in law, and consequently, other fundamental legal questions had not been considered. It seems that ADM quietly and stealthily, became part of day-to-day administrative functions. Enactment of the GDPR provided the legal vocabulary for ADM and therefore conceptualised the technological tool to a function with legal meaning and consequences. ADM brings with it entrenching differences in decision-making procedure as well as the decision-making entity neither of which had been realised properly by the legislator before. The realisation that ADM has become a part of administrative functions has slowly led to the recognition of problematic co-existence of constitutional requirements, such as the use of public power must be based in law, and the utilisation of ADM in administrative functions.
    Framing the public administration as performing different activities allows us to understand ADM from both organisational and functional perspectives. As mentioned above, digital solutions have been used in public administration for decades and ADM practices had been incorporated into public administration before any discussion on the need to legislate arose. While ADM in practice forms a part of administrative decision-making, it is essential to point out that public administration is much more than mere decision-making procedures. Still, ADM is not merely utilised for administrative decision-making, but it can be used (and is used) in other forms of administrative actions as well.
    For example, in schooling and social services. ADM is also adopted within the administrative practices that do not directly deal with citizens, such as automated auction procurement (water, energy, traffic, and postal services). Laki vesi- ja energianhuollon, liikenteen ja postipalvelujen alalla toimivien yksiköiden hankinnoista ja käyttöoikeussopimuksista 1398/2016.
     Nevertheless, the current national ADM reform focussed on administrative decision-making, which forms only one, but an essential part of the public administration.

    3.3 Starting points for the new ADM legislation

    As mentioned, the need to create a legal basis for ADM arose to the regulatory agenda triggered by Article 22 of the GDPR and the legality controllers' investigations. Questions relating to the legality of the use of ADM started to get attention from the CLC, the Chancellor of Justice, and the Parliamentary Ombudsman.
    In 2018, the CLC stated that the need for general legislation on ADM had to be clarified.
    Valiokunnan lausunto PeVL 62/2018 vp – HE 224/2018 vp (Statement of the Constitutional Committee).
     This statement was the key finding in an opinion it gave regarding proposed legislation on the processing of personal information in migration issues.  In 2019, the CLC repeated the need for such a review. It stated that in addition to the rules laid down in the GDPR, the use of ADM touches on other fundamental rights and the use of public power. In fact, this happened to the extent that there was an urgent need to review whether general legislation on ADM was necessary.
    Valiokunnan lausunto PeVL 7/2019 vp – HE 18/2019 vp (Statement of the Constitutional Committee).
    In 2019, the Chancellor of Justice opened an own-initiative inquiry on the use of ADM in KELA where further legal questions related to the use of ADM were elaborated.
    OKV/21/50/2019.
     In the decision, he also emphasised the lack of legal basis for ADM but also brought up questions on transparency
    OKV/21/50/2019. Especially the need to inform the citizen on the use of ADM in decision-making.
     and problematics surrounding the personal criminal liability of public officials in performing a public task.
    The parliamentary Ombudsman also started an own-initiative inquiry in 2018 on the use of ADM in Vero.
    EOAK/3379/2018.
     She found that the ADM processes used in taxation did not fulfil constitutional requirements on good administration, and legal protection, and there was no legal basis for it. The Ombudsman’s inquiry reached news outlets in which conspicuous headlines stated that ‘the tax authority’s robot has taken too much money from people and the parliamentary ombudsman considers that automated decision-making breaches the constitution’.
    Verottajan robotti on karhunnut ihmisiltä liikaa rahaa, ja apulaisoikeusasiamiehen mukaan automaattinen päätöksenteko rikkoo myös perustuslakia. / Anu-Elina Ervasti. In: Helsingin Sanomat. 26 November 2019. https://www.hs.fi/kotimaa/art-2000006321422.html.
     Similarly, to the Chancellor of Justice, the Ombudsman discussed the official accountability as well as transparency of the public administration. In this case, the Ombudsman held the use of ADM in Vero illegal due to the lack of legal basis.
    EOAK/3379/2018, p. 37.
     The political pressure to legislate ADM became untenable.
    From a purely legal perspective, the discussion on the urgency for legislating ADM in public administration was framed around three core legal issues. Firstly, there was a lack of legal basis for ADM at the time. As mentioned above, the requirement that the use of public power must be based on law stems from the Constitution, and the processing of personal information must be based in law in accordance with the GDPR. The realisation of the interconnectedness of article 22 of the GDPR to the national ADM practices seemed to be the kick-off point. The GDPR had brought the concept of ADM within the legal field and could no longer be ignored.
    Secondly, the personal nature of official accountability had to be reconciled with the non-personal nature of ADM. The principle of official accountability of public officials performing a public task stems from Sections 2(3) and 118 of the Constitution which comprises criminal and tort-based liabilities.
    Rikoslaki (criminal code) Chapter 40.
     When the public tasks are not directly performed by the public official, but ADM is incorporated into the process, the ability to identify the public official responsible becomes obfuscated. At the same time, the principle of legality in criminal cases (Section 8 Constitution) requires a heightened certainty of the person responsible,
    Section 8 in the Constitution. This principle of legality includes the principles of accuracy and predictability. Yleinen rikosoikeus. / Frände, Dan. Edita, 2005. p. 40.
     a connection which may become difficult to prove when ADM is in use.
    Thirdly, the principle of good administration includes a requirement to uphold a climate of trust between the public administration and the citizens. This includes the requirement for transparent decision-making, a requirement that stems also from the GDPR in relation to the automated processing of personal data. Furthermore, transparency regarding whether a decision-making has been conducted through ADM was largely criticised by the findings of both the Chancellor of Justice and the Parliamentary Ombudsman mentioned above. Thus, how to ensure transparency must be considered. On top of these, the overall legal protection of persons subject to ADM, the use of discretion by the public official, as well as the ability to give tasks to an entity other than a human administrative official needed to be addressed. The two latter issues relate to a broader question of whether the administrative legal landscape is built around the assumption that the one who makes decisions is a human and consequently, what abilities and features are assumed from that human actor.
    We return to this point in section 2.6.
    As a result of increasing attention from the CLC, the Chancellor, and the Parliamentary Ombudsman, the government gave a proposal to Parliament in the autumn of 2022.
    Hallituksen esitys eduskunnalle julkisen hallinnon automaattista päätöksentekoa koskevaksi lainsäädännöksi HE 145/2022 vp (Government Bill on legislation for automated decision-making in the public administration).
     It included several paragraphs, the purpose of which was to allow fully automated individual administrative decisions widely, regardless of the administrative branch. Importantly, the paragraphs were to be added into two already existing acts: the APA and the IMA. Some minor amendments were also proposed to some other acts. The proposal was drafted in two ministries: in the Ministry of Justice (APA) and in the Ministry of Finance (IMA). In the APA, the basic requirements of the ADM were laid down. The IMA, in turn, concentrated on the specificities of how to adopt such automated processes in different public administrations, which would further allow automated decision-making in practice, and laid down some control and accountability mechanisms. As of 1 January 2023, a new law on ADM was enacted. Specifically, the Parliament enacted two separate laws, lex generalis on the use of ADM in public administration (applicable since 1.5.2023),
    Hallituksen esitys eduskunnalle julkisen hallinnon automaattista päätöksentekoa koskevaksi lainsäädännöksi HE 145/2022 vp (Government Bill on legislation for automated decision-making in the public administration).
     and lex specialis on the use of ADM in tax and customs purposes (applicable from 1.1.2024).
    Hallituksen esitys eduskunnalle automaattista päätöksentekoa verotus- ja tulliasioissa koskevaksi lainsäädännöksi HE 224/2022 vp (Government Bill on legislation for automated decision-making in tax and customs).

    3.4 The New ADM rules in the Administrative Procedural Act and Information Management Act

    Since May 2023, the use of ADM in public administration has legal basis and is subject to certain limitations. In other words, the status quo has now been legitimised.
    As mentioned, the practice of using ADM in public administration is not new, but the legislation is. See more, Imaginaries of Better Administration: Renegotiating the Relationship between Citizens and Digital Public Power / Esko, Terhi; Koulu, Riikka. In: Big Data & Society, No 1, 2023.
     This means that the previous practice of ADM in public administration may continue, however, so that certain criteria are met. We will specify those criteria in the following.
    The amendment to the APA sets the ground rules for public authorities to automate their decision-making. Automation is possible only if all the criteria are met. The new Chapter 8b of the APA provides five main rules on regulating the use of ADM.
    Firstly, the decision must be based on pre-made processing rules (Section 53e). In practice, this means that only rule-based ADM is possible, and neither machine learning nor AI systems are included in the legislation.
    Hallituksen esitys eduskunnalle julkisen hallinnon automaattista päätöksentekoa koskevaksi lainsäädännöksi HE 145/2022 vp (Government Bill on legislation for automated decision-making in the public administration) p. 99-100, 147.
    Secondly, the processing rules used in the ADM system must be created according to the applicable law (Section 53e). This means that only parts of the legislation which can be transformed into mathematical formulas can be automated.
    Hallituksen esitys eduskunnalle julkisen hallinnon automaattista päätöksentekoa koskevaksi lainsäädännöksi HE 145/2022 vp (Government Bill on legislation for automated decision-making in the public administration) p. 99-100
     For example, an age limit to apply for benefits can be transferred into an automated system which calculates the applicant's age based on the date of birth included in the application.
    Thirdly, automated decision-making cannot include case-by-case or discretionary consideration (Section 53e). Whether an issue includes case-by-case consideration is first to be considered by a public official. Thus, the public administration must execute a ‘pre-consideration’ of whether the decision-making includes case-by-case consideration and if it does, it cannot be automated. This means that there is a form of ‘meta-consideration’ whether there is case-by-case consideration involved. This meta-consideration inevitably includes a level of discretion in which the particularities of the decision-making and its circumstances must be considered. Thus, even though discretion cannot be automated, it is included in the use of ADM in this type of meta-consideration form. In practice, decisions which include case-by-case consideration or another form of discretion must be conducted by a human public official, in accordance with the lex generalis.
    Hallituksen esitys eduskunnalle julkisen hallinnon automaattista päätöksentekoa koskevaksi lainsäädännöksi HE 145/2022 vp (Government Bill on legislation for automated decision-making in the public administration) p. 98.
    Fourthly, the subject of the decision must be informed that the decision has been made automatically to respect the principle of transparency (Section 53g). Finally, the party concerned must be able to appeal the decision for free to ensure the legal protection of individuals (Section 53f). Furthermore, rectification claims are always to be handled by a human public official (Section 53e).
    Hallituksen esitys eduskunnalle julkisen hallinnon automaattista päätöksentekoa koskevaksi lainsäädännöksi HE 145/2022 vp (Government Bill on legislation for automated decision-making in the public administration) p. 100. 
    APA rules are complemented with more specific procedural rules in the IMA (Chapter 6a) for the launching and updating of the automated system. The rationale of the provisions in Chapter 6a is to ensure the fundamental principles such as accountability, transparency, and the legality of the proceedings.
    Hallituksen esitys eduskunnalle julkisen hallinnon automaattista päätöksentekoa koskevaksi lainsäädännöksi HE 145/2022 vp (Government Bill on legislation for automated decision-making in the public administration) p. 31.
     In practice, this means five central obligations for the public administration.
    Firstly, the pre-made processing rules mentioned in Chapter 8b of the APA must be documented and the legality of the rules must be ensured (Section 28a).
    This directly links with the requirement from the APA that the processing rules of the ADM must be created in accordance with the applicable law.
     Secondly, the public administration must establish a specific decision to deploy an ADM system. It must include the legal qualification as well as the basis of its use (Section 28d). Thirdly, the public administration must ensure the ADM systems are high quality and continue to manage risks before it is put into use as well as while it is used (Section 28b). Fourthly, the administration must ensure that any defects that may occur are corrected (Section 28c). Finally, the public official must inform of the use of ADM in their respective public service (Section 28e). As the legislation is relatively recent, the information management board is currently drafting a recommendation on how to ensure that the administrative organs follow the new Chapter 6a.
    Automaattisen ratkaisumenettelyn vaatimukset – muutokset tiedonhallintalakiin https://vm.fi/tapahtumat/2023-03-21/automaattisen-ratkaisumenettelyn-vaatimukset-muutokset-tiedonhallintalakiin-webinaari.
     The recommendation will provide more specific guidance for the administrations to make sure that the somewhat technical requirements laid down in the Chapter 6a requirements are fulfilled. The recommendation is going to be presented and published in December 2023.

    3.5 Lex specialis for ADM in taxation and customs

    As mentioned, in addition to the enactment of general legislation, lex specialis was enacted for the use of ADM in tax and customs. The lex generalis still applies for tax and customs, but the lex specialis allows the use of ADM in some situations, in which it would not be allowed according to the lex generalis. According to the principle that all exercise of public power must be based on law, any divergence to the APA must be based in legislation. Thus, the lex specialis for tax and customs was drafted to allow the automation of decision-making in rectification claims which is not allowed under the new Chapter 8b of the APA.
    The preparatory documents mention that one of the objectives is to allow the already existing practice in the tax authority to use ADM in rectification claim; Hallituksen esitys eduskunnalle automaattista päätöksentekoa verotus- ja tulliasioissa koskevaksi lainsäädännöksi HE 224/2022 vp (Government Bill on legislation for automated decision-making in tax and customs) p. 4.
     The rectification claims which can be automated would have to be based on the same logic as the original applications, i.e., they could not include case-by-case consideration, and the rectification claim application needs to be clear and possible to translate into computational form.
    The preparatory documents mention that one of the objectives is to allow the already existing practice in the tax authority to use ADM in rectification claim; Hallituksen esitys eduskunnalle automaattista päätöksentekoa verotus- ja tulliasioissa koskevaksi lainsäädännöksi HE 224/2022 vp (Government Bill on legislation for automated decision-making in tax and customs) p. 34; Laki verotusmenettelystä 1558/1995 (Act on tax procedure) Section 26f.
     In addition, ADM can be used only in certain rectification claims.
    Hallituksen esitys eduskunnalle automaattista päätöksentekoa verotus- ja tulliasioissa koskevaksi lainsäädännöksi HE 224/2022 vp (Government Bill on legislation for automated decision-making in tax and customs) p. 24. This means that ADM can only be used when an appeal is allowed. The ADM system cannot make the decision whether an issue can be reconsidered or not.
     Furthermore, according to article 22(3) of the GDPR, there must remain a right to obtain human intervention and contest the decision. In other words, while the GDPR does not ban the automation of rectification claims, there always needs to be an opportunity for a human public official to review a decision reached automatically.  While the lex specialis introduced exceptions to the ability to demand a manual processing of certain automatically reached rectification claims,
    E.g., Laki verotusmenettelystä 1558/1995 (Act on tax procedure) Section 26f para 2.
     a new application can be sent in those instances in which being processed manually can be demanded.
    Hallituksen esitys eduskunnalle automaattista päätöksentekoa verotus- ja tulliasioissa koskevaksi lainsäädännöksi HE 224/2022 vp (Government Bill on legislation for automated decision-making in tax and customs) p. 54.
    Just like the lex generalis on ADM as discussed above, the lex specialis for tax and customs added new paragraphs to already existing legislation. They were added to allow the automation of rectification claims in certain instances. Notably, a new Section 26f was included in the Act on Tax Procedure (laki verotusmenettelystä)
    1558/1995.
     on the automation of rectification claims. The exception can be applied in accordance with pre-consideration of risk by an administrative official that the case does not include discretion or case-by-case consideration.
    Hallituksen esitys eduskunnalle automaattista päätöksentekoa verotus- ja tulliasioissa koskevaksi lainsäädännöksi HE 224/2022 vp (Government Bill on legislation for automated decision-making in tax and customs) p. 39.
     New sections referring to Section 26f of the Act on Tax Procedure were added to other acts which target specific taxes such as income, shipping, vehicles and others.
    Hallituksen esitys eduskunnalle automaattista päätöksentekoa verotus- ja tulliasioissa koskevaksi lainsäädännöksi HE 224/2022 vp (Government Bill on legislation for automated decision-making in tax and customs) p. 34.
     In relation to customs, the Customs Act (tullilaki)
    1466/1994.
     was revised with a new section similarly allowing more wide-reaching use of ADM than what lex generalis allows.
    Alike the amendment to the APA, i.e., the lex generalis, the lex specialis also includes an aspect of meta-consideration. As mentioned, the special legislation’s main objective is to allow the use of ADM in situations which would be prohibited under the general law, mainly rectification claims. According to the lex specialis, the use of ADM in rectification claims can only be used if a public administration first considers that the issue does not include aspects which would require case-by-case consideration or if a human public official has first settled those aspects of the issue.
    Hallituksen esitys eduskunnalle automaattista päätöksentekoa verotus- ja tulliasioissa koskevaksi lainsäädännöksi HE 224/2022 vp (Government Bill on legislation for automated decision-making in tax and customs) p. 25.
    The law drafting was a joint effort with the Ministry of Justice and the Ministry of Finance with the idea to enact general legislation which would apply horizontally in the public sector.
    The report prior to the proposal for new legislation did not mention two separate laws but only talked about the general legislation. The special legislation appeared during the process of drafting the lex generalis. The proposal for the lex generalis was given in 19th of September in 2022 and the lex specialis was given in 20th of October 2020. Arvomuistio hallinnon automaattisen päätöksentekoon liittyvistä yleislainsäädännön sääntelytarpeista. / Oikeusministeriö (Ministry of Justice). In: Oikeusministeriön julkaisuja. 2020.
     However, the Ministry of Finance also started to draft special legislation for the use of ADM in tax and customs to allow more extensive automation in these areas.
    Interestingly, the lex specialis on taxation received considerably less attention in the drafting phase than the lex generalis, although the automation was more pervasive. While the law drafting process for the lex generalis was relatively lengthy with over 60 expert opinion hearings, the lex specialis was pushed through comparatively swiftly with only 27 expert opinion hearings.
     As the special legislation enables ADM in situations which are prohibited in the general legislation, it remains to be seen whether the speedy drafting and limited political debate present issues in the future. It remains unclear why the lex specialis was granted so little attention, especially since the lex generalis was heavily debated during law drafting.
    The ministries responsible for law drafting had to tackle many issues. While the choice to legislate only rule-based automated systems and to focus only on administrative decisions seemed to be quickly accepted, constitutional questions arose concerning the sufficiency of legal safeguards (oikeusturva/​oikeusturvatakeet) and the obligation to hear the parties during the administrative process. Furthermore, how to deal with discretion and cases which have a level of case-by-case consideration were brought up in many hearings. Furthermore, the compatibility with the novel logic of fully automated administrative action to the Finnish system of official responsibility based on criminal as well as tort liability had to be considered.
    As the lex generalis sections added to the APA were a joint effort between the two ministries, finding a coherent whole was not an easy task. Even though their respective amendments targeted different pieces of legislation, the terminology used in the legislations had to fit together. In the first draft, that did not fully seem to be the case.
     Indeed, the vocabulary adopted in the IMA paragraphs was different than it was in the APA paragraphs. For example, when APA referred to ‘automated decisions’, IMA referred to ‘automated operating processes’, although they were to refer to the same things. The difference is significant, as decisions and procedures are subject to different legal requirements.
    This was reflected in the constitutionality control: the CLC found that the amendments to the APA - including the terminology used – to be generally acceptable but the amendments to the IMA were quite heavily criticised. The draft amendments to the IMA were found to be stated to be unnecessarily obscure and detailed.
    Valiokunnan lausunto PeVL 81/2018 vp – HE 145/2022 vp (Statement of the Constitutional Committee).
     The consistency of this legislative totality is one thing to consider. Regardless, the committee disapproved of the use of technocratic language in general, not only because it was inconsistent with the APA paragraphs. As a result, the Committee concluded that the proposal could be processed in the ordinary legislative order only (and not in constitutional legislative order as an exception act), if many of the paragraphs in the IMA were rewritten, simplified and some were even omitted.
    Much of the law drafting debates revolved around legal protection and safeguards for the citizens as well as the individual public officials (official accountability). From the citizens’ point of view, recital 71 of the GDPR was at the centre of many conversations.
     Recital 71 of the GDPR states that the data subject should have a right not to be subject to a decision based solely on automated processing. This raises the question of whether the data subject – in this context, a citizen acting with the public administration – has the right to demand that the decision is made by a human and therefore opt out from the use of ADM affecting her.
    Koivisto brought this point up in the law drafting phase, Ida Koivisto https://www.eduskunta.fi/FI/vaski/JulkaisuMetatieto/Documents/EDK-2022-AK-65679.pdf.
     This question is not purely one that national law can solve, since the right to not be subject to a decision based solely on automated processing stems from recitals in the GDPR. The fact that it is written in the recitals also brings in another debate on how much legal force the right has and the only judicial body able to provide an answer is the CJEU. The idea behind the use of ADM seems to be that consent for the use of ADM will not be required in accordance with the general law and that for an initial decision made through ADM, a citizen cannot demand that the decision is not made by ADM system.
    The lex generalis was designed so that the main way to ensure legal protection, equality, hearing of parties and sufficient reasoning, in general, is wide and continuous documentation of the use and functioning of the ADM systems (IMA Chapter 6a). The information management board was granted the responsibility for overseeing the fulfilment of the new Chapter 6a (more on the board in section 1.1.4 above). Practically this means that the board gained new obligations to oversee the fulfilment of the requirements stemming from Chapter 6a, but they also retained discretion on whether and when a given ADM system should be further reviewed. For example, the information management board may further review the way in which issues including discretion are dealt with, but only when the board sees it as being necessary.
    Hallituksen esitys eduskunnalle julkisen hallinnon automaattista päätöksentekoa koskevaksi lainsäädännöksi HE 145/2022 vp (Government Bill on legislation for automated decision-making in the public administration) p. 42-43; Point mentioned by Ida Koivisto https://www.eduskunta.fi/FI/vaski/JulkaisuMetatieto/Documents/EDK-2022-AK-65679.pdf.
     Furthermore, the information management board is not a judicial oversight body, which means that it has very limited powers to pose legally binding compliance actions. Thus, there is a risk that questionable meta-consideration on whether an issue includes case-by-case consideration becomes incorporated into the institutional practices and consequently is left largely unsupervised.
    Some of the IMA provisions that were deleted during law drafting were related to the planned new oversight powers for the information management board. In the early law drafting phases, it was planned for the information management board to be granted new functions such as overseeing the decision to begin the use of ADM and assessment of the ADM in use, some of which were later omitted. Some oversight powers, such as overviewing the documentation, remained with the board. In its opinion, the information management board criticised the timeframe of enacting the new legislation and wished to extend it.
     That was because the new oversight functions necessarily meant more resources would be required to allow for the increased workload.
    Evidently, the organisational changes needed to fulfil the newly planned oversight functions take time to build. The Board’s concerns regarding the timeframes were largely ignored, even though the oversight powers in the final law were lessened from those originally planned. This shows that the older administrative structures must be able to stand with the new processes and often it means changes within the old structures. The increase of information management board workload is a good example of how the new legislation has effects on the organisational structure of different public administrative sectors and their oversight bodies.
    An aspect that was widely discussed in the law drafting phase was the confinement of the scope of ADM to only fully automated administrative decisions. Currently, there is no legislation that would regulate the use of decision support systems or automation of other phases of administrative decision-making, such as the initial request (vireillepano) or informing the party concerned (tiedoksianto). Also, data-based automated systems are not within the scope of the law. This means that data-based systems, including machine learning or AI systems, are currently without legal basis on the national level. Thus, public organisations are currently banned from using such techniques for fully automated decisions, although it is possible that to a certain extent, data-driven techniques could be used for decision support.  At the same time, legislating rule-based ADM does not rule out the option of legislating on data-based ADM in the future. 
    Furthermore, the amendments do not target assisting ADM, which in many instances is largely used in the daily public administrative work. For instance, such assisting automation could relate to the filing of claims or redacting necessary information from documents. In addition, other administrative actions, such as in the schooling system, the healthcare system and social services, may also include automated processing of personal data which would fall under the requirements for national legal basis in accordance with article 22 of the GDPR but is not fully automated decision-making per se. Since the ADM legislation only targets administrative decisions, other types of automation used in the public administration remain without the necessary legal basis for its use.
     This shows that automation in public administrative tasks varies greatly and the focus on automated decision-making does not provide an all-encompassing legal framing when it comes to the use of automation in public administration.
    The lex specialis for tax and customs was drafted to allow the use of ADM in rectification claims which is not allowed under the lex generalis, as mentioned.  The CLC mostly found the proposal to be acceptable.
    Valiokunnan lausunto PeVL 88/2022 vp – HE 224/2022 vp (Statement by the Committee).
     However, it was also criticised based on the legal safeguards stemming from recital 71 of the GDPR and due to inconsistencies with specific sections of the GDPR.
     For instance, while the GDPR article 13(2)(f) requires the controller to inform the data subject on the existence of automated decision-making at the time when the personal data are obtained, the national legislation currently requires informing the data subject on the use of ADM only in the exact decision that has been reached through ADM.
    Hallituksen esitys eduskunnalle automaattista päätöksentekoa verotus- ja tulliasioissa koskevaksi lainsäädännöksi HE 224/2022 vp (Government Bill on legislation for automated decision-making in tax and customs) p. 49.
     In other words, according to the national law, the data subject is not personally informed about the possible use of their data in ADM prior to the decision having been made though an ADM system.
    Moreover, the legislation includes sections which are in tension with the GDPR’s provisions on the data subject’s right to express their views. In relation to the taxation procedure for taxes paid on one’s own initiative, the data subject’s right to express views is generally guaranteed because it is possible to express their views before a late payment fee is imposed.
    Late payment fee in this context refers to a fee that is a result of the taxpayer not providing the information for taxation in time in accordance with the Act on the Taxation Procedure for Taxes Paid on Own Initiative (Laki oma-aloitteisten verojen verotusmenettelystä 768/2016) art 30.
     However, if the late payment fee is less than €200, that right to express views is only allowed if it is ‘necessary due to special circumstances’.
    Hallituksen esitys eduskunnalle automaattista päätöksentekoa verotus- ja tulliasioissa koskevaksi lainsäädännöksi HE 224/2022 vp (Government Bill on legislation for automated decision-making in tax and customs) p. 33. 
     However, according to recital 71, the proper legal safeguards, such as the right to express view should always be possible when the use of data processing results in legal effects. In this respect, whether the special legislation is in line with the GDPR could be questioned.

    3.6 ADM and the human assumption

    The ADM reform can also be considered to be a reform of administrative legal thinking more widely. On top of the multiple legal-technical issues that the legislator had to consider the non-personal nature of ADM and legal concepts relying on human assumption had to be reconciled.
    Human assumption central in Finnish public administration discussed in e.g., Modelling Justice by Emergence? Rights and Values in AI Development. / Honkela, Timo; Riikka, Koulu. How Will AI Shape the Future of Law? Eds. Koulu, Riikka/ Kontiainen Laura. University of Helsinki Legal Tech Lab, 2019. p. 155–193, 160, 172.
      The most important such concepts are the use of discretion and official accountability. The question of discretion was simply resolved – automation of discretion was prohibited outright.
    This is because the ADM must be created based on legislation that can be transferred into mathematical formulas. Discretion cannot be translated to such formulas.
     However, as mentioned, the laws introduced new forms of discretion (meta-discretion), which need to become uniform with the fundamental principles of the administrative law.
    The national system of personal accountability of public officials, in turn, meant that the legislation had to take into account the personal aspect of accountability in the context of ADM.
    See more from theoretical perspective, Virkavastuu ja päätösautomaatio – vastuun henkilökohtaisuus kriisissä? / Hirvonen, Hanne. In: Lakimies. No 3-4, 2022.
     The official accountability stems from the Constitution which provides that anyone who has suffered a violation of their rights or sustained a loss through an unlawful act or omission by a public official can request a criminal trial and the public official can be held liable for damages (Section 118). In other words, the Constitution provides criminal and tort-based liability for public officials in cases of unlawful action or omission. This approach was considered to supplement the legality principle according to which all public action must be based in law.
    Hallituksen esitys eduskunnalle uudeksi Suomen hallitusmuodoksi 1/1998 (Government Bill for a new form of government) p. 172.
    Interestingly, limiting the use of ADM in rule-based systems is connected to the way in which official accountability is dealt within the legislation.
    Hallituksen esitys eduskunnalle julkisen hallinnon automaattista päätöksentekoa koskevaksi lainsäädännöksi HE 145/2022 vp (Government Bill on legislation for automated decision-making in the public administration) p. 142.
     The idea seems to be that the public officials know how the system is built (APA – based on legislation), and how it is functioning (IMA – documentation). This knowledge would allow identification of the person to be held accountable. Much depends on the successfulness of the documentation: it is precisely due to the mandatory documentation on how the ADM system reaches the decision that makes it possible to later identify the responsible party.
    In practice, identifying the responsible party may not be that straightforward. The decision to deploy an ADM system (käyttöönottopäätös)
    An example of such decision, Automaattisen ratkaisumenettelyn käyttöönottopäätös 20.6.2023 https://www.tyollisyysrahasto.fi/globalassets/automaattisen-ratkaisumenettelyn-kayttoonottopaatos-20.6.2023-.pdf
     required by Section 28 d of the IMA must include a description of the division of labour between the people responsible for different aspects of the ADM system.
    Other aspects that the decision must include are processing rules, testing reports, risk management plan, as well as description on quality control and how to identify and correct errors in the system.
     Thus, the responsibility is divided according to the individual aspects of the operation of the system. However, a problem in the system may not be always be attributable to a single person. Yet, the national official accountability doctrine does not currently recognise joint official accountability nor accountability of the public administration as a whole.
    Virkavastuu ja päätösautomaatio – vastuun henkilökohtaisuus kriisissä? / Hirvonen, Hanne. In: Lakimies. No 3-4, 2022.
     Thus, even with meticulous documentation, identifying one person as being responsible might be hard.
    In the end, the question was not only to make new rules to govern the use of ADM in the public administration. Instead, those rules needed to fit into the administrative system as a whole. As described, the ADM legislation has to fit in with the logic of criminal responsibility of individual officials. Such criminal responsibility consequently takes in the logic of Finnish criminal law and departs from the idea of personal choice and action. In a similar vein, the ‘meta-consideration’ that we have discussed above did not exist in the Finnish administrative legal system before.
     The way in which it will fit into the administrative legal order remains to be seen.

    4. EU Regulation for Artificial Intelligence 

    4.1 Potential overlap between national ADM rules and the Artificial Intelligence Act (AIA)

    The EU does not have regulations on artificial intelligence at the time of writing. As for now, the upcoming EU legislation on AI is currently moving towards trilogue negotiations between the European Parliament (EP), the Council of the European Union (Council), and the Commission.  Although it remains to be seen what the final regulation will look like, it is unlikely that the painstaking law drafting that has taken years and featured highly on the current Commission’s political agenda would fail to produce any legislation at all. Much is still unknown at this stage, as even the scope – and the related question of defining the AI techniques the EU aspires to regulate – are still under debate. Once the final version is accepted, it will take years before case law on its interpretation starts to form.
    In addition, uncertainties are connected to the subsequent interpretation of the regulation by national authorities in the member states and later the CJEU. It is also possible that the AIA will allow some national discretion, as was the case with the GDPR. Due to the ongoing legislative process of the AIA, next, we present four key discussion points that the interconnected nature of the national ADM legislation and the future AIA provide.
    The saga about legislating AI on the EU level officially began in 2020 with the Commission’s White Paper on artificial intelligence suggesting a range of options for regulating AI.
    European Commission (2020) On artificial intelligence – A European approach to excellence and trust. White Paper. COM(2020) 65 final. Brussels 19.2.2020; More on the policy drafting before the proposal for regulation see Artificial Intelligence in the European Union: Policy, ethics and regulation. / Ulnicane, Inga. The Routledge Handbook of European Integrations. Eds. T. Hoerber; G. Weber; I. Cabras I. Routledge, 2022. p. 254-269.
     In the following year, the Commission gave out a proposal for AI regulation (AIA proposal).
    Proposal of 21 April 2021 for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts, COM(2021) 206 final, 2021/0106.
     The Council presidency at the time (Slovenia) and the subsequent two presidencies (French and Czechia) have altogether given out 21 partial compromise proposals.
    Some of which were classified as progress reports, some targeted individual articles and yet others were full compromise proposals. The AI Act, Documents https://artificialintelligenceact.eu/documents/.
     For the purposes of this section, we will consider the latest full Council proposal as the Council’s stance on the AIA (Coreper AIA).
    Council of the European Union (2022) Proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) and amending certain Union legislative acts – General Approach 2021/0106(COD) Brussels, 25 November 2022.
     The EP adopted their negotiation position (EP AIA)
    European Parliament, Amendments adopted by the European Parliament on 14 June 2023 on the proposal for a regulation of the European Parliament and of the Council on laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) and amending certain Union legislative acts (COM(2021)0206 – C9-0146/2021 – 2021/0106(COD)) P9_TA(2023)0236 https://www.europarl.europa.eu/doceo/document/TA-9-2023-0236_EN.pdf.
     in June 2023 which included substantial amendments to the Commission’s original proposal.
    See list of key proposed amendments in European Parliament, Legislative train schedule https://www.europarl.europa.eu/legislative-train/theme-a-europe-fit-for-the-digital-age/file-regulation-on-artificial-intelligence.
    Nonetheless, we can assume that the AIA would be significant in relation to the ADM in public administration. In fact, like the GDPR has conceptualised ADM in legal terms, the upcoming Artificial Intelligence Regulation would to the same to the use of AI, be it within or without the scope of ADM in public administration.
    That said, it will not be easy to make the points of departure in AIA and public administration fit together seamlessly. This is because the market-oriented logic of the AIA may be difficult to reconcile with the public law nature of the national ADM legislation. The AIA draft is based on harmonising internal market rules
    Legal basis for the proposal is Article 114 of the Treaty on the Functioning of the European Union, OJ C 326/47 (functioning of the internal market) Proposal of 21 April 2021 for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts, COM(2021) 206 final, 2021/0106.
     making it product safety legislation with market-oriented logic with parallel objectives to ensure fundamental rights.
    This approach has been present since the political declarations that AI should be regulated at the EU level. Artificial Intelligence in the European Union: Policy, ethics and regulation. / Ulnicane, Inga. The Routledge Handbook of European Integrations. Eds. T. Hoerber; G. Weber; I. Cabras I. Routledge, 2022. p. 254-269.
    The AIA proposal is a horizontal, risk-based legislation which operates with four levels of risk. Firstly, most use of AI will be considered as minimal or no-risk which will be allowed, and secondly, some low-risk AI will have transparency requirements.
    Proposal of 21 April 2021 for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts, COM(2021) 206 final, 2021/0106.
     Thirdly, high-risk AI systems will be imposed on most rigorous requirements and the final level is AI systems which are considered so risky that they will not be allowed at all.
    Proposal of 21 April 2021 for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts, COM(2021) 206 final, 2021/0106.; More on the risk-based approach and how AI systems risks will be assessed see Certification systems for machine learning: Lessons from sustainability. / Matus, Kira; Veale, Michael. In: Regulation & Governance. 2021; Demystifying the Draft EU Artificial Act: Analysing the good, the bad, and the unclear elements of the proposed approach. / Veale, Michael; Zuiderveen Borgesius, Frederik. In: Computer Law Review International. No 4, 2021.  
     The market-oriented logic is visible from the approach to regulate the development, marketing and use of AI and it is mainly directed at manufacturers of AI systems.
    Proposal of 21 April 2021 for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts, COM(2021) 206 final, 2021/0106; Artificial Intelligence and the Law: can we and should we regulate AI systems? / Koulu, Riikka; Sankari, Suvi; Hirvonen, Hanne; Heikkinen, Tatjaana. Research Handbook on Law and Technology. Eds. B. Brozek; O. Kanevskaia; P. Palka. Edward Elgar, Upcoming 2024.
    The AIA will inevitably create requirements for digital public administration as well. The risk-based approach functionally means that some AI systems used in administration would be considered to be high-risk or prohibited, but not all. This type of separation to risk levels is not common for public administration where the lex generalis creates overarching requirements for all public administration irrespective of the techniques used. Additionally, the public administration and the applied technologies are always context-specific, meaning that they must be in line with the broader administrative law principles and doctrines, but also the specific legislation regulating that administrative branch and function.
    Furthermore, considered from a broader perspective, the inherent power asymmetries within administrative systems may become overlooked, if/when the legislation incorporates merely software-oriented safeguards (we will return to the safeguards below). Since none of the AIA proposals recognise public administration as its own context, it remains to be seen how the practical adaptation of AI rules fits in the public law logic of the national administrative system.

    4.2 Objectives and the scope of the AIA

    While the AIA proposal’s purpose is also to protect fundamental rights, tangible human rights protection seems rather vague in the proposals.
    Artificial Intelligence and the Law: can we and should we regulate AI systems? / Koulu, Riikka; Sankari, Suvi; Hirvonen, Hanne; Heikkinen, Tatjaana. Research Handbook on Law and Technology. Eds. B. Brozek; O. Kanevskaia; P. Palka. Edward Elgar, Upcoming 2024; Beyond Individual: governing AI’s societal harm. / Smuha, Nathalie. In: Internet Policy Review. 2021.
     The human rights protection aspect relates to the national public administrative field as well as the national ADM legislation precisely due to its inherent links to the right to good administration, for example. It seems that the AIA proposal‘s main means for human rights protection slips into the picture through the ban of non-allowed AI systems as well as mandatory industry self-assessment against harmonised standards and mandatory third-party CE certification.
    This approach has been criticised, see e.g., Beyond Individual: governing AI’s societal harm. / Smuha, Nathalie. In: Internet Policy Review. 2021; How the EU can achieve legally trustworthy AI: A response to the European Commission’s proposal for Artificial Intelligence Act. / Smuha, Nathalie et al. In: SSRN. 2021 https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3899991; Demystifying the Draft EU Artificial Act: Analysing the good, the bad, and the unclear elements of the proposed approach. / Veale, Michael; Zuiderveen Borgesius, Frederik. In: Computer Law Review International. No 4, 2021.
    Self-assessment and CE certifications are not familiar rights protection techniques in administrative settings, which tend to rely on the principle of legality and appropriate accountability mechanisms. Additionally, it has been noted that the AIA proposal’s lack of an individual appeal mechanism (which is a more traditional way for human rights protection within the public field) further hinders individuals’ opportunity to stand up for their rights. The proposed AIA’s approach to human rights protection sits well in line with the view that at the core of the proposed AIA is product safety and market surveillance legislation, and human rights protection comes into the picture as a side product.
    I.e., human rights as a side product see more Artificial Intelligence and the Law: can we and should we regulate AI systems? / Koulu, Riikka; Sankari, Suvi; Hirvonen, Hanne; Heikkinen, Tatjaana. Research Handbook on Law and Technology. Eds. B. Brozek; O. Kanevskaia; P. Palka. Edward Elgar, Upcoming 2024.
    For purely speculative purposes, if rule-based systems were to be included in the final AIA, most (but not all) ADM systems used in the public administrative sector would be bound to follow it. Practically, for high-risk AI systems, the proposal would require heightened transparency obligations including enhanced monitoring and observability, and CE certification to ensure conformity with the regulation.
    Proposal of 21 April 2021 for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts, COM(2021) 206 final, 2021/0106.
    It remains questionable how far requirements such as the main means of human rights protection will have an impact in public administration settings, which functions under different forms of public law logics that are much more historically rooted, as mentioned. Securing fundamental rights under public administration inevitably requires considerations that are not always present when the question is of private, non-fundamental services. For example, the ability to exercise the Constitutional right to social security should be fundamentally secured (Constitution Section 19). In comparison, the level of safeguards necessary to protect a person from being given incorrect information from ChatGPT cannot be considered to be as fundamental from a public law perspective.
    Finally, the use of documentation for oversight purposes is a commonality between the AIA proposal and national ADM legislation. The main oversight function for judicial protection seems to be ensured in the AIA proposal through mandatory documentation.
    Proposal of 21 April 2021 for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts, COM(2021) 206 final, 2021/0106.
     As mentioned above, the national ADM legislation also relies heavily on documentation when it comes to judicial protection. Thus, in both the AIA and the national ADM legislation, documentation of the system is a fundamental way to ensure oversight of the system. Attaining this approach for oversight allows for the retention of discretion in the functionality of the systems with human actors. Considering the legality of the systems used, keeping humans in the loop remains a necessary component to ensure equity of the independently functioning technology.
    Albeit there is an ongoing academic discussion about the nature of AI and other computational functions as an ’actor’ under the law. As of now, the common approach is that technology is merely a tool for humans. See more, Human-algorithm hybrids as (quasi-)organisations? On the accountability of digital collective actors. / Beckers, Anna; Teubner, Gunther. In: Journal of Law and Society. No. 50. 2023.

    4.3 Potential parallel application of AIA and national ADM legislation

    Whether the AIA will apply in parallel to the Finnish national ADM legislation on rule-based systems has not been settled. The ADM legislation’s preparatory documents hardly scratch the surface of the upcoming AIA to affect the ADM legislation.
    Hallituksen esitys eduskunnalle julkisen hallinnon automaattista päätöksentekoa koskevaksi lainsäädännöksi HE 145/2022 vp (Government Bill on legislation for automated decision-making in the public administration) p. 7, 133.
     The AIA is mentioned very briefly, accompanying a statement that since the final version and scope of application of the AIA is not known yet, the impact of the future regulation must be assessed once the final regulation is agreed upon.
    Hallituksen esitys eduskunnalle julkisen hallinnon automaattista päätöksentekoa koskevaksi lainsäädännöksi HE 145/2022 vp (Government Bill on legislation for automated decision-making in the public administration) p. 7.
     The central question is what the final definition of AI in the AIA will be; that definition will determine which systems will fall under the future AIA. This question is also one of the main debates in the ongoing trilogue negotiations.
    In the AIA proposal, AI is defined as follows:
    ‘software that is developed with one or more of the techniques and approaches listed in Annex I and can, for a given set of human-defined objectives, generate outputs such as content, predictions, recommendations, or decisions influencing the environments they interact with.’
    Proposal of 21 April 2021 for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts, COM(2021) 206 final, 2021/0106.
    This definition is not technology-specific in a way that would explicitly leave out rule-based systems. In other words, the definition does not state which systems it includes, which would practically mean that rule-based systems would most likely fall within the definition of AI.
    However, the Council’s negotiation position would limit the definition of AI as meaning machine learning and/or logic- and knowledge-based approaches, ultimately excluding rule-based systems from the definition.
    Council of the European Union (2022) Proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) and amending certain Union legislative acts – General approach 2021/0106(COD) Brussels, 25 November 2022.
     In the latest Council’s compromise proposal AI is defined as follows:
    ‘a system that is designed to operate with elements of autonomy and that, based on machine and/or human-provided data and inputs, infers how to achieve a given set of objectives using machine learning and/or logic- and knowledge-based approaches, and produces system-generated outputs such as content (generative AI systems), predictions, recommendations or decisions, influencing the environments with which the AI system interacts.’
    Council of the European Union (2022) Proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) and amending certain Union legislative acts – General approach 2021/0106(COD) Brussels, 25 November 2022. p. 71.
    The EP’s adopted negotiation position would leave the definition of AI as general in line with the Commission’s proposal, and not tie it to a specific technology.
    European Parliament, Amendments adopted by the European Parliament on 14 June 2023 on the proposal for a regulation of the European Parliament and of the Council on laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) and amending certain Union legislative acts (COM(2021)0206 – C9-0146/2021 – 2021/0106(COD)) P9_TA(2023)0236 https://www.europarl.europa.eu/doceo/document/TA-9-2023-0236_EN.pdf.
     More specifically, AI is defined by the EP as follows:
    ‘a machine-based system that is designed to operate with varying levels of autonomy and that can, for explicit or implicit objectives, generate outputs such as predictions, recommendations, or decisions, that influence physical or virtual environments.’
    European Parliament, Amendments adopted by the European Parliament on 14 June 2023 on the proposal for a regulation of the European Parliament and of the Council on laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) and amending certain Union legislative acts (COM(2021)0206 – C9-0146/2021 – 2021/0106(COD)) P9_TA(2023)0236 https://www.europarl.europa.eu/doceo/document/TA-9-2023-0236_EN.pdf. p. 112. 
    Whether the definition of AI includes rule-based systems is fundamental for the applicability of the future AIA in parallel with the Finnish ADM legislation. Thus, the Council’s position to leave out rule-based systems from the scope of the AIA is supported by the Finnish negotiators.
    Valiokunnan lausunto PeVL 4/2023 vp – U 28/2021 vp (Statement of the Constitutional Committee) p. 2.
     At the same time, according to the Finnish Constitutional Law Committee, considerations on fundamental rights and legality control have not been sufficiently considered during the drafting of the Finnish position.
    Valtioneuvonston kirjelmä eduskunnalle komission ehdotuksesta Euroopan parlamentin ja neuvoston asetukseksi tekoälyn harmonisoiduksi sääntelyksi U 28/2021 vp; Valtioneuvoston U-jatkokirjelmä UJ 29/2022 vp; Valiokunnan lausunto PeVL 37/2021 vp (Statement of the Constitutional Committee); Valiokunnan lausunto PeVL 4/2023 vp (Statement of the Constitutional Committee). 
     The evident opposition to the all-encompassing definition for AI is highlighted, but the position seems to lack thorough constitutional assessment especially from the fundamental rights perspective. In the drafting of the ADM legislation, the Finnish legislator seems to have left the discussion on the future EU-level rules on AI fully outside the scope of concerns. Thus, in the end, if rule-based systems are included in the AIA, the national legislator and administrative actors will have a lot of work to do to consider how to apply the AIA together with the national ADM legislation. Also, some of the computational systems are so complex that identifying whether the system uses machine learning or other equivalent technology is not that simple to identify.
    Furthermore, considering the AIA doctrinally, the proposal currently leaves open whether AI systems that are already functioning would fall under the scope of the regulation. Article 83(2) of the AIA proposal states that the regulation applies to high-risk AI systems that have already been put into service before the application of the Regulation ‘only if, from that date, those systems are subject to significant changes in their design or intended purpose’. If the article remains unchanged in the final AIA, it seems that an already functioning ADM system that does not go through a ‘significant change’ would not be governed under the AIA. At this stage, however, what the final version of the AIA will look like and how individual rules included in the regulation will function practically remains speculative.

    5. The challenge of law and technology

    As discussed above, ADM and soon also AI are becoming conceptualised and regulated as administrative law issues.  The EU legislation has brought in new concepts and some of them have already been incorporated into the national legal field through the ADM legislation. Above, we have mapped out the Finnish doctrinal landscape of the public administrative system with special attention to ADM. However, clearly, the administrative system does not merely consist of laws. It also consists of deeper layers of the legal system which guide and shape the functioning of the novel legal rules. At the same time, public administration is a practice which is increasingly conducted through digital technologies and interfaces. Thus, the technologies used in administration are contextually dependent on the broader administrative legal system on one hand, and the actual practical technological decision that affects the state-citizen interactions on the other.
    In the next section, we use Kaarlo Tuori’s theory of critical legal positivism to see how the general principles and theories of law enable and limit ADM. The aim is to show that legislation does not take place in a vacuum, but it is always part of a bigger doctrinal and cultural entity.
    Here by context, we mean the overall administrative legal system, individual branches of administration as well as technologies that are available.
     After that, we will outline recent Finnish socio-legal research in which the digitalisation of public administration is analysed through the lens of user interfaces. This research will provide an example of how the technological design, which to some extent is based on law, can be legally relevant. It illustrates the contextual significance of technology in engaging with the citizens through a digital interface.

    5.1 Within the legal system – Tuori’s Critical Legal Positivism

    Some scholars have considered digitalisation to be legal irritant due to its way of challenging general principles of law.
    Legal Irritants: Good Faith in British Law or How Unifying Law Ends Up in New Divergencies. / Teubner, Gunther. In: Modern Law Review. No. 61, 1998; Miten Hyvä Hallinto Digitalisoidaan? Haaste Oikeustieteelliselle Tutkimukselle. / Koivisto, Ida; Koulu, Riikka. In: Lakimies. No. 118, 2020. p. 799.
     On the one hand, in a digitalised society data and knowledge are gaining increasing significance as forms of governance; this is something that public administrative law has had trouble recognising.
    Kohti digitaalisen ajan hallinto-oikeutta. / Pöysti, Tuomas. In: Lakimies, No. 6-7, 2018. p. 873.
     On the other hand, incorporating ADM into our legal system pushes us to consider the place of constitutional principles, specific legislation, and even fields of law, such as public procurement, that are not evident at the outset. What is their meaning in the fabric of digitalising administrative law?
    Finnish legal philosopher Tuori’s critical legal positivism has been a prominent way to approach the understanding of ‘legal order’ in Finland and beyond. Here, it will allow us to consider the dynamic of change at the same time as the stability in law. We argue that it has special explanatory power for analysing the effects of the digitalisation of law.
    Tuori’s basic idea is that law is a three-layered phenomenon.
    Critical Legal Positivism. / Tuori, Kaarlo. Ashgate, 2002. p.147.
     The three layers of the legal order are in constant interaction. The visible part of the legal order, namely its representation through enacted laws, lower-level norms, highest court rulings and influential legal research, is its mutable surface, the top layer.
    Critical Legal Positivism. / Tuori, Kaarlo. Ashgate, 2002. p. 154-161.
     The surface of the legal order is mutable exactly because changes can be rapid due to the possibility for the regulations to change relatively quickly and sometimes unpredictably by the will of the legislator. However, the surface level of the law is not only shaped by politics but also by the deeper layers’ normative assertions.
    Drawing inspiration from Foucault, the theory does not stop at the turbulent surface but accepts that the metastructure of the scientific knowledge, in this case, law, is not fully embodied in the visible representation.
    The Order of Things: An Archaeology of the Human Sciences. / Foucault, Michel. Pantheon Books, 1970; Kriittinen oikeuspositivismi. / Tuori, Kaarlo. Werner Söderström Lakitieto OY, 2000. p. 79-88; Oikeus on, miten se systematisoidaan? Kysymys oikeudenalajaotuksesta ja hallinto-oikeudesta. / Koivisto, Ida. In: Lakimies, No. 7-8, 2015.
     Thus, the two layers that lie under the mutable surface, legal culture and the metastructure of law, play an important part in the legal order as the visible representation. Legal culture is a contested concept
    Especially in the field of Comparative law, the concept of legal culture has been a prominent academic debate for centuries.
     but in the context of Tuori’s contribution to Finnish legal philosophy, it can be understood as including legal principles, general doctrines, and concepts of law in different legal fields as well as legal professionals’ culturally affiliated methods.
    Critical Legal Positivism. / Tuori, Kaarlo. Ashgate, 2002. p. 161-183.
     Legal culture is shaped by long-standing legal practises that have been sedimented deeper in the legal structure as more or less unquestioned norms. While the second layer goes deeper into the understanding of the law, this is not enough to exhaustively understand the legal order.
    The deep structure of law, the third and most fundamental layer, encapsulates the core of Western legal traditions.
    Critical Legal Positivism. / Tuori, Kaarlo. Ashgate, 2002. p. 183-191.
     Tuori approaches the explanation of the third layer by asking: despite the different surface and legal cultures in the USA, Germany, and Finland (examples), is there still something common? Consequently, he points out that the deepest layer includes, for example, human rights and the concept of legal subjects. This is the most abstract level at which changes are expected to be slow.
    This layered approach supposes a normative hierarchy. The surface-level norms must be in line with the deeper-level norms. While that is the case, the layers interact and influence each other constantly. These interactions may happen top-to-bottom or bottom-to-top.
    Critical Legal Positivism. / Tuori, Kaarlo. Ashgate, 2002. Chapter 7.
     For example, legal culture may become obvious on the surface through culturally contextual legislation, or it can justify things happening on the surface. For example, once ADM has been used and issues have arisen while no legislation applies, the judicial oversight bodies have had to dig deeper into the structures of the legal order in order to find redress to seemingly inequitable situations, such as the principle of good administration. Another way for the layers to interact is how central legal practices become settled to the deeper levels. This shows the continuous flowing and organic nature of legal order, which is constantly (slowly) changing as a whole.
    This approach helps in understanding the phenomenon of how societal changes challenge the basic doctrines of all fields of law.
    Oikeus on, miten se systematisoidaan? Kysymys oikeudenalajaotuksesta ja hallinto-oikeudesta. / Koivisto, Ida. In: Lakimies. No. 7-8, 2015. p. 967.
     Changes in administrative law majorly affect its construction and determining its dimensions.
    Oikeus on, miten se systematisoidaan? Kysymys oikeudenalajaotuksesta ja hallinto-oikeudesta. / Koivisto, Ida. In: Lakimies. No. 7-8, 2015. p. 968.
     When the public administration experiences changes in processes (quality, extent) or in law, these changes inevitably require reconsideration of its classical and more embedded doctrines.
    Hallinto-oikeus. / Mäenpää, Olli. 7 ed. Alma Talent, 2023. p. 56-57.
     When practical public administration is infused with novel solutions, it simultaneously requires placing attention on the concepts, principles, and doctrines to make sure that these more foundational levels correspond with and are corresponded to by the new/​modern public administration.
    Oikeus on, miten se systematisoidaan? Kysymys oikeudenalajaotuksesta ja hallinto-oikeudesta. / Koivisto, Ida. In: Lakimies. No. 7-8, 2015. p. 969.
     While administrative law must redefine itself in relation to the changes in the fluctuating structural circumstances of public administration, the deeper layers may function as limitations for the intensity and direction of these changes.
    Oikeus on, miten se systematisoidaan? Kysymys oikeudenalajaotuksesta ja hallinto-oikeudesta. / Koivisto, Ida. In: Lakimies. No. 7-8, 2015. p. 969; Kriittinen oikeuspositivismi. / Tuori, Kaarlo. Werner Söderström Lakitieto OY, 2000. p. 236.
    For example, public administration has become increasingly proceduralised.
    Oikeus on, miten se systematisoidaan? Kysymys oikeudenalajaotuksesta ja hallinto-oikeudesta. / Koivisto, Ida. In: Lakimies. No. 7-8, 2015. p. 970-971.
     Ida Koivisto has noted that the identity of public administration in Finland has been transformed to resemble a ‘methodological quality overseer’.
    Oikeus on, miten se systematisoidaan? Kysymys oikeudenalajaotuksesta ja hallinto-oikeudesta. / Koivisto, Ida. In: Lakimies. No. 7-8, 2015. p. 970.
     This is to say, the focus has been increasingly on the quality procedures and their acceptability. While at the same time, public administration has also been influenced by a fundamental right to good administration, a principle that has become a constitutional right. As Olli Mäenpää states, modern Finnish administrative law is characterised by quality assurance and financial/​economic efficacy,
    Hallinto-oikeus. / Mäenpää, Olli. 7 ed. Alma Talent, 2023. p. 71-74.
     logics borrowed from the private sector. Often, efficacy is pursued through outsourcing and privatisation projects.
    This is also visible from the preparatory documents for the ADM legislation for tax and customs which emphasise allowing ADM to be used in rectification claims easing the workload and therefore enhancing productivity.
    Hallituksen esitys eduskunnalle automaattista päätöksentekoa verotus- ja tulliasioissa koskevaksi lainsäädännöksi HE 224/2022 vp (Government Bill on legislation for automated decision-making in tax and customs) p. 7.
     Here, we can observe gradual changes to the field of administrative law. It seems like the way in which the public administration meets the citizens is changing, as is the rationality. However, at the same time, the citizen and their rights, such as the right to good administration seem to become more buried in the layers of public administrative law.
    It seems promising to understand how automated decision-making disrupts and is disrupted by the broader legal context with support of Tuori’s theory. The discussion on whether and how ADM is governed in Finland is not only a question of the legislation, but also how it fits in the deeper understanding of the legal order, its functions and logics. Thus, while the surface is turbulent, the ADM legislation also touches the deeper levels of the legal system. There are underlying assumptions that become visible through the changes in the processes of public administration.
    For example, the legislative debates surrounding how to deal with discretion and the personal nature of official accountability (discussed in section 3.4. and 3.6.) were not easy problems to solve because the solution had to be in line with not only the surface-level law, but the deeper assumptions on human-centred legal principles and the fact that the administrative field seems to function on human-public official assumptions. This is visible from terminology as well as the way in which national liability for public officials’ errors is personal and placed for the human public official.
    The automated procedure and consequent decision reached required rethinking assumptions present in deeper levels of the administrative legal system. The technology-specific legislation is contextually dependent on multiple other fields of law as well as deeper, more fundamental doctrines and principles of the legal system. Incorporating ADM in administrative functions raises questions of constitutional nature such as equality, access to justice and allocation of liability. Furthermore, the cross-sectional interdependence of certain administrative laws to other legal fields, such as criminal law had to be reconciled.
    In addition, the new ADM legislation brought with it novel administrative law concepts and it is not yet known how they would fit the whole administrative law system. Institutional practices will most likely show their importance in the settlement of the new concepts into the administrative legal order. When the processes and practices change, they not only require a change in the text of law but also they influence and are influenced by the deeper layers of legality. Thus, we should not only look at the surface, i.e., how ADM is legislated and what issues arise, but also more fundamentally, i.e., how it affects and how it is affected by legal culture as well as the ‘meta legality’ of Finnish legal order.
    Furthermore, it is not only the national legal order that affects and is affected by these changes. As discussed extensively throughout this section, EU law and currently the GDPR play an important role in relation to ADM. EU law is involved due to article 22, and therefore the whole GDPR is involved. We have discussed the issues brought by the legal safeguards presented in recital 71 and whether they are applicable in national administrative ADM. As mentioned, this is a question for the CJEU to decide. However, the application of the GDPR shows that it is not only the national legislative system that the use of ADM and individual provisions in the legislation must fit in, but also the EU legal order. The case will be the same with the upcoming AIA. 

    5.2 Within the administrative practice – the perspective of usability

    In addition to the effect on the legal system comprehensively, the transformative nature of technology in public administration can be also approached from a more practical point of view. Recently, two of the authors of this report have also analysed digitalisation of public administration from the perspective of usability of digital interfaces.
    Digitalisoituva julkishallinto: käytettävyys kuuluu kaikille. / Koulu, Riikka; Sankari, Suvi; Sormunen, Sofia. In: Edilex. No. 36, 2022.
     In the previous research the technology-specific legal landscape was systematised through the way in which the digital public administration is construed.
    Digitalisoituva julkishallinto: käytettävyys kuuluu kaikille. / Koulu, Riikka; Sankari, Suvi; Sormunen, Sofia. In: Edilex. No. 36, 2022. p. 11.
     It allowed the questions that stem from the more abstract requirements that the fundamental principles create to be defined better. The approach adopted was to systematise the legislation in accordance with whether it affects 1) administrative workers’ user interface, 2) back-end solutions, or 3) citizens’ user interface. These three entry points to the technology were used as heuristic tools on how to consider public administrative law from a socio-legal research perspective. This type of systematisation proved to be beneficial especially due to the fragmented nature of legislation which applies to digital public administration.
    Since the relevant legislation was considered through IT concepts, i.e., ‘user interface’, ‘front end’ and ‘back end’, it seems necessary to briefly explain what these concepts mean. In computer science terms, user interface means the part of the technology or a digital artefact that is visible to the user and with which the user interacts with. The front end of a digital system can be considered to be a somewhat analogous term to user interface but it encompasses more functions that allow the user-interface to work as it does. The back end consists of the functionalities and abilities of the digital system that are not visible to the user. These include, for example, data management and interoperability of different systems.
    Even though front end, back end and user interface are not legal terms, different aspects related to them are already mentioned under Finnish as well as EU law. For example, the preparatory documents for above mentioned IMA (more in section 1.2.7. above) and ESCPS (more in section 1.2.8. above) recognise the importance of the back-end systems to the usability of the digital service.
    Hallituksen esitys eduskunnalle laiksi julkisen hallinnon tiedonhallinnasta sekä eräiksi siihen liittyviksi laeiksi 284/2018 vp (Government Bill for an act on the information management in public administration) p. 60, 123 (IMA); Hallituksen esitys eduskunnalle laeiksi hallinnon yhteisistä sähköisen asioinnin tukipalveluista sekä valtion yhteisten tieto- ja viestintäteknisten palvelujen järjestämisestä annetun lain muuttamisesta 59/2016 vp (Government Bill for an act on electronic services and communication in the public sector) p. 56.
     Thus, in the planning and building of the digital administrative system, the operability of the system is to be understood comprehensively. Although the legislation relating to the back-end systems of digital public administration implicitly recognises the connection of that specific part of the technological solution to the overall functioning of the system, there is little explicit reference to the comprehensiveness of the digital systems.
    In other words, the connection between a proper functioning of the back end and the functioning of the whole digital service is not clearly written in the law, nor included in it as an obligation. Consequently, situations in which an issue at the back end of a digital system has caused negative consequences for a citizen cannot be properly addressed by the laws regulating the back end of the systems. In such cases, the courts and legality controllers can tackle the issue through core administrative law principles, such as the principle of good administration.
    In relation to the citizens’ user interface, the nationally implemented Accessibility Directive – Act on the Provision of Digital Services (discussed in section 1.2.8. above) – proved to be the most influential legislation regulating the usability of the digital public services. As mentioned above, the Act on the Provision of Digital Services as well as the standards that the legislation requires to follow are both built to especially cater to people with special needs. However, accessibility and usability are not merely questions for people with special needs. There have been cases brought to the Chancellor of Justice that illustrate that anyone can encounter unclear situations in digital administration and therefore the question of accessibility and usability should be understood as all-encompassing and essential for everyone.
    E.g., OKV/1179/2020; OKV/663/1/2019.
    Another point that the Act on the Provision of Digital Services brought was that the accessibility and usability of digital public services are to be ensured through principles and techniques followed in the planning and constructing of the system. However, these ‘principles and techniques’ are not properly defined. The preparatory documents illuminate that the techniques include user testing, which is guided by general standards.
    Hallituksen esitys eduskunnalle laeiksi digitaalisen palvelujen tarjoamisesta sekä sähköisestä asioinnista viranomaistoiminnassa annetun lain muuttamisesta 60/2018 (Government Bill for an act on the provision of digital services) p. 64.
     “Standards” are mentioned but it has not been specified which standards are meant. Thus, even though the PDS seems to guide the provision of digital services so that they are in line with the four core principles, the more specific guidance on accessibility is vague in the law.
    Still, usability becomes materialised precisely during the planning and construction of the digital system. Building a digital system is necessarily context-dependent and aims to cater to the needs of that specific public administrative function. Since the guidance for user testing – which forms the core for ensuring the usability of the system – remains relatively vague in law, it has not considered how legal protection or the principle of good governance could be used as guiding principles in constructing a digital system. Still, legal overseers have tackled cases relating to poor usability of public administration's digital system through the principle of good administration and the service principle. One case has signalled that the public administration needs to know the users and take their diversity into account when planning and creating these media.
    OKV/1179/2020.
    While the legislation is sparse when it comes to many specific situations, many laws touch upon the digital state’s functions as mentioned above. When digital administration is considered from a usability point of view, it allows consideration of the issues beyond the applicable legislation. While legislation is essential, it is not all-encompassing when it comes to the legal protection of citizens acting with the public administration. All digital systems incorporated into the administrative function are context-dependent and built with the aim of catering to the needs of that specific function. The planning and constructing phase of a digital system is precisely the point in time when decisions that affect the legal protection of citizens are made. Usability as the entry point is a way to define this. Ensuring judicial protection, good administration and other fundamental principles is usually only possible through context-dependent technology.

    6. Potential for Northern European collaboration

    When technology is implemented to perform a public administrative function – by replacing or assisting a public official – that technology is created to cater to the specific needs of that branch of administration. In other words, the digital solution is made for the specific organisation catering to its practices and for its users. That context translates poorly from an administrative branch to another, not to mention from one country to another. However, the similarities between the Nordic administrative traditions and legal cultures make it worthwhile to consider the possibilities for deepening collaboration. Furthermore, Northern European countries may share similar needs and issues related to the preservation of their official languages, as globally AI development is dominated by English and Chinese languages and smaller language areas may lack the resources needed for developing contextual AI tools.
    In the following, we raise two contextual factors that might limit the translatability of technology. Firstly, the applicable laws and secondly, the technology itself. Following Tuori’s thesis, the surface-level legislation is intrinsically linked with the logics of the national legal order. The surface-level laws must reflect the norms, principles, and assumptions of the deeper levels. This means that the technology-specific national laws do not merely regulate the technology as they stand but aim to tie in the digital tools with the deeper legal context of the given legal system. While that is the case, transnational legislation, notably EU law, also fundamentally influences the digital administration. Still, as it is apparent from the national application of the GDPR, that while the regulation is directly applicable law, it includes many aspects which leave room for national interpretation and application (more in section 1.2.3. above). The same can be expected from the upcoming AIA. Only time will show us how fragmented the application of AIA will be within the 27 EU Member States, not to mention how the CJEU will interpret the individual articles. From a purely legal point of view, countries that share a similar legal history and culture would pose more fertile soil for sharing technology for public administration. Still, a similar legal culture and smaller language group do not remove the context dependency of the utilised technology.
    The second contextual factor that limits the translatability of technology in public administration is the technology itself. The ability to make use of the same digital system in another context is not merely a legal question but also a practical one (in which legislation plays a role). When the digital tool for public administration is designed, it is designed for a specific context and for a specific user group. Ensuring the usability of the technological system is one of the fundamental ways for the given digital solution to be in line with many applicable fundamental legal principles. If the usability of the technology is poor, it can affect the legal protection of individuals and even make the technology redundant. However, as it is with other systems, usability is highly context-dependent in the digital public administrative systems as well.
    We wish to explain this further with the help of an analogous example – Apotti, the Finnish patient information system for medical personnel. While Apotti is purely a digital system for the medical field, patient safety (that is at stake in the medical field) can be analogically considered with legal protection (that is at stake in the public administration field).
    Digitalisoituva julkishallinto: käytettävyys kuuluu kaikille. / Koulu, Riikka; Sankari, Suvi; Sormunen, Sofia. In: Edilex. No. 36, 2022. p. 18.
    Apotti became the patient information system in Finland because of a public procurement process. The system is based on a patient information system called Epic, which was developed by a company based in the United States (US).
    Sano aaa niin kuin Apotti – paraneeko tietojärjestelmä vaihtamalla? / Nisula, Sara. In: Finnanest, No. 52, 2019. p. 15.
     Epic’s translation into the Finnish context began in 2016 and resulted to Apotti 1.0. Apotti has undergone upgrades and smaller fixes during its time due to heavy criticism, especially by its users, medical professionals that is. Development of Apotti’s second version began in 2021. Essentially Apotti has been criticised for its poor usability and fragmentation of information within the system, which has resulted in inability for a medical professional to see all necessary information on their user interface.
    Sano aaa niin kuin Apotti – paraneeko tietojärjestelmä vaihtamalla? / Nisula, Sara. In: Finnanest, No. 52, 2019. p. 15.
    One of the reasons for Apotti’s issues has been its roots in the US system while further developing the system resulting in a complicated ensemble of technological parts also played a role.
    Digitalisoituva julkishallinto: käytettävyys kuuluu kaikille. / Koulu, Riikka; Sankari, Suvi; Sormunen, Sofia. In: Edilex. No. 36, 2022. p. 18.
     The translation of Epic into Apotti did not merely include the language translation from English to Finnish, but also the translation of the technology designed for the US healthcare system’s processes to correspond to the design of the Finnish healthcare system. Evidently, the healthcare systems are driven by different logics, as Nisula vividly explains: ‘law and invoicing driven hierarchical American healthcare system translated into Haaga healthcare centre, independently functioning midwives, and urgent care that costs €48,90 for the citizen.’
    Sano aaa niin kuin Apotti – paraneeko tietojärjestelmä vaihtamalla? / Nisula, Sara. In: Finnanest, No. 52, 2019. p. 16. Translation by the authors. Original: […] juridinen ja laskutus edellä menevä hierarkkinen, amerikkalainen terveydenhuolto käännetään Haagan terveysasemaksi, itsenäisesti toimiviksi kätilöiksi ja kansalaiselle 48,90 euroa päivässä maksavaksi tehohoidoksi.’
     Customisation and finetuning of the digital system based on foreign processes and logic has not been cheap.
    The situation with Apotti finally became untenable so that the national supervisory authority for welfare and health (Valvira) started to investigate the matter and have given two decisions on its issues. The first one was a result of more than 600 medical professionals’ complaints and the second was based on own initiative inquiry.
    Apottijärjestelmä vastaa lainsäädännön vaatimuksia, mutta valvonta jatkuu. / Valvira. https://www.valvira.fi/-/apotti-jarjestelma-vastaa-lainsaadannon-vaatimuksia-mutta-valvonta-jatkuu. Valvira kehottaa HUS-yhtymää korjaamaan Apotti-järjestelmään liittyviä ohjeitaan ja käytäntöjään. / Valvira. https://www.valvira.fi/-/valvira-kehottaa-hus-yhtymaa-korjaamaan-apotti-jarjestelmaan-liittyvia-ohjeitaan-ja-kaytantojaan. The latter decision concerned only Helsinki and the Uusimaa welfare regions’ social and healthcare group.  
     Valvira stated that as it stands, Apotti is in line with the applicable laws, but they will continue to follow the development of the system and especially place attention for the improvement of its usability.
    Decision V/32836/2022
     The own-initiative inquiry targeting Helsinki and the Uusimaa welfare regions’ social and healthcare group was dimmer. Valvira gave multiple requests for improvement in relation to the visibility of certain information and following the demand of an individual not to share their data with other healthcare systems.
    Decision V/32832/2022
    All in all, the translation of the US-based system to the Finnish healthcare contexts shows how using the same system in similar (both healthcare systems) but different contexts has proved to be more difficult than originally thought. The same can be expected from a technology designed for other public administrative functions. While the context for the technology would largely be the same (public administration), the logic and the processes of different countries' administrative systems inevitably are not identical. Nevertheless, the Northern European countries have more similarities than the US and Finnish healthcare systems, and thus the risks for long-lasting further development would be smaller. In the end, the question is how beneficial sharing the technology would be.

    7. Conclusion

    In this chapter, we introduced the legal framework considering automated decision-making in public administration in Finland. We also presented the background and implications of the relevant legislation and analysed some of its theoretical and practical dimensions.
    The most important thing is to highlight that as an EU member state, Finland’s legal approach to ADM stems from the GDPR conception of ADM. Decades before the GDPR, computers were used in public administration, but ADM was not fully considered as an independent object of regulation. In the late 2010s and early 2020s, this discrepancy between the GDPR and constitutional principles, and approaching those technologies as tools only gained increasing critical attention. In spring 2023, Finland adopted a new ADM allowing legislation, which enables fully automated administrative decisions in all public administration, when certain criteria are met. As we have shown, the legal niche to accommodate this legislation has been rather small – due to the GDPR and national constitutional restrictions – while political pressure to adopt it was considerable.
    To conclude, we wish to raise six points:
    1.png
    First, the new ADM legislation is decision-oriented. On the one hand, this is logical as the administrative decision is perhaps the most important way of using public power in Finland. On the other, however, this orientation may obfuscate the fact that digital technologies are also used in other administrative activities, and sometimes it is hard to demarcate an administrative decision from other activities. Thus far, those other activities remain unregulated.
    2.png
    Second, the concept of good administration is of key importance in both legitimating and curbing the extent of automated decision-making nationally. The constitutional nature of the principle gives it specific weight. Digital administration must be good digital administration. This also means that automated decisions need to meet the quality criteria of administrative decisions in general, and good administration can further serve as a tool for developing the digitalisation of administration.
    3.png
    Third, as for now, it remains uncertain how the upcoming AIA will affect the legal landscape of ADM in Finland. The decisive factor will be the definition of AI in the AIA: if AI covers rule-based systems, the Finnish ADM will fall under its scope, and pressure to amend the newly adopted legislation will emerge. If not, the national legislation and the AIA might not overlap, leaving current legal solutions intact. Neither does the AIA define public administration as a separate high-risk field, but only some parts of it, which further adds to the ambiguity. 
    4.png
    Fourth, in the spirit of Kaarlo Tuori’s critical legal positivism, the introduction of ADM as a regulatory object is not only a surface-level phenomenon in the Finnish legal order. Instead, it also challenges some of the fundamental doctrines of administrative law. As we have argued, this goes especially for personal criminal liability of public officials, and the use of discretionary powers in decision-making. Digitalisation may affect those doctrines beyond the use of digital technologies.
    5.png
    Fifth, we have shown how ADM is not only a matter of legislation, but its effectiveness and legitimacy also depend on usability and accessibility. Thus, with digital public administration, the legal and technological aspects become inseparable from one another.
    6.png
    Sixth and finally, we emphasise that Northern European countries have many similarities both in legal traditions and cultures as well as in the needs and concerns related to both technology development and deployment, and technology regulation. It remains unclear – and potentially worth investigating more closely – to what extent the cultural similarities can mitigate the context dependency and poor transferability of most digital technologies. However, the increasing European technology regulation has the potential to produce harmonised rules for the internal market, which could also enable new technological innovations of digital public administration. 
    Nordic Council of Ministers I www.norden.org/publications I pub@norden.org