Version 1.2 10.5281/zenodo.18109747 Dec 31, 202
On 3 September 2025, the General Court of the European Union rendered judgment in Latombe v European Commission (T-553/23). The ruling is commonly understood as a decision on data transfers to the United States under the EU–US Data Privacy Framework. That reading is too narrow.
This position paper advances the position that the Latombe judgment introduces a generally applicable governance framework for any automated decision-making system (ADMS) that makes, or materially influences, decisions about natural persons. The judgment articulates four interconnected conditions that a system must satisfy to provide adequate protection of fundamental rights:
1. Procedural legitimation in advance
2. Limits by design
3. Independent oversight with enforcement power
4. Transparency about changes
We designate this framework as the Latombe test: an analytical and normative assessment framework applicable to algorithms, AI systems, and other forms of automated decision-making used by public authorities and private actors.
Central thesis: Every system that makes decisions about people—whether for surveillance, fraud detection, benefits allocation, recruitment, or credit assessment—must satisfy all four layers of the Latombe test. Systems that cannot do so lack adequate safeguards and should not be authorized for deployment.
This position paper is intended for policymakers, regulators, administrators, and legal practitioners responsible for the deployment, supervision, or assessment of automated decision-making systems.
Suggested citation
Nijeboer, O. (2025). The Latombe Test: A Rule-of-Law Framework for Ex-Ante Governance of
Algorithms. Position Paper v1.3. Available at: https://dataprotection.support/latombe-test