OLRF
Part 3 Constitutional and Democratic Dimensions

Chapter 15

Democratic Control of Executable Law

Last updated: 2026-04-10 Open for review

“The question is never whether technology will change democracy. The question is whether democracy will shape technology, or technology will shape democracy.” --- Marietje Schaake, The Tech Coup: How to Save Democracy from Silicon Valley, Princeton University Press 2024

The Democratic Deficit in Automated Governance

Democratic government is not a single institution. It is a chain. Citizens elect representatives. Representatives enact law. The executive applies that law in individual cases. And a set of institutions ensures that this exercise of power remains answerable: courts review the legality of individual acts, parliaments oversee the practice of administration, audit bodies examine systemic patterns, and citizens retain the right to understand, challenge, and contest the decisions made in their name. Each link in the chain depends on the one before it. If any link becomes opaque, the links that follow lose their practical grip1.

The growing automation of public administration has introduced a structural distortion into this chain. The formal institutions remain in place, but their practical ability to exercise control is weakened once the operative logic of decision-making disappears into inaccessible technical systems. A parliament cannot meaningfully supervise what it cannot inspect. A court cannot meaningfully review what it cannot reconstruct. A citizen cannot meaningfully challenge what they cannot understand. An audit body cannot meaningfully assess systemic quality if the normative basis of the system’s output is unavailable in a verifiable form. The result is not the formal abolition of democratic accountability, but something in some respects more dangerous: its gradual loss of practical force.

This is the democratic deficit of automated governance. It is not primarily a deficit of good intentions, nor merely a problem of insufficient documentation. It is a deficit at the level of institutional visibility. The exercise of public power increasingly depends on executable specifications, implementation choices, and system boundaries that remain difficult or impossible for democratic institutions to see with precision. As a result, decisions may still be taken in the name of the law while the practical conditions of their production become progressively less answerable to democratic control2.

This erosion of democratic control through digitalisation is not a side effect of automation. It is a structural consequence of the fragmentation of constitutional functions that occurs when the operative form of a norm migrates from the publicly visible domain of legislation and administrative procedure into the privately controlled domain of software engineering3.

The three models make this deficit more precise. Under Model A, the democratic deficit is concentrated in the Decision Tree: if the tree is not publicly available and institutionally reviewable, the operative form of the law is invisible to democratic institutions. The OLRF solves this through publication in the Registry. Under Model B, the democratic deficit extends to the validation framework: the criteria by which the Legal Agent’s reasoning is checked determine, in practice, which deviations from the tree are tolerated and which are flagged. If those criteria are not publicly available, the effective boundaries of legal application are set by a technical artefact that no democratic institution can inspect. Under Model C, the democratic deficit extends further still: the autonomous agent’s reasoning process, the audit protocol against which it is assessed, and the certification standards that determine which agents are permitted to reason from law are all elements that shape the practical life of the norm. If any of them remains outside democratic visibility, the accountability chain is broken at a point that neither the legislature nor the courts can reach4.

The OLRF is designed as a response to this condition. Its ambition is not limited to making automated governance more transparent in a general sense. It seeks to make it governable by democratic institutions. That requires more than publication. It requires an architecture in which the operative form of the law can be examined before use, challenged during use, and reviewed after use. Four dimensions are central. The legislature must be able to exercise control before and after publication. Courts must be able to review the executable layer as part of the legality of the act. Civil society must be able to scrutinise and contest the normative specifications that affect the communities it represents. And the Coverage Map must make politically consequential choices about the scope and mode of automation visible in a form that democratic institutions can actually use.

Legislative Control: Before and After Publication

The legislature’s relationship to machine-executable law has two distinct temporal dimensions. The first is ex ante. The second is ex post. Both matter, and they matter differently.

Ex ante control is about what happens before a Decision Tree takes effect. Parliaments have always reviewed delegated legislation before it binds citizens: committees examine drafts, experts are consulted, objections are raised where necessary. That process has never worked perfectly. Delegated instruments are often technical, voluminous, and politically overshadowed by the primary legislation they implement. Many pass without meaningful scrutiny. Yet the machine-executable layer offers something that narrative regulation does not: a formal specification that can be tested, simulated, and structurally inspected before it enters into force.

A Decision Tree is not merely descriptive text about how a norm might be applied. It is a formal specification of how that norm will in fact be applied in the cases within its scope. For that reason, it is open to forms of scrutiny unavailable in ordinary narrative regulation. Parliamentary committees can inspect the sub-normative linkage and determine whether the formal elements of the specification genuinely derive from the enacted text. They can examine the Coverage Map and see which elements of the statutory scheme are implemented, which remain discretionary, which are excluded, and which are marked as contested. They can interrogate the accompanying test suite and observe how the specification behaves across ordinary cases, edge cases, exception paths, and escalation scenarios. In this respect, the executable layer is not harder to scrutinise than delegated legislation. Properly structured, it is easier to scrutinise with precision5.

Under the three-model framework, ex ante legislative control acquires an additional object: the model assignment itself. The Coverage Map must document not only which elements of the norm are automated, but under which model they are automated. A parliamentary committee reviewing a Decision Tree for a social welfare norm should be able to see that eligibility determination is assigned to Model A (deterministic evaluation), that the assessment of exceptional hardship is assigned to Model B (guided evaluation with validation), and that the assessment of integration prospects for long-term benefit recipients is assigned to Model C (autonomous reasoning with retrospective audit). Each assignment carries different constitutional implications: different degrees of consistency, different forms of accountability, different levels of human involvement. The committee must be able to assess whether those implications are proportionate to the rights at stake. This is why the model assignment is a Wesentlichkeits-relevant decision (Chapter 11): for norms affecting fundamental rights, it must be made by the legislature or under sufficiently specific legislative delegation, not left to the implementing authority’s technical discretion6.

This is why the structured pre-publication review period matters so much. The interval between submission to the Registry and entry into force is not an administrative delay. It is the democratic space within which the machine-executable form of sovereign authority becomes open to institutional inspection before it binds anyone. During that period, the Decision Tree, the Coverage Map (including model assignments), the test suite, and the linkage structure are available for parliamentary scrutiny, judicial attention where appropriate, expert criticism, and civil society review. The core principle is simple: if the executable specification will shape the concrete life of the law, it must be visible before it becomes operative.

Ex post legislative control is no less important. Democratic oversight does not end when a Decision Tree is published. It begins a second phase. Once a specification has entered operational use, the legislature must be able to assess not only what was intended, but also what is happening in practice. Are particular categories of cases generating unexpectedly high escalation rates? Are certain exceptions rarely triggered despite clear legislative expectation? Are some parts of the law systematically excluded from automation? Are patterns of discretionary referral emerging that suggest either over-automation or under-formalisation? These are not merely operational questions. They are questions about whether the administration is giving effect to the will of the legislature as enacted.

Under Models B and C, ex post legislative control acquires additional diagnostic instruments. The population of deviation records under Model B reveals whether Legal Agents are systematically deviating from the Decision Tree in particular directions, which may indicate that the tree’s specification is too rigid, that the agents are miscalibrated, or that the validation thresholds are set incorrectly. The population of audit assessments under Model C shows whether autonomous agents are producing outcomes that are individually defensible but systematically divergent from what the legislature intended. Both patterns are invisible in a Model A system, where every outcome is deterministic and every deviation is an error rather than a feature. The three-model framework therefore does not just multiply the objects of legislative oversight. It provides richer diagnostic information about the relationship between legislative intent and administrative practice than any single-model architecture could7.

This is where the Registry and the structured population of Decision Packages become institutionally important. They make it possible for parliamentary oversight to move beyond anecdote and selective case visibility. A legislature, or the committees and audit institutions acting on its behalf, can inspect patterns across classes of decisions and compare the operative system against the normative design that was approved. Ex post control thus becomes more than retrospective criticism. It becomes an ongoing capacity to supervise the real behaviour of automated administration in light of legislative intent.

Courts and the Reviewability of the Executable Layer

Judicial review is the point at which democratic government proves that it remains bound by law even when it acts through technical systems. The essential question for the courts is not whether a machine was involved. It is whether the citizen affected still encounters a legally reviewable act8.

In the pre-OLRF environment, that question is often difficult to answer with confidence. Courts may receive an administrative outcome, a reference to the relevant provision, and perhaps a general description of system behaviour. What they often do not receive is a formally structured account of the executable logic that produced the result, of the facts that were decisive, of the exceptions that were considered or omitted, or of the implementation choices through which the statutory text was translated into operation. Review then risks becoming formal rather than effective. The court can assess the legality of the outcome only indirectly, without full visibility into the reasoning path that actually produced it9 10.

The OLRF is designed to change this. It brings the machine-executable layer into the domain of legal review. The scope of that review varies with the model, but its constitutional function is constant: the court must be able to assess the legality of the determination on its actual grounds, not merely on its formal compliance with the statutory text.

Under Model A, the court reviews the Decision Package for the individual case. It can verify which Decision Tree version was in force. It can examine the path of evaluation, the facts relied upon, the legal anchors invoked, the parameters applied, and the point, if any, at which human discretion entered the process. It can then move outward from the case to the normative specification itself, asking whether the Decision Tree faithfully derives from the enacted text and whether its implementation choices remain within constitutional and statutory limits. This is the most straightforward form of judicial review, because the reasoning is deterministic and reproducible: the court can re-execute the evaluation with the same inputs and verify whether the same output results.

Under Model B, the court reviews not only the evaluation path but also the agent’s subsumption and the validation framework’s assessment. The review question is more complex: did the Legal Agent’s reasoning fall within the corridor that the validation framework permits, and was that corridor itself a legally permissible concretisation of the statutory norm? A deviation classified as “within bounds” by the validation framework may still be legally deficient if the framework’s tolerance thresholds were set too broadly. Conversely, a deviation classified as “outside bounds” that triggered escalation to a human decision-maker may reveal that the validation framework is too restrictive, forcing individual assessment in cases where the legislature intended more flexible application. The court must be able to review not only the individual determination but the validation framework itself, as a normative artefact that shapes the effective scope of legal application11.

Under Model C, the court reviews the autonomous agent’s reasoning chain and the retrospective audit’s assessment. This is the most demanding form of judicial review, because the court must assess not a deterministic evaluation path but an AI-generated reasoning process whose internal logic may not be fully transparent even to its developers. The audit assessment provides a structured framework for this review, but the court retains the authority to disagree with the audit’s conclusion. A determination that the audit protocol approved is not thereby immunised from judicial challenge. The court can find the agent’s reasoning legally deficient on independent grounds: that it misinterpreted a statutory term, that it failed to consider a relevant exception, that it applied a disproportionate weight to one factor over another, or that its reasoning, though individually plausible, produced an outcome that no reasonable legal interpretation could sustain12.

This matters because the executable layer is not a neutral technical translation. It is an exercise of delegated authority. Decisions about which conditions to formalise, which exceptions to include, which ambiguities to resolve one way rather than another, which elements to leave to human judgment, and which model to assign to a given normative domain are not merely engineering decisions. They are institutional decisions about how public power is to be exercised in practice. Courts therefore must be able to review them as part of the legality of the administrative act.

The constitutional significance of this is considerable. A statutory norm that is constitutionally unobjectionable in textual form does not automatically authorise every possible executable specification of that norm. The specification itself may overreach, oversimplify, harden contestable interpretations into operational certainties, or erase legally significant circumstances in the name of efficiency. Judicial review that stops at the statutory text while ignoring the executable layer is no longer full review. It is partial review in a governance environment where the most consequential part of the application process has shifted elsewhere. The OLRF makes that shift visible and therefore reviewable. That is not an expansion of judicial power. It is the preservation of judicial function under new technical conditions.

Civil Society and the Public Contestation of Normative Specifications

Democratic control is not exhausted by parliaments and courts. A constitutional order also depends on organised public scrutiny from outside the state. Civil society organisations, advocacy groups, academic experts, affected communities, and specialist watchdogs play a crucial role in identifying harms, surfacing blind spots, and challenging implementation choices that formal institutions may miss or reach only slowly13.

In the current technical environment, this form of examination is often practically blocked. Civil society cannot effectively contest a system whose normative logic is inaccessible, whose operative categories are not publicly documented, and whose implementation choices remain buried in vendor-controlled or institutionally opaque systems. One can criticise outcomes, and sometimes expose patterns of harm, but it is far harder to identify with precision what in the system should be changed and why.

The OLRF changes this by turning normative specification into a public object of scrutiny. Through the Registry, organisations working on disability rights, migration justice, social welfare, tax fairness, or procedural rights can inspect the complete Decision Tree for a system that affects the communities they represent. They can see which exceptions have been implemented and which have not. They can examine the Coverage Map classifications, including the model assignment for each element. They can trace the sub-normative linkage back to the enacted text. They can run or inspect test cases that illuminate how the system behaves in the kinds of case that matter to them. In this way, critique becomes more than external suspicion. It becomes informed contestation of a publicly accessible normative artefact.

Under Models B and C, civil society scrutiny extends to objects that do not exist under Model A. Under Model B, advocacy organisations can examine the validation framework and assess whether its deviation thresholds are calibrated in ways that protect or endanger the populations they serve. A validation framework that tolerates large deviations in housing benefit assessments but flags small deviations in tax assessments may reflect a structural bias that no individual case review would reveal. Under Model C, civil society can examine the audit protocol and assess whether its assessment criteria are rigorous enough to detect systematic harms. An audit protocol that evaluates individual reasoning chains but does not test for demographic disparities across the population of outcomes may be constitutionally insufficient, and civil society organisations are often better positioned to identify this deficiency than formal oversight institutions14.

The pre-publication review period matters here because it gives civil society a real opportunity to participate, not a ceremonial one. Before a Decision Tree takes effect, organisations can examine its structure and raise objections at the most concrete level: this node misapplies the statute, this anchor is missing, this element should be classified as contested rather than implemented, this exception has been omitted.15 The authority must respond, and the response is recorded in the Registry audit trail. The exchange becomes part of the permanent accountability record. This is a different kind of democratic engagement from the one that currently prevails around automated governance, where the public debate typically swings between two unsatisfying poles: either the system is too opaque to discuss with any specificity, or the criticism remains so general that no one knows what concretely should change.

Civil society is equally important after a system enters operation. Parliaments and courts are indispensable, but neither can do this work alone. Parliaments oversee from a distance and cannot track every operational pattern across every administrative domain. Courts review individual disputes and rarely see the broader picture. Civil society organisations are often the first to notice that something is going wrong at scale: that comparable applicants receive systematically different outcomes, that a particular category of cases triggers escalation far more often than the legislature expected, or that discretionary space is being quietly narrowed in practice even though it was explicitly preserved in law. The OLRF makes this kind of scrutiny possible because the Decision Packages and Coverage Maps are structured, comparable, and publicly accessible. Civil society can analyse them across populations of cases, identify recurring patterns, and bring those patterns to the attention of the institutions that have the formal authority to act. In this way, organised public scrutiny extends democratic accountability beyond what parliaments and courts can reach on their own.

The Coverage Map as Democratic Accountability Instrument

Among the architectural elements of the OLRF, the Coverage Map deserves special attention in a democratic register. It is often described as a transparency tool, and that is true as far as it goes. But its deeper significance is political16. It makes visible one of the most consequential choices in automated governance: which parts of the law are to be executed automatically, which are reserved for human judgment, which are excluded from automation, and which remain contested.

Those are not merely technical classifications. They are political and constitutional choices about the distribution of authority between deterministic systems, AI agents, and human decision-makers. They shape whether a citizen encounters a rigid automated pathway, a guided evaluation by an AI agent whose reasoning is validated against a normative framework, or a fully autonomous determination subject only to retrospective audit. They determine whether exceptional circumstances remain visible to the administration or disappear into formal simplification. They influence whether the legislature’s protective exceptions and discretionary mitigations are given practical force or are quietly lost in the executable translation.

Under the three-model framework, the Coverage Map carries an additional classification that is democratically decisive: the model assignment. A Coverage Map that classifies an element as “implemented under Model A” makes a different political statement from one that classifies the same element as “implemented under Model B” or “implemented under Model C.” The first says: this element will be applied deterministically, identically, without contextual variation. The second says: this element will be applied by an AI agent whose reasoning is checked against the tree, with deviations classified and documented. The third says: this element will be applied by an autonomous agent whose reasoning is assessed retrospectively. Each statement carries different implications for consistency, for individual rights, for the quality of human oversight, and for the constitutional legitimacy of the determination. The model assignment is therefore not a technical annotation. It is a political choice that the Coverage Map must make visible and that democratic institutions must be able to scrutinise, challenge, and if necessary override17.

The Coverage Map documents one further element that is democratically decisive: the certification requirement. For each norm element assigned to Model B or C, the Coverage Map specifies what certification class an agent must hold to operate on that element. This classification is not a technical annotation. It is a political decision about the minimum competence that the state demands of the machine actors it permits to apply its law. A parliament reviewing the Coverage Map can assess not only which model applies to each element, but also how high the qualification bar has been set. A Coverage Map that assigns a fundamental-rights-affecting element to Model B but specifies only a standard certification requirement may indicate that the responsible authority has underestimated the constitutional weight of the decision. Conversely, a Coverage Map that specifies the highest certification class for a routine administrative classification may indicate over-engineering that unnecessarily restricts the pool of available agents. Both patterns are visible in the Coverage Map and therefore subject to democratic scrutiny. The certification requirement thus becomes part of the democratic dialogue about the scope, mode, and quality of automated governance.

For this reason, every Coverage Map is, in substance, a document of democratic accountability. It records how the administering authority has chosen to translate the legislature’s will into an operational architecture. A parliament that has enacted a complex benefit scheme, a licensing framework, or an enforcement regime is entitled to know whether that translation preserves the structure of the norm or strips away its harder, more protective, or more discretionary elements for the sake of administrative convenience. The Coverage Map provides the basis on which that question can be asked and answered.

Its significance extends beyond individual systems. Across a jurisdiction, patterns in Coverage Maps can reveal broader tendencies in the politics of automation. One may discover a systematic inclination to assign rights-affecting elements to Model A (maximum consistency, minimum contextual sensitivity) while assigning enforcement elements to Model B or C (greater flexibility for the authority). One may find that discretion is regularly minimised in areas where the legislature clearly expected contextual judgment. One may find that contested interpretive issues are repeatedly resolved in one direction before judicial or legislative settlement. None of these patterns is necessarily visible when systems are examined in isolation. Together, however, they may disclose a structural shift in how public power is actually exercised.

That possibility is one of the strongest democratic arguments for the Coverage Map requirement. It does not merely allow institutions to inspect a single implementation. It allows them to understand the aggregate politics of automation within a legal order. It reveals whether there is a recurring gap between the public law that is enacted and the machine-executable law that is operationally applied. In that sense, the Coverage Map does not just support transparency. It returns the scope, mode, and limits of automation to the domain of democratic contestation where they belong.

From Compliance to Answerability

The core democratic claim of the OLRF can now be stated more directly. The objective is not simply that automated governance should comply with the law. That is necessary, but it is not enough. Compliance can remain largely internal to the system. A platform may be said to comply while still being opaque to parliaments, difficult for courts to interrogate, and practically inaccessible to public scrutiny. Democratic government demands something more demanding than compliance. It demands answerability18.

A system is answerable when the institutions of self-government can actually see what it is doing, test whether it is acting within its mandate, identify where its implementation choices matter, and intervene when those choices depart from law or democratic intention. That is the achievement toward which the OLRF is directed. It does not ask democratic institutions to accept automated governance as a technical fact and then supervise it only from a distance. It gives them institutional handles by which the operative form of the law becomes visible, contestable, and governable.

Under the three-model framework, answerability is not a single property but a graduated requirement. Model A is answerable through the Decision Tree, the Coverage Map, and the Decision Package: the specification is public, the evaluation is deterministic, the output is reproducible. Model B is answerable through these plus the validation framework, the deviation record, and the agent’s reasoning documentation: the corridor of permissible reasoning is public, deviations are classified, and the relationship between agent and tree is visible. Model C is answerable through all of these plus the audit protocol, the full reasoning chain, and the population-level outcome assessment: the audit criteria are public, the agent’s reasoning is preserved, and systematic patterns are detectable. The demand for answerability is constant. The infrastructure through which it is satisfied escalates with the degree of AI autonomy.

This is why democratic control of executable law is not a supplementary feature of the framework. It is one of its constitutional purposes. The legislature gains a meaningful object of ex ante and ex post oversight, including the model assignment. Courts gain access to the executable layer as a proper subject of review, with the scope of review calibrated to the model. Civil society gains the ability to scrutinise normative specifications with precision rather than conjecture, including the validation frameworks and audit protocols that shape the effective life of the law under Models B and C. And the Coverage Map turns the political choices embedded in automation, including the choice of model, into a public record rather than an invisible implementation residue.

Automated governance has already become an exercise of public authority at a scale and depth that democratic systems can no longer treat as incidental. The question is no longer whether public administration will rely on software. It is whether the software through which public power is exercised will remain under democratic control.

That control cannot be secured by institutional rhetoric alone. It requires a technical and legal architecture in which the machine-executable form of the law is visible before it binds, reviewable once it acts, contestable by those it affects, and attributable to those responsible for giving it force. The OLRF is designed to provide precisely that architecture.

Its democratic significance lies in a simple but far-reaching shift. Automated governance is no longer treated as something democracy must merely tolerate, regulate from the outside, or trust on the basis of general assurances. It becomes something democracy can inspect, contest, and govern from within. That is the standard the digital state must meet if it is to remain not merely efficient in appearance, but genuinely answerable to the people in whose name it acts19.

Conclusion

The argument of Part III has been that machine-executable law can be legitimate only if it remains subject to the same constitutional disciplines as every other exercise of public authority. It must satisfy the Rechtsstaat requirements of equal treatment, reason-giving, public promulgation, and proportionality, with the mechanisms of satisfaction varying across the three models while the substance remains constant (Chapter 11). It must preserve fundamental rights as design constraints, with the rights analysis sharpened by the different risk profiles of deterministic evaluation, guided subsumption, and autonomous reasoning (Chapter 12). It must treat legal infrastructure as sovereign infrastructure, with the sovereignty domain expanding from the normative layer to the agent infrastructure as AI autonomy increases (Chapter 13). And it must remain democratically answerable, with the scope of democratic visibility and control escalating in proportion to the degree of AI participation in normative reasoning (Chapter 14).

The three-model framework has proven indispensable to this argument. A single-model architecture would have permitted a simpler constitutional analysis but at the cost of intellectual honesty. The reality is that AI systems are already participating in legal reasoning, and that their participation will deepen. A constitutional framework that pretended otherwise, that analysed only deterministic evaluation and treated AI reasoning as outside its scope, would even today be irrelevant, not mentioning the near future. The three models do not dilute the constitutional requirements. They extend their reach to the full spectrum of AI participation in governance, from the most constrained to the most autonomous, ensuring that constitutional accountability is not lost at the point where it matters most.

But a constitutional argument, however carefully made, is not yet an institutional reality. If these principles are to matter in practice, they must be carried into implementation, conformance, and deployment. The question is no longer only whether executable law can be made compatible with democratic government. It is how such a framework can be introduced, in what sequence, at what level of institutional ambition, and under what conditions it can move from conceptual architecture to operational public infrastructure.

Footnotes

  1. The chain of democratic accountability described here follows the classical formulation of the Legitimationskette (chain of legitimation) in German constitutional law: every exercise of public power must be traceable, through an unbroken chain of authorisation, to the sovereign people. See: BVerfGE 83, 60 (72 f., Ausländerwahlrecht, 1990); Böckenförde, E.-W., “Demokratie als Verfassungsprinzip”, in Isensee, J. and Kirchhof, P. (eds.), Handbuch des Staatsrechts, Bd. II, C. F. Müller 2004, §24 Rn. 11 ff.

  2. Bovens, M. and Zouridis, S., “From Street-Level to System-Level Bureaucracies: How Information and Communication Technology Is Transforming Administrative Discretion and Constitutional Control”, Public Administration Review, Vol. 62, No. 2, 2002, pp. 174 ff.; the original street-level model: Lipsky, M., Street-Level Bureaucracy: Dilemmas of the Individual in Public Services, Russell Sage Foundation 1980, revised edition 2010.

  3. Braun Binder, N., “Fragmentierungen und grundgesetzliche Gewaltenteilung”, DVBl 2017, pp. 1066 ff. (Begleitaufsatz zur Tagung der deutschen Staatsrechtslehrer 2017). Braun Binder analyses how digitalisation fragments the constitutional separation of powers by creating zones of operative authority that are no longer attributable to any of the three classical branches. The OLRF’s architecture is designed to reverse this fragmentation: the Decision Tree restores legislative visibility over the operative form of the norm (through Registry publication and pre-publication review), the Decision Package restores judicial visibility over the reasoning process (through structured, signed audit records), and the Coverage Map restores democratic visibility over the boundaries of automation (through the public classification of every norm element as Implemented, Discretionary, Excluded, Contested, Model Assignment, or Agent Certification Requirement).

  4. The proposition that the democratic deficit escalates across the three models follows from the principle that democratic accountability requires institutional visibility of the normative basis on which public power is exercised. Under Model A, that basis is the Decision Tree (visible through the Registry). Under Model B, it additionally includes the validation framework (which must be published). Under Model C, it additionally includes the audit protocol and the agent certification standards (which must also be published). Each additional element that remains outside democratic visibility extends the deficit. See: Bovens, M., “Analysing and Assessing Accountability: A Conceptual Framework”, European Law Journal, Vol. 13, No. 4, 2007, pp. 447 ff. (distinguishing between accountability as a virtue and accountability as a mechanism, and arguing that the mechanism must match the complexity of the power it governs).

  5. The argument that machine-executable specifications are in some respects easier to scrutinise than narrative delegated legislation draws on the insight that formal specifications are amenable to automated testing, simulation, and structural analysis in ways that narrative text is not. See: Merigoux, D., Monat, R., and Protzenko, J., “Catala: A Programming Language for the Law”, Proceedings of the ACM on Programming Languages, Vol. 5, ICFP, 2021, demonstrating that formalisation of legislative text reveals ambiguities and errors that remain invisible in narrative form..

  6. The proposition that the model assignment is a Wesentlichkeits-relevant decision subject to parliamentary reservation follows the logic developed in Chapter 11, fn. 51. For the procedural dimension: BVerfGE 95, 267 (307 f., Altschulden, 1997), holding that the legislature may not delegate decisions of constitutional significance to the executive without sufficiently specific statutory guidance.

  7. The diagnostic value of deviation records and audit assessments for legislative oversight has no direct precedent in administrative law doctrine, because the instruments themselves are novel. The closest analogue is the Vorlagebericht (submission report) that German federal agencies prepare for parliamentary committees under §6 PUAG (Parlamentarisches Untersuchungsausschussgesetz), which provides structured information about administrative practice for the purpose of legislative oversight. The deviation record and audit assessment extend this principle to the automated domain.

  8. Art. 19 Abs. 4 GG (Rechtsschutzgarantie); Art. 47 EU-Grundrechtecharta (right to an effective remedy); CJEU C-222/86, Heylens, 1987, para. 15. For the specific challenge of judicial review of automated administrative acts: Braun Binder, N., “Vollautomatisierte Verwaltungsverfahren, Verwaltungsakte und gerichtliche Kontrolle”, NVwZ 2019, pp. 1321 ff.

  9. The problem of courts receiving administrative outcomes without adequate visibility into the reasoning that produced them is not hypothetical. The most instructive European example is the Dutch SyRI case (Rechtbank Den Haag, C/09/550982, ECLI:NL:RBDHA:2020:1878, 5 February 2020), in which the District Court of The Hague struck down the System Risk Indication (SyRI), an algorithmic fraud detection tool used by Dutch public authorities to identify welfare and tax fraud. The court found that the system’s operation was insufficiently transparent: affected persons could not meaningfully ascertain how the system processed their data, on what basis risk indicators were generated, or how the algorithmic output related to the statutory provisions that authorised it. The court held that this opacity violated Article 8 ECHR (right to respect for private life), because the interference with privacy rights could not be assessed for proportionality when the operative logic of the system remained inaccessible to judicial scrutiny.

  10. Braun Binder, N., “Vollautomatisierte Verwaltungsverfahren, Verwaltungsakte und gerichtliche Kontrolle”, NVwZ 2019, S. 1321 ff., arguing that effective judicial protection under Art. 19 Abs. 4 GG requires that the court have access to the complete normative and factual basis of the automated determination, not merely to the statutory text and the outcome.

  11. The review of the validation framework as a normative artefact in its own right is analogous to the judicial review of Verwaltungsvorschriften (administrative guidelines) in German administrative law. While administrative guidelines are not themselves law, they can give rise to a Selbstbindung der Verwaltung (administrative self-binding) that becomes judicially reviewable under Art. 3 Abs. 1 GG. See: BVerwGE 34, 278 (281); BVerwGE 104, 220 (223). The validation framework under Model B functions, in constitutional terms, as a machine-executable administrative guideline, and its judicial reviewability follows from the same doctrinal principles.

  12. The proposition that a court may disagree with the retrospective audit’s assessment and find the agent’s reasoning deficient on independent grounds follows from the principle that judicial review cannot be constrained by technical assessments produced by the deciding authority itself. See: BVerfGE 101, 106 (Akteneinsichtsrecht); for the broader principle: Schmidt-Aßmann, E., Das allgemeine Verwaltungsrecht als Ordnungsidee, 2. Aufl., Springer 2004, §4 Rn. 70 ff. (the court reviews the legality of the act, not the adequacy of the authority’s self-assessment).

  13. The democratic function of civil society scrutiny in automated governance is analysed in: Pasquale, F., The Black Box Society: The Secret Algorithms That Control Money and Information, Harvard University Press 2015, pp. 190 ff.; for the European context: Buijze, A., “The Six Faces of Transparency”, Utrecht Law Review, Vol. 9, No. 3, 2013, pp. 3 ff. (distinguishing between transparency as publication and transparency as effective accessibility for non-expert actors).

  14. The proposition that civil society organisations are better positioned than formal oversight institutions to detect systematic demographic disparities is supported by: Eubanks, V., Automating Inequality: How High-Tech Tools Profile, Police, and Punish the Poor, St. Martin’s Press 2018 (documenting how advocacy organisations identified systematic harms in automated welfare systems that formal audit institutions had missed); O’Neil, C., Weapons of Math Destruction: How Big Data Increases Inequality and Threatens Democracy, Crown 2016, pp. 153 ff.

  15. The proposition that civil society review of automated governance is most effective when it can engage with formal specifications rather than opaque outputs has both theoretical and empirical support. Theoretically, Coglianese and Lehr argue that algorithmic transparency is meaningful only when the object of transparency is structured enough to permit informed contestation: publishing source code or model weights does not empower civil society, because the technical artefacts are unintelligible to non-specialist actors, while publishing only outcomes provides no basis for identifying what should change. What is needed is an intermediate layer of transparency: structured, inspectable specifications that are detailed enough for expert scrutiny but legible enough for organised advocacy. The OLRF’s Decision Tree and Coverage Map are designed to occupy precisely this intermediate position (Coglianese, C. and Lehr, D., “Transparency and Algorithmic Governance”, Administrative Law Review, Vol. 71, No. 1, 2019, pp. 1 ff., at pp. 38 ff.). Empirically, the most instructive example of civil society organisations detecting systematic harms that formal oversight institutions missed is the Dutch Toeslagenaffaire. It was not the courts, the parliament, or the Belastingdienst’s internal audit that first identified the systematic pattern of disproportionate enforcement against dual-nationality families. It was investigative journalists and advocacy organisations, notably the Nationale Ombudsman and the Stichting Toeslagen Gedupeerden, who assembled individual complaints into a population-level pattern that eventually triggered the parliamentary inquiry. Their ability to do so depended on access to individual case outcomes, but was limited by the absence of structured, inspectable normative specifications: they could demonstrate that outcomes were systematically unequal, but they could not point to the specific decision logic that produced the inequality, because that logic was buried in inaccessible systems. The OLRF’s architecture addresses this limitation directly. A Coverage Map and Decision Tree, published in the Registry, would have permitted advocacy organisations to identify not merely that dual-nationality families were disproportionately affected, but which specific node, which specific condition, and which specific omission in the executable specification produced the disproportionate outcome. See: “Ongekend Onrecht”, Parlementaire ondervragingscommissie Kinderopvangtoeslag, Tweede Kamer 2020; Amnesty International, “Xenophobic Machines: Discrimination through Unregulated Use of Algorithms in the Dutch Childcare Benefits Scandal”, 2021; Nationale Ombudsman, “Geen powerplay maar fair play”, 2017.

  16. Hannah Arendt, The Origins of Totalitarianism, Harcourt 1951, Part III, on the risk that bureaucratic structures displace democratic accountability through the gradual substitution of administrative procedure for political judgment. The Coverage Map addresses this risk by making the scope and mode of administrative automation a visible and contestable political choice rather than an invisible procedural fait accompli.

  17. The democratic significance of the model assignment in the Coverage Map is analogous to the significance of the Organisationsgewalt (organisational authority) in German constitutional law: the executive’s choice of organisational form for the exercise of public power is itself subject to constitutional limits and democratic accountability. See: BVerfGE 63, 1 (Schornsteinfeger); Maurer/Waldhoff, Allgemeines Verwaltungsrecht, 20. Aufl., §21 Rn. 50 ff. The model assignment determines the organisational form of automated governance and is therefore subject to the same constitutional discipline.

  18. The distinction between compliance and answerability draws on: Mulgan, R., “‘Accountability’: An Ever-Expanding Concept?”, Public Administration, Vol. 78, No. 3, 2000, pp. 555 ff. (distinguishing between accountability as a relationship in which one party is obliged to explain and justify their conduct, and compliance as adherence to a rule that may be verified without explanation). The OLRF demands the former, not merely the latter.

  19. Meijer, A. and Grimmelikhuijsen, S., “Responsible and Accountable Algorithmization: How to Generate Citizen Trust in Governmental Use of Algorithms”, in Bertot, J. et al. (eds.), Big Data in the Govtech Ecosystem, Springer 2023