Trusq

factual analysis · traceable to primary sources

Topics Opportunities Take the check Work with us LinkedIn NLยทEN
Analysis

AI fraud detection by government: the lessons after SyRI

Adopted 2026-06-22 ยท ≈ 2 min read ยท Dirk Baaijen

After the SyRI ruling (District Court of The Hague, 2020) and the Dutch childcare-benefits scandal, government fraud detection with AI is high-risk under Annex III. The lessons: no opaque risk scores, no proxy discrimination, but proportionality, explainability and a rights assessment.

Short answer: AI fraud detection by government is high-risk under the AI Act and also falls under the GDPR and administrative law. Dutch history โ€” the SyRI ruling of the District Court of The Hague in 2020 and the childcare-benefits scandal โ€” shows what goes wrong without transparency and proportionality. The lesson is not "no AI", but: no opaque risk scores, no proxy discrimination, and instead explainability, proportionality and a fundamental rights assessment up front.

What SyRI made clear

In the SyRI case the District Court of The Hague ruled in 2020 that the System Risk Indication โ€” a tool that linked databases to score citizens for fraud โ€” breached Article 8 ECHR (right to private life). The court found the interference insufficiently transparent and not proportionate: citizens could not know whether or why they were analysed, and the safeguards fell short. SyRI was struck down. That is the anchor: opacity is in itself a fundamental rights problem.

The benefits scandal as a second lesson

The Dutch childcare-benefits scandal showed the human consequences of risk selection without proper safeguards: wrongful fraud accusations, a reversed burden of proof and discriminatory risk indicators (including nationality). The pattern recurs: a model flags, an implementing agency follows blindly, and the citizen bears the burden of an inscrutable judgment. Automation bias and the absence of meaningful human review made it structural.

Why the AI Act now regulates this

Under the AI Act, AI that assesses access to public benefits and essential services (Annex III, point 5) or that assesses risks of individuals in law enforcement (point 6) is high-risk โ€” the categories government fraud detection usually falls under โ€” bringing the full high-risk obligations: risk management, data quality and bias mitigation, logging, technical documentation and human oversight. Some variants also touch the prohibited AI practices, such as general social scoring. The AI Act thereby codifies precisely the safeguards that SyRI lacked.

Proxy discrimination is the core risk

The subtlest danger is indirect discrimination through proxies: an attribute such as postcode, language background or nationality that functions as a prohibited ground without naming it. Bias testing on training data and on outcomes is not a nice-to-have but the core of lawful fraud detection. Data quality and representativeness (AI Act Art. 10) sit in direct line with the prohibition of discrimination.

What to do

  • Test proportionality up front: does the fraud interest outweigh the interference, and can it be done less intrusively? Run a FRIA.
  • Eliminate proxy discrimination: analyse training data and outcomes for indirect discrimination, repeated over time.
  • Make risk scores explainable: no black box; the citizen must be able to understand and contest โ€” see explainability of government algorithms.
  • Secure meaningful human oversight: no blind following of a flag; keep the burden of proof with the government.
  • Register the system in the algorithm register and see AI in the public sector.

SyRI and the benefits scandal are not a footnote but the benchmark. Whoever deploys AI against fraud must first show that the tool itself does the citizen no injustice.

Sources

  1. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
    Regulation (EU) 2024/1689 (AI Act): high-risk Annex III, risk management and human oversight.
  2. https://eur-lex.europa.eu/eli/reg/2016/679/oj
    Regulation (EU) 2016/679 (GDPR): lawfulness, purpose limitation and safeguards for profiling.

Share on LinkedIn

Read next

U

AI and non-discrimination: equal-treatment law alongside the AI Act

An AI system that treats people unequally is caught not only by the AI Act but also by existing equal-treatment law. The two regimes apply side by side โ€” and the ban on discrimination applies even where your AI system is not high-risk.

U

Targeted job advertising with AI: high-risk and a discrimination risk

AI that shows job ads to specific groups falls explicitly under Annex III of the AI Act as high-risk. The biggest risk is discrimination: an algorithm that shows a vacancy mostly to young men invisibly excludes others. The GDPR and the DSA set additional limits.

A

How the ECB supervises AI in eurozone banks: technology-neutral, existing frameworks, a generative-AI focus

For the 2026-2028 cycle the ECB places AI under its operational-resilience priority, and in February 2026 two Supervisory Board members set out the stance: with 85%+ of supervised banks using AI, govern it within existing frameworks rather than new rules, with a sharper focus on generative AI.

Dirk Baaijen

About this knowledge base

Compiled and maintained by YRproject โ€” programme and project direction at the intersection of digital transformation, AI and regulation. Every factual claim is traceable to its primary source. YRproject is led by Dirk Baaijen About & method โ†’

A project or programme? Work with YRproject โ†’

The monthly briefing

AI regulation in five minutes: what changed, what is coming and what it means. No spam, unsubscribe anytime.

Your address is used for this only and stored on our own servers.