Can Judicial Review Effectively Control Automated Decision-Making by Public Authorities?

Automated decision-making (ADM) is no longer a future concern for UK administrative law. Algorithmic tools already shape decisions about visas, welfare entitlement, fraud detection, school examination grades, predictive policing and risk-scoring in social care. The constitutional question is whether judicial review, a remedy designed in the era of the discretionary human decision-maker, can meaningfully discipline decisions taken or substantially shaped by code. This essay argues that judicial review can exercise some effective control over public-sector ADM, but that its effectiveness is structurally uneven. It works tolerably well where ADM produces a discrete, individuated, justiciable decision susceptible to traditional Wednesbury, legality and procedural fairness review, as R (Bridges) v Chief Constable of South Wales Police [2020] EWCA Civ 1058 demonstrates. It works poorly where ADM operates upstream of the decision (risk-flagging, triage, profiling), where the harm is diffuse or systemic rather than individuated, where claimants lack the resources, standing or information to litigate, and where the courts’ epistemic limitations prevent meaningful scrutiny of statistical and machine-learning models. The doctrinal grounds of review are formally adequate; the institutional and evidentiary architecture of judicial review is not. The thesis, accordingly, is qualified: judicial review is a necessary but plainly insufficient mechanism of algorithmic accountability, and its limits are most acute precisely where ADM is most consequential.

Framing the question: what would “effective control” require?

Asking whether judicial review can “effectively” control ADM presupposes a benchmark of effectiveness. Three benchmarks are commonly invoked in the scholarship and they pull in different directions. First, corrective effectiveness: can a court identify and quash an unlawful automated decision in an individual case? Second, regulatory or systemic effectiveness: do judicial review decisions shape the design, deployment and governance of ADM tools across government? Third, rule-of-law effectiveness: does judicial review preserve the values of legality, reason-giving, equality and access to justice in the face of opaque automation (Cobbe, 2019; Oswald, 2018)?

These benchmarks matter because each generates different doctrinal demands. Corrective effectiveness requires only that the established grounds of review apply to automated decisions; systemic effectiveness requires that litigation produce durable changes in procurement, design and oversight; rule-of-law effectiveness requires intelligibility and reason-giving, which the common law has historically resisted as a freestanding obligation (R v Secretary of State for the Home Department, ex parte Doody [1994] 1 AC 531). The argument that follows shows that judicial review performs reasonably well on the first benchmark, intermittently on the second, and is structurally weak on the third.

The grounds of review map onto ADM, but unevenly

Traditional grounds of review — illegality, irrationality, procedural impropriety, and increasingly proportionality — are doctrinally capacious enough to capture automated decisions. The difficulty is not the existence of grounds but their fit and reach when applied to systems rather than persons.

Illegality and the problem of statutory authority

Where an ADM tool exceeds the statutory powers of the public authority deploying it, classic ultra vires reasoning bites. The Court of Appeal’s decision in Bridges illustrates this clearly. The South Wales Police’s deployment of Automated Facial Recognition (AFR) Locate was held unlawful because the legal framework left “too broad a discretion” to individual officers on whom to place on watchlists and where to deploy the technology ([2020] EWCA Civ 1058, [91]). The court treated the absence of sufficiently constrained legal rules as a failure of legality under Article 8(2) ECHR’s “in accordance with the law” requirement, drawing on Sunday Times v United Kingdom (1979) 2 EHRR 245. The reasoning is doctrinally orthodox: ADM does not generate new constitutional problems so much as it intensifies existing ones about discretion and rule-clarity.

Yet Bridges also reveals the limits. The court did not find that AFR was inherently unlawful, nor did it require any particular statistical accuracy threshold. The remedy was effectively a direction to tighten the policy framework, after which deployment could presumably continue. The case shows that legality review can require rule-formation, but it cannot easily require rule-substance: the court will not, and probably should not, decide what a tolerable false-positive rate is.

Irrationality, deference and the opacity problem

The Wednesbury standard (Associated Provincial Picture Houses Ltd v Wednesbury Corporation [1948] 1 KB 223), as refined in R (Keyu) v Secretary of State for Foreign and Commonwealth Affairs [2015] UKSC 69, asks whether a decision is one no reasonable authority could have reached. Applied to ADM, the standard runs into two distinct difficulties. The first is opacity: in machine-learning systems, the relationship between inputs and outputs may be uninterpretable even to the system’s designers, so a court cannot easily evaluate whether the decision was rational in the relevant sense (Burrell, 2016). The second is deference: where decisions rest on contested empirical or statistical judgments, courts traditionally accord wide latitude to the primary decision-maker, particularly in matters of public administration and resource allocation.

The judicial review of the 2020 A-level standardisation algorithm — although the legal challenges were settled or rendered academic by Ofqual’s withdrawal of the model — exposed exactly this tension. The model produced individual results that, considered in isolation, were not irrational; the rationality complaint was about the design of the system, particularly its weighting of school historical performance, which produced systematic downgrading patterns disadvantaging certain cohorts (Kelly, 2021). Classical irrationality review struggles to capture a complaint that is statistical, distributive and design-focused rather than decision-focused. The point is not that the courts could not in principle have found the algorithm irrational; it is that the doctrinal vocabulary of Wednesbury is awkward when the impugned defect is the model rather than the individual output.

Procedural fairness, reasons and the right to human review

Procedural fairness is the ground where ADM most strains existing doctrine. The common law obligation to give reasons is famously contingent (R (Oakley) v South Cambridgeshire DC [2017] EWCA Civ 71). Where reasons must be given, they must be intelligible and adequate (South Buckinghamshire DC v Porter (No 2) [2004] UKHL 33). For ADM, intelligibility is the precise feature most at risk: the “right to an explanation” debated in data-protection scholarship reflects the basic concern that an affected person cannot challenge a decision they do not understand (Wachter, Mittelstadt and Floridi, 2017; Edwards and Veale, 2017).

Two further procedural fairness questions arise. First, is there a common law right to a human decision-maker, or at least to human review? Article 22 of the UK GDPR confers a qualified right not to be subject to a decision based solely on automated processing where it produces legal or similarly significant effects, subject to exceptions including statutory authorisation. The case law on Article 22 is thin, and the provision’s reach is contested (Binns and Veale, 2021). Second, does fairness require disclosure of the model itself, its training data, or its accuracy metrics? Courts have historically been reluctant to require disclosure beyond what is necessary to understand the decision (Tweed v Parades Commission for Northern Ireland [2006] UKHL 53), and commercial confidentiality and intellectual property claims by private vendors compound the problem (Oswald, 2018).

The Home Office “streaming tool” episode is instructive. In 2020 the Joint Council for the Welfare of Immigrants and Foxglove brought a claim alleging that the visa-streaming algorithm discriminated on grounds of nationality. The Home Office withdrew the tool before the case was determined (Foxglove and JCWI, 2020). The retreat was a litigation outcome of a kind, but it produced no judicial ruling on standards, no doctrinal precedent on disclosure, and no binding requirement on future ADM. As a model of judicial review’s effectiveness, settled-and-shelved cases are ambiguous: they signal litigation risk to government, but they leave the legal framework no more determinate than before.

Equality and discrimination as a structural ground

The Equality Act 2010 and Article 14 ECHR provide what is in many ways the most analytically promising route, because ADM’s most serious harms are typically distributive. The Public Sector Equality Duty under section 149 EA 2010 obliges authorities to have “due regard” to the need to eliminate discrimination, advance equality of opportunity and foster good relations. In Bridges the Court of Appeal found a breach of section 149 because South Wales Police had not done enough to satisfy itself that the AFR software did not have a racial or gender bias ([2020] EWCA Civ 1058, [199]–[201]).

This is the most genuinely innovative aspect of Bridges. It treats the PSED as an affirmative obligation to interrogate the bias characteristics of automated tools before deployment. The implication is significant: an authority cannot rely on a vendor’s assurances; it must actively assess whether the model treats protected groups differently. That obligation is potentially powerful as a regulatory lever. Yet the duty is procedural, not substantive: a public authority that conducts a thorough equality impact assessment and still chooses to deploy a biased tool may comply with the PSED. The duty mandates inquiry, not outcome (R (Bracking) v Secretary of State for Work and Pensions [2013] EWCA Civ 1345).

The deeper limits: judicial review as institutional design

The doctrinal toolkit, then, is broadly serviceable. The more significant question concerns the institutional and evidentiary architecture of judicial review, which is poorly adapted to algorithmic accountability in several mutually reinforcing ways.

The opacity asymmetry

Judicial review proceeds on materials disclosed by the public authority under the duty of candour (R (Quark Fishing Ltd) v Secretary of State for Foreign and Commonwealth Affairs [2002] EWCA Civ 1409). The duty is robust in principle but operates against a baseline of materials the authority itself has and understands. With ADM, three layers of opacity arise: (i) technical opacity, where the model’s operation is genuinely uninterpretable; (ii) organisational opacity, where the authority has purchased a tool from a private vendor and cannot disclose what it does not possess; and (iii) strategic opacity, where authorities or vendors invoke commercial confidentiality, security exceptions or intellectual property to resist disclosure (Burrell, 2016; Cobbe, 2019).

The duty of candour is not, in its current form, well calibrated to compel disclosure of training data, code, model weights or accuracy testing across protected characteristics. Although a claimant can seek specific disclosure, the threshold remains relatively high in judicial review (Tweed). The result is that the most analytically critical evidence — what the model does, on what data, with what error profile — is systematically harder to obtain than the discretionary reasoning of a human official. This is the most serious structural impediment to effective review.

Standing, costs and the problem of diffuse harm

Judicial review requires “sufficient interest” under section 31(3) of the Senior Courts Act 1981. The standing rules are generous, particularly for representative claimants such as Liberty in Bridges and the JCWI in the streaming tool case. The deeper problem is not formal standing but practical access. ADM harms are frequently diffuse, incremental and statistically distributed: any individual claimant may struggle to demonstrate a personal, identifiable injury sufficient to motivate litigation, even where the system has aggregate effects of constitutional significance.

Cost rules compound this. The presumptive loser-pays rule, combined with limited availability of protective costs orders outside Aarhus-type cases, makes individual-claimant judicial review of ADM commercially irrational for most affected persons (Bondy, Platt and Sunkin, 2015). Strategic litigation by NGOs partially fills the gap, but it is selective, resource-constrained and inevitably focused on the most egregious or symbolically important cases. The Independent Review of Administrative Law (Faulks, 2021) declined to recommend material reform to costs in judicial review; the practical accessibility problem remains.

The justiciability of design choices

A persistent question is whether courts can or should review the design of an algorithmic system, as distinct from the application of that system to a claimant. Traditional judicial review is decision-centred: it asks whether this decision, taken about this claimant, is lawful. Design choices — what variables to include, how to weight them, what training data to use, what error trade-offs to accept — are often pre-decisional and policy-laden. They look more like the choice of a rule than the application of a rule, and courts are traditionally cautious about reviewing policy-formation (R (Sandiford) v Secretary of State for Foreign and Commonwealth Affairs [2014] UKSC 44).

Yet for ADM, the design is the policy in a meaningful sense: it operationalises trade-offs that, in human decision-making, would be made transparently in guidance or statutory instruments. Confining review to individual outputs while shielding model design from scrutiny would leave the most important normative choices effectively unreviewable. The PSED route used in Bridges is one way around this, because section 149 is itself a duty on policy-making and adoption. The Article 8 “in accordance with the law” route is another. But these are workarounds rather than a clear doctrinal commitment to design-stage scrutiny.

The remedial mismatch

The standard remedies in judicial review — quashing, prohibiting, mandatory orders and declarations — are well suited to individual decisions and to requiring authorities to reconsider. They are less well suited to ordering systemic change in algorithmic systems. A court can quash a particular automated decision and require it to be remade. It is far less clear whether or how a court can order a public authority to retrain a model, revise its training data, or alter its accuracy thresholds. Declarations can do significant work, as Bridges shows, by clarifying the standards a future deployment must meet. But the remedial architecture remains essentially reactive and individuated, while the problem is systemic and prospective.

Comparative perspective: what other models suggest

The UK is not unusual in confronting these limits, and comparison is illuminating without being decisive. EU law has moved towards a more prescriptive ex ante regulatory model. The EU AI Act (Regulation (EU) 2024/1689) imposes risk-tiered obligations on developers and deployers of AI systems, with mandatory conformity assessment, transparency and human oversight obligations for “high-risk” systems including those used in law enforcement, migration and access to public services. The model treats AI accountability primarily as a regulatory rather than a judicial review problem. France’s Conseil constitutionnel has held that fully algorithmic administrative decisions are permissible only if the underlying rules can be explained and challenged (Decision No 2018-765 DC, 12 June 2018), which functions as a constitutional disclosure requirement.

The lesson for the UK is not that judicial review should be replaced — it cannot be — but that it cannot bear the weight of algorithmic accountability alone. Effective control requires layered governance: ex ante regulation and impact assessment, sectoral regulators with technical capacity, transparency mechanisms such as algorithmic registers, and judicial review as the final backstop. The Algorithmic Transparency Recording Standard (Cabinet Office and Central Digital and Data Office, 2023) is an embryonic example, but participation is voluntary and adoption uneven.

Reform options within judicial review

Several reforms could improve judicial review’s contribution without overstating what litigation can achieve.

First, the duty of candour could be developed, by judicial statement or rules amendment, to include specific obligations regarding ADM: disclosure of model documentation, training data sources, accuracy testing across protected characteristics, and post-deployment monitoring data. The Treasury Solicitor’s Guidance on Discharging the Duty of Candour and Disclosure in Judicial Review Proceedings (2010) is general; an ADM-specific gloss would be a modest but valuable development.

Second, the common law duty to give reasons should be recognised as engaged whenever a decision is materially shaped by an automated process producing legal or similarly significant effects. This would build on Article 22 UK GDPR and the developing common law (Oakley) without creating a free-standing right. The reasons must include sufficient information about the role of automation to enable meaningful challenge — a “qualified explanation” right anchored in fairness rather than data-protection law alone.

Third, the PSED should be doctrinally developed in line with Bridges to require, in the ADM context, documented pre-deployment equality impact assessment specifically interrogating bias risk, with ongoing monitoring. This would convert a procedural duty into a meaningful design constraint, while stopping short of substantive judicial choice between competing fairness metrics — a choice courts are ill-equipped to make.

Fourth, costs protection in cases raising systemic ADM issues of public importance should be more readily available. The model is the Aarhus Convention regime in environmental cases. There is no principled reason that algorithmic accountability, which raises analogous public-interest and informational-asymmetry concerns, should not benefit from a similar regime.

None of these reforms transforms judicial review into a comprehensive algorithmic regulator. They improve its operation at the margins. The deeper structural limits — design-stage opacity, diffuse harm, remedial mismatch — are not soluble within judicial review alone.

Counterargument: is judicial review more effective than its critics suggest?

A fair account must engage with the strongest counterargument, which runs as follows. Judicial review has always been an oblique mechanism of administrative accountability. It does not directly regulate; it sets boundaries and clarifies standards, leaving the executive to operate within them. Judged by that modest benchmark, judicial review has performed reasonably well in the ADM context. Bridges produced a clear precedent on legality and the PSED. The threat of litigation produced the withdrawal of the visa-streaming tool and the abandonment of the A-level algorithm. The Information Commissioner’s Office has been more active because of the legal context judicial review helps to constitute. Government has produced guidance, frameworks and the Algorithmic Transparency Recording Standard partly in response to litigation risk. Judicial review’s effectiveness, on this view, is to be measured in part by the shadow it casts.

This argument has force, and the analysis above should not be read as denying it. The decisive question, however, is whether the shadow is deep enough where it matters most. ADM tools that operate in low-visibility contexts — fraud risk-scoring in welfare administration, predictive policing in local forces, automated triage in social services — generate few high-profile claimants, attract limited NGO attention, and rarely produce the kind of headline-grabbing harm that mobilises strategic litigation. The shadow falls heavily on flagship, visible deployments and lightly on the routine ADM that affects the largest number of people. That asymmetry is itself a limit on judicial review’s effectiveness, even on the modest “shadow” benchmark.

Conclusion

Judicial review can exercise meaningful but partial control over automated decision-making by public authorities. The grounds of review are doctrinally adequate to capture the most serious legal defects of ADM, particularly through legality review of statutory authority, the PSED’s evolving role in interrogating bias, and procedural fairness’s gradual recognition of the need for intelligible reasons. Bridges demonstrates that, in the right case with the right claimant, judicial review can produce a binding clarification of the standards governing algorithmic deployment.

The limits, however, are structural rather than doctrinal, and they are most acute where ADM is most consequential. Opacity asymmetries undermine the evidentiary basis for review; the cost and standing architecture excludes most affected individuals; design-stage choices remain awkwardly justiciable; and the remedial toolkit is ill-fitted to systemic change. These limits cannot be cured by doctrinal ingenuity alone. They require a layered governance model in which ex ante regulation, sectoral oversight, statutory transparency mechanisms and judicial review work together. Within that model, judicial review’s appropriate role is that of constitutional backstop: indispensable, but not sufficient, and dangerous to overestimate.

The most important reason for this qualified conclusion is the mismatch between the individuated, reactive logic of judicial review and the systemic, prospective character of algorithmic harm. So long as that mismatch persists, asking judicial review alone to control ADM is asking a remedy designed for the decisions of officials to discipline the architecture of code. It can do so at the edges; it cannot do so at the centre.

References

• Binns, R. and Veale, M. (2021) ‘Is that your final decision? Multi-stage profiling, selective effects, and Article 22 of the GDPR’, International Data Privacy Law, 11(4), pp. 319–332.
• Bondy, V., Platt, L. and Sunkin, M. (2015) The Value and Effects of Judicial Review: The Nature of Claims, their Outcomes and Consequences. London: Public Law Project.
• Burrell, J. (2016) ‘How the machine “thinks”: Understanding opacity in machine learning algorithms’, Big Data & Society, 3(1), pp. 1–12.
• Cabinet Office and Central Digital and Data Office (2023) Algorithmic Transparency Recording Standard. London: HM Government.
• Cobbe, J. (2019) ‘Administrative law and the machines of government: judicial review of automated public-sector decision-making’, Legal Studies, 39(4), pp. 636–655.
• Edwards, L. and Veale, M. (2017) ‘Slave to the algorithm? Why a “right to an explanation” is probably not the remedy you are looking for’, Duke Law & Technology Review, 16(1), pp. 18–84.
• Faulks, E. (Chair) (2021) Independent Review of Administrative Law. CP 407. London: Ministry of Justice.
• Foxglove and Joint Council for the Welfare of Immigrants (2020) Home Office says it will abandon its racist visa algorithm — after we sued them. Available at: Foxglove press release, 4 August 2020.
• Kelly, A. (2021) ‘A tale of two algorithms: The appeal and repeal of calculated grades systems in England and Ireland in 2020’, British Educational Research Journal, 47(3), pp. 725–741.
• Oswald, M. (2018) ‘Algorithm-assisted decision-making in the public sector: framing the issues using administrative law rules governing discretionary power’, Philosophical Transactions of the Royal Society A, 376(2128), 20170359.
• Wachter, S., Mittelstadt, B. and Floridi, L. (2017) ‘Why a right to explanation of automated decision-making does not exist in the General Data Protection Regulation’, International Data Privacy Law, 7(2), pp. 76–99.
• Associated Provincial Picture Houses Ltd v Wednesbury Corporation [1948] 1 KB 223.
• R (Bracking) v Secretary of State for Work and Pensions [2013] EWCA Civ 1345.
• R (Bridges) v Chief Constable of South Wales Police [2020] EWCA Civ 1058.
• R v Secretary of State for the Home Department, ex parte Doody [1994] 1 AC 531.
• R (Keyu) v Secretary of State for Foreign and Commonwealth Affairs [2015] UKSC 69.
• R (Oakley) v South Cambridgeshire DC [2017] EWCA Civ 71.
• R (Quark Fishing Ltd) v Secretary of State for Foreign and Commonwealth Affairs [2002] EWCA Civ 1409.
• R (Sandiford) v Secretary of State for Foreign and Commonwealth Affairs [2014] UKSC 44.
• South Buckinghamshire DC v Porter (No 2) [2004] UKHL 33.
• Sunday Times v United Kingdom (1979) 2 EHRR 245.
• Tweed v Parades Commission for Northern Ireland [2006] UKHL 53.
• Conseil constitutionnel, Decision No 2018-765 DC, 12 June 2018 (France).
• Equality Act 2010 (UK).
• Senior Courts Act 1981 (UK).
• UK General Data Protection Regulation (UK GDPR), Article 22.
• Regulation (EU) 2024/1689 (Artificial Intelligence Act).