Detailed overview
Greece regulates AI through the EU AI Act and through Law 4961/2022, which contains national rules on emerging information and communication technologies, including artificial intelligence. The Greek law is especially important for public-sector AI, workplace AI and private-sector AI registers.
Public-sector AI
For public authorities, AI may be used for decision-making or decision support affecting rights only where a specific legal basis exists and appropriate safeguards are provided. The Greek law does not remove obligations under the GDPR or national data-protection law. Public-sector bodies must therefore assess AI both under Greek AI rules and under data-protection rules where personal data is processed.
Before a public-sector AI system is used for decision-making or decision support affecting rights, the public body must prepare an algorithmic impact assessment. This assessment must describe the purpose of the AI system, the public interest pursued, the system's technical characteristics and parameters, the categories of decisions or acts supported by the system, the data categories used, the risks to rights and legal interests, and the expected benefit. The algorithmic impact assessment is separate from a GDPR data-protection impact assessment and does not replace it.
Greek public authorities also have transparency duties. Affected persons must be able to receive information about the name of the AI system, its functioning, its parameters, the categories of decisions it supports and the relevant impact assessment. Public-sector AI procurement contracts must include obligations requiring suppliers to provide information and ensure safeguards for legality, fundamental rights and safe operation.
Public-sector bodies must maintain a register of AI systems. The register must include information such as the system's purpose, start date, operating parameters, technical details, supplier or manufacturer information, safety measures, the algorithmic impact assessment and any relevant data-protection impact assessment.
Workplace AI
Private-sector employers must inform employees or job candidates before using AI systems that affect decisions about recruitment, selection, hiring, evaluation, employment conditions or other employment-related matters. The information must be clear and sufficient and must include the decision parameters and safeguards against discrimination. This duty also applies to certain digital-platform work contexts.
Private-sector registers
Medium and large private-sector companies must maintain an electronic register of AI systems used for consumer profiling or for evaluating employees or collaborators. The register must include operating parameters, categories of affected persons, technical characteristics, supplier or development information and safety measures. These companies must also maintain an ethical data-use policy.
Enforcement
Workplace AI violations are enforced through Greek labour-inspection mechanisms. Law 4961/2022 refers to administrative and criminal sanctions under the Greek labour-inspection framework, with the Labour Inspectorate acting as the first-line authority for those employment-related duties. EU AI Act penalties also apply where the AI system falls into a prohibited, high-risk or otherwise regulated EU AI Act category.