Why Portugal’s Prosecutors Are Handing the AI 'Black Box' Over to the Auditors

Long before a defendant steps into a courtroom or a case file is even opened, an invisible digital hand may have already sorted, analyzed, and flagged the evidence. In the silent corridors of the justice system, algorithms are increasingly the ones doing the heavy lifting. But for years, these systems operated within a 'black box'—a space where code remained opaque and decisions were made without a clear trail of accountability.

This era of unchecked automation is coming to an end in Western Europe. On the heels of the EU AI Act’s implementation, Portugal’s Public Prosecution Service (Ministério Público) has taken a decisive step to pull back the curtain. By adopting a comprehensive Charter for the Ethical Use of Artificial Intelligence and a Technical Audit and Monitoring Policy, the service is signaling that while AI may be a powerful tool, it will never be the one holding the gavel.

The Guardrails of Justice: Why a Charter Matters Now

In a regulatory context, the move by the Portuguese Public Prosecution Service isn't just a bureaucratic update; it is a fundamental realignment of how technology interacts with the law. The newly adopted Charter applies to all AI systems used within the service, but it places a heavy emphasis on what the EU AI Act defines as high-risk systems.

High-risk AI refers to software that has a significant impact on an individual’s life, such as systems used in recruitment, credit scoring, or, in this case, law enforcement and the judiciary. Because these tools can influence whether someone is investigated or how evidence is prioritized, the margin for error is nonexistent.

Essentially, the Charter acts as a set of guardrails on a mountain road. It allows the vehicle—the AI—to move quickly, but it prevents it from veering off the cliff of bias or illegality. By establishing these rules early, Portugal is attempting to prevent the 'black box' problem, where even the developers cannot explain why an algorithm reached a specific conclusion.

Core Principles: Keeping the Human in the Loop

At the heart of the Charter lie six core principles that every AI system must satisfy before it is allowed to touch a case file.

1. Respect for Fundamental Rights: AI must uphold the dignity and rights enshrined in the Portuguese Constitution and the EU Charter of Fundamental Rights.
2. Non-Discrimination: Systems must be rigorously tested to ensure they do not produce biased outcomes based on race, gender, religion, or socioeconomic status.
3. Transparency: To put it another way, the 'how' and 'why' of a machine’s output must be explainable to a human observer.
4. Data Protection: AI use must be compliant with the GDPR, ensuring that personal data is handled with the same care as a physical evidence locker.
5. Human Oversight: This is the 'human-in-the-loop' principle. A human must always have the final say and the power to override a machine’s suggestion.
6. Security and Robustness: The systems must be resilient against hacking and technical failures.

From a compliance standpoint, these principles serve as a compass for the prosecutors. They ensure that technology remains a subordinate partner rather than an autonomous decision-maker.

The Great Prohibition: No Predictive Sentencing

Curiously, one of the most significant parts of the Charter isn’t about what AI can do, but what it is strictly forbidden from doing. The Public Prosecution Service has drawn a hard line in the sand: AI cannot replace human judgment, and predictive assessments are prohibited.

In some jurisdictions, 'predictive policing' or 'predictive sentencing' tools have been used to estimate the likelihood of a person committing a crime in the future. Portugal has rejected this path. Under this framework, an algorithm cannot be used to determine a defendant’s 'risk score' or suggest a specific sentence based on historical data.

This is a critical victory for digital rights. It recognizes that algorithms are backward-looking by nature—they learn from the past, including past biases. Allowing them to predict the future within the justice system would be like using a rearview mirror to steer a car through a crowded intersection. It is inherently dangerous and, in a regulatory context, legally precarious.

The Audit Policy: Moving Beyond Trust

While the Charter provides the 'what,' the Technical Audit and Monitoring Policy provides the 'how.' In practice, many organizations adopt ethical guidelines and then let them sit on a shelf. Portugal is avoiding this trap by creating a Multidisciplinary AI Supervision Committee.

This committee is tasked with continuous compliance verification. It’s not a one-time checkup; it’s a living process of institutional health. Every AI system used by the prosecutors will be subject to granular audits that examine the data sets used for training, the logic of the algorithms, and the actual real-world outcomes they produce.

Think of this as a digital witness protection program for data integrity. The auditors ensure that the data fed into the AI hasn’t been 'poisoned' by inaccuracies and that the system’s performance hasn’t 'drifted' over time to become less accurate or more biased.

What This Means for the Private Sector

While this policy is specific to the Portuguese Public Prosecution Service, its ripples will be felt across the private sector. Companies developing legal-tech or AI tools for government use now have a very clear checklist of requirements.

Moreover, this serves as a blueprint for any organization—be it a bank, a hospital, or a retail giant—that uses high-risk AI. The transition from 'move fast and break things' to 'move carefully and document everything' is now the global standard. Organizations that fail to adopt similar ethical guidelines and audit policies will find themselves increasingly vulnerable to both legal challenges and a loss of public trust.

Ultimately, privacy-preserving AI is not just about following the law; it is about ensuring that as we move into an automated future, we don’t leave our fundamental humanity behind.

Actionable Steps for AI Compliance

If your organization is currently deploying or developing AI systems, take a page from the Portuguese playbook to ensure your 'digital apprentice' stays on the right track:

• Conduct a Risk Inventory: Categorize your AI systems. Are any of them 'High Risk' under the EU AI Act? If they influence hiring, lending, or legal rights, the answer is likely yes.
• Implement Human Oversight: Ensure there is a 'Kill Switch' or an override mechanism. No automated decision that impacts a person’s rights should be final without human review.
• Audit Your Data Sources: Examine your training data for historical biases. If your data is a 'toxic asset' filled with old prejudices, your AI will simply automate that toxicity.
• Establish a Multidisciplinary Team: Compliance isn't just for lawyers, and it’s not just for IT. You need a bridge between the two to understand how the code affects the law.
• Publish Your Transparency Manifesto: Be open with your users or clients about how you use AI. Transparency is the best antidote to the fear of the 'black box.'

Sources

• EU AI Act (Regulation (EU) 2024/1689): The overarching framework for artificial intelligence in the European Union.
• GDPR Article 5 & 22: Principles relating to processing of personal data and protections against automated individual decision-making.
• Charter for the Ethical Use of AI (Ministério Público de Portugal): The primary document establishing the ethical boundaries for Portuguese prosecutors.
• Technical Audit and Monitoring Policy for Institutional AI Systems: The procedural manual for AI supervision within the Portuguese justice system.

Disclaimer: This article is for informational and journalistic purposes only. It explores the intersection of law and technology but does not constitute formal legal advice. For specific compliance requirements, consult with a qualified legal professional specializing in AI and data protection.