Council Decision (EU) 2026/1080 of 21 April 2026 on the conclusion, on behalf of the European Union, of the Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law
What you need to know: Council Decision (EU) 2026/1080 of 21 April 2026 on the conclusion, on behalf of the European Union, of the Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law
The Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law, adopted by the EU in April 2026, establishes international standards for responsible AI governance. This convention signals the EU's commitment to embedding fund
Council Decision (EU) 2026/1080: EU Ratification of the Council of Europe AI Convention
On 21 April 2026, the Council of the European Union adopted Council Decision (EU) 2026/1080, formally concluding the ratification of the Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law — known by its treaty number CETS No. 225. This milestone marks the first binding international treaty specifically governing artificial intelligence and signals a new era of multi-layered AI regulation for organisations operating within the EU.
What Council Decision 2026/1080 Does
Council Decision 2026/1080 is the EU's instrument for ratifying CETS No. 225 on behalf of the European Union as a whole. Because AI regulation falls within EU competence under Articles 114 and 16 TFEU, the Union was able to sign and ratify the Convention as a supranational actor alongside its member states. The Decision authorises the President of the Council to designate persons empowered to deposit the instrument of ratification with the Secretary General of the Council of Europe.
CETS No. 225 was opened for signature in Vilnius on 5 September 2024 and entered into force following the required number of ratifications. By ratifying through Council Decision 2026/1080, the EU becomes a Contracting Party, binding itself and — to the extent that EU law governs — its member states to the Convention's obligations.
Relationship with the EU AI Act
The EU AI Act (Regulation (EU) 2024/1689) already provides a detailed, risk-tiered framework for AI systems placed on the Union market. Council Decision 2026/1080 and CETS No. 225 operate at a different level: they establish international law obligations grounded in human rights, democratic governance, and the rule of law. Where the AI Act focuses on product conformity and market access, CETS No. 225 concentrates on the public-interest outcomes that AI must not compromise.
The two instruments are complementary rather than redundant. Compliance with the AI Act satisfies many of the Convention's procedural requirements, but the Convention's human rights baseline — derived from the European Convention on Human Rights and other Council of Europe instruments — adds a substantive floor that the AI Act's technical requirements do not fully address. Organisations already compliant with the AI Act should therefore treat CETS No. 225 as an additional lens through which to review their AI governance frameworks.
Key Articles of CETS No. 225
Article 5 — Prohibition on AI that Undermines Human Rights. Article 5 of CETS No. 225 requires Parties to prohibit or otherwise prevent AI systems from being used in ways that constitute a risk to human rights, democracy, and the rule of law that cannot be adequately mitigated. This parallels Article 5 of the EU AI Act's list of prohibited AI practices — including social scoring and real-time biometric surveillance — but extends the prohibition to any AI application that, in context, produces outcomes incompatible with fundamental rights as interpreted by the European Court of Human Rights.
Article 8 — Transparency and Oversight of AI Systems. Article 8 obliges Parties to ensure adequate transparency measures so that persons interacting with AI systems can recognise when they are doing so and understand the general logic underpinning consequential decisions. This aligns with the AI Act's transparency requirements under Articles 50 and 13 but applies to a broader set of public and private actors.
Article 13 — Right to Explanation. Article 13 of CETS No. 225 establishes an individual right to obtain an explanation of decisions produced by AI systems that significantly affect a person's rights or interests. This obligation echoes the GDPR's Article 22 right not to be subject to solely automated decisions, but CETS No. 225 extends its scope to any significant AI-driven outcome, regardless of whether it constitutes fully automated processing under the GDPR.
Article 14 — Human Oversight and Safeguards. Article 14 requires Parties to ensure that appropriate mechanisms exist for human oversight of AI systems, particularly where those systems operate in high-stakes domains such as justice, law enforcement, healthcare, and financial services. For EU organisations, this reinforces the human oversight requirements already embedded in the AI Act's Article 14 for high-risk AI systems.
Practical Compliance Implications for EU Organisations
The ratification of CETS No. 225 through Council Decision 2026/1080 creates several concrete implications for compliance programmes.
First, organisations operating AI systems in contexts touching on individual rights — employment, credit, healthcare, judicial proceedings — should review their architectures against the Article 13 explanation standard. Existing explainability documentation prepared for the AI Act and GDPR may be sufficient, but teams should verify that explanations are accessible to affected individuals, not just regulators.
Second, the Article 5 prohibition standard under CETS No. 225 is broader than the AI Act's enumerated list in Article 5(1). Legal and compliance teams should conduct a rights-impact assessment for any AI application not yet covered by the AI Act's high-risk classification, asking whether its outputs could, in practice, compromise human dignity, democratic processes, or access to justice.
Third, public-sector organisations and companies providing AI to public authorities face heightened exposure. CETS No. 225 places particular emphasis on the use of AI by state actors, and public procurement contracts involving AI should now incorporate Convention compliance clauses alongside AI Act conformity requirements.
Fourth, the Convention establishes a Conference of the Parties with monitoring and dispute-resolution functions. This creates an additional accountability layer beyond national competent authorities and the EU AI Office, meaning that systemic failures in AI governance may attract scrutiny from Council of Europe bodies as well as domestic regulators.
Conclusion
Council Decision 2026/1080 embeds an international human rights framework directly into the EU's AI regulatory architecture. Organisations that have focused exclusively on AI Act compliance should now extend their programmes to address the Convention's substantive human rights requirements, explanation rights, and oversight obligations. The practical overlap is significant, but gaps exist — particularly for AI applications not classified as high-risk under the AI Act but capable of affecting fundamental rights in ways CETS No. 225 prohibits.
This article is informational only and does not constitute legal advice. Consult qualified legal counsel for advice specific to your organisation.
Frequently Asked Questions
Does Council Decision 2026/1080 create new direct obligations for private companies?
Council Decision 2026/1080 binds the EU as an international law actor. CETS No. 225 itself primarily addresses obligations on Contracting Parties — meaning states and the EU — rather than private actors directly. However, Parties are required to apply the Convention's standards to private-sector AI activity through domestic legislation, meaning that existing EU law (the AI Act, GDPR, fundamental rights obligations) will be interpreted and potentially extended in light of the Convention's requirements.
How does Article 13 of CETS No. 225 differ from GDPR Article 22?
GDPR Article 22 grants rights specifically in relation to fully automated individual decision-making. Article 13 of CETS No. 225 is broader: it applies to any AI-driven decision that significantly affects a person's rights or interests, even where a human formally approves the outcome. This means explanation obligations under the Convention may apply in scenarios where Article 22 GDPR does not.
When does CETS No. 225 take effect for EU organisations?
The Convention entered into force following ratification by the required number of Parties. Council Decision 2026/1080, adopted on 21 April 2026, concludes the EU's ratification. EU organisations should treat the Convention's standards as applicable immediately, consistent with the EU's obligations as a Contracting Party.
Sources
Key takeaways: Council Decision (EU) 2026/1080 of 21 April 2026 on the conclusion, on behalf of the European Union, of the Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law
This article covers: What Council Decision 2026/1080 Does, Relationship with the EU AI Act, Key Articles of CETS No. 225.
- What Council Decision 2026/1080 Does
- Relationship with the EU AI Act
- Key Articles of CETS No. 225
- Practical Compliance Implications for EU Organisations
- Conclusion
EuroComply Editorial Team
EU regulatory compliance specialists covering the AI Act, GDPR, NIS2, and related legislation. Content reviewed against official EU regulation texts and enforcement guidance.
For informational purposes only. Consult qualified legal counsel.
Get the weekly EU compliance briefing — 2 minutes, every Thursday.
Related Regulation
GDPR
Official EuroComply guide to GDPR