Following relevant legal actions taken by Homo Digitalis, it has been revealed that the Unified Electronic System for recording and managing Road Traffic Code violations and fines (E.I.S.), established by Law 5256/2025 in December 2025, remains not fully operational, while there is also insufficient compliance with both the prescribed timelines and the legal obligations.
Road safety and the protection of all drivers, passengers, and pedestrians constitute an important objective. However, the manner in which the recently adopted legal framework is being implemented, as well as the installation and use of the relevant surveillance systems and their accompanying algorithms, creates challenges both for the accountability of the competent authorities and for the protection of everyone’s rights.
Numerous reports in print, television, and online media circulated inaccurate information for a prolonged period, claiming that the E.I.S. is not only fully operational, but also already capable of automatically imposing fines for violations such as mobile phone use, failure to wear a helmet, or failure to use a seatbelt while driving.
In February and March 2026, Homo Digitalis decided to make use of every legal instrument and all guarantees provided by law in order to ascertain the progress of the implementation of the E.I.S., and whether the timelines, as well as the adoption of the relevant ministerial decisions and cooperation protocols required by law, have been observed.
Specifically, on 24 February, we submitted a Request for Access to Documents to Mr. Ioannis Melas, Director of the Independent Service named “Road Supervision and Safety Systems Service (OD.Y.S.E.A.S.)” of the Ministry of Infrastructure and Transport. Through this request, we sought access to the data protection impact assessment and the algorithmic impact assessment relating to the pilot application, which, according to the Diavgeia website, appear to have been prepared. Furthermore, since well before the adoption of the legal framework—and in particular since 31/07/2025—a direct award had been published on Diavgeia to the company “EVR.ILEK LIMITED LIABILITY COMPANY” for the Development of a Pilot Information System for recording and analyzing traffic violation data, we also called upon OD.Y.S.E.A.S. to grant us access to this contract.
We also requested the Service, as required under Law 5256/2025, to inform us about the criteria and methodology on the basis of which the specific locations for the installation of the pilot system were selected, as well as the objective and technical criteria that led to the differentiation of the technologies used at each installation point (integrated radar for “Spot Speed” control, systems for detecting non-use of helmets, non-use of seatbelts, use of mobile phones while driving, as well as systems for recording red light violations, etc.).
Moreover, pursuant to Article 23(11) of Law 5256/2025, which provides that all technical and detailed matters concerning the protection of natural persons against processing carried out through the E.I.S. are to be regulated by a joint ministerial decision of the Ministers of Infrastructure and Transport, Digital Governance, and Citizen Protection, in accordance with Article 16 (Personal data protection issues), we requested that OD.Y.S.E.A.S. provide us with a copy of this Joint Ministerial Decision or, alternatively, inform us of the exact web address where it has been lawfully published. In addition, we requested information regarding the date of commencement of the system’s operation.
Finally, given that Article 23(12) of Law 5256/2025 provides that, by joint decision of the Ministers of Digital Governance, National Economy and Finance, Interior, Justice, and the competent Minister, following an opinion of the Hellenic Data Protection Authority, the operation of the E.I.S. under Article 4 shall determine: (a) the procedure for transmitting data to competent judicial, prosecutorial, and administrative authorities upon lawful request in the exercise of their duties, (b) the manner in which the controller informs the public that they are about to enter an area covered by installed or portable surveillance systems, the content of such information, and additional rights of data subjects beyond those already established under the General Data Protection Regulation and Law 4624/2019, and (c) any other specific or technical matter necessary for the implementation of Article 16, we requested to be informed whether the relevant opinion has been issued by the Hellenic Data Protection Authority.
However, OD.Y.S.E.A.S. tacitly refused to respond to the above request.
At the same time, on 27 February, we filed a complaint before Ms. Alexandra Rogakou, Governor of the National Transparency Authority (NTA), regarding the omission of significant transparency obligations by OD.Y.S.E.A.S. in relation to the pilot operation and use of the E.I.S. More specifically, pursuant to Articles 4 and 5 of Law 4961/2022, public sector bodies using artificial intelligence systems in decision-making processes or in support thereof, affecting the rights of natural or legal persons, are required to carry out an Algorithmic Impact Assessment prior to the system’s operation. Furthermore, under Article 6 of Law 4961/2022, such bodies are subject to transparency obligations, meaning they must publicly provide information on: (a) the date of commencement of the system’s operation, (b) the operational parameters, capabilities, and technical characteristics of the system, (c) the categories of decisions taken or acts issued with the participation or support of the system, and (d) the conduct of an algorithmic impact assessment. Based on the above, we called upon the NTA to examine OD.Y.S.E.A.S.’s compliance with these obligations.
On 23 April, the NTA officially responded to our complaint, informing us that, based on the investigation, the views of the competent service indicated that the joint ministerial decision of the Ministers of Digital Governance, Interior, Citizen Protection, and Infrastructure and Transport, which certifies the full operation of the E.I.S. and its necessary interconnections, has not yet been issued. Furthermore, the NTA sent a document to the competent service requesting information on the date of commencement of the system’s full operation, in order to assess, at a later stage and once the aforementioned certifying act is issued, the service’s compliance with its obligations.
In early March, a further request for access to documents was submitted by Homo Digitalis, this time to the Hellenic Police. According to Article 16(2)(b) of Law 5256/2025, within three (3) months from the entry into force of the law, the joint controllers are required to sign a cooperation protocol defining their relations with data subjects and their respective responsibilities for compliance with obligations arising from the GDPR. Under Article 49 of Law 5256/2025, the law entered into force upon its publication in the Government Gazette, namely on 8 December 2025. Therefore, the Hellenic Police, together with the other joint controllers, should have signed the protocol by 8 March 2026. This protocol is a crucial document, as it defines the relationship between joint controllers and data subjects, as well as their respective responsibilities under the GDPR.
However, the Hellenic Police also tacitly refused to respond to this request.
In conclusion, the implementation of the E.I.S., as established by Law 5256/2025, remains incomplete and is accompanied by significant shortcomings in compliance with the prescribed regulatory and organizational obligations. Homo Digitalis will continue its actions to monitor compliance with the applicable legal framework, in order to ensure both the effectiveness of the system and the full safeguarding of the rights of data subjects at the stage of its future full operation.