GDPR Article 22 Compliance for AI-Generated Email

When your AI agent sends emails that affect individuals, GDPR requires human oversight. MultiMail's gated_send mode enforces that review and logs every decision.

The problem

Why this matters

GDPR Article 22 grants individuals the right not to be subject to decisions based solely on automated processing when those decisions produce legal or similarly significant effects. AI agents sending emails about loan decisions, job applications, account terminations, or insurance claims likely trigger this right. Sending those emails without a human in the review loop exposes your organization to enforcement action under Article 83—fines up to €20 million or 4% of global annual turnover. Many teams ship AI email pipelines that technically satisfy their internal review SOP, but have no audit trail proving a human actually reviewed and approved each outbound message before delivery.

The solution

How MultiMail solves this

MultiMail's gated_send oversight mode holds every outbound email in a pending queue until a human reviewer explicitly approves or rejects it via the API or dashboard. The approve/reject action, the reviewer identity, and the timestamp are written to an immutable audit log that survives the lifetime of the email. This gives you a verifiable chain of evidence that a human exercised meaningful control over each AI-drafted message—directly satisfying Article 22's human oversight requirement. The AI agent drafts and classifies; a human decides whether to send. Your audit log proves it.

1

Classify decision impact before drafting

Before your agent drafts anything, call the decide_email tool or POST to /v1/emails/classify to tag whether the outbound email carries a significant automated decision (e.g., application outcome, credit limit change, account action). This classification drives downstream routing and is included in the audit record.

2

Configure the mailbox with gated_send

Create or update the sending mailbox with oversight_mode set to gated_send via POST /v1/mailboxes. Every email sent from this mailbox is held in the pending queue regardless of which agent or pipeline originates it—no per-call flag required.

3

Agent drafts and queues the email

Your agent calls send_email (POST /v1/emails/send) as normal. Because the mailbox is in gated_send mode, the API returns a 202 with a pending email ID rather than delivering immediately. The draft is stored server-side with the agent's decision metadata attached.

4

Human reviewer inspects and decides

A human reviewer calls GET /v1/emails/pending to see the queue, reads the draft and classification, then calls POST /v1/emails/{id}/approve or /v1/emails/{id}/reject. The approval event records the reviewer's authenticated identity and timestamp.

5

Delivery and audit log finalization

On approval, MultiMail delivers the email and finalizes the audit record: agent ID, draft timestamp, classifier output, reviewer ID, review timestamp, and delivery confirmation. This record is available via GET /v1/emails/{id}/audit and is immutable after delivery.

Code examples

Implementation

Create a GDPR-compliant sending mailbox
python
import httpx

client = httpx.Client(
    base_url="https://api.multimail.dev",
    headers={"Authorization": "Bearer $MULTIMAIL_API_KEY"}
)

"cm"># Create mailbox with gated_send — all sends require human approval
response = client.post("/v1/mailboxes", json={
    "address": "[email protected]",
    "display_name": "YourCompany Decisions",
    "oversight_mode": "gated_send",
    "metadata": {
        "gdpr_article22_scope": True,
        "reviewer_team": "compliance"
    }
})

mailbox = response.json()
print(f"Mailbox {mailbox[&"cm">#039;id']} created with oversight: {mailbox['oversight_mode']}")
"cm"># oversight_mode: gated_send — emails queue for review, never deliver without approval

Configure a mailbox with gated_send oversight so every outbound email is held for human review automatically.

Agent drafts an application decision email
python
from multimail_sdk import MultimailClient

client = MultimailClient(api_key="$MULTIMAIL_API_KEY")

"cm"># Agent drafts the decision email — gated_send mailbox holds it automatically
result = client.send_email(
    from_address="[email protected]",
    to="[email protected]",
    subject="Your application — decision notification",
    body=(
        "After review by our team, we would like to inform you that your "
        "application has been assessed. Please log in to your account to "
        "view the full decision and your options for next steps."
    ),
    metadata={
        "automated_decision": True,
        "gdpr_article22": True,
        "application_id": "APP-2026-00412",
        "agent_id": "screening-agent-v2"
    }
)

"cm"># Returns 202 — email is queued, not yet delivered
print(f"Status: {result.status}")
"cm"># Status: pending
print(f"Pending email ID: {result.email_id}")
"cm"># Pending email ID: em_01J9X... — reviewer must approve before delivery

The agent sends an email that enters the pending queue. The 202 response confirms it is held, not delivered.

Compliance reviewer: inspect queue and approve
python
import httpx

client = httpx.Client(
    base_url="https://api.multimail.dev",
    headers={"Authorization": "Bearer $MULTIMAIL_API_KEY"}
)

"cm"># Pull pending emails tagged as Article 22 scope
pending = client.get("/v1/emails/pending", params={
    "mailbox": "[email protected]",
    "metadata[gdpr_article22]": True
}).json()

for email in pending["emails"]:
    print(f"ID: {email[&"cm">#039;id']}")
    print(f"To: {email[&"cm">#039;to']}")
    print(f"Subject: {email[&"cm">#039;subject']}")
    print(f"Agent: {email[&"cm">#039;metadata']['agent_id']}")
    print(f"Application: {email[&"cm">#039;metadata']['application_id']}")
    print()

    # Human reviewer decision — identity captured from auth token
    email_id = email["id"]
    response = client.post(f"/v1/emails/{email_id}/approve", json={
        "reviewer_note": "Reviewed application APP-2026-00412. Decision is accurate."
    })

    result = response.json()
    print(f"Approved by: {result[&"cm">#039;audit']['reviewer_id']}")
    print(f"Reviewed at: {result[&"cm">#039;audit']['reviewed_at']}")
    print(f"Delivered at: {result[&"cm">#039;audit']['delivered_at']}")

A human compliance reviewer fetches pending emails, inspects the draft, and approves. The audit record is finalized on approval.

Retrieve the audit trail for a sent email
python
import httpx

client = httpx.Client(
    base_url="https://api.multimail.dev",
    headers={"Authorization": "Bearer $MULTIMAIL_API_KEY"}
)

email_id = "em_01J9X4KM2VPNQ8W3R7T"
audit = client.get(f"/v1/emails/{email_id}/audit").json()

print("=== GDPR Article 22 Audit Record ===")
print(f"Email ID:          {audit[&"cm">#039;email_id']}")
print(f"Agent ID:          {audit[&"cm">#039;agent_id']}")
print(f"Drafted at:        {audit[&"cm">#039;drafted_at']}")
print(f"Decision type:     {audit[&"cm">#039;metadata']['gdpr_article22']}")
print(f"Reviewer ID:       {audit[&"cm">#039;reviewer_id']}")
print(f"Reviewer note:     {audit[&"cm">#039;reviewer_note']}")
print(f"Review decision:   {audit[&"cm">#039;review_decision']}")
print(f"Reviewed at:       {audit[&"cm">#039;reviewed_at']}")
print(f"Delivered at:      {audit[&"cm">#039;delivered_at']}")
print(f"Recipient:         {audit[&"cm">#039;to']}")

"cm"># This record is immutable — safe to present to DPA or data subject on SAR

Fetch the complete audit record for a delivered email—agent identity, review decision, timestamps—for compliance evidence or DPA response.

Benefits

What you get

Verifiable Article 22 compliance

Every outbound email that triggers Article 22 has an immutable audit record showing which human reviewed it, what decision they made, and when. This is the evidence a Data Protection Authority will ask for.

No delivery without human approval

gated_send is enforced at the infrastructure level. A misconfigured agent, a rushed deployment, or a forgotten conditional cannot bypass the review queue—the mailbox configuration is the control, not application code.

Agent-readable rejection reasons

When a reviewer rejects a draft via POST /v1/emails/{id}/reject, they can include a structured reason. Your agent can read this via the webhook or GET /v1/emails/{id} and revise the draft before resubmitting, reducing reviewer round-trips.

Webhook-driven reviewer notifications

Configure a webhook on the email.pending event to route new drafts to your existing compliance tooling—Slack, PagerDuty, Jira, or a custom dashboard. Reviewers do not need to poll a separate system.

Scoped API keys for reviewer separation

Issue reviewer API keys with approve_email scope only—they cannot send new emails or read unrelated mailboxes. This enforces separation of duties between the AI agent role and the human oversight role.

Oversight

Recommended oversight mode

Recommended
gated_send
GDPR Article 22 requires that automated decision-making with significant effects on individuals include a mechanism for human review before the decision is communicated. gated_send satisfies this by holding every outbound email until a human explicitly approves it. gated_all would also block reads, which is unnecessarily restrictive for a send-only compliance flow. monitored or autonomous would not satisfy Article 22 because they allow delivery before human review. gated_send is the minimum compliant mode for this use case.
FAQ

Common questions

Which emails actually trigger GDPR Article 22?
Article 22 applies to decisions based solely on automated processing that produce legal effects or similarly significantly affect the individual. Examples include automated credit decisions, hiring screening outcomes, insurance underwriting, account terminations, and benefit eligibility notices. Routine transactional emails (receipts, shipping notifications) are generally outside scope. When in doubt, route through gated_send—the cost of an extra review is far lower than an enforcement action.
Does gated_send satisfy the 'human involvement' requirement in Article 22(2)(b)?
Article 22(2)(b) permits automated decision-making where necessary for a contract, provided suitable safeguards are in place—including the right to obtain human intervention. The gated_send audit trail documents that a named, authenticated human reviewed and approved each email before delivery. This is meaningful human involvement, not a rubber stamp. Pair it with a documented reviewer SOP and you have the safeguards Article 22 requires.
How long does MultiMail retain audit records?
Audit records are retained for the lifetime of your account plus 90 days after account closure by default. You can export audit records at any time via GET /v1/emails/{id}/audit or in bulk via GET /v1/audit/export. GDPR does not specify a minimum retention period for oversight records, but DPA guidance in several EU member states recommends retaining records for the duration of any potential complaint window—typically three years. Adjust your export and archival schedule accordingly.
Can we route high-volume transactional emails and Article 22 emails through the same system?
Yes. Create separate mailboxes: one with oversight_mode autonomous for transactional email (receipts, notifications) and one with oversight_mode gated_send for Article 22 scope. Your agent selects the from_address based on the decision classification. The gated_send mailbox's overhead does not affect throughput on the autonomous mailbox.
What happens if a reviewer rejects a draft?
A rejection via POST /v1/emails/{id}/reject prevents delivery and fires an email.rejected webhook. Your agent receives the rejection event along with the reviewer's structured reason field. The agent can log it, escalate to a different workflow, or revise the draft and resubmit via a new send_email call. The original rejected draft and its audit record remain accessible for compliance purposes.
Does this work with MCP clients like Claude Desktop?
Yes. The decide_email, list_pending, and cancel_message MCP tools are available when you connect MultiMail's MCP server to Claude Desktop or any MCP-compatible client. A compliance reviewer can inspect and act on the pending queue directly from their MCP client without writing code. The approval still goes through the API and generates the same audit record.
Do we need to update our Privacy Notice to disclose AI-drafted email?
Article 13(2)(f) and Article 14(2)(g) require disclosure of solely automated processing and its significance where Article 22(1) applies. If your AI agent drafts emails communicating automated decisions, your Privacy Notice should describe the logic involved and the safeguards in place. The existence of a human review step (gated_send) is a relevant safeguard to disclose. This is a legal question—consult your DPO for the specific wording.
Related

Explore more use cases

Compliance Notifications

legal

View guide →

EU AI Act Article 50 Email Compliance

legal

View guide →

EU Product Liability for AI Agents

legal

View guide →

Email Classification

operations

View guide →
Get started

The only agent email with a verifiable sender

Email infrastructure built for AI agents. Verifiable identity, graduated oversight, and a 50-tool MCP server. Formally verified in Lean 4.

Read the Docs See Pricing