Today we take a giant step towards algorithmic transparency. It is no exaggeration nor hyperbole. The Supreme Court has sided with Civio and forced the Government to give us access to the source code of BOSCO, the software application that decides who receives and who does not receive a social voucher. Civio first demanded the code in 2018 and has faced numerous judicial setbacks. The Supreme Court’s ruling upholds our appeal, creates jurisprudence, and establishes that knowing how the programmes and algorithms used by public administrations work is a democratic right.

The ruling, which you can read in full here, rules out the possibility of imposing total opacity on the grounds of national security or intellectual property, which were the Spanish Government’s arguments against sharing the code. In other words, they cannot override, in a generic and absolute way, the right of access to information, a right the Supreme Court declares constitutional.

The court took into account that the programme decides who gets a social voucher, that it does not include the reasons in its response, that it makes a decision automatically rather than serving as a consultation or support system, and that if it contains errors the algorithm will have a “multiplier effect”, denying an entitlement to thousands of people, unlike the occasional error that an individual might make filling out a form. That is why the public knowing how the algorithm works is of “singular relevance,” in the court’s words.

Neither intellectual property nor security

Although the ruling admits that granting access to the source code may entail risks, it states that the specific risks must be weighed in each case, and that judges must always take into account the special relevance of the code to the public interest.

One of the Government’s main arguments was the defence of its intellectual property. The Supreme Court wrote that this argument is raised as a “mere risk of potential harm,” but that the Government does not clarify how sharing its intellectual property would harm the public administration. The court further establishes that the protection of intellectual property is reduced in cases in which the public administration is the owner and the programme does not belong to a company, and even more so given that this is not a market good with rights to exploit, but a tool that should be at the service of the public interest.

As for the second argument, the possible damage to national security, the court stresses that opening source code may indeed entail security risks, but that these “can generally be foreseen, which makes it possible to design the application or software to strengthen the security of the system.”

During the previous two trials, the Government used two technical assessments to support its arguments for denying access to the code. On the one hand, the Ministry of the Ecological Transition’s deputy director general for information technology argued that someone could mine cryptocurrencies at its headquarters or access the personal data of people applying for help. In the other assessment, an expert from the National Cryptologic Centre claimed that opening any source code would lead to system vulnerabilities. These two bizarre arguments were the basis on which both the court of first instance and the National High Court rejected our claims. The Supreme Court responds to both: it considers that those courts did not weigh the interests at stake, nor did they assess the particular case, beyond taking these assertions at face value. In addition, the Supreme Court states that claiming that opening code is a breach would mean that, de facto, no one would ever be able to request access to any computer programme source code and that public security would be used as an absolute and automatic veto in all such cases.

“It can be affirmed, on the contrary, that transparency can contribute, in equally hypothetical terms, to improving the code and strengthening its security since, on the one hand, it encourages the Administration to require security precautions in the design and oversight of the software and, on the other hand, scrutiny by different independent actors can help to reveal unnoticed vulnerabilities and enable their swift correction.”

The ruling goes further: although it states that there may be hypothetical risks to weigh in each case, “it can be affirmed, on the contrary, that transparency can contribute, in equally hypothetical terms, to improving the code and strengthening its security since, on the one hand, it encourages the Administration to require security precautions in the design and oversight of the software and, on the other hand, scrutiny by different independent actors can help to reveal unnoticed vulnerabilities and enable their swift correction.” This is what happened, with the pandemic contact-tracing application Radar Covid, as cited in the ruling and as we said both in our appeals and at the oral hearing, with the help of our lawyer, Javier de la Cueva.

At the oral hearing, we also stated that accessing the source code did not require accessing applicants’ personal data. The fact is that the programme, the rules it contains, is one thing; the data it processes are quite another. The Supreme Court also agreed with us on this point. Moreover, it wrote that European legislation “rules out the concealment of source code as a general principle.”

Algorithmic transparency as a key value in a ‘digital democracy’

This is not just about BOSCO. That is why this ruling is so important. It now applies to any, any algorithm or programme used by public administrations that affects us citizens. In what the Supreme Court calls a new “digital democracy,” public authorities have the obligation to “explain in an understandable way the functioning of the algorithms used in decision-making that affect citizens to allow them to know about, monitor, and participate in public management.”

The increased use of these technologies must go hand in hand with “demands for transparency of IT processes,” which may require, the ruling continues, “access to their source code,” as in the case of BOSCO.

In short, as the judgment states: “The progressive development and implementation of electronic administration and the growing use of computer applications for the management of public services, with obvious implications for citizens’ rights, insofar as they determine or condition the recognition or denial of public rights and benefits, i.e., they operate as a source of automated decisions, means that the configuration and use of algorithms in those applications acquire decisive relevance and require transparency.”

Moreover, this case is particularly relevant, given that, under current legislation, the court explains, “there are no independent supervisory authorities to ensure the proper functioning of such applications.”

The ruling recognizes the fact that the explainability of algorithms is a “growing public demand” which, as in our case the judges write, is required “as an effective guarantee against arbitrariness or discriminatory bias in fully or partially automated decision-making…avoiding the opacity of the algorithm or the source code is consubstantial with the democratic rule of law.”

The right of access as a constitutional right

The ruling refers to the Charter of Fundamental Rights of the European Union, the Spanish Constitution, the 2013 Transparency Act and previous rulings by the Supreme Court itself, which Civio always cites in its complaints, which establish that limits cannot be imposed on the right of access in a generic and absolute manner, without weighing the merits of each case.

In fact, the Government, in addition to arguing in a vague way about the possible damage to its intellectual property and national security, invoked “generically” in its arguments another string of limits to the right of access: the administrative functions of surveillance, inspection and control; economic and monetary policy; and the guarantee of confidentiality or the secrecy required in decision-making processes. The ruling is categorical: this list, without any reasoning to justify it, “is inconsistent and unfounded.”

The Supreme Court not only focuses on algorithmic transparency, but also gives a boost to transparency in general and to the right of access to information. Thus, although officially, in the law, transparency is not recognised as a fundamental right, despite the claims of civil society organisations such as Civio, the Supreme Court states in this ruling that transparency is closely linked to other rights such as freedom of information, oversight of the courts, access to public records, participation, criticism of power or oversight of public administrations and frames transparency as a “constitutional right.” A right that is, the court states, “inseparable” from democracy itself. Transparency is a duty included in the principle of good administration, the court writes, not just an empty word.

Moreover, the court uses case law from the European Court of Human Rights (ECHR) to establish that, in addition to the public interest of this case, Civio “performs social watchdog functions associated with the guardianship and custody of the rule of law and, therefore, of democracy, insofar as it seeks to ensure the proper functioning of public institutions and to promote the information of citizens about their public institutions and the management of public resources.”

Transparency is not just a point of a law but, the ruling states, “a constitutional right that can be exercised, as a subjective right, against public administrations, derived from the requirements of democracy and transparency, and inseparably linked to the democratic state and the rule of law.”

Sweet victory after seven years’ struggle

This litigation began in 2018, when Civio requested access to the source code of the BOSCO application from the Ministry for the Ecological Transition. After an initial rejection due to administrative silence, Civio filed a complaint with the Council for Transparency and Good Governance (CTBG in Spanish). In February 2019, the CTBG partially upheld the request: it granted access to the technical documentation and test results, but denied access to the source code, arguing that it was protected by intellectual property rules.

Dissatisfied, Civio took the case to court. In December 2021, the Central Contentious-Administrative Court No. 8 dismissed the appeal, not only validating the intellectual property argument, but also adding the argument of danger to public safety. Civio appealed this decision, but the Audiencia Nacional, in its April 2024 ruling, again ruled against Civio, upholding in full the previous ruling and reinforcing the idea that the opacity of the code was a necessary measure to protect both the State’s intellectual property and the security of the system and citizens’ data.

Finally, the case reached the Supreme Court, which admitted Civio’s cassation appeal. The oral hearing took place on 8 July 2025. On 9 September, the Supreme Court signed its judgment and, in the end, ruled in our favour.