Every person serving a sentence in a United States federal prison is given a number that helps decide when they leave. The number is produced by PATTERN — the Prisoner Assessment Tool Targeting Estimated Risk and Needs — a statistical model the Justice Department built after Congress, in the First Step Act of 2018, ordered it to. The score sorts each person into one of four recidivism-risk categories, from minimum to high, and that category governs something concrete: whether the time credits a person earns through programming can actually be cashed out for earlier release to a halfway house or home confinement. A minimum-risk score is a path home. A high-risk score is a closed door. The tool is real, it is consequential, and it is governed — audited, revalidated, litigated. What it is not, in any structured way, is contestable by the person it scores. That last fact is the subject of this reading, and the reason PATTERN is the cleanest available illustration of a claim that sits at the center of any serious comparison between European and American AI regulation.
↑ N° 17 · Hildebrandt’s distinction between legal by design and legal protection by design is the theoretical engine of this piece: PATTERN is what it looks like when a system is governed for systemic risk but never built to keep contestation standing.The tool, and what the score actually moves
Before the regulation, the object. PATTERN is not an advisory curiosity; its output changes the date on which a human being walks out.
The First Step Act was a bipartisan sentencing-and-prisons law, signed in December 2018, that tried to reduce the federal prison population by paying people, in time, for rehabilitation. Complete approved programming — a vocational course, a drug-treatment program — and you earn “time credits.” Apply those credits, and your release to supervised conditions comes sooner. But the statute attached a gate to the payout: the credits can be applied only by people the system judges unlikely to re-offend. To run that gate at scale, Congress directed the Justice Department to build a risk-assessment instrument.1 PATTERN is that instrument, released in 2019 and revised since.
The mechanics are worth stating plainly, because the abstraction “risk assessment” hides the stakes. PATTERN takes a set of inputs — age, criminal-history facts, disciplinary record inside prison, program completion — and returns a score, which maps to a risk level. The level is not advice a case manager may take or leave. It is wired into eligibility. Two people with identical earned credits can land on opposite sides of the release gate because the model placed them in different categories.
This is the first thing to hold: the score is not a recommendation that sits beside the decision. For a large class of cases it is the decision, or the part of it that does the deciding. That is precisely the configuration that, in other contexts, the law has learned to surround with procedure.
How the United States governs PATTERN — diffusely, and from outside
There is real oversight. It just doesn’t live inside the tool, and it almost never runs at the request of the person scored.
It would be wrong to say PATTERN is ungoverned. The opposite is closer to true: it is one of the most-examined algorithms in the federal government. The Justice Department’s own research arm revalidates it on a roughly annual cadence, publishing technical reports on its predictive accuracy and its disparities across racial and ethnic groups — disparities the reports themselves document and the department has acknowledged it is still working to reduce.2 In 2025 the Government Accountability Office, the legislature’s audit body, examined the system and concluded that improvements were needed in how the tool is managed and how its limitations are communicated to the people who rely on it.3 The Justice Department now also lists PATTERN in its public inventory of agency AI use cases.4
So oversight exists. The question is its shape. Each of these channels is systemic and external: a periodic revalidation by in-house statisticians, a one-off audit by the GAO, an entry in a transparency inventory, a comment letter from a civil-rights coalition.5 They examine the tool as a population-level instrument. None of them is a route by which a particular person, scored “high” on a particular Tuesday, can demand the basis of that score and put it before someone empowered to change it.
Where individual contestation has surfaced, it has surfaced where the American system tends to send unresolved grievances: the courts. A small run of suits brought by incarcerated plaintiffs has begun to test PATTERN-adjacent determinations — how credits were calculated, how a risk level was assigned, whether the process was followed.6 Litigation is a contestation channel. But it is the slowest, costliest, and least accessible one available, reachable mostly after the fact and mostly by those who can find counsel.
PATTERN is comprehensively audited and almost entirely unappealable. Those are not the same kind of accountability. — The thesis of this reading
The distinction in that line is the whole point, and it is worth slowing down for, because the intuition that “a well-audited system is an accountable system” is exactly the intuition the rest of this piece is trying to complicate. Auditing asks: does the tool perform as specified across the population? Contestation asks: can this person challenge what the tool did to them? A system can pass the first test continuously and offer no answer to the second. PATTERN, at present, largely does.
What a high-risk regime would require
Now move the same tool across the Atlantic, conceptually, and ask what the EU AI Act would demand if PATTERN fell under its high-risk rules.
The European Union’s Artificial Intelligence Act, in force since August 2024, does not regulate all AI the same way. It sorts systems by risk, and reserves its heaviest obligations for a defined set of “high-risk” uses — among them AI used in the administration of justice and in law-enforcement risk assessment, the family PATTERN belongs to.7 A tool of PATTERN’s function, deployed in the Union, would almost certainly land in that tier. And the high-risk tier is not a warning label. It is a set of enforceable design and process duties.
Four of those duties matter here, because they are exactly the duties PATTERN’s American governance leaves to chance. Articles 11 and 12 require technical documentation and automatic record-keeping — the system must keep logs that make its operation reconstructable after the fact. Article 13 requires transparency to the deployer, so the official using the score understands the tool’s capabilities and limits. Article 14 requires human oversight built into the system’s design and operative during use, not merely promised in a policy. Article 15 requires a declared and tested standard of accuracy and robustness.8
Then comes the part with no American analogue at all: conformity assessment. Before a high-risk system goes to market, the AI Act requires a procedure to verify it meets the requirements — most often through internal control under Annex VI, and for some uses through an independent third party, a “notified body,” accredited under Article 31 to perform the check.9 The point is not that Europe’s paperwork is heavier. The point is structural: the AI Act converts good practice into a precondition for operating, and attaches an outside verifier to confirm it. PATTERN’s revalidations are excellent, but they are the work of the same department that runs the tool, performed after deployment, with no external gate the system must pass to keep running.
Why this is a question about interoperability, not one tool
The gap is not that America forgot to govern PATTERN. It is that the framework America governs it with was never built to do the job the gap names.
The United States is not without an AI governance framework. It has the National Institute of Standards and Technology’s AI Risk Management Framework — the AI RMF — a careful, widely respected document organized around four functions: govern, map, measure, and manage.10 An agency that took the AI RMF seriously for PATTERN would do much of what good governance asks: inventory the system, map its context, measure its performance and its disparities, manage the risks it surfaces. Most of that, in fact, is what the revalidations already do.
But the AI RMF is voluntary, and — more importantly for this argument — it is built to manage risk at the level of the system and the institution, not to vest a right in the person. It tells an agency how to govern its model well. It does not tell the person scored that they may demand the basis of the score and contest it before a forum that can change it. That second thing is not a defect the AI RMF failed to include by oversight. It is simply a different kind of instrument doing a different kind of work.
This is where PATTERN stops being an anecdote and becomes evidence for a thesis. The central project of comparing the EU AI Act and the NIST AI RMF is to find where the two frameworks correspond and, more revealingly, where one covers ground the other leaves open.11 PATTERN marks one of those open patches with unusual clarity. On the European side, a high-risk classification pulls in conformity assessment, built-in oversight, and — through the data-protection regime that sits alongside the AI Act — an individual’s standing right to contest a solely automated decision. On the American side, the matching obligations are either voluntary, external, after-the-fact, or absent. The frameworks are not mirror images with a few missing tiles. They are built around different centers of gravity: systemic risk management on one side, individual legal protection on the other.
That last row is the one Hildebrandt’s vocabulary was built to name. A system can be legal by design — engineered to run the rule correctly — and still fail to be built for legal protection by design, the preservation of the conditions, contestability first among them, that make a rule protective rather than merely enforced. PATTERN is a careful instance of the former with very little of the latter.
Coda — what's open, what isn't
PATTERN is a moving target, and some of what this reading describes will change. The tool is being revalidated again for 2026; the disparities its own evaluators document may narrow; the handful of lawsuits testing its determinations may produce doctrine that hardens, somewhere, into a real contestation channel. The American system is not static, and its preferred venue for building rights — the courtroom — is slow but not closed.
What is not open to much doubt is the structure. PATTERN is comprehensively studied and very lightly contestable, and that combination is not an accident of one tool’s implementation. It is what you get when a system is governed by a framework built to manage institutional risk rather than to vest individual protection. The EU AI Act would not necessarily make PATTERN fairer or more accurate — its revalidations may already beat what a first conformity assessment would require. What the AI Act would change is the grammar: it would make documentation, oversight, and an external check into conditions of operating, and it would sit beside a right that lets the scored person push back.
The reader is left with a diagnostic, not a verdict. When you next meet a claim that some public algorithm is “responsibly governed,” it is worth asking which question the governance answers. Does the tool perform well across the population? Or can the person it judges argue with it? Those are different accountabilities, and PATTERN is the case that shows how far apart they can sit.