Such requirements can follow from many types of EU-wide and Dutch regulations. As noted, the GDPR, the Medical Device Regulation, and the recently adopted AI Act (June 2024), include norms applicable to CDSSs, including norms regarding explainability of AI systems. However, many aspects of those explainability requirements are still unclear and need further research, especially when applied to CDSSs. Additionally, for all these regulations, there is, or will be, additional guidance or regulation by regulators, such as the European Data Protection Board. Meanwhile, case law (court decisions) regarding AI explainability is developing quickly. Moreover, other regulation may also include relevant explainability requirements, such as the Dutch Medical Treatment Act. In this legal work package, we will map out and analyse the up-to-date and new requirements that follow from EU and Dutch regulation. All the above-mentioned legal norms must be interpreted in the light of fundamental rights, such as the right to the protection of personal data and the right to healthcare. The norms must also be interpreted in the light of what is technically possible.