Luxembourg’s Commission d’Accès aux Documents (CAD) plays a pivotal role as an oversight body ensuring transparent and open administration interpreting Luxembourg’s freedom of information law (loi du 14 septembre 2018 relative à une administration transparente et ouverte – let’s call it LATO). The CAD reviews disputes when individuals request access to documents from public authorities and are denied, or receive partial or no response.
In this post, we aim to:
- Understand, what type of LATO requests are made. There is, sadly, no comprehensive overview of all LATO requests sent to administrations – however it seems reasonable to assume that requests made to the CAD are similar in scope and proportion to the general requests
- Understand, what the decision patterns of the CAD are like.
- Provide practical takeaways for interested LATO users and our own stance on the role of the CAD within the LATO framework.
This information was compiled and analyzed by ZUG.
Table of Contents
We at ZUG became interested in the CAD and LATO during our Safe Crossing investigation.
Generally, while the CAD reviews are not legally binding, they are reviewed by an interdisciplinary team and one should be able to assume court rulings will come to similar conclusions. Therefore, any reasonable administration should have little interest in fighting CAD decisions based on the decision. Yet, they do. We at ZUG regard fighting CAD decisions in a similar light as SLAPP lawsuits.
What kind of LATO requests make it to the CAD, and what requests get approved and denied by the CAD gives us a crucial insight into the workings of the transparency law in Luxembourg.
Below is an analysis of a data set containing several dozen decisions, illustrating how the Commission interprets Luxembourg’s freedom of information law (loi du 14 septembre 2018 relative à une administration transparente et ouverte) and balances public interest with legal exemptions.
Overview of the Decisions
From the raw data (98 entries), each row represents a separate decision (“avis”) issued by the CAD. Each decision revolves around a requester asking for one or more documents from a public authority, such as a ministry, municipal administration, or public institution. Authorities sometimes refuse on various grounds, prompting the requester to seek a review by the CAD. It is important to understand that this does not happen automagically. The requester needs to present their case to the CAD. In turn this means that not all refused requests become visible.
We have divided, aligned with the content of the decisions, the outcome into four categories:
- Avis positif
The CAD instructs that the requested document(s) should be disclosed. - Avis négatif
The CAD agrees with the authority that the document(s) should not be disclosed. - Avis partiellement positif
Only a portion of the documents, or redacted versions, are disclosed—often due to data protection or ongoing administrative procedures. - Irrecevable
The CAD deems the request inadmissible, usually because it is either overly broad, seeks “information” rather than a specific “document,” or missed procedural deadlines. It is important to note that “overly broad” should not be a ground for refusal – article 4(2) of the law mandates administrations to refine requests if they are too broad.
In aggregate, the data shows that a significant percentage of cases receive at least some form of disclosure (either positif or partiellement positif), while the rest are refused or dismissed as irrecevable. However, it becomes also clear that the CAD is strict in its proceedings, not lightly “green-lighting” every request.
Key Themes and Common Types of Requests
A closer look at the requests reveals several recurring themes:
- Administrative and Urban Planning Documents
- Construction permits, building plans, technical studies (e.g., geotechnical, hydrological)
- Master plans (PAG) and special development plans (PAP)
- Requests often end up partially granted or fully granted if they are specific enough, but internal floor plans and personal data are typically redacted or refused.
- Contracts and Agreements with the State
- Memorandums of Understanding (MoUs) with foreign governments (e.g., Luxembourg-China Belt and Road Initiative, Luxembourg-USA space cooperation)
- Service contracts between ministries and private companies (e.g., testing services, technology consulting)
- These requests often face refusals due to commercial confidentiality, foreign affairs exemptions, or regulatory/inspection missions.
- Personal Data and Privacy
- Individuals seeking personal files or files mentioning them (e.g., police inspection records, apprenticeship contract disputes)
- Marriage certificates or other civil registry data that relate to third parties
- In many cases, the CAD either denies, declares irrecevable or instructs heavy redaction based on Article 6 of the law, which protects personal data.
- Oversight of Public Funding or Administrative Control
- Access to documents regarding subsidies, tax rulings, or audits
- Often refused if the documents fall under “control, inspection, and regulation” missions of agencies (e.g., the CSSF in finance, CNPD in data protection, ADEM in employment regulation).
- Scope of the Law and Procedural Requirements
- Many requests are declared irrecevable because they do not ask for a specific document but for generic “information.” The law requires requesters to identify documents with reasonable precision.
- Some requests fall outside the law’s scope (e.g., purely internal deliberations, unfinished or “in-progress” drafts, or older documents not covered by the 2018 law).
The themes of the requests directed at the CAD indicate that the themes are largely about what affects a broader public on a daily level. While a small number of requests deem to be purely relevant to few individuals, the vast majority of requests if affecting a general population.
3. Reasons for Refusals: Exemptions in Action
Foreign Relations and Security
Article 1, paragraph 2, point 1 of the law excludes documents whose disclosure could harm Luxembourg’s foreign relations or national security. Examples include:
- MoUs with foreign governments regarding diplomatic or strategic matters (China Belt and Road, Luxembourg-USA in space).
Regulatory, Control, and Inspection Missions
Documents tied to bodies like the Commission de Surveillance du Secteur Financier (CSSF), the National Commission for Data Protection (CNPD), or the police’s regulatory and inspection roles fall under exemptions:
- If the requested file belongs to an ongoing or closed investigation/regulatory procedure, CAD often upholds the authority’s refusal.
Personal Data Protection
Under Article 6 of the law, personal data of third parties generally cannot be disclosed to someone not concerned by the data:
- Marriage or birth certificates, personal details in contracts, or health records typically get redacted or refused in full.
Unfinished Documents and Internal Deliberations
Drafts and incomplete documents can be withheld:
- The law excludes “unfinished” documents still in progress, such as preliminary notes for a future bill or an unapproved ministerial report.
Requests for ‘Information’ Rather Than a ‘Document’
Many irrecevable rulings arise because the requester asks for broad explanations or data sets that do not exist in a single, identifiable document:
- “All documents related to a certain topic” or “information about land ownership or policy decisions” is often rejected unless the requester specifies a concrete report, file, or record.
- It is important to notice that article 4(2) of the law requires administrations to help requesters to find documents if requested.
If we plot the results on a stacked maximized bar chart, this picture becomes very apparent:
The CAD is clearly protecting private contractual interests, and staying out of employment and labour questions. Also aforementioned personal data requests are either declared “irrecevable” or “avis négatif“.
Trends and Observations
- Partial Disclosure is Common
Even when authorities initially refuse access citing exemptions, the CAD often rules that some parts are releasable if sensitive content (personal data, security details, trade secrets) is redacted. - Data Protection and Privacy Remain Key Barriers
Requests that risk exposing third-party personal information or confidential business data are frequently limited or refused. - Specificity Matters
The difference between a successful and an inadmissible request often lies in identifying exact documents or referencing known filenames, dates, or authors. Sweeping requests for “all communications” or “all data” usually fail. Even though, and we cannot stress this enough, the administrations are held to support requesters in finding the right information. - Foreign Relations Documents
Requests about international agreements—particularly if they touch on diplomacy or security—are routinely refused, reinforcing Luxembourg’s stance that such materials must remain confidential.
Luxembourg in International Context
Freedom of Information laws exist worldwide—FOIA in the United States, Access to Information laws across the EU, and varied frameworks in countries like Canada, Australia, and the Nordics. In many jurisdictions, an independent ombudsman or commission addresses disputes much like Luxembourg’s CAD.
However, Luxembourg’s LATO is relatively new (2018). Some countries with older FOI laws (e.g., Sweden’s Freedom of the Press Act dating back centuries) have well-established cultures of transparency. Others, like the UK, place enforcement in the hands of the Information Commissioner’s Office, which can issue binding orders. Interestingly, both the UK FOIA act as well as the German IFG have their ombudsmen set inside the same organisations that are responsible for data protection. Luxembourg’s CAD, by contrast, reports directly to the prime minister and issues non-binding opinions—though carry persuasive weight.
Yet, as we see in the ZUG vs. VdL case, the non-binding nature can create friction when authorities choose to ignore CAD decisions. This underscores a broader global lesson: strong FOI legislation must go hand-in-hand with robust enforcement.
Conclusion
The decisions of the Commission d’Accès aux Documents demonstrate how Luxembourg’s freedom of information framework balances the public’s right to transparency with the state’s obligation to safeguard personal data, ensure national security, and protect ongoing regulatory or diplomatic processes. The CAD’s role is essential in clarifying how authorities should interpret and apply exemptions.
Key takeaways for anyone seeking information under Luxembourg’s LATO include:
- Be Specific: Narrowly define the documents you want (by date, subject, or known title). While administrations are bound to help, it seems they don’t always do.
- Know the Exemptions: Anticipate personal data, foreign affairs, security, or regulatory constraints.
- Persistence Pays Off: If a request is initially refused or only partially met, consider appealing to the CAD for a balanced review.
- Money Rules: If an administration chooses to ignore the CAD decision, filing a lawsuit is inevitable. This is, unfortunately, associated with high cost.
Luxembourg’s transparency law is instrumental for citizens, journalists and NGOs alike. It provides an extremely powerful tool to question and control authorities and keep administrations in check. This is essential for the functioning of a modern democracy.
The CAD is a great help in empowering citizens. Having a stand-alone CAD seems like a useful luxury. However, the ZUG vs. VdL case also made clear the CAD should have more powers.
Finally, ZUG questions the need for private economy contracts to remain confidential. After all these get usually paid with taxpayer money and signed by representatives of the people. Reviewing this practice seems admirable.
For transparency you can find the raw dataset here.
The dataset was created by scraping all decisions from the CAD website and running it through OpenAIs GPT-4 model.
Get the full code here
import os
import pdfplumber
import fitz # PyMuPDF
import openai
import pandas as pd
import json
import time
# Configure OpenAI API Key
openai.api_key = "sk-#########################################"
# Path to the folder containing the PDFs
PDF_FOLDER = "pdfs"
# Output Excel file
OUTPUT_FILE = "CAD_Updated_Analysis.xlsx"
# Step 1: Extract text from PDFs
def extract_text_from_pdf(pdf_path):
try:
with pdfplumber.open(pdf_path) as pdf:
return "\n".join([page.extract_text() for page in pdf.pages])
except Exception as e:
print(f"pdfplumber failed for {pdf_path}: {e}")
# Fallback to PyMuPDF
try:
doc = fitz.open(pdf_path)
text = ""
for page in doc:
text += page.get_text()
return text
except Exception as e:
print(f"PyMuPDF also failed for {pdf_path}: {e}")
return ""
# Step 2: Analyze text with OpenAI API using the new interface
def analyze_text_with_chatgpt(text, retries=3):
if not text.strip():
return {}
prompt = f"""
You are analyzing a French document from the Commission d’Accès aux Documents (CAD) in Luxembourg regarding a Freedom of Information Act (FOIA) request. Please extract and summarize the following information in English, using consistent field names and specific formatting:
1. **Themes of the Request**: Provide a concise summary of the main themes or topics of the FOIA request.
2. **Decision**:
- Classify the decision into one of the following categories:
- "Avis positif"
- "Avis partiellement positif"
- "Avis négatif"
- "Irrecevable"
- If the decision is not "Avis positif," provide the reason for the decision.
3. **Authority Involved**:
- Identify the parties involved in the FOIA request (e.g., ministries, organizations, or departments).
- Exclude the CAD and its members from this list.
4. **Keywords**:
- Provide a list of keywords that describe what the request was about.
- The keywords should allow a journalist to quickly understand the context and main focus of the request.
- Use clear and concise terms; avoid redundancy or overly generic words.
Return the information in the following JSON format (field names must match exactly):
{{
"Themes of the Request": "Concise summary of the themes.",
"Decision": "One of the four categories",
"Reason": "Reason for the decision (if applicable)",
"Authority Involved": ["Authority 1", "Authority 2"],
"Keywords": ["Keyword 1", "Keyword 2"]
}}
If any field does not apply or cannot be determined, leave it blank.
Here is the document:
{text}
"""
for attempt in range(retries):
try:
# New OpenAI API format
client = openai.OpenAI(api_key=openai.api_key)
response = client.chat.completions.create(
model="gpt-4",
messages=[{"role": "user", "content": prompt}]
)
# Extract raw response content
raw_content = response.choices[0].message.content
# Extract JSON from the response
json_start = raw_content.find("{")
json_end = raw_content.rfind("}")
if json_start != -1 and json_end != -1:
extracted_json = raw_content[json_start : json_end + 1]
return json.loads(extracted_json)
else:
raise ValueError("Could not extract JSON from response.")
except json.JSONDecodeError as e:
print(f"JSON decode error on attempt {attempt + 1}: {e}")
print("Raw response:", raw_content)
except Exception as e:
print(f"Error on attempt {attempt + 1}: {e}")
time.sleep(2) # Add a small delay before retrying
print("Failed to analyze text after multiple attempts.")
return {}
# Step 3: Process all PDFs sequentially
def process_pdfs_sequentially(pdf_folder, output_file):
data = []
pdf_files = [os.path.join(pdf_folder, f) for f in os.listdir(pdf_folder) if f.endswith(".pdf")]
for pdf_file in pdf_files:
print(f"Processing {pdf_file}...")
text = extract_text_from_pdf(pdf_file)
analysis = analyze_text_with_chatgpt(text)
if analysis: # Only add if analysis succeeds
data.append({"Filename": os.path.basename(pdf_file), **analysis})
# Save to Excel
df = pd.DataFrame(data)
df.to_excel(output_file, index=False, engine="openpyxl")
print(f"Data saved to {output_file}")
# Main script
if __name__ == "__main__":
process_pdfs_sequentially(PDF_FOLDER, OUTPUT_FILE)g
Categorization was made on a best-effort basis. Many requests fit into multiple categories. In order to simplify the process, the strongest matching category was chosen as sole category. This can lead to some odd data.