This article examines the integration of data analytics and automated fraud-detection systems within welfare sectors, focusing on the evolving legal landscape in Europe. Throughout Europe, the use of advanced technologies to monitor welfare payments has intensified. However, large-scale data profiling raises significant legal challenges, exemplified by the judicial scrutiny of the Dutch SyRI system, which was found to violate the European Convention on Human Rights and the General Data Protection Regulation (GDPR). This study addresses a pivotal question: whether the use of such systems under EU law constitutes law-enforcement activities or routine administrative operations. This classification impacts the legal framework—GDPR or the Law Enforcement Directive (LED)—governing data processing practices, and influences obligations under the forthcoming EU Artificial Intelligence Act. Through an analysis of European law, including GDPR, LED, the EU Charter of Fundamental Rights, and relevant case law, this article highlights the complexities of this legal demarcation and the potential for conflicting regulatory incentives. Swedish examples are used to illustrate how different legal and institutional setups affect these issues, offering insights into the broader implications for the legality and governance of fraud detection systems.