This article critically examines the legal, technological, and constitutional nature of "HERMES," the neuralgic risk-analysis and predictive profiling system deployed by the Spanish State Tax Administration Agency (AEAT) for taxpayer selection. Despite its massive operational scale, its integration with the "Zújar" Big Data warehouse, and its documented capability to generate individualized predictive fiscal risk profiles, the AEAT officially denies that HERMES qualifies as an Artificial Intelligence System (AIS). By classifying it merely as an "automated data processing" tool subject to human oversight, the Administration effectively circumvents the strict governance, transparency, and accountability mandates established by the EU Artificial Intelligence Act (EU AI Act) and its own internal AI strategies. To challenge this administrative narrative, the author conducts a rigorous functional analysis of HERMES, grounded in empirical evidence extracted from public procurement records spanning the last decade, OECD reports, and the 2025 European Commission Interpretative Guidelines. By systematically evaluating the system against the seven definitional criteria set forth in Article 3(1) of the EU AI Act, the research demonstrates a high probability that HERMES relies on machine learning architectures, autonomous inferential logic, and predictive modeling. The paper argues that the AEAT's restrictive internal definition of AI creates a deliberate "regulatory blind spot" (brecha regulatoria), strategically shielding its most influential predictive profiling tools from mandatory algorithmic scrutiny. Furthermore, the study explores the profound constitutional and procedural implications of this algorithmic opacity. Contextualizing the issue within the recent landmark "BOSCO" ruling by the Spanish Supreme Court (STS ROJ: 3826/2025) regarding source code accessibility, the author warns that if the mathematical logic and inferential parameters driving the initial risk selection remain inaccessible trade secrets, the constitutional right to effective judicial protection (Article 24 of the Spanish Constitution) and the administrative duty to provide a reasoned decision are rendered illusory. The paper also highlights unaddressed risks such as proxy discrimination, historical bias (Garbage In, Gospel Out), automation bias in human-in-the-loop validation, and structural tensions with the General Data Protection Regulation (GDPR)—specifically concerning automated individual decision-making (Article 22). Ultimately, the article concludes that deploying advanced inferential algorithms under the guise of mere statistical tools severely erodes legal certainty and fundamental taxpayer guarantees in the digital age.