The Stage is Set -- Security Today

The Stage is Set

New human rights and AI laws set for increased regulation in the security industry authored

By Fredrik Nilsson
Nov 19, 2024

The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain.

Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways.

That trend is unlikely to change—if anything, businesses in the security industry can expect more regulation, not less. That’s not necessarily a bad thing—an increased focus on human rights, AI safety, privacy, and the environment should ultimately yield positive results. But it does mean that businesses in the security industry need to be aware of not just their own actions, but those of their partners and vendors up and down the supply chain. Amid a stronger regulatory landscape, effectively managing those relationships will be critical.

Human Rights Considerations Take Center Stage
In July 2024, the European Union’s Corporate Sustainability Due Diligence Directive (CSDDD) entered into enforcement. CSDDD is a groundbreaking piece of legislation that the European Commission says “will ensure that companies in scope identify and address adverse human rights and environmental impacts of their actions inside and outside Europe.” At its core, the law requires businesses to conduct appropriate due diligence into the potential human rights and environmental impact of the company’s operations, as well as that of its subsidiaries, partners, and vendors. This is key, because it means organizations are not just responsible for their own actions, but those of businesses up and down the supply chain.

This means businesses have a responsibility to ensure, for example, that their products are not manufactured in sweat shops and their materials are not obtained via slave labor. It also means they cannot simply shift pollution-heavy activities to countries with lax environmental laws. Under CSDDD, businesses have an obligation to ensure that they are operating in a manner consistent with both the human rights and environmental ideal of the EU. Critically, businesses operating in the EU all share this obligation—an individual business seeking to gain a competitive advantage by circumventing the law risks steep financial penalties (not to mention reputational damage).

CSDDD falls within a category that the United Nations terms “Human Rights Due Diligence” (HRDD). And while the UN lacks a meaningful enforcement mechanism, the ideals outlined in the organization’s “Guiding Principles on Business and Human Rights” have influenced the shape and direction of regulations like CSDDD—as well regulations in other countries. The full impact of CSDDD has yet to be felt (as with GDPR, many organizations are likely holding their breath to see what the first enforcement actions and fines look like), but the gradual shift away from human rights violators has already begun. Businesses in the technology industry (security included) should be evaluating their supply chains with both human rights and environmental sustainability in mind.

Artificial Intelligence Is Increasingly Under the Microscope
As artificial intelligence (AI) has evolved—and become more mainstream—regulators have taken a renewed interest in the technology. AI solutions require vast amounts of data to train them effectively, and where that data comes from matters. Are AI providers using private information to train their solutions? Are they using copyrighted material? Are their data sets discriminatory in any way? How do they identify, account for, and eliminate inherent biases? This last point is particularly important—for example, a facial recognition solution that struggles to differentiate between people of color can (and likely will) result in serious and damaging discrimination. That will negatively impact the customer’s reputation, but it can also have significant legal repercussions. It’s important to remember that it’s not just about the data—how AI is used in practice needs to be carefully considered as well.

Unfortunately, the rapid pace of technological advancement means regulations tend to lag behind—but the EU took a step in the right direction this year when it passed the EU AI Act, billed as “the world’s first comprehensive AI law.” The new law breaks AI applications and systems into three risk categories: unacceptable risk, high risk, and low risk. Those that constitute an unacceptable risk—such as the government-run social scoring systems used in some countries—are banned outright. High risk applications—such as a resume-scanning tool used to sort and prioritize job applications—are fine to use but have specific guidelines they need to comply with. Low risk applications that don’t fall into either category are generally unregulated, though there is always the possibility that they might be reconsidered as the technology evolves.

This has implications for the security industry, where solutions like facial recognition have obvious privacy considerations that need to be addressed. The EU AI Act does a good job of creating a clear delineation of responsibility, underscoring that both the manufacturer of an AI solution and the end user are each accountable for aspects of its use. For manufacturers, it is important to limit the potential for abuse when creating a solution. But when a customer signs the invoice to purchase a solution, the responsibility for using it appropriately shifts to them. That means customers who misuse AI-based solutions to engage in risky or inappropriate behavior will quickly run afoul of the new law. But it also means a solution that creates an “unacceptable risk” with no other practical application will probably get the manufacturer in hot water.

The EU isn’t alone here. In the US, the Biden administration issued a 2023 executive order that took inspiration from the EU AI Act, outlining positive and negative use cases for AI. While not as comprehensive as the EU law, the executive order laid important groundwork—and we can almost certainly expect more thorough legislation in the coming years. Organizations in the security industry need to ensure that any AI-based analytics they provide are built with responsible use in mind.

Body-Worn Regulations Could Be Next
With regulatory oversight trending upward, the security industry should look at not just recently passed laws, but those likely to come in the near future. The market for body-worn cameras is steadily growing—once used primarily in the law enforcement field, a growing number of organizations are finding that body-worn devices can be used in a variety of innovative ways. Retail organizations are increasingly using body-worn cameras to prevent theft, keep employees protected from disruptive customers, and help ensure a high level of service. And retail isn’t alone—healthcare and education have taken a similar approach, using body-worn devices to protect doctors, nurses, teachers, and more, alongside hospitality businesses like large event venues and cruise lines.

Many states now have regulations mandating the use of body-worn cameras by law enforcement officers (the Bureau of Justice Assistance provides a useful breakdown of regulations across the US), but there are—so far—few that govern their use outside of law enforcement. But if adoption of body-worn cameras continues to expand in other industries, it’s likely just a matter of time before regulators begin to expand their reach. Both manufacturers and end users will need to ensure that these devices are being use appropriately and responsibly.

Prioritizing Ethical and Responsible Behavior
Regulations are nothing new, but recent developments underscore the fact that even local regulations can have a global impact—and as the pace of technological advancement has increased, governments around the world have been racing to catch up. Rather than dealing with these new laws as they emerge, businesses can set themselves up for long-term success by keeping one eye on the future, planning for rules and regulations long before they take effect. Of course, the most effective plan is to engage in responsible business practices independent of legal considerations—and as new regulations emerge, businesses that prioritize ethical behavior will find themselves well positioned for the future.

This article originally appeared in the November / December 2024 issue of Security Today.

Axis Cloud Connect Marks One Year of Growth
04/02/2025
ISC West 2025 Concert to Feature Gin Blossoms
04/01/2025
ISC West 2025 Showcases the Largest-Ever SIA Education@ISC Program
04/01/2025
System Surveyor Launches Online Certification Program
03/28/2025
BlackCloak Releases Digital Executive Protection: Framework & Assessment Methodology
03/27/2025
ESX 2025 Closing Luncheon Speaker Michael Barnes to Deliver Expert Insights Strategic Takeaways
03/27/2025
i-PRO Welcomes Michelle Chapin as Director of Federal to Drive Strategic Growth in the Public Sector
03/27/2025
Paxton's New Greenville HQ Opens Doors for Tech Tour Attendees
03/27/2025

Featured

An Inside Look From Napco at ISC West

Get a look into the excitement at ISC West 2025 from Napco. Hear from some of their top-tech executives live from the show floor. Read Now
- Industry Events
- ISC West
Upping the Ante

I am not a betting man in terms of cards, dice, blackjack or that wheel with the black marble racing around the circumference of a spinning wheel, but I would bet on the success of ISC West this year. Read Now
- Industry Events
- ISC West
It's Show Time

I am one of those people that likes to see things get bigger and better. As advertised, ISC West is going to be bigger (more exhibitors) and better (more attendees). It’s show time in Las Vegas. Read Now
- Industry Events
- ISC West
SIA Releases New Report on Operational Security Technology

The Security Industry Association (SIA) has released an impactful new resource – Operational Security Technology: Principles, Challenges and Achieving Mission-Critical Outcomes Leveraging OST. Read Now
- IP Video

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Luma x20

Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”
Mobile Safe Shield

SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.
A8V MIND

Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.