Advancing AI technology: ethical and regulatory challenges in AI-driven security

Nearly 15 years ago, in our inaugural issue, Pauline Norstrom wrote about the launch of a new video content analysis guide produced by the British Security Industry Association (BSIA). In the intervening years, she held the position of chair of the Association and is now a non-executive.

This journey reflects the dramatic evolution of AI, generative AI (GenAI), and biometric-based security technologies, which now play a central role across sectors such as transportation, critical national infrastructure (CNI), retail, and education. These advancements, while transformative, bring a host of ethical and regulatory challenges.

The use of biometric technology has extended far beyond traditional applications in access control. Today, facial recognition technology (FRT), combined with a range of AI techniques, underpins security solutions in environments as varied as airports, shopping centres, schools, and sensitive infrastructure. Unlike earlier rule-based systems, modern AI-driven biometric solutions can:

Learn and adapt: machine learning enables systems to improve continuously, recognising patterns and identifying novel risks without explicit programming.   

Interpret context: multimodal AI systems combine biometric data with other sources, such as geolocation or transactional records, to deliver nuanced threat assessments.     

Enhance situational awareness: generative AI models synthesise complex datasets, providing security teams with actionable insights presented in natural language.     

While these innovations strengthen security capabilities, they also amplify the potential for privacy violations and raise concerns about bias and misuse.

Role of BSIA and BS 9347

The ethical use of FRT and biometric systems has become a focal point in industry discussions. The BSIA has developed an ethical guide to facial recognition, providing a framework for responsible deployment. Building on these principles, the recently introduced BS 9347 code of practice offers a comprehensive standard for the ethical use of FRT in video surveillance. This AI standard embeds the OECD principles for responsible AI throughout the supply chain, ensuring:   

Transparency: stakeholders are informed about how biometric data is collected, processed, and used.   

Accountability: Clear guidelines hold organisations accountable for ethical and legal compliance.     

Fairness: systems are designed and implemented to minimise bias and ensure equitable treatment of individuals.     

These standards provide a roadmap for organisations to navigate the complexities of deploying a range of AI and biometric technologies responsibly.

Regulatory momentum: EU AI Act and ISO/IEC 42001

The regulatory environment surrounding AI and biometric technologies is maturing rapidly. The EU AI Act represents a landmark in AI governance, introducing stringent requirements for high-risk systems processing sensitive data.

Although the UK has no plans to regulate FRT, key provisions of the EU AI Act include:     

Certification: biometric security products must compliance with safety, fairness, and transparency requirements.     

Public disclosure: organisations are required to inform individuals when AI systems are deployed in rights-impacting scenarios.     

Prohibited uses: practices such as real-time biometric surveillance in public spaces are restricted unless justified by compelling public security needs.     

In parallel, the ISO/IEC 42001 standard for AI Management Systems establishes a framework for a business to govern AI systems across their lifecycle. This aligns closely with the work of organisations like Anekanta®AI, which specialise in evaluating high-risk AI systems and guiding businesses through compliance with these emerging standards.

Balancing innovation with responsibility

The integration of biometric systems into diverse environments underscores the power and peril of AI-driven technologies. For example, combining FRT with geolocation or social media data creates a robust tool for threat detection but also risks encroaching on individual privacy. Ethical deployment requires:     

Transparency and consent: organisations must clearly articulate the purpose of AI systems and obtain informed and valid consent where applicable.     

Oversight mechanisms: robust governance structures ensure human review of critical AI decisions.     

Alignment with ethical frameworks: adherence to standards such as BS 9347 and regulation measures such as GDPR and the EU AI Act protects against misuse and safeguards civil liberties.

Fostering good governance through board engagement

As AI technologies become increasingly integrated into organisational strategies, fostering good governance at the board level is critical. Anekanta®AI actively engages with boards to build awareness and understanding of AI risk and governance. By providing tailored insights and frameworks, the company helps boards align their decision-making with ethical standards and regulatory requirements. This proactive approach ensures that organisations not only comply with emerging regulations but also embed responsible AI practices across their operations.

Over the past decade, the security industry has witnessed a significant shift in leadership roles and perspectives on AI governance. For example, organisations like Anekanta AI exemplify this evolution, offering expertise in high-risk biometric AI and regulatory alignment.     The rise of AI-driven biometric technology presents a transformative opportunity to enhance security across sectors. However, with great capability comes great responsibility. By embracing ethical standards like BS 9347, aligning with regulatory frameworks such as the EU AI Act and ISO/IEC 42001, and fostering transparency and accountability, the industry can build systems that respect human rights while addressing pressing security challenges.     

The future of AI, GenAI, and biometric technology in security lies not just in their technical excellence but in their ability to align with societal values. With the right guidance and governance, these technologies can serve as a force for good, safeguarding both security and individual freedoms in an interconnected world.