Artificial intelligence is already inside the machinery of policing, but not in the way public debate often suggests. The most important uses are usually administrative and investigative rather than theatrical. Systems are used to search images, rank risk, identify patterns in incident data, draft reports, redact documents and sort large quantities of digital material. None of that is futuristic. It is current practice. The legal question is not whether software now assists law enforcement. The real question is what happens to privacy, equality, disclosure and due process when suspicion is generated, refined and acted upon through systems that are marketed as efficient but are not always transparent, contestable or understood by the institutions using them. ¹It is a mistake to speak about “AI in law enforcement” as though it were one technology and one legal problem. A system that transcribes body-camera audio and generates a draft narrative does not raise the same concerns as live facial recognition in a public street. A retrospective image-matching tool used after an incident is not the same as an automated risk model that affects bail, sentencing or watchlisting. Nor is an internal triage system the same as forensic software tendered in criminal proceedings. The law tends to become confused when these categories are collapsed into a single argument about innovation or danger. The more disciplined approach is to separate administrative uses, investigative uses, surveillance uses and evidential uses and then ask what safeguards are required at each level of legal consequence. ²

That distinction matters because policing is not an ordinary market activity. It involves the organised use of public power. When the state watches, categorises, searches, arrests or prosecutes, it acts against a legal background that is meant to restrain convenience. That is why the central issues in this field are still familiar legal ones. What is the statutory or common law basis for using the tool? What is the threshold for necessity and proportionality? What information can the affected person obtain? Can the system be independently tested? Can an officer, prosecutor or judge explain the role the output played in the decision? Once those questions are asked properly, much of the marketing language around artificial intelligence falls away. The real issue is not whether the state is “modernising”, but whether the conditions for lawful coercive power remain intact. ³

I. The UK Position: Principle, Litigation and Legislative Catch-Up

The United Kingdom has so far preferred a sectoral and principles-led model rather than a single, horizontal AI statute. That approach has a certain practical logic. It avoids drafting one abstract code for technologies that perform very different functions in very different institutional settings. But it also means that some of the real regulation happens after deployment, through challenge, guidance and litigation, rather than before deployment through bright-line statutory rules. In fields as sensitive as policing, that is a material choice. It leaves police forces and regulators to assemble legality from a mixture of human rights law, data protection law, equality law, common law policing powers and internal operational guidance. Sometimes that is enough. Sometimes it is not. ⁴

The leading authority is still Bridges. The significance of the case lies in its refusal to allow broad operational confidence to stand in for legal discipline. The Court of Appeal held that South Wales Police’s use of automated facial recognition on the facts was unlawful. The deployment was not “in accordance with the law” for the purposes of article 8(2) of the Convention because too much was left to police discretion. The force’s Data Protection Impact Assessment was also deficient and its treatment of the public sector equality duty was inadequate. The judgment matters not because it outlawed facial recognition in principle, but because it explained that intrusive biometric surveillance requires a framework that is clear enough to constrain who can be watched, where the technology can be used and how discriminatory effects are to be examined before confidence is asserted. ⁵

That point is still current. In December 2025 the Home Office accepted, in terms, that the present legal position is “complicated, inflexible and difficult to understand” and opened a consultation on a new framework for law enforcement use of facial recognition and related technologies. The consultation does not proceed from the premise that nothing is lawful now. Rather, it proceeds from the more important premise that legality assembled from overlapping powers and guidance is not an ideal basis for public trust or confident operational expansion. The Government’s own language is revealing: the law needs to keep pace with technological developments and provide clear, consistent rules that the public can understand more easily and that law enforcement can rely upon. That is a polite way of recognising that the existing architecture is serviceable only up to a point. ⁶

The Gangs Matrix provides a different lesson. It was not generative AI and not all of its functions would satisfy every modern definition of artificial intelligence. But that does not alter the legal significance of the system. It was still a state-run classificatory tool used to assign levels of perceived risk to individuals, with practical consequences beyond the police database in which the scores were stored. The ICO’s intervention established that serious data protection failings existed and the Metropolitan Police has now discontinued the Gangs Violence Matrix entirely. What makes the episode important is not the branding of the tool but the logic behind it: once risk-scoring systems are embedded in policing and shared across agencies, they can shape housing decisions, employment prospects, school interventions and surveillance intensity without any meaningful hearing ever taking place. ⁷

The real vice in systems of that kind is not simply that they may be wrong. All policing information can be wrong. The deeper problem is that they distribute administrative stigma in a way that is difficult to see and difficult to challenge. A person does not need to know the model architecture to be harmed by being incorrectly marked as high risk. What matters is that the classification may affect how public and quasi-public bodies behave towards him before any court has tested the basis of that classification. In public law terms, this is where data quality, retention, necessity and fairness cease to be technical questions and become constitutional ones. The fact that software has assisted the result does not reduce the seriousness of the decision. It often increases it by obscuring how the decision took shape. ⁸

II. The United States: Due Process, Disclosure and Wrongful Arrest

The United States approaches many of the same problems through a different legal vocabulary. There the pressure points are usually due process, confrontation, probable cause, evidential admissibility and disclosure of proprietary methods. The underlying issue, however, is much the same as in the UK. How much opacity can the criminal process tolerate before the process ceases to be fair? The question arises in several settings: sentencing tools, probabilistic genotyping software, facial recognition, AI-enhanced video and other systems that convert contested inputs into outputs carrying an aura of technical authority. The hard cases are those in which a defendant is materially affected by a system whose functioning the defence cannot properly test. ⁹

State v Loomis is the obvious starting point. Correctional Offender Management Profiling for Alternative Sanctions, ‘COMPAS’ is a proprietary risk assessment tool used in US criminal proceedings to generate scores predicting a defendant’s likelihood of reoffending, used to inform bail, sentencing and parole decisions. The Wisconsin Supreme Court did not reject the use of COMPAS, but nor did it embrace algorithmic authority in the broad sense sometimes implied in commentary. It held that a sentencing court could consider the assessment subject to strong limitations and warnings. That is important because the case is often invoked as though it settled the legitimacy of proprietary risk tools in criminal justice. It did not. It tolerated a constrained use and did so against a background of explicit concern about the proprietary nature of the system and its use of gender. The unease remained in the judgment itself. A process in which liberty may be affected by an assessment generated by a tool the defence cannot meaningfully inspect is not made easy merely by saying that the output is only one factor among others. ¹⁰

The same concern is sharper when software moves from sentencing support to forensic attribution. In New Jersey, State v Pickett and the later discussion of Pickett in State v Rochat show why source code scrutiny matters in criminal proceedings. The point is not that every defendant should automatically receive the source code of every proprietary program used somewhere in the investigative chain. The point is that claims of trade secrecy cannot always defeat the demands of a fair criminal process. The New Jersey cases treat the issue as one of reliability, adversarial testing and the court’s own responsibility to scrutinise novel scientific evidence carefully. That is a healthier way to frame the problem than treating forensic software as presumptively trustworthy because it has been sold to prosecutors and validated by its maker. ¹¹

That line of authority matters beyond DNA evidence. It expresses a simple procedural principle: if software does work that bears directly on guilt, causation, identification or sentence, the legal system must be able to test its reliability in a way that is more than ceremonial. Courts cannot sensibly perform a gatekeeping function while being told, in effect, that the method is too commercially sensitive to examine. Nor can defendants mount a serious challenge if they are forced to accept vendor assertions as a substitute for adversarial scrutiny. In that sense, the “black box” problem is not mainly philosophical, it is procedural. It concerns the ability of a court to know enough about the method to judge whether it is fit to be used in a process that may end in conviction or imprisonment. ¹²

Facial recognition makes the human cost of this procedural weakness easier to see. The wrongful arrest of Robert Williams in Detroit is now the emblematic American example and it remains powerful because it stripped away any abstract talk of efficiency. Williams was arrested for a theft he did not commit after the police relied on an incorrect facial-recognition result generated from poor-quality footage. The resulting litigation led to a 2024 settlement imposing what the ACLU described as the strongest police-department guardrails in the country. The settlement is important not because it abolished facial recognition, but because it imposed a principle the law should probably have insisted upon from the start: a facial-recognition lead cannot by itself justify an arrest and even an ensuing lineup is not independent if it simply launders the original algorithmic suggestion. ¹³

That settlement is part of a broader American pattern. The NCSL survey records that states including Alabama, Maryland and Washington have introduced or enacted measures requiring accountability reports, judicial authorisation in some contexts, or corroborating evidence before law enforcement use can translate into coercive consequences. The detail varies from state to state, but the instinct is the same. Legislatures have begun to recognise that algorithmic resemblance is not probable cause and that the appearance of computational precision can distort ordinary investigative scepticism. Once an officer feels he is corroborating a machine rather than testing a lead, error can harden into action very quickly. The point of guardrails is to slow that process down and force human investigation back into the chain. ¹⁴

There is a lesson here for English lawyers as well. The language of “human in the loop” is too thin if it simply means a person presses the final button. Human involvement is only a safeguard if the human actor is trained, sceptical and empowered to reject the output rather than ratify it. Otherwise, human review becomes a ceremonial stage in an automated process. That is why the legal significance of AI cannot be measured simply by asking whether the final decision is formally made by a person. The better question is whether the institutional design encourages independent judgement or whether it encourages a passive acceptance of machine-generated conclusions, particularly where those conclusions arrive dressed in the language of risk scores, confidence metrics or biometric similarity. ¹⁵

That same issue appears in a more mundane but increasingly important part of policing: report generation and administrative drafting. Axon’s Draft One, for example, uses body-worn camera audio to generate a draft report narrative. Bedfordshire Police has publicised the use of artificial intelligence to auto-redact documents before disclosure. These uses may look relatively benign when compared with public-space facial recognition or forensic software and in one sense they are. But they should not be treated as legally irrelevant. Drafting tools shape sequence, tone, omission and emphasis. Redaction tools shape what prosecutors, defence lawyers and courts are able to see. When such systems are adopted for efficiency reasons, there is a risk that the administrative record comes to reflect the logic of the software rather than the judgement of the officer or reviewer supposedly responsible for it. ¹⁶

None of this is an argument against administrative assistance. Police forces plainly waste vast amounts of time on routine bureaucracy and some of that work can sensibly be reduced. The point is narrower and more legal. The closer a system moves to the creation of evidence, the framing of a witness account, the presentation of disclosure material or the explanation of an arrest, the more unrealistic it becomes to describe the product as merely clerical. Once a generated text is reviewed, amended and signed, it enters the legal bloodstream. At that point the law has to care about how it was produced, what source material it used, what it omitted and whether the human signatory is in any meaningful sense the author of the resulting narrative. Administrative convenience is not a defence to later evidential confusion. ¹⁷

III. Administrative Failure, Comparative Regulation and the Market for Enforcement Technology

The broader administrative warning comes from outside criminal enforcement itself. Australia’s Robodebt scheme has become the clearest illustration of what happens when an automated process is allowed to outrun legal control inside the state. The Robodebt scheme was an automated debt recovery system operated by the Australian government between 2016 and 2019, which used income averaging to generate welfare overpayment notices, a method later found to be unlawful, resulting in a $1.8 billion settlement and a Royal Commission. The scandal was not about robots making sovereign decisions. It was about officials becoming too willing to trust an automated logic because it appeared scalable, consistent and technically grounded. The Royal Commission’s report is especially valuable because it is not written in the language of speculative ethics. It is a practical account of public administration going wrong. Its recommendations call for a consistent legal framework for automation in government services, for review rights, for public information about automated systems, and for publication of business rules and algorithms sufficient to allow independent scrutiny. That is not anti-technology. It is a restatement of ordinary administrative law after a conspicuous failure of institutional judgement. ¹⁸

Robodebt belongs in any serious analysis of AI and policing because it demonstrates a pattern that is not confined to welfare administration. The danger is not only a technical defect, it is the institutional tendency to treat process outputs as presumptively sound because they emerge from a system rather than a person. Review pathways then weaken. Discretion is compressed. Affected individuals are left to challenge a conclusion after it has already been operationalised against them. In policing, the consequences may be different, but the pattern is recognisable. Risk tools, watchlists, facial-recognition alerts and AI-assisted summaries can all become dangerously authoritative when they are absorbed into workflow without a corresponding increase in scepticism and accountability. ¹⁹

The European Union has responded in a more prescriptive way than the UK. The AI Act proceeds by risk classification and treats many law enforcement systems as high risk. More importantly, it prohibits certain practices outright. The political significance of that approach is easy to miss. The Act does not merely ask public authorities to use judgment more carefully. It draws legislative lines in advance. Among the practices prohibited are untargeted scraping of facial images from the internet or CCTV to create facial-recognition databases and certain forms of predictive policing based solely on profiling or assessments of personality and personal characteristics. The use of real time remote biometric identification in publicly accessible spaces for law enforcement purposes is prohibited in principle, save for narrow and tightly conditioned exceptions. ²⁰

Whatever one thinks of the detail, the Act makes an important constitutional choice. It assumes that some uses of artificial intelligence in law enforcement are too rights-sensitive to be governed mainly through soft guidance and ex post litigation. The UK has made a different choice, or at least has done so thus far. It has preferred common law powers, data protection law, equality law, human rights law and operational guidance, with fresh legislation now under consultation. The EU model risks rigidity and definitional complexity. The UK model risks ambiguity, uneven practice and a dependence on litigation to clarify boundaries. Those are different legal temperaments, not merely different drafting styles. For policing, the question is which model better protects the public against routine normalisation of intrusive tools before democratic scrutiny catches up. ²¹

The AI Act also matters because it speaks directly to the language of explanation and contestability. Commentary often says loosely that there is now a broad “right to explanation” in relation to AI. That overstates the position. The better view is that data protection law and the AI Act create a set of more specific rights and obligations relating to transparency, review and information about the logic involved, particularly where significant effects or high-risk uses are concerned. The legal point is not to promise a perfect decoding of every technical model. It is to ensure that a person subject to a materially significant automated or AI-assisted decision is not left with nothing more than the assurance that the system has been designed responsibly. In legal process, trust has to be accompanied by reasons, records and routes of challenge. ²²

Clearview AI is a US-based company that built a facial recognition database by scraping billions of publicly available images from the internet and social media without the knowledge or consent of the individuals depicted and sold access to law enforcement and security agencies worldwide. It shows the problem from another angle. European regulators have repeatedly taken the view that the company’s business model is incompatible with privacy law. The Italian authorities imposed a €20 million fine, ordered erasure and banned further collection and processing concerning persons in Italy. What makes Clearview important is not only the scale of the database but the premise of the enterprise: publicly available images were converted into a biometric search infrastructure for law enforcement and security customers without the consent, and usually without the knowledge, of the people whose faces were scraped. From a rights perspective, that is a profound repurposing of information. From a regulatory perspective, it is a test of whether domestic privacy law can control an international company offering tools to police and security agencies from outside the jurisdiction. ²³

IV. Evidence, Oversight and the Limits of Administrative Convenience

The United Kingdom’s encounter with Clearview has illustrated the jurisdictional difficulty rather than removing it. The 2025 Upper Tribunal decision revisited the reach of UK data protection regulation where the company’s clients operated in the fields of national security or criminal law enforcement. For present purposes, the significance of the case is twofold. First, it shows that domestic enforcement against cross-border biometric providers will often turn on difficult questions of territorial scope and regulatory competence rather than on the ethics of scraping alone. Secondly, it confirms that the growth of AI-enabled law enforcement infrastructure increasingly depends on private providers whose accountability cannot be assumed simply because the purchasing agency is public. The constitutional problem is therefore not only how the police use the technology, but also what sort of technology market the law is willing to permit around them. ²⁴

That leads to liability and procurement. Public discussion tends to focus on whether an individual officer made the final decision. In practice, many of the most important choices are made much earlier: when a force buys a system, accepts a validation claim, agrees a data architecture, signs a licence, limits audit access or relies on a vendor’s assertion about bias testing. If those choices are made badly, later “human review” may not rescue the process. The public body will still be the constitutional actor, but that does not make the vendor legally or practically irrelevant. Once software becomes part of the operational chain, questions about warranties, audit rights, indemnities, explainability, retention and downstream use are not mere contract management. They are part of the legality of the system as deployed. ²⁵

English public lawyers may not need a new grand theory to see the point. The relevant principles are already familiar. A public body exercising coercive functions must know what it is doing, must be able to justify why it is doing it, and must retain responsibility for the result. If it purchases a system it cannot explain, cannot properly test, and cannot effectively audit, it is not made safer by the fact that a private supplier claims confidence in the product. If anything, the risk is greater. The harder it is to examine the method, the easier it becomes for responsibility to dissolve into process. That is the real constitutional danger of AI in law enforcement. It is not machine consciousness or autonomous intent. It is institutional diffidence in the face of vendor claims and internally generated technical mystique. ²⁶

The evidential dimension deserves separate emphasis because criminal process does not merely use technology; it legitimises it. Once a court admits an AI-assisted output, or allows an official narrative shaped by automated drafting to stand without real scrutiny, the system acquires institutional authority far beyond its immediate function. That is why ordinary evidential principles matter so much here. Reliability, disclosure, expert challenge and the judge’s gatekeeping role are not technical side issues. They are the mechanisms by which the legal system protects itself from mistaking industrialised convenience for proof. The point is especially sharp where the software does not just organise material but adds interpretive weight to it, whether by ranking probabilities, highlighting “matches”, generating summaries or suppressing what it treats as irrelevant. In such cases the method becomes part of the evidence even if the operator insists the machine only assisted. ²⁷

That concern is no longer confined to specialist courts or complex forensic disputes. The senior judiciary in England and Wales has now repeatedly warned that AI-generated material cannot be relied upon uncritically and that judicial office holders remain responsible for everything issued in their name. Although that guidance is directed to judges, the underlying proposition travels more widely. Responsibility does not evaporate because a system appears useful. If anything, systems that appear useful require greater caution, because they invite routine dependence. In policing, that means supervisors, investigators and disclosure officers need enough understanding of the tools they use to recognise where the output may be incomplete, distorted or overconfident. Without that literacy, “human oversight” becomes a phrase of reassurance rather than a working safeguard. ²⁸

Conclusion

Public trust is often invoked by police authorities as a policy objective, but it should not be treated as something achieved by communication strategy alone. The Home Office’s own work on public attitudes to facial recognition shows a more nuanced picture: many members of the public see clear benefits in locating suspects, finding missing people and improving public safety, but support is qualified by concern about misuse, false matches and privacy. That is exactly what one would expect in a constitutional democracy. Citizens do not need to reject the utility of a tool in order to insist upon strict limits governing its use. The right lesson for public authorities is therefore not that support exists, but that support remains contingent on visible safeguards, intelligible rules and confidence that the technology will not quietly migrate from exceptional use into routine surveillance. ²⁹

The temptation in this field is to ask whether the law is “keeping up” with technology. That is a useful question only if one remembers that the law’s function is not merely to keep pace, but to decide where pace is appropriate and where it is not. Some policing uses of AI are straightforward productivity tools. Others alter the conditions on which people can move anonymously in public space, become subjects of suspicion, or find themselves on the receiving end of an arrest or prosecution. The legal system does not owe each of those uses the same level of enthusiasm. It owes them differentiated scrutiny. A sensible framework would therefore distinguish clearly between low-risk administrative assistance, higher-risk investigative uses, public-space biometric surveillance and evidential software, with escalating standards of authorisation, auditability, human review and disclosure as the legal stakes rise. ³⁰

For the United Kingdom, that means the next phase should be less rhetorical and more institutional. If facial recognition and related technologies are to expand, then Parliament or the Government must say with precision what powers are being exercised, which technologies are covered, what authorisations are required, what data sources are legitimate, what testing is mandatory, what records must be kept, what disclosure obligations arise when the output is relied upon, and what remedies are available when the system is used unlawfully or inaccurately. A principles-led model can only take matters so far if the principles are not translated into durable operating rules. Bridges showed that the courts can supply some of the discipline. They cannot sensibly be expected to supply all of it. ³¹

The most defensible final position is neither prohibitionist nor complacent. Law enforcement should use technology where it genuinely improves legitimate policing objectives and where the legal framework is robust enough to support that use. But the burden belongs to the state. It must show more than functionality. It must show lawful basis, necessity, proportionality, testability, meaningful oversight and practical routes of challenge. Systems that cannot meet those standards should not be used merely because they are available or because procurement cycles and vendor presentations make adoption seem inevitable. In a legal order worth preserving, AI may assist the state, but it cannot dilute the standards by which the state is judged when it watches, classifies, accuses or restrains. ³²

Selected Authorities and Materials

ACLU of Michigan, Civil Rights Advocates Achieve the Nation’s Strongest Police Department Policy on Facial Recognition Technology (28 June 2024).

ACLU of Michigan, Facial Recognition case page.

Ayres, Ian and Jack Balkin, ‘The Law of AI Is the Law of Risky Agents Without Intentions’ (2024) The University of Chicago Law Review Online.

Axon, A closer look at Draft One (2025).

Axon, Draft One product page.

Bedfordshire Police, Cutting edge tech saving Bedfordshire Police officers’ time (29 December 2023).

Bellovin, Steven M. et al., ‘Seeking the Source: Criminal Defendants’ Constitutional Right to Source Code’ (2021) 17 Ohio State Technology Law Journal 1.

European Data Protection Board, Facial recognition: Italian SA fines Clearview AI EUR 20 million (10 March 2022).

European Data Protection Board, The French SA fines Clearview AI EUR 20 million (20 October 2022).

European Parliament, Artificial Intelligence Act: MEPs adopt landmark law (13 March 2024).

Home Office, Legal framework for using facial recognition in law enforcement (consultation, 4 December 2025).

Home Office, Police use of facial recognition: factsheet (4 December 2025).

Home Office, Public attitudes to police use of facial recognition technology (4 December 2025).

ICO, Metropolitan Police gangs matrix.

ICO, Rights related to automated decision making including profiling.

ICO, What is automated individual decision-making and profiling?.

Judiciary of England and Wales, Artificial Intelligence (AI) Guidance for Judicial Office Holders (31 October 2025).

Metropolitan Police, How the gangs violence matrix works.

National Conference of State Legislatures, Artificial Intelligence in Law Enforcement: The Federal and State Landscape (2024).

Regulation (EU) 2024/1689 (Artificial Intelligence Act).

Royal Commission into the Robodebt Scheme, Report (7 July 2023).

The Information Commissioner’s Office v Clearview AI Inc (Privacy International intervening): [2025] UKUT 319 (AAC).

R (Bridges) v Chief Constable of South Wales Police [2020] EWCA Civ 1058.

State v Loomis, 2016 WI 68.

State v Pickett, 466 N.J. Super. 270 (App. Div. 2021).

State v Rochat, A-0103-17 (App. Div., 28 January 2022).

References

¹ Home Office, Police use of facial recognition: factsheet (4 December 2025); Axon, Draft One.

² Information Commissioner’s Office, What is automated individual decision-making and profiling?.

³ See R (Bridges) v Chief Constable of South Wales Police [2020] EWCA Civ 1058, https://www.judiciary.uk/wp-content/uploads/2020/08/R-Bridges-v-CC-South-Wales-ors-Judgment.pdf; UK Information Commissioner’s Office, Rights related to automated decision making including profiling, https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/rights-related-to-automated-decision-making-including-profiling/.

⁴ UK Government, AI regulation: a pro-innovation approach (White Paper, March 2023), https://www.gov.uk/government/publications/ai-regulation-a-pro-innovation-approach; Home Office, Legal framework for using facial recognition in law enforcement (consultation, published 4 December 2025), https://www.gov.uk/government/consultations/legal-framework-for-using-facial-recognition-in-law enforcement.

⁵ R (Bridges) v Chief Constable of South Wales Police [2020] EWCA Civ 1058; see also Judiciary UK, Press Summary: R (Bridges) v Chief Constable of South Wales Police (11 August 2020), https://www.judiciary.uk/wp-content/uploads/2020/08/R-Bridges-v-CC-South-Wales-ors-Press-Summary.pdf.

⁶ Home Office, Legal framework for using facial recognition in law enforcement (consultation, published 4 December 2025), especially the Summary and Consultation Description; Home Office, Police use of facial recognition: factsheet (4 December 2025).

⁷ Information Commissioner’s Office, Metropolitan Police gangs matrix, https://ico.org.uk/for-the-public/ico-40/metropolitan-police-gangs-matrix/; Metropolitan Police, How the gangs violence matrix works, stating that use of the matrix was discontinued with effect from 13 February 2024, https://www.met.police.uk/police-forces/metropolitan-police/areas/about-us/about-the-met/gangs-violence-matrix/.

⁸ Information Commissioner’s Office, Metropolitan Police gangs matrix; UK Information Commissioner’s Office, Rights related to automated decision making including profiling; see also Home Office, Legal framework for using facial recognition in law enforcement (consultation, 2025), which expressly raises issues of safeguards, proportionality and rights interference.

⁹ National Conference of State Legislatures, Artificial Intelligence in Law Enforcement: The Federal and State Landscape (July 2024), https://documents.ncsl.org/wwwncsl/Criminal-Justice/Law enforcement-Fed-Landscape-v02.pdf; Wisconsin Supreme Court, State v Loomis, 2016 WI 68, https://www.wicourts.gov/sc/opinion/DisplayDocument.pdf?content=pdf&seqNo=171690.

¹⁰ State v Loomis, 2016 WI 68, especially the certified issue concerning whether use of a COMPAS assessment violated due process because of the tool’s proprietary nature or its use of gender; see also Wisconsin Court of Appeals certification order, 17 September 2015, https://www.wicourts.gov/ca/cert/DisplayDocument.pdf?content=pdf&seqNo=149036.

¹¹ State v Pickett, 466 N.J. Super. 270 (App. Div. 2021), available at https://www.njcourts.gov/system/files/court-opinions/2021/a4207-19.pdf; State v Rochat, A-0103-17 (App. Div., 28 January 2022), discussing Pickett and describing independent source-code review as justified by the cautionary experience with FST, https://www.njcourts.gov/system/files/court-opinions/2022/a0103-17.pdf.

¹² See State v Pickett, 466 N.J. Super. 270 (App. Div. 2021); Rebecca Wexler, It’s time to end the trade secret evidentiary privilege among forensic algorithm vendors, Brookings (13 July 2021), https://www.brookings.edu/articles/its-time-to-end-the-trade-secret-evidentiary-privilege-among-forensic-algorithm-vendors/; Steven M. Bellovin et al., ‘Seeking the Source: Criminal Defendants’ Constitutional Right to Source Code’ (2021) 17 Ohio State Technology Law Journal 1.

¹³ ACLU of Michigan, Facial Recognition case page, https://www.aclumich.org/cases/facial-recognition/; ACLU of Michigan, Civil Rights Advocates Achieve the Nation’s Strongest Police Department Policy on Facial Recognition Technology (28 June 2024), https://www.aclumich.org/press-releases/civil-rights-advocates-achieve-nations-strongest-police-department-policy-facial/.

¹⁴ National Conference of State Legislatures, Artificial Intelligence in Law Enforcement: The Federal and State Landscape (2024), discussing state measures in Alabama, Maryland and Washington; ACLU of Michigan, Civil Rights Advocates Achieve the Nation’s Strongest Police Department Policy on Facial Recognition Technology (28 June 2024).

¹⁵ Judiciary of England and Wales, Artificial Intelligence (AI) Guidance for Judicial Office Holders (31 October 2025), https://www.judiciary.uk/wp-content/uploads/2025/10/Artificial-Intelligence-AI-Guidance-for-Judicial-Office-Holders-2.pdf; UK Information Commissioner’s Office, Rights related to automated decision making including profiling.

¹⁶ Axon, Draft One product page; Axon, A closer look at Draft One (2025), https://www.axon.com/resources/closer-look-draft-one; Bedfordshire Police, Cutting edge tech saving Bedfordshire Police officers’ time (29 December 2023).

¹⁷ Axon, Draft One product page; Judiciary of England and Wales, Artificial Intelligence (AI) Guidance for Judicial Office Holders (31 October 2025), which stresses that judicial office holders remain personally responsible for material produced in their name.

¹⁸ Royal Commission into the Robodebt Scheme, Report (7 July 2023), especially Chapter 17 on automated decision-making and Recommendation 17.1, https://robodebt.royalcommission.gov.au/publications/report.

¹⁹ Royal Commission into the Robodebt Scheme, Report (2023); UK Information Commissioner’s Office, Rights related to automated decision making including profiling; Home Office, Legal framework for using facial recognition in law enforcement (consultation, 2025).

²⁰ Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 (Artificial Intelligence Act), OJ L 2024/1689, especially Articles 5 and 6, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689; European Parliament, Artificial Intelligence Act: MEPs adopt landmark law (13 March 2024), https://www.europarl.europa.eu/news/en/press-room/20240308IPR19015/artificial-intelligence-act-meps-adopt-landmark-law.

²¹ European Parliament, Artificial Intelligence Act: MEPs adopt landmark law (13 March 2024); Home Office, Legal framework for using facial recognition in law enforcement (consultation, 4 December 2025).

²² UK Information Commissioner’s Office, Rights related to automated decision making including profiling and What else do we need to consider if Article 22 applies?, https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/automated-decision-making-and-profiling/what-else-do-we-need-to-consider-if-article-22-applies/; Regulation (EU) 2024/1689, including Article 86.

²³ European Data Protection Board, Facial recognition: Italian SA fines Clearview AI EUR 20 million (10 March 2022), https://www.edpb.europa.eu/news/national-news/2022/facial-recognition-italian-sa-fines-clearview-ai-eur-20-million_en; see also European Data Protection Board, The French SA fines Clearview AI EUR 20 million (20 October 2022), https://www.edpb.europa.eu/news/national-news/2022/french-sa-fines-clearview-ai-eur-20-million_en.

²⁴ Upper Tribunal (Administrative Appeals Chamber), The Information Commissioner’s Office v Clearview AI Inc (Privacy International intervening): [2025] UKUT 319 (AAC), published 14 October 2025, https://www.gov.uk/administrative-appeals-tribunal-decisions/the-information-commissioners-office-v-clearview-ai-inc-privacy-international-intervening-2025-ukut-319-aac.

²⁵ Home Office, Legal framework for using facial recognition in law enforcement (consultation, 2025); Ian Ayres and Jack Balkin, ‘The Law of AI Is the Law of Risky Agents Without Intentions’ (2024) The University of Chicago Law Review Online, https://lawreview.uchicago.edu/online-archive/law-ai-law-risky-agents-without-intentions.

²⁶ R (Bridges) v Chief Constable of South Wales Police* [2020] EWCA Civ 1058; Judiciary of England and Wales, Artificial Intelligence (AI) Guidance for Judicial Office Holders (31 October 2025); Ayres and Balkin, ‘The Law of AI Is the Law of Risky Agents Without Intentions’ (2024).

²⁷ Wisconsin Supreme Court, State v Loomis (2016); State v Pickett, 466 N.J. Super. 270 (App. Div. 2021); Judiciary of England and Wales, Artificial Intelligence (AI) Guidance for Judicial Office Holders (31 October 2025).

²⁸ Judiciary of England and Wales, Artificial Intelligence (AI) Guidance for Judicial Office Holders (31 October 2025), replacing earlier guidance issued in December 2023 and April 2025; The Lady Chief Justice’s Report 2024, noting ongoing review of judicial AI guidance, https://www.judiciary.uk/wp-content/uploads/2024/11/24.147_JO_LCJ-Annual-Report-2024_v8_WEB.pdf.

²⁹ Home Office, Public attitudes to police use of facial recognition technology (4 December 2025), https://www.gov.uk/government/publications/public-attitudes-to-police-use-of-facial-recognition-technology/public-attitudes-to-police-use-of-facial-recognition-technology; Home Office, Police use of facial recognition: factsheet (4 December 2025).

³⁰ Regulation (EU) 2024/1689 (Artificial Intelligence Act); Home Office, Legal framework for using facial recognition in law enforcement (consultation, 2025); National Conference of State Legislatures, Artificial Intelligence in Law Enforcement: The Federal and State Landscape (2024).

³¹ Home Office, Legal framework for using facial recognition in law enforcement (consultation, 2025); R (Bridges) v Chief Constable of South Wales Police [2020] EWCA Civ 1058.

³² R (Bridges) v Chief Constable of South Wales Police [2020] EWCA Civ 1058; Royal Commission into the Robodebt Scheme, Report (2023); European Parliament, Artificial Intelligence Act: MEPs adopt landmark law (13 March 2024).