Close

Reimagining Policing Position Paper 4

Working Paper Series: Policing in the Digital Age

Paper 4: Hierarchy Policing in a Digital Age: What could a civil public safety platform look like?

Our central assertion is that digital transformation has made infrastructure a governance question, not merely a technical one. The decisions made about what platforms to build, who controls them, how data flows across them, what standards govern them, and how accountability is maintained within them are not IT decisions to be delegated to technology departments. They are foundational choices about the relationship between public institutions, democratic accountability, and the citizens whose safety and liberties are at stake.

Reimagining Policing

A Working Group on Policing and Digital Transformation


Paper 4 of 4

Tom Kirchmaier and Mick O’Connell

31 March 2026

ABSTRACT

This paper constitutes the operational core of our series, examining what a data-centric approach to public safety means in practice. We develop the concept of a civil public safety platform — not merely a technological system but a governance architecture that positions policing institutions as one node within a broader ecosystem encompassing social services, health, education, the private sector, and civic institutions. The platform concept is defined by a set of principles rather than a single prescribed configuration: neutrality of design, multi-party governance, privacy-enhancing trust architecture, layered accountability, and interoperability by default. We treat mission and oversight as distinct governance challenges — the former concerning what policing should accomplish and through what means, the latter addressing accountability mechanisms and democratic control. Conflating them has historically produced analytical confusion and impeded reform. We examine the challenge of transparency regarding AI outputs and where this technology is adopted, how to maintain the accountability of distributed systems, the conditions under which voluntary data sharing across agencies becomes possible, the case against bespoke national solutions in favor of standardized platforms and protocols, the fiscal architecture of shared infrastructure, and the problem of defining and measuring performance in a platform model. Throughout, we maintain that the purpose of the platform is not to make policing more powerful but to make public safety more effective — a distinction that shapes every design choice we propose.

 

Introduction: Infrastructure as Governance

The second two papers in this series, following on from the Positional Paper, addressed the normative and organizational foundations of democratic policing in the digital age. We argued that consent- based policing principles - ideas prominently articulated in the Anglo policing tradition by Sir Robert Peel - retain their validity but require active reinterpretation; that technological capability must serve democratic legitimacy rather than displace it; and that the institutional structures of policing must be fundamentally redesigned if they are to exploit the potential of digital transformation rather than be constrained by it.

This final paper turns to the operational question: what does all of this actually require in practice, at the level of systems, platforms, data architectures, and governance arrangements? If the first paper asked what policing should stand for in the digital age, and the second asked how policing institutions must change to deliver it, this paper asks what they need to build.

Our central assertion is that digital transformation has made infrastructure a governance question, not merely a technical one. The decisions made about what platforms to build, who controls them, how data flows across them, what standards govern them, and how accountability is maintained within them are not IT decisions to be delegated to technology departments. They are foundational choices about the relationship between public institutions, democratic accountability, and the citizens whose safety and liberties are at stake. Getting them wrong has consequences that no subsequent governance reform can easily reverse. Getting them right creates the conditions for a form of public safety provision that is more effective, more equitable, and more democratic than anything previously achievable.

We develop the concept of a civil public safety platform as our organizing framework. This is not a proposal for a single monolithic system or a centralized data architecture. It is a set of principles and illustrative configurations that together describe what a whole-of-society approach to public safety infrastructure could look like — one in which policing institutions are essential contributors but not sole controllers, and in which the design of the platform actively reflects the democratic values established in the first two papers and the organizational reforms argued for in the third.

We address, in turn: the re-conception of policing within a broader safety ecosystem; the critical importance of separating mission from oversight as distinct governance problems; the principles and configurations of the platform itself; the accountability challenges specific to distributed AI-enabled systems; the case for standardization over bespoke solutions; the fiscal architecture of sustainable shared infrastructure; and the vital yet underestimated problem of defining and measuring what success looks like.

We conclude by bringing the three papers together into a coherent account of what legitimate, effective, and consent-based policing in the digital age requires.

 

From Institution to Ecosystem: Reconceiving the Architecture of Public Safety

The limits of police-centric design

The dominant model of public safety infrastructure, in most jurisdictions, is police-centric by design. Other agencies — health, social services, education, housing, mental health — are positioned as contributors to a system whose architecture centers on policing, whose data flows toward police institutions, and whose governance reflects police authority. In some respect this reflects genuine operational realities: police are often the first responders across a wide range of situations, and in many places their legal powers give them a coordinating role that other agencies lack.

But police-centric design also produces systematic failures that are becoming more visible and more costly as the complexity of the challenges policing institutions and society face continues to grow. When every information flows through police systems, agencies that hold critical data — health providers, social services, housing authorities — face strong institutional and cultural disincentives to share it. The prospect of contributing data to a police-controlled platform raises immediate concerns about how it will be used, how long it will be retained, and whether accountability for its use can be maintained. These concerns are not irrational. They reflect real experiences of data shared in good faith being used in ways that were neither anticipated nor desired.

The consequence is that multi-agency collaboration — which almost every analysis of complex public safety challenges identifies as essential — is structurally inhibited by the architecture of the systems through which it is supposed to occur. We are trying to achieve collective outcomes through infrastructure designed for institutional competition, and we should not be surprised when the results are suboptimal. Some of the most consequential failures in modern public safety — situations where individuals fell between agencies, where harm occurred because information did not reach the right organization in time, where capability was distributed but nobody acted — are failures of systematic architecture as much as of individual institutions or decisions.

 

Policing as a node, not a center

The alternative we propose is a re-conception in which policing is a critical and empowered node within a broader civil public safety ecosystem, rather than the center around which everything else is organized. This is not a proposal to diminish the role of policing. It is a proposal to make that role more effective by embedding it within a set of relationships and information flows designed for collaboration rather than competition.

The practical implication is that the platform through which safety information is aggregated, analyzed, and acted upon must be designed as a neutral space — one in which police participate as partners among others, rather than as the authority to which all others defer. This design principle is straightforward but demanding: the architecture of the system must reflect the governance model it is intended to support. If the goal is genuine multi-agency collaboration with no single agency in control, the platform cannot be owned, controlled, or designed unilaterally by any single agency.

This re-conception has immediate practical consequences for how situations are categorized and responded to. A person in mental health crisis who has come to police attention is not primarily a policing problem; the appropriate response may be a health intervention, a social services referral, or some combination of both. A child at risk may require coordinated action across education, social services, health, and policing simultaneously, with no single agency having clear primacy. An individual whose financial behavior suggests exploitation may be better served by a banking sector intervention than a policing one. In all these cases, a police-centric architecture creates structural pressure toward policing responses to problems that are not primarily policing problems — wasting police resources, delivering suboptimal outcomes for individuals, and eroding the Peelian principle that policing should focus on what it is genuinely for.

The goal is a system in which the information needed to identify the most appropriate intervention for a given situation reaches the agency best positioned to make that intervention, in time to make a difference. This is not a description of how current systems work. It is a design target that the civil public safety platform would be explicitly built to achieve — which requires not only technical infrastructure but the governance architecture that makes contributing agencies willing to participate.

 

Mission and Oversight: The Case for Decoupling

The conflation problem

One of the most persistent sources of analytical confusion in debates about police reform is the conflation of two distinct governance questions: what policing institutions should accomplish and through what means — the mission question — and how they should be held accountable for what they do — the oversight question. These are related but separate challenges. Treating them as a single problem has historically produced both inadequate accountability and incoherent mission.

The conflation manifests in several ways. Accountability mechanisms designed to manage specific historical failures become attached to mission definitions in ways that distort operational priorities — producing institutions that optimize for measurable compliance rather than genuine public safety outcomes.

Conversely, debates about policing mission become entangled with oversight concerns in ways that prevent honest assessment of what the mission should be. Every proposal to expand or reorient police activity becomes simultaneously a debate about oversight adequacy, making both conversations harder to have clearly.

The introduction of AI and platform-based information systems makes this conflation more consequential. When an AI and data system processes information from multiple agencies and surfaces a recommendation for intervention, the question of what intervention is appropriate and the question of who is accountable for the recommendation and its consequences are analytically distinct but practically entangled in ways that neither current governance frameworks nor current accountability mechanisms are designed to address. Resolving this requires treating the two questions separately.

 

Defining the mission

The mission question is, at its core, a question about what public institutions are trying to achieve and how finite resources should be allocated to achieve it. For policing institutions in the digital age, this question has become considerably more complex than the traditional formulation — preventing crime, maintaining order, protecting human rights and freedoms, detecting and prosecuting offending — suggests. Digital offences constitute a large and growing share of the harm that affects citizens' lives, yet they remain systematically underweighted in performance frameworks and resource allocation models that were designed for physical crime.

We argue that the civil public safety platform must be designed to support both reactive and preventive orientations, and that the mission clarity required by the platform — about what it is trying to achieve and how success will be assessed must be established in advance of, not derived from, the capabilities the platform makes available. One of the most significant risks of technology-led reform is mission drift: institutions deploy new technical tools and then define success in terms of what those tools can measure, rather than defining mission first and then asking what tools would best serve it. The platform is a means, not an end. The mission must be specified through democratic governance, not by the architecture of the infrastructure.

A further dimension of mission that digital transformation makes urgent is the balance between reactive and preventive orientations. We observed in the first paper that the consent- based policing principles - ideas prominently articulated in the Anglo policing tradition by Sir Robert Peel with their emphasis on prevention has become significantly underweighted in contemporary policing culture and design. The platform model offers substantial new preventive capabilities — real-time intelligence aggregation, early warning systems, cross-agency vulnerability identification — but these capabilities will only be used preventively if the mission framework actively prioritises prevention, and if the performance measurement system rewards it. Without that alignment, the platform will tend to be used to accelerate reactive response rather than to enable genuine prevention.

 

Structuring oversight

The oversight question has several distinct dimensions that are frequently confused. The first is institutional accountability: who is responsible for the design, procurement, and governance of the platform itself, and how they are held to account for those decisions. The second is operational accountability: who is responsible for specific decisions made using the platform's capabilities and how is that responsibility maintained when decisions involve AI-generated recommendations or multi-agency data aggregation. The third is democratic accountability: how do citizens, civil society, and democratic institutions maintain meaningful oversight of a system whose technical complexity places it beyond conventional accountability mechanisms.

We argue for a layered accountability architecture that matches the accountability mechanism to the dimension of responsibility it is designed to address. This is addressed in detail in Section 5. What we establish here is the principle: oversight that is undifferentiated — that applies the same accountability framework to institutional governance, operational decisions, and democratic legitimacy simultaneously — is oversight that will be inadequate in all three dimensions.

We acknowledge a genuine counter-argument to the decoupling we propose. The concern is that separating mission from oversight risks legitimizing expanded technical capability through governance frameworks that are, in practice, too weak to constrain it — and that the separation allows mission creep to proceed without adequate democratic check. This concern is valid. Our response is not to conflate the questions but to insist that the oversight architecture must be genuinely robust: independently resourced, technically expert, and empowered to constrain mission as well as to assure it. A weak oversight framework is not a reason to avoid mission clarity; it is a reason to build a stronger one.

 

Civil Public Safety Platform: Principles and Configurations

What the platform is, and is not

The civil public safety platform is not a proposal for a single unified system in which all safety-relevant data is pooled, all agencies are permanently connected, and all decisions are routed through a central architecture. That vision — technically ambitious, governance-intensive, and deeply resistant to the trust dynamics that voluntary multi-agency collaboration requires — is neither achievable nor desirable. The platform we describe is something different: a set of design principles and governance arrangements that make time-limited, purpose-specific, multi-agency collaboration technically possible and institutionally trustworthy, without requiring permanent aggregation or centralized control; one that takes note of the necessity for a certain level of continuous connectivity.

The distinction matters enormously for the trust dynamics that make voluntary data sharing possible. Organizations do not decline to share data with police only because the legal barriers are insurmountable. They decline because they do not trust that their data will be used in accordance with the purposes for which it was shared, or that they will retain meaningful accountability for it once it enters a police-controlled system. Some of the most consequential data for public safety — held by health providers, mental health services, tax authorities and social care agencies — sits behind exactly this barrier. Designing around it requires a platform architecture in which no single agency controls the underlying data of another, in which all parties can see what is being shared, for what purpose, under what governance, and for how long — and in which the technical architecture enforces these commitments rather than merely asserting them.

 

Principle 1: Neutrality of design

The platform must be designed as a neutral space in which all contributing agencies participate as partners with equal standing. This means the technical architecture does not give any single agency privileged access to other agencies' data, does not route information flows through any single agency's systems, and does not embed governance assumptions that privilege any single agency's priorities. In practice, this requires that the platform be owned and governed collectively — either through a dedicated multi-agency body or through a national infrastructure entity whose governance explicitly represents all contributing sectors.

Neutrality of design is both a technical and a political requirement. Technically, it means that the platform's access controls, data segregation mechanisms, and audit trails must enforce the neutral governance model rather than depending on the good faith of any single participant to maintain it. Politically, it means that the platform can not be established or governed through structures that give policing institutions effective control over an architecture that is supposed to serve multiple agencies equally. The structural risk is real: when police hold the convening authority for multi-agency collaboration, the resulting architecture tends to reflect policing priorities and policing governance norms, regardless of the stated intention. Genuine neutrality requires that the convening authority for the platform be separate from any of its contributing agencies.

 

Principle 2: Privacy as the foundation of trust

The single most important technical enabler of genuine multi-agency collaboration is privacy-enhancing technology — specifically, cryptographic and computational approaches that allow multiple parties to collaborate on shared analytical tasks without any party seeing the underlying data of another. Multi-party computation, federated learning, and secure enclaves make it possible to train analytical models on data from multiple agencies, to run queries across distributed datasets, and to surface patterns that no single agency's data would reveal — all without creating the central data pool that every participating agency would rightly refuse to contribute to.

Working examples of this architecture exist. Collaborative platforms in cybersecurity have demonstrated that organizations with strong incentives to protect their own data can nonetheless collaborate on shared analytical challenges when the technical architecture enforces data sovereignty. The architecture is well-understood: data owners retain their data in their own systems, contribute to shared computation through cryptographic protocols that prevent exposure of underlying records, and receive outputs that reflect the collective intelligence of all contributors without requiring trust in any single party's data stewardship. The governance implication is significant: when the technical architecture itself enforces data sovereignty, the governance burden on participating organizations is substantially reduced. Misuse becomes structurally impossible rather than merely prohibited.

We therefore propose that governance boards for any civil public safety platform must have representation from all contributing organizations, must operate continuously rather than being convened only at the point of platform creation, and must have genuine authority over the evolution of the platform — including the power to prohibit queries or use cases that were not anticipated at establishment. Data owners must know precisely what they are contributing, for what purpose, under what governance, and for how long. Mutual agreement on these terms, documented and re-visitable, is the foundation of the trust that makes structural collaboration possible.

 

Principle 3: Purpose limitation and proportionality

Every use of the platform must be tied to a specific, defined purpose, and the scope of data access and analysis must be proportionate to that purpose. This principle is a core element of data protection law in most jurisdictions, but its application in the context of AI-enabled multi-agency platforms requires more active and continuous governance than conventional compliance approaches provide.

The risk specific to AI-enabled platforms is purpose drift: systems established for defined and limited use cases are gradually extended to address related but distinct challenges, each extension individually defensible but cumulatively producing a surveillance architecture whose aggregate scope was never explicitly approved. The governance architecture must therefore include not only initial purpose specification but ongoing monitoring of how the platform is actually being used, with clear triggers for review when use cases approach or exceed the boundaries of the original specification.

Proportionality also requires honest assessment of the threat landscape. The appropriate level of technological capability for a given challenge is determined by the nature and scale of the threat, not by the availability of the technology.

Capabilities developed for high-threat national security contexts are not automatically appropriate for routine policing applications. The question that must be asked at every point of capability deployment is not whether something can be done but whether it is the right tool for the challenge at hand, and whether the capability deployed is proportionate to the harm being addressed.

 

Principle 4: Interoperability by default

The platform must be designed around open standards that enable interoperability between systems, agencies, and jurisdictions — not as an afterthought but as a foundational design principle. The failure to specify common data formats at the point of procurement is one of the most consistently identified and consistently repeated failures in police technology adoption. When organisations switch between systems without requiring data portability, valuable operational history becomes inaccessible. When agencies use incompatible data models, the cross-agency analysis that the platform is designed to enable becomes technically impossible. When different jurisdictions use different standards, the international information sharing that digital crime increasingly demands cannot happen at the speed that operational effectiveness requires.

Interoperability by default means that every procurement decision, every system design choice, and every data governance framework must be evaluated against the question: does this make it easier or harder to share information appropriately, across agencies and jurisdictions? This is a discipline that must be actively cultivated, because the incentives in technology procurement consistently run in the other direction. Vendors profit from lock-in; agencies derive power from proprietary systems; and the short-term costs of achieving interoperability are visible in ways that the long-term costs of fragmentation are not.

 

Principle 5: Configurability over universality

No single platform configuration is appropriate for all contexts. The architecture appropriate for a national cybersecurity intelligence platform differs from that appropriate for a local multi-agency safeguarding arrangement, which differs again from that required for cross-border serious crime investigation. Rather than prescribing a single design, we propose a set of layered configurations that share common principles and technical standards while varying in scope, participant base, and governance model.

At the most local level, the platform may be a relatively lightweight information-sharing arrangement between a small number of agencies, focused on a defined population or problem type, governed by a simple multi-party agreement and reviewed regularly. At the national level, a more substantial technical infrastructure supports real-time information sharing across law enforcement agencies, with more elaborate governance and stronger technical privacy protections. At the international level, treaty-based frameworks, common data standards, and carefully negotiated agreements respect jurisdictional sovereignty while enabling the cross-border intelligence sharing that digital crime demands. Itʼs to be noted too that all these configurations are not necessarily time bound, nor should they be. The common thread across all configurations is the application of the same five design principles: neutrality of design, privacy-enhancing trust architecture, purpose limitation and proportionality, interoperability by default, and configuration over universality.

 

Accountability in a Distributed System

The AI recommendation problem

A fundamental shift in accountability architecture is required when AI systems become routine contributors to operational policing decisions, and they will.

The shift is not in who is ultimately accountable — that remains the human decision-maker who acts on information — but in what accountability means in practice, and how it can be maintained when the information on which decisions are based has been generated, filtered, or prioritized by systems whose logic may not be immediately transparent.

The language we use matters, and we are precise about it. AI systems make recommendations; humans make decisions. The accountability for a decision rest with the human who makes it, and that accountability is not diminished by the fact that the decision was informed by an AI-generated recommendation.

What changes is the nature of the competence required to exercise that accountability meaningfully. An officer who acts on an AI-generated recommendation without understanding what the recommendation is based on, how confident the system is in it, or what its limitations are is not exercising genuine accountability — they are deferring to a system they do not understand in a way that preserves the form of human oversight while hollowing out its substance. This formulation — that AI provides recommendations while humans make decisions — is not merely semantic. It is the architecture of accountability in the digital age, and it must be embedded in training, in governance, and in the design of the systems themselves.

The problem is compounded by the dynamics of high-volume, high-tempo operational environments. When an officer is managing multiple simultaneous incidents, receiving AI-generated alerts and recommendations across several of them, and making decisions in real time, the cognitive bandwidth available for critical evaluation of each recommendation is limited. Governance design must be realistic about this constraint — designing information presentation in ways that support genuine critical engagement rather than making it theoretically possible while practically impossible.

 

A confidence classification architecture

We propose a structured approach to the presentation of AI-generated information that makes the confidence level and provenance of each piece of information legible to the officer using it. The structure is a traffic light classification embedded in the information itself — not a binary AI/non-AI flag but a graded signal that tells the officer how much independent verification the information has received, how recent it is, how confident the generating system/s are is, and what the known risk of error is in this class of situation.

For example, a green classification signals that AI-assisted information has been subject to human verification and the output has been reviewed and confirmed by a qualified analyst — the officer can proceed with a higher degree of confidence. Amber signals that the information has received some level of automated triage but limited human review — the officer should treat it as a pointer rather than a confirmed fact and proceed with appropriate caution. Red signals that information has been surfaced as urgent by automated systems without human review — the officer receives the alert but must understand it has not been verified and weigh it accordingly.

This classification must be embedded in the metadata of the information itself, not presented as a separate advisory that can be ignored or missed, much like past ‘handling codesʼ for information and intelligence could be. As information flows through the platform and across agencies, its confidence classification must travel with it — so that an officer receiving information that has been aggregated from multiple sources, processed by multiple systems, and routed through multiple channels can still understand what level of confidence attaches to it and what verification it has received. The provenance metadata that makes this possible is not optional; it is the mechanism through which accountability is maintained across complex information flows. If that metadata is lost as information moves between systems — as it frequently is in current architectures — the accountability chain is broken at the point of loss.

We are clear about the organizational implications of this system. It requires investment in training so that officers understand what each confidence level means and how to exercise the appropriate level of critical engagement. It requires system design that presents the classification prominently rather than burying it in metadata fields that are rarely examined. And it requires institutional cultures that treat skepticism about AI-generated recommendations as a professional virtue rather than an obstacle to operational efficiency. The dashboard warning analogy captures the intent: a warning light does not tell the driver what to do, but it changes the driver's operating posture in ways that reduce the risk of serious error.

 

Accountability for inaction

A dimension of accountability that conventional frameworks consistently fail to address is accountability for inaction — for the decisions not made, the interventions not deployed, the information not acted upon. In a distributed multi-agency system, this problem becomes acute. When information relevant to a developing situation is held across multiple agencies and the capability to intervene is distributed among them, it is entirely possible for serious harm to occur through a collective failure in which no single agency is clearly responsible. Each agency had partial information; none had the full picture; none therefore acted decisively; and the outcome was worse than it would have been had the system worked as intended.

The civil public safety platform is designed precisely to reduce the likelihood of this kind of distributed failure, by creating the shared information environment in which the full picture becomes visible and the appropriate agency for intervention is identifiable. But the governance architecture must also address the accountability question directly. When the platform surfaces information suggesting that a situation requires intervention and no agency acts, where does accountability rest?

Our answer requires both a clear policy framework specifying which agency has primacy in which categories of situation — so that gaps between agencies are not a permanent structural feature of the system — and a governance requirement that the platform generate an audit trail of recommendations and responses that makes accountability for inaction traceable after the fact. The purpose is not to punish agencies for the inherent uncertainty of complex social situations, but to ensure that the question of what was known, when, by whom, and what was done about it can be answered — and that the answer can drive both accountability in specific cases and systemic learning over time. A public institution whose response to a preventable harm is that it did not know is in a materially different position from one that can demonstrate it knew, assessed the situation, and made a documented judgment call. The platform enables the latter; the governance architecture must require it, and designing / endorsing it within a set localities framework is ultimately a political / democratic / government question.

 

Protecting investigative capability while enabling contestability

A genuine tension in the accountability architecture concerns the protection of investigative techniques. Full accountability, in some formulations, requires disclosure of the methods through which information is gathered and processed — so that individuals and their legal representatives can challenge decisions that affect them. But policing techniques, particularly in digital and covert domains, are expensive to develop and can be rendered ineffective the moment they are publicly disclosed. When adversaries understand how a capability works, they adapt — and the technique that took years to develop becomes obsolete.

We do not dismiss this concern. There is genuine substance to the argument that unlimited transparency requirements can harm the public by destroying the investigative capabilities that protect them. The appropriate response is not to abandon transparency but to design contestability mechanisms that allow challenges to the use of investigative techniques without requiring full public disclosure of those techniques. Approaches used in other security-sensitive contexts — in camera judicial proceedings, independent oversight with access to classified materials, technical review by independent experts under strict confidentiality — provide models adaptable for policing.

The principle we maintain is that the inability to publicly disclose a technique cannot be an automatic bar to accountability. The accountability mechanism must be designed to function under the constraints that operational security imposes — which is harder, but not impossible. An agency that cannot be publicly held to account for a specific technique must nonetheless be held to account, through mechanisms appropriate to the sensitivity of the capability, for whether that technique was lawfully authorised, proportionately and ethically deployed, and accurately documented.

 

Public signaling and AI transparency

Beyond the internal accountability architecture, there is a question of what citizens should be able to know about AI-enabled capabilities deployed in the spaces they inhabit. A meaningful distinction exists between operational covert capabilities, which cannot be disclosed without undermining their effectiveness, and ambient capabilities deployed in public spaces in the name of public safety, where the case for disclosure is much stronger.

For ambient capabilities — systems deployed in public spaces, smart city environments, or other settings where citizens are present without prior notice

we support enhanced public signaling: clear indication when advanced analytical capabilities such as behavioral analysis, spatial recognition, or automated alerting systems are in operation, beyond the standard notice that conventionally accompanies CCTV. The purpose is not to inform those seeking to evade detection — ambient surveillance is not covert — but to maintain the transparency and public trust that democratic consent for such deployments requires.

At the international level, this logic extends to informing citizens about the surveillance environments they are entering when they travel. Travel advisories currently inform citizens about legal regimes and physical risks in foreign jurisdictions; the case for extending them to cover the AI surveillance capabilities that may affect digital privacy and human rights is strong and growing as the pace of international AI deployment accelerates. Citizens who carry sensitive professional or personal information across borders deserve the same quality of advisory about digital risk as they currently receive about physical or legal risk.

 

 

Standardization, Interoperability, and the Global Standards Race

The case against bespoke

A consistent finding across this series is that bespoke local or national solutions to problems that are structurally transnational produce inferior outcomes at higher cost. Digital crime does not respect jurisdictional boundaries. Offenders, victims, and the platforms through which harm is enabled are routinely located in different countries. The data needed to investigate, prevent, and prosecute digital offending is held across multiple jurisdictions, subject to different legal frameworks, and accessible only through international cooperation mechanisms that move at speeds bearing no relationship to the pace at which digital crime evolves.

Against this backdrop, continued investment by individual jurisdictions in non‑interoperable policing systems is difficult to defend on grounds other than institutional preference, legacy procurement pathways, and budget restrictions

— which is why the emphasis must be on long‑term cost efficiency. The sovereignty concern — the desire to maintain national control over sensitive law enforcement capabilities — is real, but it is not a justification for the specific form of fragmentation that bespoke systems produce. Sovereignty over data and operational decisions is compatible with standardization of protocols and interfaces. What bespoke systems protect is not primarily sovereignty but the institutional interests of those who designed, procured, and operated them.

The alternative is standardization at the level of protocols and interfaces while preserving diversity at the level of implementation. Common data formats, shared API standards, interoperable authentication systems, and agreed information classification schemes can enable real-time intelligence sharing across jurisdictions without requiring those jurisdictions to use the same systems, adopt the same governance models, or surrender control of their underlying data. This is the architecture of the internet applied to law enforcement information sharing — and it is the architecture that the scale and pace of digital crime now demand.

 

Accreditation and the police pole in standards development

The development of technical standards for policing technologies is a domain in which policing institutions have historically been passive recipients rather than active contributors. Standards are developed by technology vendors, national metrology bodies, and international organizations — and policing institutions adopt or contest the results after the fact rather than shaping the specifications from the outset. This is a significant missed opportunity, both for ensuring that standards reflect operational realities and for building the institutional credibility that makes public confidence in AI and data-enabled policing achievable.

We argue for a fundamental shift in posture. Policing institutions should be active, organized, and technically informed participants in the standards development processes that will determine the governance of policing technologies for the next generation. This means investing in the technical and legal capacity to engage substantively with standards bodies; coordinating across jurisdictions to develop shared positions on technical specifications; and contributing to the development of accreditation frameworks that certify the performance, bias characteristics, and operational suitability of AI and data systems before deployment.

The accreditation model from aviation and medical device regulation is instructive. In both domains, manufacturers know in advance what specifications their products must meet, what testing they must undergo, and what ongoing monitoring is required to maintain certification. The result is not the elimination of innovation — both industries continue to advance rapidly — but the channeling of innovation through frameworks that provide predictable assurance of safety and performance. Independent testing of AI and data systems by accredited laboratories — with results that are publicly available, internationally recognized, and regularly updated as systems evolve — would substantially improve both the quality of procurement decisions and the public confidence that those decisions currently lack. The analogy to clinical trials for medicines is apt: we do not permit the deployment of medical interventions whose safety and efficacy have not been independently verified. The same standard should apply to AI systems whose outputs influence decisions about people's liberty, human rights and safety.

The global standards race deserves explicit attention. Large market blocs are seeking to establish their regulatory frameworks as global defaults — making the design choices embedded in those frameworks influential far beyond their own jurisdictions. Policing institutions that engage actively in this process can shape frameworks that reflect operational realities and democratic values.

Those that remain outside the process will find themselves subject to frameworks designed without their input, potentially including requirements that are either inadequate for genuine accountability or unworkable in operational contexts. The choice to participate is a strategic decision, not merely an administrative one. Domestic interoperability

While the international dimension of interoperability is significant, the domestic dimension is often more immediately consequential. In many jurisdictions, the fragmentation of policing systems within a single country — across forces, agencies, and levels of government — creates information sharing failures that are as damaging as cross-border barriers, and considerably more tractable.

The root causes of domestic fragmentation are well-understood: historical procurement decisions that prioritized immediate operational functionality over future interoperability; institutional incentives that treat data as organizational power rather than shared resource; and governance structures that make no single authority responsible for the interoperability of the system as a whole.

Each of these is addressable in principle. The civil public safety platform model offers a path through this problem: by establishing shared standards as a condition of platform participation, and by demonstrating the operational benefits of interoperability through early successful use cases, it is possible to create the conditions for voluntary convergence without requiring the kind of top-down mandate that generates institutional resistance. The key is to start with use cases where the benefits are clear, the governance is manageable - with regulators playing an active role, and the trust dynamics are favorable — and to build outward from there.

 

Affordability, Sustainability, and Fiscal Architecture

The cost of fragmentation

The fiscal case for shared infrastructure and standardized platforms is, in many respects, more compelling than the operational case — even though significant upfront costs remain a major inhibitor, they can be mitigated by greater savings and efficiencies over the longer term. The aggregate cost of maintaining bespoke, non-interoperable systems — including procurement, maintenance and upgrade, integration costs when systems need to exchange data, and the opportunity costs of capabilities that are not built because budgets are consumed by legacy maintenance — is enormous. Across a single national policing system, the annual cost of legacy infrastructure maintenance alone can runs to billions, absorbing resources that could otherwise fund new capabilities, specialist training, or frontline investment.

Shared infrastructure models change this equation fundamentally. When the fixed costs of developing, maintaining, and upgrading core platform capabilities are distributed across multiple contributors, the per-institution cost falls significantly. When common procurement frameworks enable coordinated purchasing at scales that individual institutions cannot achieve, unit costs fall further. And when interoperability standards eliminate the bespoke integration costs that currently arise every time systems need to exchange data, recurring expenditure simply disappears. The savings are not marginal; they are structural — and they grow over time as the platform matures and the overhead of fragmentation compounds.

The challenge is that the costs and benefits of shared infrastructure are distributed asymmetrically. Upfront costs fall on those who invest early; benefits accrue over time and are shared across all participants. This is a classic collective action problem. Resolving it requires either a coordinating authority with the mandate and resources to establish the platform as a shared good — absorbing upfront costs centrally while distributing ongoing governance responsibilities — or sufficiently strong shared interest that early movers are willing to accept disproportionate initial costs in exchange for the governance influence that early participation confers. Attention will also need to be taken to smaller agencies that may require special consideration with incentivization or subsidies to facilitate their active progress.

 

A framework for infrastructure decisions

The question of what policing institutions should build in-house, share through collective infrastructure, and procure from specialist partners is not a single decision but a portfolio of decisions that vary by capability type, sensitivity level, and operational context. We propose three categories.

Sovereign infrastructure encompasses capabilities so sensitive — in the data they process, the intelligence they generate, or the operational functions they support — that they must be owned, operated, and controlled by democratic institutions without commercial dependency. Core intelligence systems and capabilities whose operational details cannot be disclosed without compromising their effectiveness fall into this category. For sovereign infrastructure, in-house development and operation is the appropriate model, even at higher cost. However, interoperability must still exist at this level for systematic flexibility.

Shared public infrastructure covers capabilities that are operationally important, appropriately shared across multiple institutions, and whose governance can be structured collectively in ways that maintain democratic accountability.

Cross-agency information sharing platforms, common data standards bodies, shared forensic databases, and national AI testing and accreditation functions fall here. The appropriate model is collective ownership and governance — potentially delivered through a national or regional body with representation from all contributing institutions.

Commercially partnered capability covers functions that can be effectively delivered through partnerships with specialist private sector providers, under governance arrangements that maintain institutional control of strategic direction, data ownership, and accountability mechanisms. Digital forensics tools, AI analytical capabilities, and communications infrastructure can often be effectively sourced in this way — provided that procurement is conducted with the legal and commercial sophistication needed to maintain genuine strategic control. Contracts must be structured to preserve data ownership and use, portability, and the ability to switch providers without operational disruption.

The failure mode to avoid is the inadvertent creation of commercial dependency through partnership arrangements that, over time, transfer effective control of operationally critical capabilities to private actors whose interests diverge from those of the public institution they nominally serve.

 

Defining and Measuring Performance

Quality standards as governance

A recurring theme throughout this series is that policing institutions have been reluctant to define the standards against which the quality of policing work is assessed. The argument — that policing is inherently too complex and contextual for standardization — is not persuasive. Other complex, contextual, high-stakes professions manage to define quality standards: medicine, engineering, and aviation all operate with rigorous frameworks that improve outcomes and enable accountability without eliminating professional judgment. The resistance in policing reflects, at least in part, a cultural preference for the discretion and autonomy that standardization would constrain, rather than a genuine technical impossibility.

The introduction of AI and data-enabled decision support makes this resistance increasingly untenable, and the opportunity costs increasingly visible. A system that can flag whether a crime investigation has met the standards for completeness — whether all necessary investigative steps have been taken, all relevant evidence captured, all required documentation completed — is technically achievable. But it requires that those standards be specified. The governance question is who specifies them, through what process, and how they are maintained and updated as operational contexts change. We argue that this is a leadership responsibility, to be exercised through collaborative frameworks involving policing institutions, oversight bodies, academic researchers, and community representatives. Specifying quality standards for policing work is, in the end, a specification of what policing is for — which is why it connects directly to the mission question with which this paper began.

 

Why metrices are not neutral

Of all the challenges the civil public safety platform presents, defining and measuring performance is in some respects the hardest. It is also the most consequential. Performance metrics are not neutral descriptors of organizational activity — they are powerful incentive structures that shape what institutions prioritize, how resources are allocated, what behaviors are rewarded, and what outcomes are pursued. Getting the metrics wrong does not merely fail to measure the right things; it actively drives institutions toward counterproductive or even harmful practices the wrong things.

The history of policing performance management provides ample evidence of this dynamic: forces that optimize for measured crime clearance rates at the expense of victim experience; that concentrate resources in areas that generate recorded crime statistics rather than where harm is greatest; that deprioritize prevention because its effects are diffuse and hard to attribute; and in which the implicit logic of the performance system — that what is measured is what matters — gradually hollows out the mission orientation that the metrics were supposed to serve. This is not a critique of any particular jurisdiction or leadership team. It is a structural observation about how performance management works in complex organizations under political pressure.

The introduction of AI-enabled platforms makes this challenge more acute. Platforms generate vastly more data about policing activity than was previously available — creating the temptation to measure what can be measured rather than what should be measured. The capabilities that platforms enable, particularly in preventive and predictive domains, produce outcomes that are inherently difficult to measure, because the counterfactual — the harm that did not occur because of the intervention — is unobservable. And the distributed nature of the platform model means that outcomes are often produced by the interaction of multiple agencies, making attribution difficult to establish clearly.

 

Mission derived metrices

The first design principle for performance measurement is that metrics must be derived from mission — not the reverse. This sounds obvious but is consistently violated in practice, for the simple reason that defining mission is hard and defining metrics that are already measurable is easy. The result is metric systems that measure what happens to be countable rather than what matters.

The starting point must be a clear specification of what the platform and the institutions contributing to it are trying to achieve: what harms are being prevented or reduced, what the quality of response to harm that does occur looks like, what the experience of citizens who interact with the system is, and how the system contributes to the broader social conditions that determine public safety over time. From this mission specification, performance metrics can be derived — recognizing that not all dimensions of mission will be equally measurable, and that the appropriate response is to invest in developing better measurement approaches rather than to redefine mission in terms of what is already measurable.

The effort to develop standardized measures of community trust, public confidence, victim experience, ethical behavior and prevention effectiveness is not an academic luxury. It is a necessary condition for governing the platform in ways that actually serve its stated purpose. Prevention that succeeds but cannot be measured will not be funded. Trust that is built but not tracked will not be maintained. Equity that is improved but not assessed will not be sustained. The governance architecture must include explicit investment in the measurement infrastructure that makes these outcomes visible — as a governance requirement, not as an optional enhancement.

 

Platform-level performance

A distinctive challenge for the platform model is that the relevant unit of assessment is not individual institutions but the system as a whole. A platform in which each contributing agency performs well on its own metrics, but the aggregate system produces poor outcomes for citizens has failed — even if no single agency can be identified as the cause. Measuring platform performance therefore requires collective-level metrics: how effectively does the system identify situations requiring multi-agency response? How quickly and appropriately does it route information to the agencies best positioned to act? How well does it support early intervention before situations escalate to crisis? How equitably does it distribute the benefits of better public safety information across different communities?

Crucially, effective performance evaluation depends on distinguishing between examining failures and assessing successes. Analyzing failures helps surface the friction points and coordination breakdowns that limit systemic impact, while assessing successes reveals the conditions and practices that enable genuine collaboration. Together, these perspectives allow the platform to evolve through evidence of both what works and what does not, strengthening the system’s overall capacity for sustained improvement.

These are demanding questions, and answering them requires evaluation frameworks that go well beyond the monitoring systems that most policing institutions currently maintain. We argue that this investment is essential, not as an academic exercise but as a governance requirement. A platform that cannot be evaluated against the outcomes it is supposed to produce cannot be held accountable for those outcomes — and an unaccountable platform is ultimately inconsistent with the democratic values that this entire series has sought to uphold.

 

Design Principles: Civil Public Safety Platform

Drawing together the ideas developed in this paper, we propose the following design principles for policing institutions and their partners. These principles are intended to complement those developed in the previous two papers (2&3) and together constitute the normative framework for this initiative.

 

Design the platform for the governance you want, not the governance you have

The architecture of the platform must reflect the governance model it is intended to support. If the goal is genuine multi-agency collaboration with no single agency in control, the technical design must enforce that model — not merely assert it. Governance aspirations that are inconsistent with technical architecture will be overridden by the architecture in practice.

 

Using privacy-enhancing technology to build trust, not bureaucracy

The technical architecture that enables multiple agencies to collaborate on shared analytical tasks without exposing their underlying data to one another is available now and should be deployed. It replaces elaborate legal agreements and monitoring frameworks — which substitute for technical trust while providing limited genuine protection — with a trust layer grounded in cryptographic computation rather than solely reliant on the good faith of institutional actors — yet still operating within legal and human frameworks, recognizing that digital tools themselves are human-made and not beyond failure.

 

Separate mission from oversight — and govern both rigorously

Mission and oversight are distinct governance challenges requiring distinct governance frameworks. Conflating them produces confusion; separating them makes both tractable. But separation must be accompanied by genuine rigor in both domains: a clear mission without strong oversight is a license for mission creep; strong oversight without mission clarity is accountability for the wrong things.

 

Make confidence and provenance visible throughout the information chain

Every piece of AI-generated or AI-assisted information that reaches a decision-maker must carry a legible indication of its confidence level, its provenance, and the verification it has received. This metadata must travel with the information as it flows through the platform and must be preserved in the audit trail. Accountability for decisions made on the basis of AI-generated information requires that decision-makers can demonstrate what they knew, how confident they were entitled to be, and why they acted as they did.

 

Standardize at the protocol level, preserve diversity at the implementation level

Common data standards, shared API specifications, and interoperable authentication systems are essential. Uniform systems are not. The appropriate level of standardisation is the one that enables interoperability — the ability to exchange information appropriately, across agencies and jurisdictions, in real time — without requiring uniformity of implementation, governance, or operational approach.

 

Invest in the measurement of what matters, not just what is measurable

Performance metrics must be derived from mission, not imposed by the availability of data. This requires sustained investment in evaluation frameworks that measure prevention, trust, victim experience, and equity — alongside the conventional indicators of crime and response. The governance of the platform must protect these harder-to-measure outcomes from being systematically defunded by performance management systems that only value what they can already count.

 

Build accountability for inaction as well as action

In a distributed multi-agency system, the failures that matter most are often failures of coordination — situations where the information needed to act was present in the system but did not reach the agency positioned to act on it. The governance architecture must include mechanisms for accountability for inaction, and audit trails that make the question of what was known, when, and what was done about it answerable after the fact.

 

Procure as a consortium, not as individuals

Technology procurement by individual institutions, each negotiating separately with commercial vendors, consistently produces higher costs, weaker data ownership protection, less interoperable systems, and greater vendor dependency. Policing institutions should invest in collective procurement capacity — specifying common requirements, negotiating from collective strength, and ensuring that contracts preserve the data ownership, portability, and accountability provisions that democratic governance requires.

 

Conclusion: Bringing the Three Papers Together

The three papers in this series have addressed a single overarching question — what does legitimate and effective policing in the digital age require? — from three complementary perspectives. The first paper established the normative foundations: consent- based policing principles - ideas prominently articulated in the Anglo policing tradition by Sir Robert Peel, reinterpreted for AI-enabled conditions, require that technological capability serve democratic legitimacy rather than displace it, and that renewed public consent in the digital age demands openness, engagement, and restraint. The second examined the organisational implications: hierarchical command structures must be fundamentally redesigned to devolve decision rights, develop specialist human capital, and build the resilience that adaptive institutions require. This fourth paper has asked what all of this requires in practice, at the level of systems, platforms, and governance.

The civil public safety platform concept is our answer to the operational question. It is not a technology specification but a governance architecture — one that positions policing institutions as empowered contributors to a broader civil safety ecosystem rather than as the institution around which everything else is organized. Its defining features are ethical integrity, neutrality of design, privacy-enhancing trust infrastructure, purpose limitation, accountability, transparency, and interoperability by default. Its governance is multi-party and continuous. Its performance is assessed against outcomes — harms prevented, victims supported, communities served — not merely against the metrics that happen to be available.

The thread that runs through all three papers is a consistent commitment to the proposition that democratic legitimacy and operational effectiveness are not in tension — that the constraints imposed by consent, accountability, and the rule of law are not obstacles to effective policing but conditions of it. Policing institutions that enjoy genuine public trust can do things that institutions operating under suspicion cannot: they can obtain voluntary cooperation, share information across agencies, deploy new capabilities with community support, and maintain the legitimacy that sustains their authority through crises. The investment in democratic governance of digital policing is therefore not a cost to be minimized but a return to be cultivated.

We offer these four papers as contributions to a dialogue that is only beginning. The working group from which they emerge is committed to iterative refinement as evidence accumulates, as technologies evolve, and as the institutions and publics whose engagement we seek respond to the analysis.

The questions we have addressed are among the most consequential of our time for public safety. We hope to have advanced the conversation, and we look forward to the responses that will advance it further.

 

 

About This Initiative

This is the third in a series of four publications emerging from our working group, convened at the Centre for Economic Performance, London School of Economics and Political Science, in February 2026. We bring together senior police leaders, academics, technologists, and other practitioners to develop a comprehensive framework for understanding and guiding the future of policing's contribution to public safety provision in the digital era.

The initiative is deliberately locationally agnostic, emphasising questions of organisational design, digitalisation, and interoperability that transcend particular jurisdictional or ideological contexts. It is positioned as an ongoing working group rather than a discrete conference, with plans to continuously revisit and refine analyses based on feedback and emerging developments. This approach treats each paper as a contribution to ongoing dialogue rather than a definitive pronouncement, reflecting the genuine uncertainty and rapid evolution that characterise the landscape under analysis.

The central research question animating the initiative asks: “What institutional forms, organisational structures, and technological systems are required for legitimate and effective policing in an increasingly digital society?” The three thematic papers in the series address this question from complementary perspectives: this first paper establishes the normative foundations; subsequent papers address organisational design and technological infrastructure respectively. Together, they are intended to inform and shape early discourse between the public and policing institutions toward a renewed consent based and somewhat Peelian style consensus of public trust in policing approaches for the twenty-first century.

The views expressed in this paper are those of the authors and do not necessarily reflect the official positions or policies of the organizations with which they are affiliated. Special thanks to Catherine Ojo and Janey Tietz for invaluable support with this project. The proceedings were transcribed using Notion, the summaries were produced using Notion and Claude, and the presentation drafted using Gamma. All automated summaries were edited and signed off by us humans. All errors are our own.

 

We invite feedback, critique, and engagement with these ideas as part of an ongoing dialogue about the future of democratic policing in an age of digital transformation. Please post your comments on our discussion page.  Or if you would like to submit your comments privately or anonymously please email them to T.Kirchmaier@lse.ac.uk.

Participants

Irakli Beridze, UNICRI, United Nations

Chris Church, INTERPOL

Megan Hoey, Capgemini

Tom Kirchmaier, CEP/LSE

Rachel Lewis, City of London Police

William Lyne, Met Police

João Mota, VOID Software

Mick O'Connell, UNICRI & Critical Insights Consultancy Ltd

Emily Owens, CEP/LSE & UCI

Emma Persson, UNICRI, United Nations, Centre for AI and Robotics

Michalis Pittalis, Cyprus Police

Liam Price, Royal Canadian Mounted Police (RCMP)

Dominic Reese, North Rhine-Westphalia Police, Germany

Inger Marie Sunde, Politihøgskolen / Norwegian Police University College

Chris Sykes, Greater Manchester Police (GMP)

Dick van Veldhuizen, Roseman Labs

Ben Waites, Europol

Liz Ward, Met Police

The views expressed in this paper are those of the authors and do not necessarily reflect the official positions or policies of the organizations with which they are affiliated. Special thanks to Catherine Ojo and Janey Tietz for invaluable support with this project. The proceedings were transcribed using Notion, the summaries were produced using Notion and Claude, and the presentation drafted using Gamma. All automated summaries were edited and signed off by us humans. All errors are our own.

31 March 2026


 

 

Share