Abstract
Smart city deployments increasingly bundle AI-driven sensing, analytics, and actuation into infrastructure contracts that were originally scoped for narrow operational purposes - traffic optimization, energy management, waste routing. The consistent pattern across deployments in Singapore, Barcelona, Toronto’s Quayside successor projects, and dozens of mid-tier US municipalities is that data collected for one function is subsequently repurposed for adjacent surveillance functions without renewed public consent or revised legal authorization. This expansion follows a well-documented pattern called function creep, and AI capabilities are accelerating its speed and reducing its visibility.
The Technical Substrate of Creep
Modern smart city sensor networks are not single-purpose hardware. A roadside unit deployed for adaptive traffic signal control typically carries a LiDAR unit, one or more optical cameras, and an edge compute module running models for vehicle detection and classification. The same sensor package can, with a software update, run pedestrian tracking, license plate recognition, or behavioral anomaly detection. The shift from one function to another requires no new physical infrastructure, only a policy decision and a model deployment, both of which can occur without public disclosure under most current municipal procurement rules.
Palantir’s AIP platform, Cisco’s Kinetic for Cities, and Huawei’s Intelligent Operations Center, all actively deployed in municipal contracts as of late 2025, are designed explicitly as unified data fabrics that can absorb streams from distributed sensing infrastructure and apply varied analytical workloads to them. A city that signs a contract for traffic analytics is purchasing infrastructure that is trivially extensible to population movement monitoring. The contractual scope does not bind the technical capability.
Consent Architectures That Have Failed
Two frequently cited examples illustrate how consent mechanisms intended to constrain creep have proven inadequate. In Toronto’s post-Sidewalk-Labs smart district replacement project, resident advisory panels were granted input on initial sensor deployment scopes. When the operating consortium expanded camera coverage eighteen months into operation under an emergency winter safety rationale, the advisory structure had no veto authority and no data access to verify the claimed scope of expanded use.
In Singapore’s Smart Nation program, published data governance policies specify purpose limitation for collected data, but auditing is handled by the same ministry that operates the infrastructure. Independent civil society groups, including the Digital Rights in Singapore initiative, have documented requests for clarification on secondary data use that received no substantive response under the existing government transparency framework.
Toward Binding Use-Limitation Infrastructure
Purpose limitation for smart city AI is currently a policy aspiration without technical enforcement. Three elements are necessary to make it real. First, data escrow requirements should mandate that raw sensor data be stored in infrastructure controlled by an independent trustee, accessible to operators only via audited query interfaces that log purpose. Second, automated use auditing should be built into procurement specifications, requiring that every model inference be tagged with its authorized use category and logged immutably. Third, municipal governments should face mandatory re-authorization obligations whenever a new analytical workload is added to existing sensing infrastructure, with public notice and a defined comment period.
The ACLU’s model municipal surveillance ordinance, now adopted in partial form by Oakland, Santa Cruz, and Nashville, provides a template at the decision layer. The missing piece is the technical infrastructure to make that decision layer enforceable rather than decorative.