Artificial intelligence can substantially enhance law-enforcement capabilities, but its use in security research domains, including Fight Crime Terrorism, Border Management, INFRA, and DRS, raises significant legal, ethical, and operational challenges. Access to operational case data is typically restricted, making it unavailable for continuous ingestion or model training, while the adoption of third-party models, datasets and software artefacts introduces intellectual-property and licensing constraints. At the same time, EU regulations, notably the GDPR, the Law Enforcement Directive (LED), and the EU AI Act, impose procedural and technical safeguards that must be embedded throughout the development lifecycle . To address these challenges, this paper presents a practical, EU-centric lifecycle framework for developing AI systems in security-sensitive contexts . The methodology is structured into five stages: Matchmaking, Definition & Design, Development, Validation, and Monitoring. By mapping legal and ethical obligations to concrete engineering checkpoints, the framework supports data provenance, reproducibility, and software supply-chain assurance through artefacts such as dataset registries, Model Cards, and SBOMs. To address restricted access to operational data, the methodology also defines validation patterns for end-user evaluation, including on-premises bring-solution-to-data assessment. The main contributions of the paper are a tailored lifecycle methodology, a compliance mapping linking EU obligations to lifecycle evidence, and a practical assurance package for traceable and auditable development. The methodology is further illustrated through a worked example derived from the STARLIGHT (https://starlight-h2020.eu/) European project, showing how operational validation can be conducted without exposing raw law-enforcement data.
Aramburu et al. (Thu,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: