Legal implications for AI us in event security and management at Glasgow Commonwealth Games 2026

Caroline Loudon and Nicola Leuchars explores how AI is shaping security at major sporting events and highlights some of the key legal issues to consider when implementing this technology.

This summer, the 2026 Commonwealth Games will see Glasgow host thousands of athletes from across the Commonwealth, alongside hundreds of thousands of spectators, during an 11-day festival of sport. But behind the scenes lies a formidable logistical and security challenge, spanning multiple sites across a major city and requiring sophisticated planning and considerable resources.

Major sporting event organisers and law enforcement agencies are increasingly turning to artificial intelligence (AI) to meet challenges such as crowd control, as well as detecting and preventing terrorism, criminal activity and public disorder – but the deployment of AI in public security settings also raises legal and ethical questions.

Use of AI-based security tools at events

There is already a range of AI tools designed to help stadiums and large sporting events run more smoothly. These include:

Smart cameras

AI-powered surveillance systems, also known as ‘smart cameras’, use real-time video analytics to detect suspicious behaviour before it escalates. For example, AI can analyse crowd patterns and identify unusual activity in real time, such as an escalating argument or sudden congestion that could indicate a brewing fight. The system can then alert security personnel, allowing them to intervene proactively; this reduces the risk of violence and helps to maintain smooth crowd flow.

During the Qatar FIFA World Cup in 2022, AI algorithms were used to process data from cameras inside and outside ‘connected’ stadiums to monitor crowd movements and forecast issues in real time. Melbourne’s MCG Stadium, meanwhile, has implemented AI to detect weapons and identify where the object is on a person, using sensors combined with AI to screen fans at entry gates; the technology is also able to differentiate between weapons and the common metals people carry.

Machine learning algorithms (MLAs)

MLAs can analyse vast amounts of data to detect and identify unusual activity that might indicate a cyberattack, allowing swift action to safeguard sensitive information. For instance, if AI detects an unauthorised attempt to access the ticketing database, it can immediately trigger security protocols to block the intrusion and notify IT teams.

At the 2024 Olympic and Paralympic Games, the use of AI capabilities extended to monitoring digital signals for signs of cyberattacks. The AI tools provided early warnings, enabling pre-emptive action to safeguard critical infrastructure and sensitive information, as well as ensuring the privacy and safety of all participants.

Live facial recognition (LFR)

LFR technology can help identify known troublemakers who have been banned from the stadium, preventing repeat incidents. This technology is common in football stadiums around the world, with examples found in Denmark’s Brøndby Stadium and Spain’s El Sadar Stadium. These stadiums use facial recognition to provide ticket holders with touchless access to stadium facilities and to prevent banned or unauthorised persons gaining entry. LFR is increasingly being used by local police forces at Premier League football matches in the UK, often via specialised vans outside the stadiums.

AI-integrated drone surveillance

AI-integrated drones have been used to manage crown density and to prevent crushes, such as the use of drones and AI by Greater Manchester Police (GMP) at a Manchester United vs Arsenal football match at Old Trafford in March 2025. Live drone footage of the stadium and surrounding areas was securely streamed via encrypted VPN to servers, where the data was processed in real time by N-AI’s platform, returning analytics to GMP to allow it to make faster, data-driven decisions. GMP was able to more easily identify crowd surges, potential bottlenecks and artificial obstructions, including parked vehicles and police vans, allowing for more informed and faster decision-making.

Key considerations for implementing AI

The use of AI in security and surveillance technologies is rapidly expanding, both in the public and private sector. When deciding whether to implement this technology, key issues to consider include:

• Regulatory compliance: AI systems pose a number of legal challenges that must be addressed before deployment. For example, AI systems may collect and analyse vast amounts of personal data, triggering the application of the UK GDPR, and so ensuring the privacy and security of this information is paramount. Depending on the technology used, some key GDPR requirements may include:
  • considering whether less intrusive means can be used, and whether the use of AI systems to collect personal data is necessary and proportionate, as well as completing data protection impact assessments (DPIAs);
  • documenting a lawful basis for processing an individual’s data under Article 6 of the UK GDPR. If processing special category data (such as biometric data in facial recognition systems), an Article 9 UK GDPR condition for processing must be identified, meeting further requirements if processing criminal conviction data under Article 10 of the UK GDPR and Section 10(5) and Schedule 1 of the Data Protection Act 2018;
  • ensuring compliance with the seven key data protection principles in Article 5 of the UK GDPR, including limiting the personal data processed to only to what is necessary. In the above example, GMP’s use of drones in the Manchester United vs Arsenal football match allowed it to access real-time crowd density analytics through a non-invasive system that used a ‘dots on a map’ visualisation method, akin to a heatmap, therefore minimising the amount and type of data being processed;
  • providing information to individuals about any surveillance taking place (Article 13 UK GDPR) – through the use of signage, for example.
• Ethical considerations: The use of AI raises important ethical questions, particularly around surveillance and data use. Those purchasing AI systems should consider the ethical implications of AI deployment and strive to balance security needs with privacy rights, including under the Human Rights Act 1998 and UK GDPR.
• Equality Act 2010: Discrimination and bias in the use of any AI system should also be a key consideration. In the UK Court of Appeal case R (Bridges) v Chief Constable of South Wales Police, it was held that the police did not take reasonable steps to investigate whether the technology had a racial or gender bias in part because the police were not aware of the dataset on which the technology was trained. Businesses using automatic facial recognition in particular should maintain stringent compliance with privacy, human rights and equality laws. 

The risks in utilising such technology can be mitigated through robust AI governance including:

• partnering with reputable vendors with a proven track record and a clear commitment to data security and ethical practices;
• asking probing questions of those vendors to ensure the solution has been developed responsibly, and building in appropriate contractual protections;
• balancing AI solutions with human oversight;
• continuous monitoring and improvement of AI systems.

As GMP’s use of AI-integrated drones demonstrates, harnessing the benefits of AI can be done in a responsible, legally compliant way that also considers the rights of the individual, demonstrating that public safety and privacy can be achieved simultaneously.

Written by Caroline Loudon and Nicola Leuchars from in TLT LLP.