Urban AI deployment accelerates without clear legal control

Cities across the world are accelerating artificial intelligence (AI) adoption to meet climate targets, improve efficiency, and manage growing populations. New academic research published in the journal Sustainability warns that without strong governance, legal clarity, and managerial capacity, the smart city transition risks becoming fragmented, legally exposed, and socially contested.

The study, titled Strategic Management of Urban Services Using Artificial Intelligence in the Development of Sustainable Smart Cities—Managerial and Legal Challenges, examines how AI is being integrated into urban services and why legal and strategic oversight has become as critical as the technology itself.

AI moves from pilot projects to core urban infrastructure

The research finds that artificial intelligence is no longer limited to experimental smart city pilots. Across European cities, AI systems are increasingly embedded in essential services such as traffic signal optimization, energy grid balancing, predictive maintenance of infrastructure, waste collection routing, environmental monitoring, and digital public services.

In urban mobility, AI-driven systems are used to reduce congestion, optimize traffic flows, and support multimodal transport planning. In energy management, algorithms forecast demand, integrate renewable sources, and reduce losses across distribution networks. Public safety applications include predictive analytics for emergency response, infrastructure risk detection, and crowd management during large events.

These deployments are delivering measurable efficiency gains. Cities report reduced operational costs, lower emissions, faster service delivery, and improved coordination across departments. The study notes that AI’s ability to process real-time data allows municipalities to move from reactive service provision to predictive and preventive management.

However, the authors stress that this shift also raises the stakes. When AI systems directly influence critical services, failures are no longer isolated technical issues but public governance risks. Errors in traffic control, energy management, or public administration can disrupt daily life, undermine trust, and expose cities to legal liability.

The research emphasizes that many municipalities lack the institutional maturity required to manage AI at this scale. While technology vendors often drive implementation, cities frequently struggle with fragmented data ownership, unclear accountability, and limited internal expertise. Without coordinated strategy, AI deployments risk becoming disconnected systems that fail to support broader sustainability goals.

Legal frameworks tighten as AI risk rises

The authors examine how the EU AI Act, the General Data Protection Regulation, and the NIS2 cybersecurity directive together form a comprehensive regulatory framework that directly affects smart city operations.

Under the EU AI Act, many urban AI systems are classified as high-risk, particularly those used in transport infrastructure, energy networks, public safety, and administrative decision-making. These systems face strict requirements related to transparency, risk assessment, data governance, human oversight, and documentation. Cities deploying such systems must demonstrate compliance throughout the AI lifecycle, from design to deployment and monitoring.

The GDPR adds another layer of obligation, especially where AI systems process personal or location-based data. The study highlights ongoing challenges around lawful data use, consent, anonymization, and algorithmic decision-making that affects citizens’ rights. Smart city platforms that combine data across services increase the risk of unintended surveillance and data misuse if safeguards are weak.

Cybersecurity regulation further complicates implementation. NIS2 requires operators of essential services, including many municipal systems, to adopt advanced security measures and incident reporting processes. AI-driven infrastructure becomes a potential attack surface, and failures in cybersecurity can have cascading effects across interconnected urban systems.

The authors argue that compliance is not merely a legal formality but a strategic necessity. Cities that treat regulation as an afterthought risk delays, fines, public backlash, and loss of legitimacy. At the same time, they caution that smaller municipalities often lack the financial and administrative capacity to meet complex regulatory requirements without external support.

Sustainability depends on governance, not technology alone

Environmental gains such as lower emissions, optimized energy use, and reduced congestion are important but insufficient on their own. Sustainable smart cities must also deliver social trust, legal certainty, and long-term economic viability.

Social sustainability is seen as a key concern. The authors argue that citizens must be able to understand how AI affects public services, how decisions are made, and how accountability is enforced. Opaque systems erode trust, especially when algorithms influence access to services, mobility patterns, or administrative outcomes.

Economic sustainability is also at risk if cities rely heavily on external technology providers without building internal capacity. Vendor lock-in, fragmented procurement, and short-term pilot funding can undermine long-term resilience. The study stresses the need for strategic management models that integrate AI planning across departments and electoral cycles.

The study identifies managerial competence as a decisive factor. Cities that successfully deploy AI at scale tend to have centralized coordination units, clear data governance frameworks, and cross-disciplinary teams combining legal, technical, and policy expertise. In contrast, decentralized or siloed approaches often result in duplication, compliance gaps, and underperformance.

The authors call for integrated legal-managerial strategies that treat AI as part of public governance rather than a standalone innovation tool. This includes harmonizing procurement, compliance, cybersecurity, and sustainability planning, as well as investing in workforce training and institutional learning.