Last month, we wrote about a third wave of surveillance legislation taking shape across the country — a shift from regulating individual technologies to governing the entire surveillance environment, including retention, storage, vendor architecture, auditability, and analytics. Multiple states were moving in similar directions, and the convergence was real even where the bills were not identical.
April 2026 did not change that direction. It deepened it.
The most important developments over the past month did not come from a single landmark bill. They came from two reinforcing layers at the state level and above: another state moved an Automated License Plate Reader (ALPR) law from proposal to enacted, and federal agencies kept raising the bar for how Artificial Intelligence (AI) is governed inside critical-infrastructure environments. Two of the bills we covered last month also continued to advance, reinforcing the broader pattern.
For organizations evaluating mobile surveillance platforms, the practical implication is consistent with what we have been tracking all year: capability still matters, but governance readiness increasingly determines whether a deployment can move forward, stay deployed, and survive procurement review.
A Second Pacific State Joins the Enacted Column
The headline legislative development in April was Oregon. SB 1516 is now in effect and adds Oregon to the small but growing list of states that have moved ALPR governance from concept to enforceable law.
The structure of the Oregon framework will look familiar to anyone who reviewed Washington’s SB 6002 last month. Data not connected to an active investigation must be deleted within 30 days. Agency and vendor use is bound by formal policy requirements. Data sharing is restricted, and vendors are explicitly prohibited from selling or otherwise misusing captured data. Notably, Oregon residents are given a path to sue vendors for misuse or improper release of ALPR information.
That last element matters beyond Oregon. Once a state attaches a private right of action to surveillance-data handling, the consequences of weak governance stop being limited to procurement risk and start being measurable in legal exposure. Vendor architecture, data-flow documentation, and access controls become contract-defining, not contract-supporting.
Washington’s framework, meanwhile, continues to demonstrate how quickly enacted laws translate into operational change. Coverage from GovTech and earlier reporting on Spokane County and other jurisdictions confirms that some agencies have paused or reassessed deployments while they bring policies and configurations into alignment. Oregon now provides a second working example of how this transition unfolds in practice.
State Proposals Continue to Mature
While Oregon moved into enforcement, two of the bills we covered last month continued to gather attention rather than fade.
Colorado’s SAFE Act (SB26-071) remains pending, and its scope continues to stand out. The bill would tie surveillance use to lawful public-safety purpose, regulate the collection and destruction of surveillance data, mandate transparency to residents, require biannual audits, and apply warrant or exigent-circumstance limits to facial recognition. If enacted, it would extend the third-wave logic — system-level governance rather than tool-specific rules — across multiple surveillance categories at once.
South Carolina’s HB 4675 also continues to advance the data-locality and AI-restriction conversation. As introduced, it would require surveillance data to live on government-owned, in-state infrastructure, restrict certain AI-based vehicle-tracking methods, shorten retention windows, and add warrant and access-control requirements. The bill remains in committee, but its premise — that architecture and feature governance are surveillance-policy questions — keeps surfacing in adjacent discussions across the country.
Neither bill changed agency operations in April. But both reinforce the same direction of travel: lawmakers are increasingly comfortable writing detailed expectations about where data lives, who controls it, and which AI capabilities are appropriate.
May 2026 Legislative Update Briefing
Get the industry's monthly read on surveillance policy
Mobile Pro Systems tracks state and federal surveillance policy every week. The May 2026 Legislative Update Briefing brings April’s most relevant legislative and regulatory developments together in a single sourced PDF.
AI Governance Gains Another Federal Anchor
April also added a new federal data point on the AI side.
The National Institute of Standards and Technology (NIST) released a concept note for a Trustworthy AI profile in critical infrastructure, outlining a more explicit framework for testing, robustness, lifecycle risk management, governance, and operator-oriented guidance for AI systems used in high-stakes environments. It joins existing NSA, CISA, and partner guidance on integrating AI in operational technology (December 2025), which continues to emphasize human oversight, continuous testing, and fail-safe design.
Neither document is law. Together, however, they shape how critical-infrastructure operators — utilities, ports, transit authorities, campuses, industrial sites — will structure their evaluations of AI-enabled surveillance and analytics. The questions are predictable: How is the model validated? What happens when it fails? Who reviews its outputs? How is the vendor accountable for its behavior over time?
For mobile surveillance, the practical message is consistent with what state legislatures have been signaling. AI is welcome where its role is specific, explainable, and bounded. Open-ended tracking, broad biometric identification, and analytics that cannot be clearly described will continue to face friction.
Four Themes Carrying Forward Into Q3
Stepping back from individual bills and federal documents, four themes from prior months carried directly into April — and look likely to carry into the rest of the quarter.
- Retention defaults are getting shorter, and now have private-sector teeth. Oregon’s 30-day default and civil cause of action move retention discipline from policy hygiene to legal exposure. Buyers will continue to ask whether retention can be configured per use case and enforced consistently across deployments.
- Auditability is becoming a procurement baseline. Access logs, internal audits, and reporting requirements are showing up in multiple frameworks. Programs that cannot show who saw what, why data was kept, and how information was shared will face longer reviews.
- Vendor architecture is now part of the policy conversation. South Carolina’s data-locality language, Oregon’s vendor-conduct rules, and the broader pattern of resistance to vendor-controlled clouds all point to the same shift. Where data lives, who controls retention settings, and how access is governed are increasingly treated as governance decisions rather than technology details.
- AI is being narrowed into defensible roles. From Colorado’s warrant requirement for facial recognition to NIST’s critical-infrastructure profile, the bar for AI in surveillance is rising. Targeted alerting, explainable detection, and human-in-the-loop workflows are easier to defend than open-ended analytics.
What This Means for Mobile Surveillance Deployments
Stepping back, the practical takeaway for the past month is straightforward. The standard mobile surveillance platforms are expected to meet is rising. The questions that consistently appear in legislation and federal guidance are converging:
- Can retention be configured to match state rules, and enforced automatically
- Where does the data live, and who controls access to it?
- Are access logs available, and can audits be supported without custom work
- Can AI features be constrained — or disabled — to fit policy?
- Does the platform integrate with existing Video Management Systems (VMS), evidence systems, and Real-Time Crime Centers (RTCCs), or does it create a parallel environment that must be governed separately?
Platforms that depend on closed, vendor-controlled environments are increasingly difficult to align with these expectations. Platforms designed to operate as governance-aware extensions of existing infrastructure are becoming easier to approve, easier to maintain, and easier to defend.
How Mobile Pro Systems Fits Into a Policy-Aware Surveillance Strategy
Mobile Pro Systems platforms are designed to integrate directly with the Real-Time Crime Centers, monitoring operations, evidence systems, and Video Management Systems organizations already use — turning outdoor, mobile, and remote locations into a seamless extension of the existing environment. Instead of creating a parallel ecosystem, deployments become part of the customer’s system of record, where retention, access, and audit controls are already in place.
That alignment is what allows operations and governance to move together. Retention windows can be matched to state rules. Access logs and audit trails live where customers already manage them. AI capabilities can be deployed selectively — or restricted entirely — based on policy boundaries. And reliability, uptime, and responsive support remain the underlying foundation that makes governance commitments credible over the long term.
Together, the Sentry Series platforms and the Falcon and Commander mobile trailer platforms form one continuous, policy-aware security infrastructure: permanent outdoor coverage where fixed infrastructure is impractical, mobile flexibility for fast-changing operations and events, and autonomous protection for remote or hard-to-service locations — all built to operate inside the surveillance governance frameworks that took another step forward in April.
In future installments of this monthly update, Mobile Pro Systems will continue to track new state legislation, federal guidance, and practical examples from the field. The aim is not to provide legal advice, but to give public-safety, infrastructure, and security leaders a reliable, operations-focused view of how the rules around surveillance, AI, and data governance are evolving — and how mobile surveillance platforms can be deployed to keep pace.
Talk to our Team
Mobile Pro Systems platforms are designed to extend the Video Management Systems, Real-Time Crime Centers, and evidence environments you already operate — not replace them. If you would like to walk through how a deployment would integrate with your current architecture, we can scope that conversation around the systems and policies you already have in place.
