With the rapid deployment of advanced technologies and the growing role of tech companies, our very definitions of security, security providers and security services are changing. It is time to revisit, interpret and perhaps adapt the existing instruments of regulation and governance of private security. Such a process is critical to prevent risks of abuses and allow companies to make the best of the digital transformation. As the leading organisation in the operationalisation of human rights in private security operations, ICoCA has a key role to play in this process.
I. Introduction
The rapid expansion and transformation of private security in recent years goes hand in hand with the deployment of advanced technologies. Traditional private security companies (PSCs) are increasingly using advanced surveillance technology, including sensors, facial recognition, behavioural biometrics and other intelligence gathering platforms such as drones, to inform their guarding of physical assets. Technology can be integrated into security systems in several ways: AI is increasingly used with CCTV systems to identify, track, and/or arrest suspects; drones are used to intercept migrants on their journey; open-source information is now being collected at a much larger scale, with automated Open-Source Intelligence (OSINT) to carry out predictive security operations etc. Tech companies are now more and more present in the private security market and offering security services such as cybersecurity, surveillance or intelligence, spyware, propaganda and the spread of harmful information. Technology further accelerates public and private security integration and the increasing dependency of States on private security systems.
Effectively integrating the use of tech into the private security industry may contribute to boosting the sector’s efficiency and improving the working conditions of guards: shifting their tasks from patrolling in the open to monitoring surveillance systems and increasing diversity in the security workforce in terms of gender or age. Moreover, the use of technology may incentivize companies’ compliance and accountability, contributing to the prevention of violence and /or abuses (by mandating the use of body cameras for security officers for instance).
However, whilst the integration of new tech may improve security services, it gives rise to risks in terms of respect for human rights (such as breaches of the right to privacy, freedom of association & other labour rights, freedom of expression etc.) and IHL in situation of conflicts (such as violations of the principles of distinction, proportionality or precaution). The growing integration of public and private surveillance creates a web of control which affect civil liberties. Private surveillance is becoming a major concern for Human Rights, Sovereignty and Democracy
The expansion and transformation of private security is fast, universal and irreversible. While the sector rapidly deploys technologies driven by a booming market for security, regulation and governance instruments1 developed in the 2000’s are lagging. The private security sector, but also regulators, clients of private security and civil society need guidance and standards on how to use technology in a responsible way. PSCs find themselves at the forefront of the security sector’s transition towards the uncharted waters of the digital era, with all the risks and regulatory gaps such a transition unavoidably entails.
II. Risks for Human Rights, some key areas of concerns:
Surveillance and Human Rights concerns
Surveillance undermines privacy, as guaranteed under Article 17 of the International Covenant on Civil and Political Rights (ICCPR), and fosters self-censorship, restricting political expression and participation. The misuse of biometric data, location tracking and large-scale analytics compound these threats, enabling discrimination, profiling and data breaches. International frameworks like the UN Guiding Principles on Business and Human Rights, along with the Code, emphasize the obligation to uphold privacy and freedom of expression. However, unchecked surveillance jeopardizes these rights and threatens democratic governance.
Surveillance by private security actors may also impact the rights of people in vulnerable situations such as detainees or migrants: in recent years, States have increasingly contracted private security providers in the provision of security services in relation with migration. In contexts such as conflict zones, border management or law enforcement, these technologies have been used to track individuals, collect sensitive data and support operations that mirror state-level intelligence activities. They are also widely used for policing, or to repress protests against extractive sites by local communities. Such practices risk infringing on civil and political rights or exacerbating existing inequalities. In the worst case scenarios surveillance may contribute to political repression, arrest and arbitrary detention of political opponents and unfair trials, leading to cascading abuses of human rights.
Protection of sensitive data collected by security providers
The most common tech-enabled security services (such as video surveillance and monitoring, security industry control systems, supervisory control and data acquisition, intelligence services, drones, location tracking, etc.) are all services that require handling large quantities of data and sensitive information, from collecting and processing them, to storing and/or sharing them. These are all operations that raise serious concerns not only when it comes to compliance with fundamental human rights, but also when it comes to increased risks of stealing of sensitive data. Private security companies are becoming prime targets for cybercriminals. When this happens, consequences for PSCs can be severe: beyond being liable for the unauthorized release of confidential information, companies may incur financial losses, operational disruptions and erosion of client trust.
Algorithmic bias and the right to non-discrimination
Surveillance technologies risk perpetuating discrimination against marginalized groups, including within private security personnel. AI algorithms trained on biased data can disproportionately target racial or ethnic groups, exacerbating systemic inequalities. This concern is amplified when security providers perform law enforcement duties, as biased AI may lead to unfair treatment, racial profiling and infringements on privacy and due process rights. In particular algorithms used for predictive policing face transparency and accountability challenges, raising concerns about racial profiling and bias.
Data protection, and the right to be forgotten
As PSCs increasingly adopt technology, they manage sensitive information obtained through surveillance and from internal records, including data on staff, operations and clients. The ethical management of this data – its storage, use and deletion – remains a critical human rights concern requiring strict regulation and oversight. The “right to be forgotten,” as enshrined in the EU’s GDPR, is essential to protecting human rights, including freedom of expression.
Labour rights of security personnel
The adoption of new technologies by PSCs is transforming recruitment, working conditions, skill requirements and training for security staff. PSCs may be tempted to use surveillance technology on their own staff to save costs of supervision & monitoring for instance. However, this carries significant risks on the right to privacy of the security staff, similar to the ones that public surveillance entail, as well as risks for labour rights such as freedom of association.
Data collected on employees must be protected from cyber threats, and the use of advanced technology may lead to workforce displacement in an already precarious industry.
If surveillance systems contribute to enhancing security personnel’s safety, they also inevitably facilitate the objectification of surveillance targets, with physical distance creating an attrition of respect for moral rules and regulations among the security officers. Moreover, ICoCA has also observed a global concern with the automation of labour across the sector. As our discussions with private security trade unions show, security workers are concerned that technological developments will make their jobs redundant, allowing employers in various industries to save money on labour costs.
III. ICoCA and advanced technologies.
The International Code of Conduct Association is the leading international organisation committed to improving human rights practices in the private security industry. ICoCA’s mission is to promote responsible, transparent and accountable private security practices worldwide that respect human rights, international humanitarian law and the rule of law, safeguarding communities through robust oversight, collaboration and capacity building.
The Association serves as the governance and oversight body for the International Code of Conduct for Private Security Service Providers (the “Code”), which articulates the responsibilities of private security companies to raise private security standards, particularly in complex environments. ICoCA’s work is grounded in international frameworks, including the UN Guiding Principles on Business and Human Rights, International Humanitarian Law and the Montreux Document.
In 2024, 100% of ICoCA member and affiliate companies, advertised providing at least one ICT-based service. It was only 68.5% just two years before. Nearly 70% of ICoCA member companies advertise surveillance and remote monitoring services; at least 25 ICoCA member companies now provide specific cybersecurity services, up from 10 in 2022.
Whilst consultations with ICoCA members indicate that PSCs will inevitably keep incorporating more autonomous solutions, predictive analytics, and sophisticated cybersecurity tools to their security operations, ICoCA field observations highlight that the sector is largely unaware of the human rights and IHL risks posed by using such technologies.
The application of the Code to advanced technologies
The International Code of Conduct for Security Providers (2010) is designed to regulate security services (such as arrest, detention, crowd management or maritime escorts etc.) and protect the rights of individuals affected by such services.
The Code also provides a framework for oversight and accountability. Through its own implementation mechanism, the Code allows ICoCA to conduct due diligence on its Members & Affiliates by certifying their operations, handling complaints and providing for security personnel’s complex training needs.
The Code can apply to the use of technologies. The operations of PSCs, such as surveillance or intelligence, are covered broadly in both the spirit and commitments of the Code, notwithstanding the means and methods they use to provide these services. However, the Code has not yet been interpreted with tech in mind.
The Code does list a series of services that fall under its scope. Amongst them, the category that is most relevant to the use of technologies in private security is surveillance services, understood to be an instance of “operational and logistical support for armed or security forces”. However, the Codes also states that the list of security services it applies to “includes but is not limited” to the ones it mentions.
Even though the Code does not specifically mention all the methods, weapons, or technologies that PSCs may use in the provision of security services, 1) technology’s impact on security and its relation to human rights and IHL provisions has been so deep and pervasive that the extent to which technology is shaping the type of security services provided can no longer be ignored and 2) the application of human rights and IHL to the use of technologies is complex and requires new specific instructions as well as specific indicators to support PSCs in ensuring and assessing their compliance.
The Code “articulates principles applicable to the actions and operations of Member and Affiliate Companies while performing Security Services – including when operating in complex and otherwise high risk, unstable or fragile environments – where there is a risk of human rights abuses and/or violations of international humanitarian law and/or civilian harm.” (article 13)
As they are often characterized by a lack of regulation and/or limited oversight over the use of technologies in the provision of security services, all environments, especially complex ones2, are in dire need of definitions, common standards and evidence-based recommendations, as human rights provisions will never be effectively operationalized without clear guidance on the specific type of Heightened Human Rights Due Diligence companies should perform in the field of technological security services.
ICoCA and the expansion of the security market
While they may not consider themselves to be PSCs, an increasing number of technology companies are delivering private security services.
Pursuant to Article 1 of the Code, the Code applies to both “Private Security Companies and other Private Security Service Providers”. Section B of the Code defines Private Security Companies and Private Security Service Providers (collectively “PSCs”) as “any Company (as defined in this Code) whose business activities include the provision of Security Services either on its own behalf or on behalf of another, irrespective of how such Company describes itself.”
Thus, tech companies providing security services such as intelligence, cybersecurity or surveillance do fall under the Code’s definition of PSCs. However, for the time being, ICoCA does not reach out to tech companies and has not yet developed its capacity to engage with the tech sector.
In 2024 ICoCA teamed up with ICT4Peace to support the creation of the first Toolkit for the Responsible Use of ICTs in the Private Security Sector. The project was sponsored by the Swiss Department of Foreign Affairs. From the absence of universally accepted standards for accountability and transparency, to the potential impact of automation on job security, the power imbalances preventing affected individuals or communities from accessing remedy and the need to implement clear data minimisation and retention strategies, the Toolkit identifies the main challenges brought by the development of new technologies in the private security sector and offers practical recommendations for companies to manage the risks they pose.
The way forward
The Toolkit is only a first step. In its recently published Strategic Plan for 2024-2030, ICoCA adopted a new strategic goal : Establish standards for respecting human rights and using new technologies by private security providers, integrating these into the International Code of Conduct. It includes objectives for ICoCA such as developing research and monitoring; promoting instruments like the Toolkit to support security providers’ compliance and developing the regulatory and governance frameworks that promote human rights and ethical business conduct in the digital age.
To register for the webinar, please click on the following link: Webinar Registration – Zoom.
