The answer, right now, is mostly not the police.
Technology governance in law enforcement is now being shaped continuously across legislatures, courts, regulatory bodies, and the private sector. The pace has increased sharply and has crossed a threshold.
Control
The central issue is not whether policing participates in this process. It does. The issue is whether it controls it. Control, in this context, does not mean the ability to buy or deploy a tool. It means the ability to shape the conditions under which that tool may be used, assessed, constrained, and defended. On that measure, policing is no longer the primary actor.
The evidence is recent and concrete. In March 2026, EU institutions moved to delay the AI Act obligations for high-risk systems, including law-enforcement biometrics, from August 2026 to 2 December 2027, although that change is not yet final law. The stated rationale was implementation readiness: standards, guidance, and conformity assessment capacity were not yet sufficiently in place. The meaning is straightforward. A regulatory framework with major consequences for policing is advancing faster than the mechanisms needed to make it workable in practice. The parameters of lawful and acceptable use are being defined largely outside the institutions that will have to apply them operationally.
A similar pattern is visible in the United Kingdom. An increasing number of police forces are deploying live facial recognition in public spaces, and the Metropolitan Police have reported a substantial number of arrests linked to its use since 2024. Yet in December 2025 the Home Office opened a consultation on a dedicated legal framework, acknowledging that the current combination of common law, statutory powers, and guidance does not provide sufficient clarity or confidence for wider deployment. In other words, operational use has expanded before the governing framework has fully settled. The legal and political boundaries are being formalised after the fact.
In the United States, the picture is different in form but similar in effect. Surveillance governance is being assembled state by state and city by city, often in response to individual controversies, litigation, or local political pressure. The result is a landscape of overlapping permissions and prohibitions. For policing, this means the operational scope of technology is shaped less by a coherent professional strategy than by external decisions made in fragmented jurisdictions.
Dispersed, episodic, uncoordinated
This is not because policing is absent. It is because it is not structurally organised at the level required to shape the process effectively. The most consistent and influential actors in these debates are civil society organisations, technology companies, and academic institutions. They help define the language of legitimacy and the standards against which technologies are judged. Policing is present, but its representation is dispersed and rarely coordinated across jurisdictions. The result is not exclusion. It is reduced influence.
The same weakness appears on the operational and market side. Vendors operate across jurisdictions. They accumulate experience, data, reference cases, and product intelligence at system level. Police organisations do not. They remain constrained by local mandates, budgets, procurement cycles, and limited visibility into comparable deployments elsewhere. This creates a structural imbalance. The supply side learns across the whole market, while the demand side learns largely in isolation. That imbalance does not remove public-sector choice, but it does shift practical influence over product direction and technical standards towards actors present across the system. The rapid expansion of some firms in parts of the US automatic license plate recognition market illustrates how quickly such an advantage can harden into a market position.
That is the deeper problem. The technologie and vendors involved are increasingly supralocal. The mechanisms through which policing governs and learns from them remain predominantly local. Change is therefore distributed, but not coordinated. Authority remains local, while the environment in which that authority operates does not.
The consequences are serious. Policing does not set the overall direction of technological change. It adapts to trajectories shaped elsewhere. It adopts tools within constraints it did not design, justifies them through frameworks it did not establish, and carries the operational risk of decisions in which it was not the decisive actor. It retains control over implementation in the narrow sense. It has far less control over direction.
Knowledge that does not move
This is where fragmentation becomes more than an administrative inconvenience. It weakens effective collaboration, slows collective learning, and leaves agencies more exposed to vendor influence and regulatory surprise. It also creates direct inefficiencies. Agencies repeat one another’s mistakes, procure without adequate visibility of comparable experience, and develop local answers to problems that are plainly not local in character. What is often presented as variation or autonomy is, in many cases, simply decision-making under conditions of incomplete information.
The knowledge gap is real, but it is not a gap because knowledge does not exist. It is a gap because knowledge does not move. One country has accumulated years of operational experience with live facial recognition, including litigation, governance adaptation, and deployment learning. Another country has generated large-scale experience in rolling out mobile digital capability across a national police organisation. A third country has developed operational knowledge in drone deployment under a different regulatory model again. In each case, valuable knowledge exists. It is just not circulating in a sufficiently structured way across the profession.
Policing already has well-developed systems for cross-border operational cooperation: joint investigations, intelligence-sharing, and mutual legal assistance. What it lacks, at anything like the same level, is structured exchange on technology governance: what is being deployed, on what legal basis, with what results, at what cost, and what lessons are learned. That absence matters. Without it, a chief in one jurisdiction has little systematic access to what an equivalent agency elsewhere has already discovered, whether through success or failure.
Not variation, isolation
There is, of course, such a thing as legitimate variation. Different jurisdictions will make different choices about facial recognition, data retention, automated analysis, and the role of AI in investigative work. Legal frameworks differ. Political cultures differ. That is normal. But there is a clear difference between deliberate sovereign variation and fragmented ignorance. Sovereignty implies informed choice. Too often, the appearance of variation masks something more basic: isolated decision-making in a market and regulatory environment that is already globally connected.
Technology will continue to reshape policing. Regulatory pressure will continue to grow. The real question is whether policing will engage with that reality as a connected profession capable of building shared knowledge and exerting collective influence, or whether it will continue to navigate the same terrain separately, locally, and reactively.
That is not primarily a technical problem. It is a problem of organisation and professional presence.
That gap will not close itself.