AI in mobility: a governance imperative for transit leaders

Read the blog

You are using an obsolete browser (Internet Explorer < 11). For a safe user experience use the latest version.

AI in mobility: a governance imperative for transit leaders

2026年07月03日
Gilad Rosner, Principal consultant
AI in mobility: a governance imperative for transit leaders

    Artificial intelligence is rapidly becoming embedded in mobility and transport systems, from operational optimization and fraud detection to customer interaction and digital ticketing. For transit operators, the question is no longer whether to adopt AI, but how to do so responsibly. At the heart of this challenge lies a fundamental issue: mobility data is uniquely sensitive, and AI significantly amplifies both its value and its associated risks.


    Mobility data: high value, high sensitivity

    Mobility systems have always relied on data, but mobility data is inherently revealing. Even basic journey data can expose:

    • Travel patterns and daily routines

    • Frequent locations such as home and work

    • Behavioral trends over time

    • Sensitive inferences relating to health, beliefs, or personal circumstances


    While the introduction of AI into mobility can improve efficiency and rider experience, it can also create risk, privacy and safety issues, and create deep profiles of riders. Mobility operators are custodians of their rider data, and AI technologies can lead this data to be exposed and commercialized without sufficient oversight.

    AI increases organizational data risk

    AI fundamentally changes how data is used in mobility systems.

    It enables not just processing, but inference, creating new knowledge about individuals that was never explicitly collected. A key question therefore is: how is this inferential data handled? Who can use it? Is it kept safe, and is it shared with AI system vendors?

    AI tools also introduce deeper dependency on third-party infrastructure, models, and services. Once an operator deploys AI from one vendor, it will be difficult if not impossible to switch vendors in the future. As such, the initial procurement process becomes a crucial point where mobility operators must ensure that their data governance and custodian responsibilities are embedded into their vendor relationships.


    Third-party risk becomes central

    AI solutions rely on external providers, embedded services, and complex data flows across organizational boundaries. This can allow data to move beyond the direct control of the operator, even when contractual safeguards are in place.

    Transit operators are custodians of citizen data, with a responsibility to ensure its safe and appropriate use. This requires a disciplined approach that actively enforces governance in practice, relying on technical, architectural, and operational controls.

    • Data minimization by design

    • Strict control over sharing and reuse

    • Clear role-based access internally

    • Continuous oversight of third-party interactions

    • Robust de-identification architectures 

    • Auditability and reporting

    • Continuous reviews as new technologies and functions are introduced



    Governance must catch up with technology

    While AI capabilities are advancing rapidly, governance frameworks are not keeping pace. Transit operators must embed data governance into procurement, delivery, and operations, and not treat it as an afterthought or a blocker.

    This includes validating how systems behave, how data is used, and how risks are managed over time. Operators therefore need staff who can understand the technical, privacy, and security elements of procurement contracts and vendor relationships. 

    If you don’t know what you’re buying and how the vendor will use your riders’ data, you can’t be an effective steward of that data.


    A call to action for mobility operators

    The transition to AI-enabled mobility is already underway. For transit operators, the challenge is not only to adopt AI, but to do so with clear-eyed discipline, grounded expectations, and robust governance. This requires actively interrogating how AI systems will operate inside your agency:

    • How data is collected, processed, and stored.

    • What inferences are generated, and how they could impact individuals.

    • How data is shared across systems, with other public agencies, and with commercial third parties.

    • Whether external providers are truly bound by the operator’s rules and expectations, and if an operator has real visibility into the way third parties handle their rider data.


    In an AI-driven environment, data governance cannot rely solely on contractual assurances. Operators must build strong technical controls and accountability mechanisms, ensure that data flows are transparent and auditable, and that third-party data uses align with their custodial responsibilities.

    At the same time, organizations must avoid being driven purely by the promise of AI, a powerful but fast-moving and often opaque technology, where risks can be difficult to anticipate. A balanced, disciplined approach is essential, one that recognizes both the benefits and the risks from introducing AI tools into the mobility environment, the sensitivity of mobility data, and the special role of mobility operators as stewards of that data.


    Gilad Rosner, Principal Consultant

    Gilad Rosner is Principal Consultant at Consult Hyperion, with over 30 years of experience in the technology sector. Gilad is an expert on the intersection of digital identity, privacy and public policy, and is a Data Protection Officer with CIPP/E certification.

    At Consult Hyperion, Gilad focuses on a broad range of digital identity topics: credentials, digital wallets, trust architectures, biometrics, privacy, legislation, standards, governance, age assurance, and interoperability. Gilad participates in multiple standards efforts, helping Fime to support the emergence of the EU Digital Identity Ecosystem and identity systems around the world.

    Prior to joining the company, Gilad was an independent researcher, consultant and government advisor on digital identity, privacy, and regulation. Gilad is a published academic, conducting research on data protection, de-identification, the Internet of Things, emotional AI, trust in digital identity, connected cars, and children's privacy. Gilad is an advisor to the UK Information Commissioner's Office, has conducted research for the Office of the Privacy Commissioner of Canada, and his work has been used by the UK House of Commons and Welsh Government.


    You might be interested in.

    Explore the latest insights from the world of payments, smart mobility and open banking.
    Share your challenge.

    Our Fime experts are here to help you make innovation possible,
    from defining, designing to delivering and testing your products
    and services.

    Contact us