Abstract
The development of sustainable smart cities is closely linked to the implementation of artificial intelligence in urban services, which opens up new possibilities for efficient resource management, improving the quality of life and strengthening the participation of citizens. At the same time, the question arises as to how legal and strategic frameworks can support the use of artificial intelligence in a way that contributes to environmental, social and economic sustainability in line with the objectives of the European Union. The aim of this scientific study is to examine the interdisciplinary use of artificial intelligence, data management and sustainability at the European Union level, including support instruments such as regulatory initiatives and funding programs, and to assess their implementation in relation to smart cities. Methodologically, the research is based on a legal analysis of key European and national documents, supplemented by descriptive statistics and visualizations of indicators of digitalization and urban sustainability. In the scientific study, we use the methods of synthesis, comparison and abstraction. The results suggest that the legislative and support framework of the European Union can be a significant impetus for the transformation of individual smart cities, but requires effective coordination and strategic management at the level of local governments. The research highlights the need for an integrated legal-managerial approach that will enable the full use of the potential of artificial intelligence in supporting sustainable urban development of cities.
1. Introduction
As Dušek states, urbanization and technological transformation of cities create new opportunities for effective management of public services, improving the quality of life and overall sustainability of smart cities [1]. Smart cities represent a city concept that uses digital technologies, data solutions and innovations to strengthen the environmental, social and economic strength of cities. Smart cities are characterized by the ability to effectively handle information, support citizen participation and optimize urban processes, with a direct benefit being a significant reduction in the negative impacts of urbanization. Based on internationally recognized smart cities indices, it can be stated that the main elements of smart cities, which are also evaluated in individual international statistics, are smart governance, smart mobility, smart environment, smart living and smart economy [2].
Smart governance as one of these components, according to Kogabayev and Banerjee, represents a modern way of managing a city, which is based on the digitalization of public administration, open data and the involvement of the population in decision-making processes. Cities that want to fulfill the definition of smart governance should use electronic services, platforms that involve the population in decision-making, data analytics, as well as artificial intelligence to support decision-making processes and strategic planning. Smart governance also emphasizes the protection of personal data, cybersecurity and the ethical use of technology, thereby significantly strengthening citizens’ trust in public institutions [3].
As Funta states, smart mobility includes the implementation of digital, sustainable and interconnected transport solutions that optimize the movement of people and vehicles in the city. This concept is based on reducing traffic congestion in cities, reducing emissions and increasing safety, especially in transport, but increasing transport safety also increases the overall safety of the city [4]. Bernad argues that the basis of this concept is intelligent traffic management systems, functional public transport, multimodal transport platforms and the support of ecological forms of transport, such as bicycles, shared vehicles or electric cars. Smart mobility thus creates an efficiently connected transport system that responds to the current needs of residents and contributes to environmental sustainability [5].
A smart environment, according to Bolin, represents the use of sensors, data and digital tools to protect the environment in cities. It includes air quality monitoring, energy management of buildings, smart waste management and the use of renewable energy sources [6]. It also includes subsidies intended to support green and blue infrastructure that improves biodiversity in cities, rainwater management and significantly increases the aesthetic value of public spaces [7].
Smart living focuses on improving the quality of life of residents through technology, innovation and intelligent solutions. Smart living includes modern health services (e.g., telemedicine), digital education, but also the support of smart housing, which is also based on data analytics and a number of sensors that increase the quality of life [8]. In practice, smart living is manifested in the city trying to improve public spaces but also effectively addresses the needs of various population groups, including seniors or people with disabilities. Smart living therefore contributes to the creation of a healthy, safe and harmonious urban environment.
In particular, in the economic literature, there is an opinion that the smart economy represents the transformation of the urban economy from the so-called “paper” functioning towards digitalization, innovation and a modern economy based on data [9]. It focuses mainly on supporting startups, innovation centres, research and development, digitalization of business and the creation of qualified jobs. For this reason, according to Kollár and Matúšová, data-driven processes, automation, artificial intelligence and the development of a shared or circular economy play an important role [10].
It is also important to note that artificial intelligence (hereinafter referred to as “AI”) is playing an increasingly important role in smart cities in the areas of decision-making support, infrastructure management, transport management, energy and security. AI is expected to contribute to the efficiency of public services and resource management, which can significantly support the sustainability goals in accordance with the 2030 Agenda, in particular goal number 11—“Sustainable cities and communities” [11]. At the same time, however, according to some authors, new risks and questions arise regarding, for example, legal liability, transparency of algorithms, privacy protection or equality of access to digital services [12]. In 2025, artificial intelligence is not at a level that it can manage entire cities without human intervention. However, artificial intelligence is advanced enough that it can analyze huge amounts of data and provide outputs from it. At the same time, it is important to note that artificial intelligence is available to the general public in a free version. However, it is still not a flawless system, and several of the above-mentioned issues and risks need to be resolved [13,14].
In parallel with addressing the issue of the use of artificial intelligence, the European Union is strengthening legislative and financial instruments for sustainability. The European Green Deal (hereinafter referred to as the “Green Deal”) represents a fundamental political strategy aimed at ensuring climate neutrality by 2050 [15]. However, it should be emphasized that this initiative does not have widespread support throughout the European Union. The main problem is the fact that environmental protection is very expensive and these funds have to be paid for by taxpayers of the European Union Member States. Support for smart and climate-neutral cities is implemented, for example, through the Mission on Climate-Neutral and Smart Cities initiative and financial mechanisms such as the Cohesion Funds, Horizon Europe and the Modernisation Fund. Cities play a crucial role in this, as they are responsible for approximately 75% of energy consumption and 70% of global CO2 emissions [16].
The development of smart cities is therefore not only a technological challenge, but also an important tool for achieving the goals of the European climate agreement [17]. The key question, in our opinion, remains to what extent cities are prepared to implement AI innovations in accordance with legal, ethical and environmental requirements.
The development of smart cities represents a key trend of the current era, responding to the growing pressure on the efficiency of urban services, citizen participation and environmental sustainability. Smart cities are defined in the literature as cities that use modern digital technologies and smart data to improve governance, quality of life and resilience to social and environmental challenges [18]. The smart city model has evolved over the last two decades from an infrastructure-oriented concept, based mainly on information and communication technologies, towards an integrated approach that includes social, environmental and managerial dimensions.
Modern research identifies five basic dimensions of smart cities: smart governance, smart mobility, smart environment, smart living and smart economy [19]. These dimensions allow for comparisons of cities based on indicators, the most famous of which are the IESE Cities in Motion Index, which evaluates cities according to nine categories of urban development, or the IMD Smart City Index focused on digital services and technological readiness of cities [20].
Professional literature from the European Commission environment also points out the strengths and weaknesses of the smart cities concept. On the one hand, the benefits in the form of more efficient use of public resources, increased quality of life and expanded opportunities for citizen participation are highlighted. On the other hand, several authors point out the risk of technocratic governance and digital inequality [21,22]. According to them, this can lead to the disadvantage of socially vulnerable groups, excessive monitoring of residents through data and camera systems, as well as risks associated with data leakage. Overall, the authors emphasize the need for a “human-centric model” of smart cities that explicitly respects human rights and ethical standards [23].
Artificial intelligence is becoming an important part of smart solutions within smart cities. AI makes it possible to analyze large volumes of data and, based on the analysis of this data, recommend to the user how to make a decision. In smart cities, AI can be used primarily in the operation of services such as transport, waste management, energy, public safety and digital services [24]. Many scientific works highlight the environmental benefits of AI, for example in the form of optimizing energy consumption or predicting traffic flows, which can directly contribute to reducing CO2 emissions in cities [25].
It is undeniable that AI brings several economic and ecological benefits, both for smart cities and for the inhabitants themselves. However, it is important to remember that AI is still just software, which also brings with it important legal and ethical issues. The most prominent challenges include privacy protection, data security, algorithmic transparency and accountability for decision-making, especially when decision-making processes are automated. Predictive algorithms in the field of public safety, for example, have been criticized for the risk of discrimination based on socio-demographic characteristics. In view of several risks, the approach of “Responsible AI” comes to the fore, based on the principles of legality, ethics and trustworthiness [26].
The European Union is a global leader in this area, having been the first to adopt a comprehensive AI law—the Artificial Intelligence Act (2024), which regulates the use of artificial intelligence on a risk-based basis and establishes specific obligations for high-risk systems, including AI systems used in urban services and critical infrastructure. The regulation in question is complemented by other important legal instruments, such as the GDPR Regulation on the protection of personal data and the NIS2 Directive on the cybersecurity of critical infrastructures. Hamza and Ilyas argue that smart city management is a complex process that requires coordination between the public and private sectors. The authors emphasize that city mayors need to align technological modernization with the demands of residents, while still keeping in mind legal limits [27]. If digital solutions are implemented without a systemic strategy, they remain isolated projects without long-term added value. In their opinion, data interoperability, transparency of decision-making processes, citizen involvement and the necessity of financing are therefore essential factors for the successful digital transformation of cities.
Based on the analysis of the literature, we concluded that there is still room for further research and analysis of the issue of building smart cities, AI and sustainability issues. In particular, scientific opinions linking the legal regulation of artificial intelligence with the practical needs of cities, while also taking into account the ever-growing importance of sustainability, are lacking in professional circles. We find even fewer relevant articles and literature in relation to the Central and Eastern European region. Here, it is particularly noticeable that the development of urban digitalization is uneven and often encounters limited financial and professional capacities. At the same time, empirical analyses of the impacts of artificial intelligence on social and environmental sustainability are absent.
From the above, it follows that it is necessary and, in particular, scientifically justified to conduct a comprehensive analysis of the current regulation of artificial intelligence, its implementation and real contribution to the sustainability of smart cities. For this reason, our scientific study aims to at least partially fill this gap which consists of the mutual synergy of the individual components forming this area, i.e., on the mutual relationships of legislation, technologies and smart city management.
The main objective of our scientific study is to examine the regulation of the use of artificial intelligence, data management and sustainability at the European Union level, including support instruments such as regulatory initiatives and funding programs, as well as to assess their implementation in relation to the development of smart cities. We set this main objective in the expectation that our results will demonstrate the growing importance of European legislation as an impetus for the development of smart city innovation. In this context, however, it is necessary to state that the successful implementation of legislation is conditional on effective coordination, managerial preparedness and strengthening the protection of the fundamental rights of urban residents.
Our scientific study has the potential to clarify for both the professional and lay public how the legal, political and strategic frameworks of the European Union shape the possibilities of cities in implementing artificial intelligence, and how these frameworks influence their transformation towards sustainable urban development.
In order to achieve the main goal, we pay attention to the ways in which the regulatory and political environment of the European Union supports the implementation of artificial intelligence in urban services and what impact it has on the possibilities of developing smart, climate-neutral and sustainable cities.
From a systematic point of view, our scientific study is divided into four logically connected sections. In this introductory Section 1 we briefly place our scientific study in a broad context and emphasize its importance. We define the purpose of our scientific work and its significance, including the specific goals set. We carefully examine the current state of the research field and cite key publications. If necessary, we highlight controversial and different hypotheses. In our opinion, the introduction is understandable even for scientists working outside the topic of our scientific study. Section 2, entitled Materials and Methods, is devoted to the issue of the material used and the methods. In our opinion, we describe the materials and methods used sufficiently and in detail to enable others to replicate and build on the published results. Section 3—Results describes in detail and precisely the experimental results, their interpretation, as well as the conclusions that can be drawn from them. Section 4 combines the Discussion with the Conclusion. It contains a fairly broad discussion of the results as well as how they can be interpreted in the perspective of previous studies and the stated goal. We discuss the findings and their implications in the broadest possible context and in the full conclusion of this combined chapter we emphasize the limitations of the work as well as future research directions.
2. Materials and Methods
In examining the connection between artificial intelligence, smart cities and sustainability itself, we have chosen a methodological approach capable of linking technological, legal, social and environmental aspects. Cities in the Member States of the European Union are currently confronted with rapid digitalization, the growing need to work with large amounts of high-quality data, regulations governing the use of artificial intelligence, meeting climate standards, as well as requirements for greater transparency of public administration. The above creates a complex legal environment in which the implementation of intelligent solutions is a condition for the long-term sustainability and efficiency of public services. Our scientific study therefore aims to clarify for readers how the legal, political and strategic frameworks of the European Union shape the possibilities of cities in implementing artificial intelligence, and how these frameworks influence their transformation towards sustainable urban development.
As we have already stated, our intention is to examine how the regulatory and political environment of the European Union supports the implementation of artificial intelligence in urban services and what impact it has on the possibilities of developing smart, climate-neutral and sustainable cities in the European Union and in the Slovak Republic. The intention set in this way allows us to identify not only the legal and political frameworks, but also their real impacts on cities in the transition to providing smarter and more sustainable services. In order to achieve the above-mentioned aim of this scientific study, it was necessary to use several scientific research methods. The most frequently used method is systematic legal analysis. In practice, this method is applied in such a way that the authors analyze what is precisely stated in the legal regulations, the way they are interpreted, what is the aim and purpose of a specific legal norm and what these legal regulations bring into practice. In our scientific study, we mainly work with key European legal regulations such as the following:
- Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonized rules in the field of artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act): the world’s first comprehensive legal framework for the regulation of artificial intelligence [28].
- Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act) (DGA): rules on data sharing, data altruism and regulation of data intermediaries [29].
- Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonized rules on fair access to and use of data, amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act) Data Act: obligations on access to and sharing of data [30].
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) GDPR: protection of personal data in the use of AI [31].
- Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 concerning measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972 and repealing Directive (EU) 2016/1148 (NIS Directive 2): cybersecurity for critical infrastructure and services [32].
- Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and reuse of public sector information (revised version): obligation to publish public sector data [33].
In such a demanding analysis, we place particular emphasis on the obligations of cities and local governments arising from the above-mentioned regulations, the impact of regulations on digitalization processes in smart cities, requirements for transparency, documentation, audit and data access, as well as limits and risks when introducing AI in the urban environment.
Similar to the legal analysis, we also apply an analysis of strategic documents, which we examine using qualitative content analysis. The assessment focuses on how cities define their priorities, to what extent their strategies reflect European policies, to what extent the strategies include elements of artificial intelligence and the data economy, and how they integrate sustainability aspects into them.
In our research, we try to connect the legal order, sustainability, the concept of smart cities, as well as artificial intelligence, which requires a combination of methods and their mutual application. We have chosen a triangulation methodological approach, within which we systematically compare legal requirements, strategic objectives and empirical data on the actual state of implementation. We use triangulation as a cross-validation tool, which reduces the risk of methodological bias and allows us to identify behavioral patterns and development trajectories across cities.
This approach allows us to precisely name the gaps between the legal status and reality, conflicts between legal regulation and innovation, as well as obstacles to the introduction of artificial intelligence—especially legal, personnel, financial and technological. Using this procedure, we assume that we will be able to reveal the opportunities that regulatory frameworks create.
The synthesis of findings from these three perspectives creates a clear and analytically consistent picture of how the regulatory environment of the European Union can support sustainable and smart urban environments. Ultimately, we can obtain a basis for the formulation of feasible recommendations for local governments, based on the consistency between normative requirements, strategic planning and, in particular, empirical practice.
Following the description of the research methods used, we consider it necessary to briefly summarize the sources on which we based our scientific study. We work with several sources of law at different levels of legal force, which we purposefully combine in order to connect the normative, theoretical and empirical levels of research. The primary sources are the legislation of the European Union. We base our research on the comprehensive texts of European regulations, directives and other regulatory frameworks, as well as on the decisions of the European Commission, including delegated acts. This normative framework of sources forms the basis of our legal analysis, allowing us to accurately identify specific obligations that apply to cities and local governments.
The second level consists of secondary sources, i.e., professional literature and analytical studies. We examine peer-reviewed articles published by renowned publishers, whose scientific journals and conference proceedings are indexed in the Web of Sciences and Scopus databases. Academic monographs focused on smart cities, sustainability and artificial intelligence have also found application. They are no less important than documents from the European Commission, OECD and European Investment Bank. These sources allow us to map the current state of knowledge, identify key concepts of artificial intelligence governance and link them to the sustainability agenda, while providing theoretical and conceptual anchoring for the interpretation of legal requirements. The tertiary layer includes indexes, databases and statistics that complement the legal and theoretical framework with empirical knowledge. We mainly use European Union data portals, urban open-data platforms and international research databases, from which we draw quantitative indicators and comparable metrics on the state and performance of cities. These data show us the reality in individual cities and countries and serve to verify and calibrate the conclusions resulting from the legal and literary analysis. By combining primary, secondary and tertiary sources, we build a comprehensive theoretical foundation that strengthens the validity of our findings and allows us to formulate practically feasible recommendations for urban policy and the management of digital transformation.
At the same time, we declare that this study does not work with personal data or experimental data. When analyzing urban data, we consistently apply the principles of anonymization, ethical use of data, transparency of methodology and independence of conclusions. All information used comes from open and legally available sources; we remove possible identifiers before processing; and we form our interpretations and conclusions autonomously, without external pressure or conflict of interest. With this approach, we ensure compliance with relevant ethical standards and strengthen the integrity and reproducibility of our research.
3. Results
As part of our research, we aim to provide a comprehensive picture of the regulatory environment in which the transformation of mainly Slovak cities into smart, digital and sustainable centres is taking place. By combining systematic legal analysis, content analysis of strategic documents and evaluation of secondary data, we identify the links between European Union rules, national implementation and the real capacities of cities to integrate artificial intelligence into public services. Preliminary findings already indicate that although the European Union is creating a relatively robust framework for supporting digital and climate-neutral cities, persistent differences in implementation practice, technological readiness and data infrastructure continue to represent a significant barrier.
From the point of view of the legal framework, we identify four groups of legislative instruments that most significantly affect the construction of smart cities: artificial intelligence regulation, data economy regulation, cybersecurity regulation and regulations relating to the protection of personal data. Their mutual application sets the boundaries of the responsible use of AI, data accessibility and sharing, infrastructure resilience and protection of citizens’ rights, thereby determining the pace and direction of the digital transformation of local governments.
3.1. Regulation of Artificial Intelligence—Legal Status
Just out of caution, we would like to point out at the beginning of this subsection that the state of legal regulation of artificial intelligence is in its very early stages and therefore national legal orders do not yet have comprehensive legal provisions relating to artificial intelligence. The basic and essentially the only regulation in the EU regulating the rules of artificial intelligence is Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonized rules in the field of artificial intelligence (“AI Act”). The Regulation is directly enforceable in all Member States of the European Union.
3.1.1. Legal Status and Subject Matter
The AI Act establishes a uniform, risk-based legal framework for the development, placing on the market, putting into operation and use of artificial intelligence systems in the EU, while ensuring the protection of the health, safety and fundamental rights of citizens of the EU Member States. In general, the Regulation guarantees the free movement of AI-based goods and services within the internal market; however, Member States cannot impose additional restrictions outside the scope of the Regulation unless the Regulation explicitly allows it. As stated by Tronnier et al., the scope of this Regulation is defined in relation to “providers”, “users”, “importers” and “distributors” of AI systems, as well as to AI systems that are security components of products regulated by sectoral legislation [34]. The Regulation does not apply in any way to activities outside European Union law, while its scope is limited to the placing on the market or use of systems within the EU; it determines the obligations of actors in the AI supply chain.
3.1.2. Prohibited Practices in the Use of AI
The Regulation clearly states that it is not permissible to use AI for covert, subliminal manipulation of human behavior if such intervention leads or may lead to physical or psychological harm. It also prohibits exploiting the vulnerability of specific groups (such as children or people with disabilities) in order to significantly influence their actions and thereby cause them harm. Social discrimination that causes disproportionate disadvantage to individuals without rational reasons is also unacceptable. The Regulation further prohibits untargeted, mass acquisition of biometric data—typically the systematic downloading of facial images [35]. The use of remote biometric identification of persons in publicly accessible places is fundamentally limited and permitted only in exceptional, precisely defined cases, while adhering to strict safeguards set out directly in the Regulation.
3.1.3. Risk Classification and High-Risk AI Systems
The AI Act works with an approach based on risk classification: unacceptable risk, high risk, limited risk (transparency obligations) and minimal risk. The AI Act clearly defines unacceptable practices/prohibited practices. It prohibits social scoring by public authorities, non-targeted collection of facial images from the internet or camera systems for the purpose of creating databases, and the use of emotion recognition in the workplace and schools [36]. Remote biometric identification of persons in real time in publicly accessible places is only allowed in very narrowly defined situations for law enforcement authorities, based on prior authorization and strictly adhering to the principles of necessity and proportionality.
High-risk systems are considered to be in particular solutions used for the management and operation of critical infrastructure (for example, in transport or energy), for ensuring access to essential public and private services, for biometric identification and categorization of persons, in the field of law enforcement, justice and democratic processes. A strict set of requirements applies to these systems: risk management, data management including the quality and representativeness of training, validation and test sets, technical documentation, record keeping and logging, transparency and clear instructions for users, adequate human supervision and parameters of accuracy, robustness and cybersecurity.
The Regulation also introduces transparency obligations. If a person interacts with an AI system and this fact is not apparent, they must be clearly informed. Synthetic and modified content (including deepfakes) should be appropriately labelled. When using emotion recognition or biometric categorization, specific information obligations apply, unless such use is prohibited by another provision [37].
Sarkar et al. [38] point out that they define high-risk systems in two basic groups: firstly, as security components of products or stand-alone products that are already subject to conformity assessment under specific sectoral regulations. Secondly, these are stand-alone systems belonging to specific areas listed in the annex to the AI Act. These include biometric identification, critical infrastructure management, education, employment and work process management, access to essential services, law enforcement, migration and asylum, the judiciary or democratic processes.
For high-risk systems, the Regulation requires providers to have in place a comprehensive risk management system, dataset management with an emphasis on their quality, relevance and representativeness (for training, validation and testing purposes), technical documentation and records, including logging. At the same time, the Regulation requires adequate transparency towards users about the features, risks and limitations of the system, human supervision appropriate for the intended purpose and compliance with requirements for accuracy, robustness and cybersecurity [39]. At the same time, there is an obligation to subject the system to conformity assessment, affix the CE marking, register selected high-risk systems in the EU central database and carry out post-market monitoring, including reporting of serious incidents. Users of high-risk systems must use the system in accordance with the provider’s instructions, ensure adequate human supervision and comply with the obligations under the Regulation.
For systems with limited risk, the Regulation introduces transparency requirements. If the system interacts with natural persons, it must be clearly stated that it is interacting with AI. Specific information obligations apply to emotion recognition systems, biometric categorization, and content generation or manipulation systems—for example, the labelling of artificially created or modified content (so-called deepfakes)—with exceptions and safeguards directly defined in the text of the Regulation.
The Regulation also pays particular attention to general-purpose models (GPAI). Providers of these models must ensure adequate documentation, inform downstream providers and take measures to manage risks. In the case of GPAI models with systemic risk, additional obligations apply, including risk assessment and mitigation or reporting of serious incidents; the technical requirements may be based on harmonized standards or common specifications. In our view, this legal framework is also intended to ensure that AI solutions are developed and deployed transparently, safely and in compliance with fundamental rights, while at the same time allowing for innovation within clearly defined rules.
The AI Act also clearly sets out the institutional control infrastructure and divides competences between the European and national levels. At the European Union level, coordination mechanisms and central databases operate, which support the uniform interpretation and application of the rules; in the EU Member States, supervision and market controls are carried out by the competent national authorities. They jointly ensure market supervision of AI systems, coordinate implementation, issue methodological guidelines and ensure uniform practice across the EU. Bignami et al. further point out that the enforcement of the rules resulting from the Regulation is enforced by a sanctioning regime that takes into account the nature and seriousness of the infringement and the level of the sanction may depend on the worldwide turnover of the entity concerned [40]. The Regulation also regulates the remedies and precise powers of the supervisory authorities so that they can intervene effectively and restore compliance with the requirements.
3.2. Regulation of Artificial Intelligence—Impact on Sustainable Smart Cities
As Sioli et al. state, the AI Act introduces uniform, risk-based rules for the development, marketing and use of AI in the EU [41]. For smart city urban services, this means three fundamental changes. The first change is the obligations and restrictions according to the risk classification, in particular for high-risk AI in critical infrastructure and access to public services. The second change consists of strict limits for biometric use of AI and transparency obligations for human–AI interaction. The third, final change is related to new compliance processes (conformity assessment, CE marking, etc.) and supervision.
Slovak local governments must prepare for AI inventory, assessment for high-risk deployments, adjustment of public procurement and strengthening of governance (competences, training, policies) in transitional periods. Links with GDPR, NIS2, Data Act or Open Data bring concurrent obligations in the areas of data protection, security, data sharing and interoperability.
As part of our research, we also pay attention to the question of how the risk-oriented framework of the AI Act Regulation reshapes the conditions for the deployment of artificial intelligence in smart cities and what obligations arise for smart cities. The AI Act is based on a risk classification, considering as high-risk in particular systems used for the management and operation of critical infrastructure, provision of services, biometric identification, law enforcement, justice or support of democratic processes. As we have already mentioned above, strict technical and organizational requirements are set for these systems, obligations of deployers, a special obligation to assess the impact on fundamental rights and transparency requirements for selected types of interactions with natural persons.
In the area of mobility and parking, there are urban AI solutions that directly control traffic flows. Examples are adaptive traffic lights, intersection management or predictive planning of urban public transport. Typically, these solutions are classified as high-risk, as they fall under the management of critical infrastructure. The provider of such a system must have risk management in place, data management (including the quality of training, validation and test sets), technical documentation and logging, transparency and human oversight, as well as requirements for accuracy, robustness and cybersecurity [42]. Before the final solution is introduced into smart cities, the system must pass the control process by assessing conformity, obtaining CE marking. In addition, where required by the Regulation, it must be registered in the relevant EU database. The deployer (city) is obliged to use the system according to the instructions, ensure competent human supervision, monitor outputs, keep logs, report serious incidents and cooperate with supervisory authorities. Since transport systems commonly work with camera and sensor inputs, the GDPR applies in parallel. The reason is that the processing of personal data requires a legal basis, a data protection impact assessment, and compliance with the principles of necessity, proportionality and minimization, especially for video recordings.
In public safety and urban surveillance, the AI Act clearly limits biometric identification and the work with such data. Remote biometric identification of persons in real time in publicly accessible places is generally prohibited with very limited exceptions intended exclusively for law enforcement agencies. And even these exceptions are issued on the basis of prior authorization and in compliance with the principles of necessity and proportionality. According to Yazici, non-addressed collection of facial images from the internet or camera systems for the purpose of building databases is also prohibited [43]. The use of emotion recognition in the workplace and schools is also prohibited. Other forms of biometric identification and categorization that are not explicitly prohibited are generally classified as high-risk and subject to the full set of requirements of the AI Act. Any solution using camera systems or object/person recognition must have a clear legal basis, go through the appropriate processes, respect the rights of the data subjects (including proper marking of monitored areas) and apply the principles of necessity and proportionality very strictly.
In the energy sector, AI solutions are used to optimize distribution, demand or public lighting. These can be classified as high-risk if they directly control the operation of critical infrastructure. Here, too, the same rules as mentioned above apply. In addition, energy providers must comply with the NIS2 requirements regarding cybersecurity as well as relevant sector regulations.
In waste management in smart cities, AI applications are used for predictive waste exports, container-filling sensors or route optimization. These are generally outside the high-risk regime. Nevertheless, they require adequate transparency where AI interacts with the population, an emphasis on work safety in dispatching, the protection of personal data arising from sensors and cybersecurity in the case of entities falling under the NIS2 Directive.
To support our claims, we also present the results of a survey conducted by the United Nations. The survey concerned the Global Assessment of Responsible Artificial Intelligence in Smart Cities (Figure 1). The questionnaire survey was distributed through various networks and communication channels, reaching mayors, experts, researchers and other stakeholders involved in urban planning. In total, the United Nations received approximately 118 responses from 122 municipalities from Africa, Asia, Europe, Latin America and North America. In some cases, multiple cities from the same country provided responses.
Figure 1.
Source: United Nations—Global Assessment of Responsible AI in Smart Cities. 2024 [44].
According to this survey, the possibilities of AI are very broad, while at the same time they are very beneficial in transforming a city into a smart city. The main example in the survey is the transformation of urban traffic management thanks to AI. With the advent of AI, completely new possibilities for intelligent traffic management in smart cities are opening up, the significant added value of which is the reduction in traffic jams, the reduction in emissions and, last but not least, the safer operation of cars in cities. The above is also confirmed by the conclusions of the survey, which we present in the graph below. The question was—to what extent could AI benefit these areas? The answers varied, but what can be seen from Chart 1 is that AI has been implemented to the greatest extent in the areas of transport and public services. Other areas are somewhat lagging behind, but we would like to emphasize again that practically all of the areas listed below, i.e., healthcare, transport, decision-making processes in local government, education, water and waste management, public safety, energy, urban planning, but also the provision of public services, are, according to the survey, the subject of interest for smart cities, with AI planned to be implemented in most of these areas, which will significantly increase the level of this area and thus the benefit of AI will become significant [45].
Respondents, who were predominantly mayors, local government representatives and city managers, said that the most significant benefits were seen in the areas of mobility (32%), provision of information on public services (28%), public safety (24%) and healthcare (24%). Cities that are still planning to implement AI expect the greatest benefits in particular in the mobility sector (42%), water and waste management (41%), public safety (40%) and urban planning (40%), indicating a growing perception of the potential of AI even in traditional areas of city governance (Figure 2). The survey also revealed that cities without existing plans to implement AI also see significant potential for AI in the areas of public policy-making (51%) and education (51%). Overall, respondents consider the main benefits of implementing AI to be savings through process automation (58%), increased efficiency of public services (49%), and support for better decision-making (47%), which is in line with the findings of the professional literature on the direction of smart city development. Based on the questionnaire survey, it is possible to assess the real effectiveness of deployed AI, especially in the mobility, public safety and public service sectors, where the benefits have been repeatedly confirmed in practice. At the same time, the results allow us to identify the extent of financial gaps, which are particularly evident in cities with limited budgetary capacities, where the high costs of implementing, operating and providing professional support for AI systems remain one of the main barriers to the wider spread of these solutions.
Figure 2.
Source: United Nations—Global Assessment of Responsible AI in Smart Cities. 2024 [44].
In general, when using e-government, it is important to distinguish between solutions that significantly affect access to public services, e.g., social benefits, housing, school admissions, etc. Such systems are high-risk and must meet all the conditions as we have already stated. At the same time, transparency obligations apply, consisting of the obligation to inform the population that they are communicating with AI and to mark synthetic or modified content, including deepfakes. The GDPR is also mandatory for the processing of personal data in this case [46].
Special consideration to be taken into account is biometric data acquisition in public spaces. Remote biometric identification in real time is inadmissible for ordinary self-government purposes; exceptions are reserved for law enforcement agencies and only in strictly defined situations.
It is also important to take into account the impact of the AI Act on public procurement in smart cities. The reason for this procedure is the fact that cities, as part of local government, are part of the public administration applying the legal regulation on public procurement. Public procurement and contractual practice must reflect the risk-oriented framework of the AI Act from the outset and must not deviate from the legal framework of this Act. In the technical specifications, it is necessary to explicitly require demonstrable compliance with the regulation according to the relevant category (especially for high-risk systems), with a reference to harmonized standards after their publication or with equivalent evidence. Smart cities should require complete technical documentation in the scope according to Annex IV of the AI Act, a description of the risk management system, data management and human oversight mechanisms. Evaluation criteria within the framework of public procurement should take into account auditability, data quality, robustness, cybersecurity (in accordance with NIS2), energy efficiency and sustainability of AI operations. For high-risk systems, it is essential to require CE marking, an EU declaration of conformity and—if required by the regime—registration in the relevant database before delivery and putting into practice; instructions and operator training must be included in the delivery.
The managerial and governance implications for local governments primarily require strengthening organizational capacities. In general, the establishment of an AI Officer position and the creation of cross-functional teams across IT departments, legal departments, data protection departments and cybersecurity departments are proven [47]. At the same time, an inventory of all AI systems is necessary, their classification according to the AI Act, as well as mapping of data flows and the supply chain. The internal city AI policy must regulate the principles of use, security, data quality and public engagement; establish methodologies and clear procedures for incidents and complaints. Systematic training consisting of improving AI literacy, ethical behavior, data protection, cybersecurity or AI procurement is also a prerequisite. In the case of small municipalities, so-called “compliance by design” solutions with pre-prepared documentation, shared regional platforms and cloud/edge services are preferred. Large cities usually have sufficient financial coverage and should therefore build their own governance structures [48].
As stated by Palmero et al., it is also impossible to ignore the fact that financing and support tools represent an important accelerator of smart cities [49]. At the European Union level, the Digital Europe, Horizon Europe and CEF Digital programs as well as cohesion funds can be used for the digital transformation of cities and municipalities and the modernization of infrastructure. At the national level, schemes coordinated by the Ministry of Investments, Regional Development and Informatization of the Slovak Republic (hereinafter also “MIRRI SR”) are being prepared, which will supplement the methodological materials for the AI Act for the public sector. In relation to the implementation of the AI Act in the conditions of the Slovak Republic, it will be necessary to build institutions that will control and ensure compliance with legal regulations. The Slovak Republic will gradually designate the relevant authorities for market supervision, sanctions and coordination; MIRRI SR already operates information portals and therefore has experience with such implementation, and will publish relevant updates in relation to the AI Act. In the area of personal data protection, the Personal Data Protection Office of the Slovak Republic applies guidelines regulating the use of recordings, videos and biometrics; for large-scale camera systems and biometric scenarios, a strict assessment of legality and proportionality is usually necessary.
The above views are also supported by several statistical data, while it is important to emphasize that financial support within the European Union is not intended only expressly for the development of artificial intelligence in smart cities. Member States can draw on these funds, but these funds are tied to individual cities also achieving sustainability goals and investing in research, development and innovation [50]. However, nothing prevents a city from applying for a specific call, using these funds to introduce, for example, intelligent transport in the city, which will be controlled via AI. Such use of funds will, on the one hand, support the city in building and implementing AI systems into its infrastructure and at the same time help in achieving sustainability goals. For example, thanks to AI-controlled transport, emissions in cities will be reduced, thereby pursuing sustainability goals but at the same time supporting the development of AI in smart cities.
There are many such programs in the European Union alone, but even though the total amount allocated for the development of investments in smart cities is close to nine billion EUR, it is not enough. The estimated investments for approximately one hundred smart cities are close to 650 billion EUR. On the one hand, the European Union supports this plan, but on the other hand, it has not yet allocated this amount in full [51]. As shown in Figure 3 presented below, the most important support programs for smart cities are Horizon Europe with the support of 360 million EUR, Horizon/CINEA with the support of 41 million EUR and Digital Europe with the support of approximately 8.1 billion EUR [52,53]. However, it is clear from Figure 3 that support within the EU is not sufficient and if smart cities want to implement AI technologies with a view to sustainability to the full extent (650 billion EUR), external sources of funding will also need to be used.
Figure 3.
Source: Own processing based on statistical data prepared at the EU level.
However, it is also important to point out the shortcomings in the process of applying for funds from the European Union. The main challenges include the complexity and administrative complexity of the applications themselves, high demands on documentation and control, as well as the need for pre-financing of projects by municipalities, which can be problematic for smaller cities or municipalities with limited budgets. The process of approving and drawing funds is often time-consuming and requires specialized capacities for project preparation and management, which places an extremely heavy burden on municipalities with limited personnel [54].
In addition to direct EU fund programs, cities and municipalities can also use complementary financing models, such as public-private partnerships (hereinafter referred to as “PPP”). There are successfully implemented PPP projects in the Slovak Republic, especially in the field of infrastructure and public services. However, their use is often limited by the high costs and complexity of projects, which require thorough preparation and long-term financial commitments. For this reason, PPP projects are not always the preferred financing option in practice, although they represent a flexible and potentially effective way of implementing more demanding investments.
A differentiated approach to project support—taking into account the size and capacities of local governments—is therefore key. Smaller cities and municipalities may prefer to implement projects gradually with a combination of EU funds and partial co-financing from the state or local budget, while larger cities are able to implement more ambitious projects, including PPP models, using broader financing options and internal capacities to manage complex investment processes.
However, the above-mentioned programs are funding programs implemented at the European Union level, to which, in accordance with the principle of non-discrimination, all local governments within the EU can apply. Within Slovakia, several projects have been implemented in specific cities, financed both from local government funds and from European Union funds, with the aim of these projects being to support sustainable urban development using AI.
As one example, we present the SAM SUD Project—Smart Asset Management for Sustainable Urban Development, which was implemented in the city of Košice, with the total cost of the project amounting to EUR 6,088,617.60 and the city financed EUR 955,513.20 from its own funds. Košice, like many other Slovak cities, is currently facing the problem of empty or underused buildings, which represent untapped potential for community development and environmental protection. The SAM-SUD project responds to this challenge, aiming to transform unused buildings into functional, energy-efficient and socially beneficial spaces. The basis of the project is the use of modern digital tools, including solutions based on artificial intelligence. These tools enable more efficient management of city assets, better planning of building renovation and optimization of their future use. Digital systems are complemented by intelligent IoT sensors that will monitor the operation of buildings and their energy consumption. The project places great emphasis on sustainability and climate resilience. The renovation includes ecological technologies that contribute to reducing energy consumption and the carbon footprint of buildings. These solutions will be piloted during the reconstruction of the building at Hlavná 57, Košice, which will become a prime example of smart and sustainable transformation of urban space. An integral part of the SAM-SUD project is the active involvement of the local community. New multifunctional spaces will be designed to respond to the real needs of residents and support social inclusion, community activities and local development. The SAM-SUD project represents a comprehensive solution in the field of digitalization, climate adaptation and inclusive urban development in the context of AI. The expected outputs and impacts of the project include reducing operating costs and energy consumption in municipal buildings, thereby contributing to more efficient management of public finances. The project will enable better planning of repairs and investments based on data and real needs, which will lead to the long-term sustainability of municipal assets. At the same time, it will contribute to the creation of new jobs and to the strengthening of the city’s professional capacities in the field of digital governance and sustainable development. The result will also be an increase in the comfort, functionality and overall usability of public spaces for residents. Sustainable management of city assets through modern digital tools, AI and data-driven decisions will become the basis for effective and inclusive urban development [55].
Another example is the city of Banská Bystrica. For the purposes of this analysis, we deliberately choose cities other than the capital of the Slovak Republic—Bratislava—because we want to demonstrate that even at the level of smaller cities it is possible to implement AI with the aim of improving overall sustainability. In the city of Banská Bystrica, an IoT smart solution project was implemented in the operation of the City of Banská Bystrica. The project was largely financed by the European Union, which covered approximately 85% of the total costs, with the rest provided by the city from its own resources. Thanks to this support, it was possible to implement modern digital and ecological solutions aimed at more efficient management of city assets. The output of the project is mainly a reduction in the energy intensity and operating costs of city buildings, as well as better planning of their renovation and use. The project also contributed to strengthening the city’s professional capacities and the use of data in decision-making [56]. The result is a more sustainable, more functional and more beneficial urban space for residents.
Likewise, programs to support AI in sustainable smart cities are also implemented directly by the Ministry of Investments, Regional Development and Informatization of the Slovak Republic. This specifically increased the funds within the Modern Technologies call from the Operational Program Integrated Infrastructure of Finance for the so-called smart city solutions in cities. The original allocation of 7.5 million EUR has increased threefold to almost 22.5 million EUR. A total of 35 cities will be able to use the funds. Large cities such as Prešov, Žilina, Trnava, Banská Bystrica or Košice have decided to introduce the latest technologies into the everyday lives of citizens, as well as smaller ones such as Snina, Kežmarok, Bojnice, Zlaté Moravce, Vráble, Holíč and Nesvady.
The above-mentioned empirical evidence from specific Slovak cities shows that AI is also being used more at the local level with the aim of ensuring sustainability in smart cities. At the same time, it connects the above-mentioned legal frameworks with specific management practices within cities in Slovakia [57].
However, it is important to note that when assessing cities of different sizes in the Slovak Republic, it is necessary to take into account significant differences between small, medium-sized cities and the capital, especially in the area of fiscal capacities, technological reserves and availability of talent. However, these inequalities are largely compensated by financial resources from European funds, which allow smaller cities to implement projects and investments that would otherwise be beyond their local capabilities. Despite the fact that funds from European funds significantly help to reduce the differences between large cities and smaller municipalities, it is still necessary to adapt the strategy to their size from the perspective of the management of cities and municipalities. Urban management strategies and recommendations should be tailored to these specificities, taking into account the size of cities and municipalities: smaller cities may require more intensive support from external sources, for example through European funds, and a gradual implementation of technological or innovation measures, while larger cities can implement more ambitious projects with a greater degree of autonomy, but with less financial support from the EU. Such a differentiated approach ensures that the proposed measures are effective and realistically feasible in the context of the specific size and capacity of the city.
3.3. Regulation of Personal Data Protection and Cybersecurity—Legal Status
As part of our scientific study, we also point out that not only the AI Act affects sustainable smart cities, but also the GDPR Regulation and the NIS2 Directive. In relation to these two normative legal acts, it is important to note that they are older legal regulations compared to the AI Act. For this reason, in the introduction, we only briefly pay attention to the regulated area and focus more on the analysis of their impact on sustainable smart cities than on a theoretical description of the legal status.
The GDPR regulates the processing of personal data in the EU and applies to all entities that process data automatically or in structured registers if they are established in the EU. Campanile et al. emphasize that the Regulation defines the basic principles of processing (lawfulness, fairness and transparency; purpose limitation; minimization; accuracy; storage limitation; integrity and confidentiality; accountability) and the legal basis for processing personal data (e.g., legal obligation, performance of tasks in the public interest, legitimate interest, contract, consent, etc.) [58]. The Regulation specifically protects “sensitive” categories of data (e.g., health, biometrics) and their use is only possible in exceptional cases with strict safeguards on the part of the personal data processor. It grants individuals extensive rights (right to information, access, rectification, erasure, restriction, portability, right to object) and the right not to be subject to a purely automated decision with legal or similarly significant effects, except for well-defined exceptions requiring mandatory human intervention. Controllers and processors must comply with obligations such as “privacy by design/by default”, security of processing, record keeping, conclusion of processing contracts, notification of data breaches and designation of a data controller in the public sector. The GDPR also includes international rules on data portability (adequacy, appropriate safeguards, narrow derogations) and supervisory mechanisms (single point of contact) including sanctions. Activities outside European Union law are excluded from the scope of application [59].
The NIS2 Directive sets a common level of cybersecurity in the EU and imposes obligations on entities in selected sectors (e.g., energy, transport, digital infrastructure, public administration, healthcare and others). Entities must implement a set of risk management measures: security policies and organization, risk analysis and assessment, incident prevention and management, continuity and recovery, supply chain security, secure development and maintenance of information and communication technologies, risk management, training, access control, encryption [60]. All of the above measures must also be associated with regular evaluation of the effectiveness of the measures. A key obligation is the obligation to report significant incidents within set deadlines (early warning, follow-up notification, final report) and close cooperation with national authorities. Supervision varies depending on the entity to be supervised, with the content of supervision itself being inspections, corrective orders, sanctions and an emphasis on senior management responsibility for cybersecurity. NIS2 intersects with the requirements of the AI Act (in particular, cybersecurity of high-risk AI) and with the GDPR obligations regarding the security of processing. In practice, cities and municipal enterprises therefore integrate these legal frameworks into procurement, contracts and operational operations. In the Slovak Republic, NIS2 is transposed by an amendment to the Cybersecurity Act with effect from 1 January 2025; the central authority is the National Security Office of the Slovak Republic, supplemented at lower levels by a computer incident response unit called the CSIRT (Computer Security Incident Response Team) and sectoral authorities.
3.4. Regulation of Personal Data Protection and Cybersecurity—Impact on Sustainable Smart Cities
In addition to regulating a range of rights and obligations in the area of personal data protection and cybersecurity, the GDPR and the NIS 2 Directive fundamentally affect the entire life cycle of urban AI solutions—from design and procurement through deployment to subsequent oversight and accountability. As we have already mentioned, the GDPR determines under what conditions cities can process personal data in AI systems, emphasizes lawfulness, fairness and transparency, minimization, purpose limitation, accuracy, integrity and confidentiality of data, as well as the liability of controllers. The NIS 2 Directive complements this framework with a comprehensive set of cyber measures for “essential” and “important” entities in critical sectors. These include energy, transport, digital infrastructure and public administration, including risk management, supply chain management, business continuity, incident management and mandatory reporting.
These two EU legal frameworks overlap in practice with the requirements of the AI Act. The AI Act does not contradict the legal standards set out in the GDPR and NIS2 in any way. On the contrary, from the perspective of the hierarchy of legal regulations, they are equivalent due to the required mutual application. High-risk AI systems in the public sector require an impact assessment on fundamental rights, which is regulated in the GDPR Regulation. The technical requirements of the AI Act for accuracy, robustness, cybersecurity and human oversight intersect with the security measures of NIS2. This mutual application creates an integrated three-layer legal framework consisting of the following:
- − Rights and freedoms under the GDPR;
- − Resilience and cybersecurity under NIS2;
- − Responsible design and use of AI under the AI Act.
This legal framework is complemented by other important EU regulations: the Data Governance Act (trusted sharing and mediation of data), the Data Act (fair access to data), the Open Data Directive and national standards for open data. These laws, regulations and directives increase the availability of data for urban innovation, but require robust anonymization and systematic risk assessment, especially for spatial datasets [61].
In smart cities, these legal frameworks translate into specific obligations. In mobility and parking, where AI manages traffic flows (e.g., through adaptive intersections, predictive planning of urban public transport), the legal basis is usually public interest or statutory obligation. However, a process in the sense of the GDPR is usually required due to the large-scale collection of sensor and video data. Minimization (preference for aggregation and detection without identification), limited retention periods, clear marking of monitored zones and technical measures “privacy by design” are applied. We believe that from the perspective of NIS2, this is a critical infrastructure, as risk management measures, network segmentation, multi-factor authentication in dispatching, managed access, robustness and resilience tests of models, as well as contractual obligations of suppliers to regularly update and address vulnerabilities are necessary.
In public safety, video surveillance is only permissible if it is necessary and proportionate, including documented proportionality, limited scope, encryption, access control and clear information directly at the point of capture. Biometric data represent a special category—facial and emotion recognition are highly invasive and generally disproportionate in common urban scenarios. As stated in this context, Schreiber and Tippe, European data protection authorities, have repeatedly called for strict restrictions on these practices in publicly accessible spaces. If AI would interfere with rights, the limitations of automated decision-making under the GDPR and mandatory safeguards consisting in particular of human intervention, the right to express oneself as well as to challenge the decision through a remedy will apply. From the perspective of NIS2, camera and analytics platforms (edge/cloud) must be securely managed with patch management, model supply chain security, monitoring and incident response [62].
In the energy sector, the legal basis for processing consumption measurements is usually a legal obligation or public interest, while profiling requires a special process and so-called “by design/by default” measures. In practice, this means pseudonymization, access restrictions and, in particular, transparency towards households. NIS2 places strict demands on risk management, incident reporting and resilience, rigorous supplier monitoring and continuous resilience testing. The Data Act also facilitates fair access to data from connected devices for urban optimization AI, while maintaining GDPR guarantees. In waste management, it is necessary to pay special attention to the so-called DPIA (Data Protection Impact Assessment) tool for sensor and location data. This is a special tool for assessing the legitimacy and meaningfulness of the processing of personal data if the scope or frequency of monitoring significantly interferes with privacy. If a municipal enterprise according to Hansen et al. meets the sectoral and size criteria of the NIS2 Directive, mandatory risk management measures, service availability, incident reporting and resolution requirements will apply [63]. In e-government, as already mentioned above, transparency of AI interactions and information on profiling apply; purely automated decision-making is limited and associated with safeguards.
Castaldi et al. remind us that public procurement and contractual practice must reflect these requirements in technical specifications and contractual clauses [64]. From the GDPR perspective, these are precise agreements with intermediaries—defining operations, security measures, auditing and access to logs and data export for the purposes of DPIA, complaints and supervision. In joint processing, it is clearly necessary to adjust responsibilities and information in the joint controller regime. From the NIS2 perspective, it is appropriate to require the implementation of measures under Art. 21 (logging, encryption, training), incident reporting (early warning within 24 h, subsequent notification within 72 h, final within one month), regular penetration tests and security assessments, supplier due diligence and contractual sanctions for non-compliance. Where the AI Act applies (especially high-risk systems), complete technical documentation, records, instructions, evidence of security and human oversight should be required and requirements should be uniformly aligned with GDPR and NIS2.
Finally, according to Brenner, it is recommended that smart cities integrate all three of the above-mentioned regulations into a single “compliance gate”—AI Act, GDPR and NIS2 before procurement and before implementation [65]. It is also generally recommended to take into account not only the above-mentioned legal standards, but also the instructions of the National Security Office of the Slovak Republic as well as the national MIRRI standards. This integrated approach enables the development of trusted, secure and sustainable AI services that meet EU objectives, reduce risks of non-compliance, and support innovation and the quality of urban services.
3.5. AI Act, GDPR and NIS 2 Directive and Their Impact on Sustainability
As we have already mentioned, the AI Act, GDPR and NIS2 form a set of mutually complementary rules that ensure that the digitalization of cities is sustainable—environmentally, socially, and in terms of governance and resilience. Environmental sustainability is primarily manifested by the fact that the regulated, safe and transparent development of AI allows for the optimization of energy systems, transport and urban services without undue risk. In the context of mobility, these measures are reflected in lower emissions thanks to reliable adaptive signalling or predictive planning of urban public transport. In the energy sector, this is mainly about higher efficiency, demand flexibility and reduced losses in energy networks. With its emphasis on minimization and purpose limitation, GDPR leads to a smaller data burden, more efficient storage and reduction in unnecessary transfers, which also has an impact on the energy footprint of data processing. NIS2 works on preventive security and continuity—from network segmentation to vulnerability management. This reduces the risk of outages and accidents that would directly worsen environmental parameters such as unplanned congestion or forced shutdowns.
Social sustainability is based on trust, fairness and inclusion. The AI Act protects fundamental rights by prohibiting manipulative practices and social scoring, regulating high-risk uses and requiring clear information for individuals where AI interacts with humans. The GDPR guarantees predictability and control over personal data, data subjects’ rights and understandable information, while enforcing safeguards, including human intervention, in profiling and automated decision-making. NIS2 strengthens the security of the digital channels through which cities deliver services, thereby enhancing the availability and integrity of public services.
As we have shown above, sustainability in smart cities is not just about technological savings and emission reductions, but about a broader balance: safe AI increases efficiency, GDPR protects citizens and builds trust. NIS2 protects business continuity and resilience. When we apply these legal frameworks in an integrated manner with clear roles, processes and metrics, the digitalization of cities progresses faster, with less risk and with higher added value for both citizens and the environment.
4. Discussion and Conclusion
4.1. Integrated Regulatory Framework (AI Act, GDPR, NIS2) as a Basis for the Sustainability of Urban AI Services
Interpretation of Findings and Mutual Synergies Between Regulations
By synthesizing the findings, we concluded that the AI Act, GDPR, NIS2 and the Open Data Directive form a comprehensive legal framework that, if implemented in an integrated manner, guides the entire life cycle of urban AI solutions, from design and procurement through deployment to oversight, auditability and data publication. The AI Act sets risk-based obligations for the design, marketing and use of AI, including mandatory fundamental rights impact assessments for selected high-risk uses in the public sector. The GDPR defines material boundaries for the processing of personal data and thus supports the fairness, clarity and predictability of AI decision-making. NIS2 increases the operational resilience and cybersecurity of AI-dependent urban services through risk management, incident management and supply chain security. It directly intersects with the AI Act requirements for cybersecurity of high-risk systems and with the GDPR for the security of personal data processing.
From a managerial perspective, the greatest added value is brought by the integrated “compliance gate”: the connection of the AI Act and the GDPR, supplemented by the NIS2 risk assessment before procurement or direct deployment in smart cities. The mutual application removes all duplications, harmonizes all deviations and creates a uniform basis for transparent communication with city residents.
As part of our research, we have identified potential risks and propose procedures for removing or eliminating them. The AI Act prohibits selected practices such as social scoring by public authorities, emotion recognition in work and schools, and remote biometric identification in real time in public spaces. On the one hand, this significantly strengthens the trust and protection of residents, but on the other hand, it can slow down the development of AI in smart cities. By using the above methods, targeted advertising could be applied, for example, which could ultimately bring more funds to the city itself. However, with regard to the legal regulation of the AI Act, it is necessary to state that the protection of the privacy of residents is more important in this regard than the unlimited development of AI and business. The GDPR requires that profiling and exclusively automated decision-making be accompanied by human supervision, which would control the entire process. The GDPR also guarantees the data subjects the right to express themselves, the right to rectification, the right to remove unwanted interference and the like. Again, these guarantees significantly protect the personal data of individuals and prevent unregulated processing of personal data by smart cities. On the other hand, such regulation can significantly slow down the development of smart cities. A theoretical slowdown in development can be seen at the development level because every change needs to be assessed through the protection of personal data, and it is obvious that the implementation of smart cities significantly interferes with the personal data and privacy of residents. Another aspect is the increased costs, as every city really needs to have GDPR specialists who, on the one hand, are present in automated decision-making and, on the other hand, resolve residents’ suggestions and complaints.
NIS2 introduces cybersecurity obligations. On the one hand, this means significantly strengthening the cybersecurity of the digital infrastructure on which smart cities depend—from smart transport, energy to city information systems. The introduction of stricter security standards increases the protection of residents’ sensitive data, reduces the risk of cyber attacks and increases public trust in smart solutions. Thanks to better coordination between the public and private sectors and the obligation to report incidents, cities’ preparedness for crisis situations and the stability of digital services increases, which, in our opinion, is key to their long-term, safe development. On the other hand, even the consistent application of NIS 2 can slow down the development of smart cities, mainly due to increased administrative, financial and technical requirements. Cities and technology suppliers have to invest in security measures, audits, documentation or training, which can drain resources intended for innovation itself. Strict rules usually also discourage smaller startup suppliers from entering the market. This results in a slowdown in the introduction of new technologies due to a more complex approval process, which in practice can hinder the dynamic development of smart solutions.
In our opinion, the most practical and effective approach for deploying AI in smart cities is a combination of process tools and clear contractual obligations. The basis is a single common “compliance gateway” that can link the GDPR, AI Act and NIS2 requirements into one clear whole.
The conditions for compliance should be precisely defined in public procurement, from demonstrating compliance, through making technical documentation or system logs available, to contractual guarantees in the areas of updates, incident management and data protection. The life cycle of this entire solution also includes regular monitoring of the functioning of the deployed AI, a common incident procedure that follows the NIS2 rules, a 72 h notification obligation under the GDPR and repeated reassessment whenever data or the model changes.
In transport, AI systems controlling intersections or parking are among the high-risk ones. They require technical documentation, systematic logging and a compliance assessment under the AI Act. Since they often work with extensive sensor or camera data, cities must also conduct a review under the AI Act and the GDPR. At the same time, the security requirements of NIS2 must be met—network segmentation, identity management, business continuity planning and incident reporting.
There is a very clear rule in the area of security. Local governments cannot use remote biometric identification in real time in public spaces. Camera analysis systems must always successfully pass the necessity and proportionality test under the GDPR and at the same time meet the strict security level under NIS2.
If AI decides on access to essential public services or significantly influences it, it is a high-risk application. It requires an assessment under the AI Act, documentation and human supervision. The GDPR limits exclusively automated decision-making and emphasizes the obligation to clearly inform data subjects. NIS2 also protects portals and application interfaces.
Despite the undeniable benefits of AI in smart cities, which we have demonstrated above, there are still barriers that prevent the responsible use of AI in smart cities [45]. According to the conclusions of the United Nations research, the most significant obstacles are the cost of implementation, the protection of personal data, the lack of laws and regulations, and the lack of experience and skills, as shown in Figure 4.
Figure 4.
Source: United Nations—Global Assessment of Responsible AI in Smart Cities. 2024 [44].
Data from the United Nations Global Survey allowed us not only to identify the main barriers to the responsible use of artificial intelligence in cities, but also to qualitatively and quantitatively assess their relative importance. The most prominent barrier is the cost of implementing AI solutions, which was mentioned by 58% of respondents. This figure points to a significant financial gap between the technological potential of AI and the real budgetary possibilities of cities, especially small- and medium-sized municipalities.
Personal data protection was identified as a barrier in 53% of cases, confirming that the effectiveness of AI applications is closely linked to the quality of legal and organizational mechanisms for protecting privacy. Insufficient regulation and the absence of clear legal frameworks were identified by 45% of respondents, as was a lack of professional knowledge and skills. These factors directly affect the ability of cities not only to implement AI, but also to operate it in the long term and evaluate its real benefits.
From the perspective of evaluating the effectiveness of AI applications, the results indicate that technological benefits are achievable in practice, but their scope is limited by the availability of financial resources, regulatory readiness and human capital.
Despite the above obstacles, we believe that when the AI Act, GDPR and NIS2 are implemented together, a solid foundation is created for the long-term sustainable development of smart cities:
- Environmentally, they help reduce congestion, energy consumption and emissions.
- Socially, they strengthen the protection of rights, fairness and trust of citizens.
- Economically, they reduce compliance costs, the risk of incidents and accelerate safe innovation.
Cities that set up unified governance mechanisms, a common compliance gateway and regular public participation can provide digital services that are safe, inclusive, energy-efficient and sustainable in the long term. It is clear that the EU legislative and support framework is a significant impetus for the transformation of individual smart cities, but it requires effective coordination and strategic management at the level of local governments. The above conclusions clearly indicate the need for an integrated legal and managerial approach that will enable the full use of the potential of AI in supporting sustainable urban development.
When deploying AI in smart sustainable cities, it is also necessary to clearly determine the hierarchy of regulations and ways to resolve conflicts between them. Based on analysis and practical experience, we recommend the following arrangement: GDPR has the highest priority. Since most projects implemented in smart cities will involve the processing of personal data, it will be necessary to take into account the regulations of the GDPR first. Thus, whenever it comes to the processing of personal data of natural persons or automated decision-making affecting individuals, the GDPR has the highest possible priority. The AI Act is primarily applicable to high-risk AI systems in the public sector that decide on access to essential services, manage critical infrastructures or analyze large amounts of sensor or camera data. It ensures risk assessment, documentation, auditability and a mandatory assessment of the impact on fundamental rights. However, the AI Act and the GDPR should not be considered as two separate regulations. As soon as an artificial intelligence system starts processing personal data of individuals, for example from camera recordings, the GDPR automatically needs to be applied and, first and foremost, the personal data of individuals needs to be protected, but at the same time, the AI Act needs to be applied and the standards set out in it need to be complied with. These two regulations are not mutually exclusive, but complementary. The NIS2 Directive applies primarily to the operation of critical digital infrastructure, ensuring cybersecurity and managing supply chain risks. It provides a framework for incident management, business continuity and cooperation between the public and private sectors. The above approach also needs to be applied in the case of the NIS 2 Directive. At the moment when personal data is processed, the GDPR Regulation needs to be applied. In the event that systems also use AI, these systems must meet not only the requirements of the NIS2 Directive, but also of the AI Act. It is therefore necessary to look for overlaps between these three legal regulations, with the protection of personal data always having the highest priority. In practice, there should be no conflicts, but the implementation of these three legal regulations can be problematic if a situation arises where all of them need to be applied. An example is high-risk AI systems that also process personal data and are part of critical infrastructure. Such conflicts can be resolved through an integrated “compliance gate”:
- A coordinated risk assessment under the GDPR, AI Act and NIS2 is carried out before procuring or deploying AI.
- Predefined decision trees are implemented to determine which regulation takes priority at a specific stage of the system’s life cycle.
- In the event of a conflict (e.g., GDPR vs. AI Act in automated decision-making), the protection of citizens’ rights is always prioritized, and the AI system can only proceed after implementing additional safeguards.
It also includes continuous monitoring and updating of documentation, regular audits and clearly defined contractual obligations with suppliers, including the obligation to report incidents in accordance with NIS2 and GDPR. Such an integrated approach ensures that urban AI services are legal, safe and trustworthy, while minimizing the risks of legal conflicts, reducing duplicate administration and providing a clear methodology for decision-making even for complex services.
The above conclusions are applicable within the European Union, as the scope of regulations and directives applies only to EU Member States, but the principles and methodology of the rules can be flexibly adapted for countries outside the EU. Countries that do not have the same legal regulations can use the proposed approach as a model for creating their own legal and managerial mechanisms and procedures for the responsible deployment of AI in cities. Key areas of adaptation are as follows:
- Risk-based assessment of AI systems—even without legislation similar to the AI Act, cities can introduce internal risk assessments for high-risk AI applications, including the impact on privacy, security and fundamental rights of citizens.
- Data protection and transparency—GDPR principles such as data minimization, human oversight of automated decision-making and citizens’ right to redress can be implemented in local regulations or internal guidelines as a basis for trustworthiness and ethical data processing.
- Cybersecurity and infrastructure resilience—NIS2 standards can be adapted to local conditions, with an emphasis on risk management, incident management, protection of critical digital infrastructure and securing supply chains.
- Integrated compliance gateway—the principle of linking different regulations into a single process can be transferred to any legal framework, where individual internal or national rules for AI, data and security can be coordinated, audited and regularly updated.
Adapting governance mechanisms—the size of the city, available resources, technological readiness and staffing capacities—determines the extent and pace of implementation of the recommendations. Smaller cities can start with pilot projects and gradually introduce more complex systems, while larger cities can apply the full methodology from the beginning.
This approach allows countries outside the EU to draw on proven principles for responsible AI deployment, while taking into account their local legislative, cultural and technological specificities. At the same time, there is potential for the EU to gradually extend its framework to cooperating states outside the Union, thereby supporting the approximation of legal systems and the unification of practices in responsible AI deployment globally. The framework thus adapted enables the safe, ethical and sustainable development of smart city services, while providing practical value not only for European cities, but also at the international level.
4.2. Concluding Remarks
It is clear that the AI Act, GDPR and NIS2 together create a single legal framework that shapes the entire life cycle of urban AI solutions—from strategic design and procurement, through deployment and operation, to oversight, auditability and data disclosure. If a local authority implements a single governance structure with clearly defined roles and an integrated “compliance gate” that combines fundamental rights impact assessment, data protection impact assessment and cyber risk analysis, it will not only gain regulatory certainty but also a practical basis for supporting environmental, social and economic sustainability [66].
We found that the AI Act is the basis for risk-based AI regulation because it prohibits manipulative and disproportionate practices and sets out extensive requirements for risk management, data quality and governance, technical documentation, transparency, instructions, human oversight and cybersecurity for high-risk systems. These are complemented by a regime of conformity assessment, CE marking, registration and post-market monitoring. For the public sector, a mandatory fundamental rights impact assessment before the first deployment of high-risk AI is key. The GDPR remains the material limit for all municipal AI applications working with personal data. It requires a lawful basis for processing, compliance with the principles of lawfulness, minimization, purpose limitation and liability, specific safeguards for sensitive categories of data, appropriate technical and organizational security measures and ‘privacy by design/by default’. It protects the rights of individuals in the context of profiling and automated decision-making by ensuring that everyone has the right not to be subject to purely automated interventions with significant effects without established safeguards. The guidelines for video and biometrics emphasize the necessity and proportionality test and caution for highly invasive practices.
NIS2 extends the cyber resilience of smart cities in critical sectors such as transport, energy, digital services and public administration. It requires a comprehensive set of risk management measures such as security organization, risk analysis and management, continuity and recovery, supply chain security, secure development and maintenance, training, access control and encryption.
In smart cities, these legal regulations translate into practical synergies. In mobility, as we have already mentioned, these are mainly adaptive traffic lights, intersection management and predictive urban public transport planning. However, there is also generally high risk as the AI Act requires a conformity assessment, documentation and logs. GDPR supplements DPIA for large sensor and video data; NIS2 ensures infrastructure resilience (segmentation); open data supports the sharing of aggregated transport indicators. Similarly, in energy, the interplay between the AI Act and GDPR (processing of measurements and profiles) and NIS2 (IT security) is interconnected.
Sustainability is an integral result of this interaction of the three pieces of legislation. From an environmental perspective, safe and robust AI reduces congestion, energy consumption and emissions; GDPR supports “lean” data flows and a smaller energy footprint of processing; NIS2 reduces the risk of outages and accidents. From a social sustainability perspective, the AI Act protects the fundamental rights and transparency of AI interactions, GDPR builds trust through individual rights and understandable information, and NIS2 protects the availability of public services. Economically and from a governance perspective, harmonized standards and clear contractual requirements reduce transaction costs, strengthen auditability and enable faster and responsible innovation. If cities apply this framework in an integrated manner, i.e., with set tasks, a unified “compliance gate” and public participation, they will achieve higher quality, inclusion and resilience of digital services that support their sustainable development goals in the long term.
Despite the effort to comprehensively grasp the issue, this scientific study has several limitations that need to be openly named. The research is primarily based on legal and content analysis of regulatory and strategic documents, while there is no own extensive empirical data collection in the form of interviews with representatives of local governments, technology suppliers or city residents. Another limitation is the dynamic development of the legal regulation of artificial intelligence at the European Union level, as several implementing regulations and methodological guidelines are still being prepared at the time of processing this scientific study.
We cannot forget the so-called researchers’ bias, which manifests itself through subjective interpretation of findings, which is a common phenomenon in qualitative analysis of legal and strategic documents. The interpretation of findings and conclusions can be influenced to some extent by our professional background as well as our value framework. This can lead to highlighting selected aspects of artificial intelligence regulation and smart city sustainability at the expense of others. We tried to minimize this risk by selecting diverse sources and using a transparent methodological procedure. Nevertheless, we cannot completely exclude the subjective interpretative influence when formulating conclusions. Our scientific study can be followed up. We are convinced that future research should focus primarily on a systematic empirical assessment of the real impacts of the implementation of artificial intelligence on the sustainability of cities, the quality of public services and the trust of residents. A promising direction is the analysis of specific cities that are already actively using AI in transport, energy, public safety or social services. Long-term monitoring of the impact of the AI Act on local government decision-making, public procurement and contractual relations with technology suppliers would also be of significant benefit. The next research into the social and ethical aspects of the use of artificial intelligence in smart cities deserves special attention, especially in the areas of digital inequality, privacy protection and citizen participation.
Author Contributions
Conceptualization, M.K. and T.P.; methodology, M.K.; software, M.K.; validation, M.K.; formal analysis, M.K.; investigation, M.K.; resources, T.P.; data curation, M.K.; writing—original draft preparation, M.K.; writing—review and editing, M.K.; visualization, T.P.; supervision, T.P.; project administration, T.P.; funding acquisition, T.P. All authors have read and agreed to the published version of the manuscript.
Funding
This research was supported by the EU NextGenerationEU through the Recovery and Resilience Plan for Slovakia under the project within the Smart Transformational and Innovation Consortium Slovakia (STICS) No. 09I02-03-V01-00011.
Institutional Review Board Statement
Not applicable.
Informed Consent Statement
Not applicable.
Data Availability Statement
Data and legislation available online at www.eur-lex.eu (accessed on 1 December 2025).
Conflicts of Interest
The authors declare no conflicts of interest.
References
- Dušek, J. Transformation of Settlement Structures in Europe: Trends, Challenges, and Reform Approaches. Land 2025, 14, 167. [Google Scholar] [CrossRef]
- Gil, I.A.M.; Ferreira, F.A.F.; Ferreira, N.C.M.Q.F.; Smarandache, F.; Khanam, M.; Daim, T. Artificial intelligence, society 5.0 and smart city adaptation initiatives for businesses: An integrated approach. Technovation 2026, 150, 103377. [Google Scholar] [CrossRef]
- Kogabayev, T.; Banerjee, S. Advancing Smart Governance in Kazakhstan: A Critical Analysis of Digital Initiatives and Policy Implications. In AI and Digital Transformation: Opportunities, Challenges, and Emerging Threats in Technology, Business, and Security; Communications in Computer and Information Science; Springer Nature: Cham, Switzerland, 2026; pp. 183–207. [Google Scholar] [CrossRef]
- Funta, R. Automated Driving and Data Protection: Some Remarks on Fundamental Rights and Privacy. Kryt. Prawa 2021, 13, 106–118. [Google Scholar] [CrossRef]
- Bernad, C.; Dedinec, A.; Gilly, K.; Filiposka, S.; Mishev, A. Towards smart 6G: Mobility prediction for dynamic edge services migration. Expert Syst. Appl. 2026, 297, 129348. [Google Scholar] [CrossRef]
- Bolin, A. Economic implications of smart meter deployment in enhancing energy efficiency and demand flexibility in the residential smart economy. Energy Build. 2025, 349, 116496. [Google Scholar] [CrossRef]
- Srebalová, M.; Peráček, T.; Mucha, B. Nuclear Waste Potential and Circular Economy: Case of Selected European Country. In Developments in Information and Knowledge Management Systems for Business Applications; Studies in Systems, Decision and Control; Springer: Cham, Switzerland, 2023; Volume 462, pp. 271–292. [Google Scholar] [CrossRef]
- Velasquez Mendez, A.; Lozoya Santos, J.; Jimenez Vargas, J.F. Strategic Socio-Technical Innovation in Urban Living Labs: A Framework for Smart City Evolution. Smart Cities 2025, 8, 131. [Google Scholar] [CrossRef]
- Abiodun, O.; Abadi, M.; Ejohwomu, O.; Manu, P. Transitioning to smart circular construction: A conceptual framework for circular economy implementation through Construction 4.0 technologies. Environ. Impact Assess. Rev. 2026, 118, 108260. [Google Scholar] [CrossRef]
- Kollár, V.; Matúšová, S. The Concept of Smart Cities—An Accelerator of the Circular Economy. In Developments in Information and Knowledge Management Systems for Business Applications; Studies in Systems, Decision and Control; Springer: Cham, Switzerland, 2026; Volume 602, pp. 43–73. [Google Scholar]
- Ifiss, S.; Saffaj, T. AI for sustainable development: Modelling the impact of the 17 SDGs on public sector performance under agenda 2030. Eur. J. Sustain. Dev. Res. 2026, 10, em0350. [Google Scholar] [CrossRef]
- Hussein, S.; Al-Obide, A.; Mohamed, S. AI and Smart Cities: Legal Challenges in the UAE Metaverse Economy. In Artificial Intelligence in Business; Lecture Notes in Networks and Systems; Springer Nature: Cham, Switzerland, 2026; pp. 188–201. [Google Scholar] [CrossRef]
- Popa Tache, C.E.; Vâlcu, E.N. Artificial Intelligence and Corporate Liability Towards a New Legal-Ethical Contract in the Dynamics of Emerging Global Human Rights convergences. Jurid. Trib. Rev. Comp. Int. Law 2025, 15, 281–305. [Google Scholar]
- Funta, R.; Krásna, D. Legal limitations and justifications in the training and deployment of generative AI models under copyright law. TalTech J. Eur. Stud. 2025, 15, 162–179. [Google Scholar] [CrossRef]
- Salim, S.S.; Luxembourg, S.L.; Smekens, K.; Dalla Longa, F.; van der Zwaan, B. Pathways to climate neutrality: Europe’s energy transition under the Green Deal. Renew. Sustain. Energy Rev. 2026, 226, 116272. [Google Scholar] [CrossRef]
- Ulpiani, G.; Rebolledo, E.; Vetters, N.; Florio, P.; Bertoldi, P. Funding and financing the zero emissions journey: Urban visions from the 100 Climate-Neutral and Smart Cities Mission. Humanit. Soc. Sci. Commun. 2023, 10, 647. [Google Scholar] [CrossRef]
- Stoltz, A.-K.; Pasic, E.; Brokvist, E. Climate City Contract as an innovative governance tool for the mission on climate-neutral and smart cities. ECEEE Summer Study Proc. 2022, 383–390. Available online: https://www.proceedings.com/content/079/079629webtoc.pdf (accessed on 1 December 2025).
- Giffinger, R.; Fertner, C.; Kramar, H.; Kalasek, R.; Pichler-Milanović, N.; Meijers, E. 2007: Smart Cities Ranking of European Medium-Sized Cities. Centre of Regional Science, Vienna UT. Available online: https://www.smart-cities.eu/download/smart_cities_final_report.pdf (accessed on 1 December 2025).
- Ene, C. The cross-border conversion—A possible solution for the mobility of companies in the European Union. Perspect. Law Public Adm. 2020, 9, 54–57. [Google Scholar]
- IESE Business School. Tax Strategy as a Capital Allocation Consideration in Entrepreneurial Acquisition. 2023. Available online: https://media.iese.edu/research/pdfs/ST-0642-E.pdf (accessed on 1 December 2025).
- Pană, N. Artificial Intelligence, Industry 4.0 and Human Rights. Jurid. Trib. Rev. Comp. Int. Law 2025, 15, 561–577. [Google Scholar]
- Carvalho, R. Climate Change, Urban Planning and Environmental Migrants. Jurid. Trib. Rev. Comp. Int. Law 2025, 15, 757–770. [Google Scholar]
- European Commission. Protecting Your Rights 25 Years of the EU Charter of Fundamental Rights. 2020. Available online: https://ec.europa.eu/info (accessed on 1 December 2025).
- Zhang, L.; Lu, Y. Study on artificial intelligence: The state of the art and future prospects. J. Ind. Inf. Integr. 2021, 23, 100224. [Google Scholar] [CrossRef]
- IEA. CO2 Emission 2022. Available online: https://www.iea.org/reports/co2-emissions-in-2022 (accessed on 1 December 2025).
- Derbas, A.A.; Bordin, C.; Mishra, S. Artificial Intelligence for Resilient and Intelligent Microgrid Control in Smart Cities: A Comprehensive Review of Techniques and Applications. In Sustainability in Energy and Buildings 2024; Smart Innovation, Systems and Technologies; Springer Nature: Singapore, 2024; pp. 551–567. [Google Scholar] [CrossRef]
- Hamza, A.M.D.; Ilyas, M. Artificial Intelligence Techniques for Renewable Energy Based Smart Grid Management in Smart Cities. In Pattern Recognition and Artificial Intelligence; Lecture Notes in Networks and Systems; Springer Nature: Cham, Switzerland, 2026; pp. 599–617. [Google Scholar] [CrossRef]
- European Parliament and Council. Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 Laying Down Harmonised Rules in the Field of Artificial Intelligence and Amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act). 2024. Available online: https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng (accessed on 1 December 2025).
- European Parliament and Council. Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European Data Governance and Amending Regulation (EU) 2018/1724 (Data Governance Act). 2022. Available online: https://eur-lex.europa.eu/legal-content/SK/TXT/?uri=CELEX:32022R0868 (accessed on 1 December 2025).
- European Parliament and Council. Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on Harmonised Rules on Fair Access to and Use of Data and Amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act). 2023. Available online: https://eur-lex.europa.eu/legal-content/SK/TXT/?uri=CELEX:32023R2854 (accessed on 1 December 2025).
- European Parliament and Council. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). 2016. Available online: https://eur-lex.europa.eu/legal-content/SK/TXT/?uri=CELEX:32016R0679 (accessed on 1 December 2025).
- European Parliament and Council. Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 Concerning Measures for a High Common Level of Cybersecurity Across the Union and Amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972 and Repeals Directive (EU) 2016/1148 (NIS 2 Directive). 2022. Available online: https://eur-lex.europa.eu/legal-content/sk/ALL/?uri=CELEX:32022L2555 (accessed on 1 December 2025).
- European Parliament and Council. Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on Open Data and the Reuse of Public Sector Information (Recast). 2019. Available online: https://eur-lex.europa.eu/legal-content/CS/ALL/?uri=CELEX:32019L1024 (accessed on 1 December 2025).
- Tronnier, F.; Löbner, S.; Lacombe, M.-H.; Rannenberg, K. Regulatory Challenges in Cybersecurity—A Critical Analysis of the EU AI Act. In Information Security Education. Empowering People Through Information Security Education; IFIP Advances in Information and Communication Technology; Springer Nature: Cham, Switzerland, 2026; pp. 80–93. [Google Scholar] [CrossRef]
- Cors, M.S.; Thiébaut, R. Artificial intelligence and the impact of the EU AI Act in business organizations. AI Mag. 2025, 46, e70039. [Google Scholar] [CrossRef]
- Prégent, A. Is there not an obvious loophole in the AI act’s ban on emotion recognition technologies? AI Soc. 2025, 40, 5581–5582. [Google Scholar] [CrossRef]
- Roy, A.; Rizou, S.; Papadopoulos, S.; Ntoutsi, E. Achieving Socio-Economic Parity through the Lens of EU AI Act. In Proceedings of the 2025 ACM Conference on Fairness Accountability and Transparency, Athens, Greece, 23–26 June 2025; pp. 1890–1901. [Google Scholar]
- Sarkar, S.; Sunheriya, N.; Giri, J.; Al-Qawasmi, K.; Chadge, R. A Comprehensive Quantitative Model for Ethical AI Risk Assessment: EU Act on Artificial Intelligence. In Artificial Intelligence in the Digital Era; Studies in Systems, Decision and Control; Springer: Cham, Switzerland, 2026; Volume 594, pp. 145–165. [Google Scholar] [CrossRef]
- Shcherbanyuk, O.; Bzova, L. Rule of Law and Human Rights: Analysis of International Standards and Case Law. Perspect. Law Public Adm. 2024, 13, 25–32. [Google Scholar] [CrossRef]
- Bignami, E.G.; Russo, M.; Semeraro, F.; Bellini, V. Balancing Innovation and Control: The European Union AI Act in an Era of Global Uncertainty. JMIR AI 2025, 4, e75527. [Google Scholar] [CrossRef]
- Sioli, L.; D’Arrigo, M. Human agency and oversight—A responsible and trustworthy use of artificial intelligence: The AI act approach. In The Routledge Handbook of Artificial Intelligence and International Relations; Taylor & Francis: Abingdon, UK, 2025; pp. 347–359. [Google Scholar]
- Schneble, M.; Kauermann, G. Statistical modelling of on-street parking spot occupancy in smart cities. J. R. Stat. Soc. Ser. C Appl. Stat. 2025, 74, 1128–1149. [Google Scholar] [CrossRef]
- Yazici, T. Toward a global standard for ethical AI regulation: Addressing gaps in AI-driven biometric and high-resolution satellite imaging in the EU AI Act. Law Innov. Technol. 2025, 17, 366–394. [Google Scholar] [CrossRef]
- United Nation. Global Assessment of Responsible AI in Cities Research and Recommendations to Leverage AI for People-Centred Smart Cities. Available online: https://unhabitat.org/sites/default/files/2024/08/global_assessment_of_responsible_ai_in_cities_21082024.pdf (accessed on 1 December 2025).
- Torres Cazorla, M.I. The Future Is Now: AI and Health, Where Are We Going? Jurid. Trib. Rev. Comp. Int. Law 2025, 15, 525–538. [Google Scholar]
- Tissayakorn, K. Comparative analysis of E-government development status of ASEAN member states: Accomplishments and challenges. Sustain. Futures 2025, 10, 101353. [Google Scholar] [CrossRef]
- Wade, M.; Lagodny, A.; Andersen, A.-C.; Avelines, C.; Plueckebaum, A. Do You Really Need a Chief AI Officer? MIT Sloan Manag. Rev. 2024, 66, 62–66. [Google Scholar]
- Tache Popa, C.E.; Catalin Sararu, S. Evaluating Today’s Multi-Dependencies in Digital Transformation, Corporate Governance and Public International Law Triad. Cogent Soc. Sci. 2024, 10, 2370945. [Google Scholar] [CrossRef]
- Palmero, C.; Arranz, N.; Arroyabe, M.F. Thematic Coherence in Mission-Oriented EU Energy Policy: A Network-Based Analysis of Horizon Europe’s Sustainability Funding Calls. Sustainability 2025, 17, 9025. [Google Scholar] [CrossRef]
- European Commission. Horizon Europe. 2025. Available online: https://research-and-innovation.ec.europa.eu/funding/funding-opportunities/funding-programmes-and-open-calls/horizon-europe_en (accessed on 1 December 2025).
- Abnett, K.; Jessop, S. EU Backs 650-Billion-Euro Plan to Help Cities Reach Net Zero by 2030. 2024. Available online: https://www.reuters.com/sustainability/sustainable-finance-reporting/eu-backs-650-billion-euro-plan-help-cities-reach-net-zero-by-2030-2024-06-25/ (accessed on 1 December 2025).
- Climate KIC. Climate KIC Will Help 100 European Cities to Achieve Climate Neutrality. 2022. Available online: https://www.climate-kic.org/press-releases/cities-climate-neutrality/ (accessed on 1 December 2025).
- European Commission. Horizon Europe: EUR 41 Million Available Under the Climate-Neutral and Smart Cities EU Mission. 2025. Available online: https://cinea.ec.europa.eu/funding-opportunities/calls-proposals/horizon-europe-eur-41-million-available-under-climate-neutral-and-smart-cities-eu-mission_en (accessed on 1 December 2025).
- European Commission. The Digital Europe Programme. 2025. Available online: https://digital-strategy.ec.europa.eu/en/activities/digital-programme (accessed on 1 December 2025).
- City Košice. SAM SUD Project—Smart Asset Management for Sustainable Urban Development—Intelligent Asset Management for Sustainable Urban Development. Available online: https://www.kosice.sk/clanok/projekt-sam-sud-smart-asset-management-for-sustainable-urban-development-inteligentne-riadenie-aktiv-pre-udrzatelny-mestsky-rozvoj (accessed on 1 December 2025).
- City Banská Bystrica. IoT Smart Solutions in Operation in the City of Banská Bystrica. Available online: https://www.banskabystrica.sk/projekty/iot-smart-riesenia-v-prevadzke-mesta-banska-bystrica/ (accessed on 1 December 2025).
- SITA. Slovak Cities are Interested in Innovation, Remišová’s Ministry Increased Funding for Smart City Solutions. Available online: https://sita.sk/vtechnologiach/slovenske-mesta-maju-zaujem-o-inovacie-remisovej-ministerstvo-navysilo-financie-pre-smart-city-riesenia/ (accessed on 1 December 2025).
- Campanile, L.; Iacono, M.; Mastroianni, M.; Riccio, C.; Viscardi, B. A TOPSIS-Based Approach to Evaluate Alternative Solutions for GDPR-Compliant Smart-City Services Implementation. In Computational Science and Its Applications—ICCSA 2025 Workshops; Lecture Notes in Computer Science; Springer Nature: Cham, Switzerland, 2026; pp. 303–316. [Google Scholar]
- Zorluoğlu Yilmaz, A. Joint Controllership Under the GDPR—Concept, Responsibilities, and Liability. Jurid. Trib. Rev. Comp. Int. Law 2025, 15, 93–107. [Google Scholar]
- Gumzej, N. Applicability of ePrivacy Directive to national data retention measures following invalidation of the Data Retention Directive. Jurid. Trib. 2021, 11, 430–541. [Google Scholar] [CrossRef]
- Gumzej, N. DPA powers toward effective and transparent GDPR enforcement: The case of Croatia. Jurid. Trib. 2023, 13, 192–223. [Google Scholar] [CrossRef]
- Schreiber, M.; Tippe, P. Security Vulnerabilities in AI-Generated Code: A Large-Scale Analysis of Public GitHub Repositories. In Information and Communications Security; Lecture Notes in Computer Science; Springer Nature: Singapore, 2026; pp. 153–172. [Google Scholar] [CrossRef]
- Hansen, M.; Runge, G.; Gruschka, N.; Jensen, M. Illuminating the DPIA Blackbox—A Survey of Data Protection Impact Assessment Practices in Organisations. In Privacy Technologies and Policy; Lecture Notes in Computer Science; Springer Nature: Cham, Switzerland, 2026; pp. 178–201. [Google Scholar] [CrossRef]
- Castaldi, C.; Abbasiharofteh, M.; Petralia, S. European regions transitioning to green markets: The role of related capabilities and public procurement policies. Res. Policy 2026, 55, 105374. [Google Scholar] [CrossRef]
- Brener, A. The role of compliance as a ‘gate-keeper’ function in financial services: Reality vs regulatory conception. Eur. Bus. Law Rev. 2019, 30, 965–984. [Google Scholar] [CrossRef]
- Funta, R.; Buttler, D. The digital Economy and legal challenges. Intereulaweast 2023, 10, 145–160. [Google Scholar] [CrossRef]
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2026 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license.