AI-enabled smart glasses and wearable devices represent a powerful but high-risk evolution in workplace technology. The C2C SmartCompliance approach is grounded in responsible innovation and risk-based governance, helping organizations cut through the hype to understand the real security, privacy, safety, and compliance implications of these devices. We provide practical, actionable guidance on how to assess AI-enabled wearables, determine where they deliver legitimate business value, and implement proportionate controls to manage risks such as continuous data capture, cloud-based AI processing, limited device transparency, and regulatory exposure. Our focus is not on blocking innovation, but on enabling informed, defensible decisions that protect people, data, and operations.

AI-Enabled Smart Glasses and Wearable Devices

This should be a specific AI Policy / AI Standard, not embedded wholesale in a general Acceptable Use Policy (AUP). However, it should be referenced and enforced through AUP.

AI-enabled smart glasses represent a paradigm shift in workplace technology with far-reaching implications for information security, individual privacy, operational safety, and regulatory compliance. The convergence of always-on sensors, advanced AI processing capabilities, and seamless cloud connectivity introduces material risks related to covert or continuous recording, unauthorized data capture, data exfiltration, surveillance, and misuse of sensitive or regulated information. These risks exceed [Company] current ability to reliably monitor, control, and audit information flows in secure and operational environments.

Due to the limited transparency and governability of consumer-grade AI-enabled wearable devices—particularly with respect to data capture, AI model behavior, storage locations, and third-party processing—such devices are treated as untrusted by default in accordance with zero-trust security principles. Unless a compelling, documented business justification exists, supported by a formal risk assessment and measurable return on investment (ROI), the use of AI-enabled smart glasses is prohibited within [Company] facilities.

Accordingly, the use of AI-enabled smart glasses and wearable devices with recording, data capture, or on-device or cloud-based AI processing capabilities (including, but not limited to, Meta Ray-Ban smart glasses, Samsung smart glasses, Apple Vision Pro, and similar consumer devices) is strictly prohibited in all [Company] facilities. This includes offices, data centers, manufacturing sites, operational environments, and customer-facing locations.

This prohibition applies to all employees, contractors, visitors, and vendors. Individuals entering [Company] facilities while in possession of such devices must surrender them to building security for secure storage or ensure the devices are powered off and incapable of recording or transmitting data for the duration of their presence on site.

Use of enterprise-grade wearable devices may be permitted only where a documented business case demonstrates operational necessity and value, and where risks can be reduced to an acceptable level. Any such use requires explicit written authorization from the Chief Information Security Officer (CISO) following completion of a documented risk assessment and, where applicable, legal review. Approved devices must be subject to appropriate technical and administrative safeguards, including but not limited to Mobile Device Management (MDM) enrollment, activity logging, and location or zone-based usage restrictions.

Employees are required to immediately report any observed or suspected use of unauthorized recording or AI-enabled wearable devices to [Company] Security.

Violations of this policy may result in disciplinary action up to and including termination of employment, revocation of access privileges, removal from [Company] premises, and referral to law enforcement where applicable.

This policy is necessary to protect confidential and sensitive business information, employee privacy, customer data, and critical infrastructure, and to support compliance with applicable data protection, privacy, surveillance, and consent laws and regulations, including but not limited to GDPR, CCPA, HIPAA, and relevant state wiretapping and consent laws, where applicable.

This content should be issued as a standalone AI Acceptable Use Policy (or AI Technology Standard) and formally referenced by the corporate Acceptable Use Policy to ensure enforceability across employees, contractors, and visitors.

Acceptable Use Policy – AI Technology Reference Clause (Unionized Environment)

The use of artificial intelligence systems, AI-enabled devices, and AI-powered technologies is subject to additional requirements and restrictions set forth in the Company’s AI Acceptable Use Policy and related AI standards. This includes restrictions on the use of AI-enabled smart glasses, wearable devices, and recording technologies within Company facilities.

These requirements are intended to protect confidential business information, employee privacy, customer data, and operational safety, and are not intended to introduce employee monitoring, surveillance, or changes to terms and conditions of employment beyond those permitted by applicable law and existing collective bargaining agreements.

All employees, contractors, consultants, vendors, and visitors are expected to comply with applicable AI-related policies, standards, and procedures. Enforcement of AI-related policies will be carried out in a manner consistent with applicable labor laws, collective bargaining agreements, and established disciplinary processes. Violations may result in corrective or disciplinary action, where appropriate, consistent with such agreements and legal requirements.

‍

Need Help Navigating Your Risk

Get in touch. We'd love to help.

‍