AI loss prevention software is one of the noisier vendor categories in UK retail right now. Every other week another product launches; the demos look similar; the per-store pricing varies by an order of magnitude. If you are the loss-prevention leader doing the evaluation, here is the shorter version of the questions worth asking before you sign anything.
1. Behaviour detection or face recognition (or both)?
AI shoplifting detection on CCTV usually means one of two things. Behaviour-based detection watches for concealment, grab-and-run and till incidents on a per-camera state machine. Face recognition matches detected faces against a watchlist. They solve different problems.
Behaviour-only is the right floor for a single-site retailer with a low-value SKU mix. The moment you operate multiple sites or carry high-value SKUs (spirits, fragrance, electronics, vapes), face recognition with a cross-store banned list is where the operational value sits, repeat offenders stop being one manager's problem and become a chain problem.
If a vendor tells you face recognition is too risky to do under UK GDPR, that means they are not set up to do it compliantly. It is possible to do it compliantly, but it requires architecture decisions a behaviour-only vendor has not made.
2. Who reviews every consequential action?
Any AI surveillance product that takes a consequential action against an individual without a human review step is creating legal exposure for the retailer that buys it. The right pattern is: AI proposes, human disposes.
Ask the vendor exactly which actions require human approval. If banning someone, forwarding to police, or any persistence of identity can happen without a named human stepping in, that is the answer to whether you should be considering them. We have a longer write-up of why this matters in our piece on human-in-the-loop.
3. ICO-registered? ISO 27001 certified?
These are not optional for a UK retail surveillance product. Ask for the ICO registration number. Ask for the ISO 27001 certificate, the certifier, and the certificate number, and verify it independently. Ask for the ISO 9001 certificate while you are at it.
4. Where do face vectors live vs where video lives?
This is the technical question a DPO will ask. Face embeddings (the 512-dimension vector that represents a face) and video clips should not share a database row, a storage object, or an access control boundary. If they do, your right-to-erasure workflow becomes nearly impossible to implement cleanly.
We separate the two structurally: vectors live in a vector index, video lives in object storage, and the connection between them is via an authorisation-gated reference. We wrote about why this matters.
5. Edge inference, or stream everything to the cloud?
Cloud-only AI on CCTV means continuous video streaming out of every store. A 20-camera store streams roughly 80–160 Mbps. Across 50 stores you are paying for an enterprise broadband bill that doesn't show up on the AI vendor's quote.
Edge inference runs the detection model in the store, on a per-camera basis. Only events leave the building. Latency drops, bandwidth drops, and the GDPR story is fundamentally easier, raw video never goes anywhere.
6. What is the cross-store watchlist story?
If you operate multiple sites, the watchlist matters more than any other single feature. A face flagged at one site should be recognised at every site automatically, no manual cross-checking, no per-store administration.
Ask: how long from a face being added at one site to it being recognised at another? With QuantumEye this is seconds. Some vendors run their watchlist per-store with no estate sync, which leaves the cross-site pattern, where most of the value is, invisible.
7. What is the false-positive posture?
False positives are the metric most likely to determine whether a deployment is operationally usable. Ask the vendor for their false-positive numbers on UK convenience or grocery footage, not US grocery, which is a different environment.
Models tuned on US data tend to over-fire in UK convenience because aisle widths, bag policies and camera angles differ. Ask whether their thresholds have been UK-tuned. We wrote about our own tuning journey.
8. What is in the police evidence pack?
A clip is not an evidence pack. A forwardable pack needs the multi-camera handoff chain, the audit log, the prior matches (if face recognition is in play), the timestamps, and the user authorisation chain showing who confirmed and who approved.
If the vendor's idea of police forward is a PDF screenshot of a clip, you will lose prosecutions that better tooling would win. The CCTV review KPI piece covers what 'forward-ready' actually requires.
9. Is the audit log append-only?
An audit log that can be edited is not an audit log. Append-only storage is the standard a retailer can defend to the ICO, to the police, and (if it ever gets there) to a court. Ask explicitly.
10. Whose cameras does it work with?
RTSP / ONVIF support is the floor, that covers most modern IP CCTV. If the vendor sells their own cameras, you are about to be locked in. The right answer is: works with the cameras you already have.
11. What is the data residency story?
UK retail data wants a UK or EU residency story. Ask where compute, storage, and vector indices live. For QuantumEye it is AWS eu-north-1 (Stockholm); we publish this on the trust centre.
12. What does the actual roll-out look like?
Last one. Ask for the rollout plan: kit-on-site, network, edge-node install, configuration, training, go-live. If they cannot describe it in concrete terms with timelines, they have not done it enough times. A typical first-store deployment should be measured in days, not weeks.
The scoring sheet
If you tally honest answers across the twelve, the shape of a viable AI loss prevention vendor for UK retail emerges. The ones who tick all twelve are not actually a long list. The ones who tick most of them are usually worth a pilot.