Enterprise AI

The Compliance Gap in Multimodal AI: Why Visual Data Needs Its Own Governance Framework

By Yunfei Zhao, COO of Abaka AI

Most organisations that have started building AI compliance programmes are thinking about text. They are scanning structured databases for personally identifiable information (PII), reviewing how customer records flow through language models and documenting the provenance of their text-based training datasets. All of this is necessary. None of it is sufficient. 

But AI stopped being a text-only game a while ago. A self-driving car doesn’t learn to navigate from a spreadsheet — it needs millions of hours of dashcam footage. A radiology AI trains on chest X-rays, not patient intake forms. Video generation tools, robotics platforms, AR systems — they all eat visual and spatial data for breakfast. The compliance frameworks most organisations have in place were built for structured databases. Not for any of this. 

Regulators are catching up — but operations are not 

The legal ground is shifting fast. California’s AB 2013 kicked in at the start of this year — if you build generative AI, you now owe the public a summary of what went into your training data. Copyrighted material? PII? Synthetic content? Disclose it. 

Europe is going further. When the EU AI Act’s high-risk provisions reach full enforcement in August, scraping faces off the internet without a specific legal basis becomes explicitly illegal. Any system that touches biometric data will need a documented risk assessment on file. 

The UK is moving too. The ICO rolled out a dedicated AI and Biometrics Strategy in June 2025, its first framework specifically aimed at GDPR compliance for these technologies. 

The message from regulators is clear: a photo of someone’s face should be treated with the same care as their social security number. Most AI operations teams are not there yet. 

Text-based PII tools do not work on pixels 

Here is where the gap gets practical. When a compliance team needs to scan a text dataset for PII, they have mature options. Regex patterns catch phone numbers and email addresses. Transformer-based NLP models flag names and addresses in unstructured text. Dedicated privacy frameworks combine multiple methods for layered detection. 

Now try doing that with half a million street-level photos collected for a computer vision model. I’ve spent enough time reviewing this kind of data to know what’s in there. A woman walking her dog, face clearly visible. A licence plate two cars behind the subject vehicle, sharp enough to read. A medical office sign with a phone number in the corner of the frame that nobody noticed during collection. None of that shows up in a database column. It’s buried in pixels. Most PII scanning tools will walk right past it. 

The NIST definition of PII explicitly includes “photographic image, especially of a face or other identifying characteristics” and “biometric records such as fingerprints, voice signature, facial geometry.” Yet many organisations treat visual data as if it sits outside their PII governance framework entirely. 

Tools for visual PII detection do exist. Meta open-sourced EgoBlur for face and licence plate detection in egocentric camera feeds. Commercial computer vision pipelines can detect and blur faces at scale. 

But having a tool available is not the same as having a process in place. In my experience running data operations, the gap is rarely technical. It is organisational: nobody owns the question of whether visual training data has been properly screened before it enters a pipeline. 

The multimodal blind spot in three dimensions 

The compliance gap with visual and spatial data shows up in three places. 

Collection. When organisations collect video or image data for AI training, consent mechanisms are often designed for the people holding the camera — not for the bystanders captured in the background. A street-level dataset collected for autonomous driving includes pedestrians who never agreed to participate. A retail analytics dataset captures shoppers who were never informed. 

This is not a hypothetical risk. KPMG’s 2025 review of biometric privacy documents that the FTC is already scrutinising businesses for failing to obtain informed consent before collecting facial and other biometric data. In some enforcement actions, companies were required to delete not just the data — but the models trained on that data. 

Labelling. Annotation is where human eyes meet raw data. When a team labels objects in video — tagging pedestrians, vehicles, gestures, medical conditions — they are often working with unredacted footage. 

The Perforce 2025 State of Data Compliance report found that 95% of organisations use sensitive data in non-production AI environments. For visual data, this means annotators may have direct access to identifiable faces and locations that would never be permitted in a text-based workflow. Yet few organisations apply the same access controls to their annotation pipelines as they do to their production databases. 

Retention and deletion. Text records can be deleted from a database with a query. Visual data is harder. A face captured in a training video persists in every frame where that person appears. Deleting a single individual’s data from a video dataset may require re-processing thousands of hours of footage. 

And if a model was already trained on that data before the deletion request came in? Whether the model “remembers” the individual — through memorisation or feature encoding — is a question regulators have not yet tested in enforcement. Data compliance guides now recommend keeping training datasets versioned so specific records can be excluded from future runs. Sensible advice. Almost nobody applies it to visual data. 

What operations leaders should be asking 

If you oversee data operations for an AI programme that uses any form of visual or spatial data, there are a handful of questions worth raising now — before a regulator raises them for you. 

Does your PII detection pipeline cover visual data, or only structured text? Who reviews images and video for identifiable information before they enter the training pipeline? 

Do your annotation teams operate under the same data handling agreements as your production database administrators? Can you trace a specific individual’s data through your visual dataset and remove it on request? 

And if a trained model has already ingested that data, what is your remediation plan? 

These are not theoretical questions. With the EU AI Act’s high-risk provisions taking effect this year and California now requiring training data disclosures, the window for treating visual data as an afterthought is closing. 

The organisations that build multimodal compliance into their data operations now — not as a bolt-on, but as a core workflow — will be better positioned when enforcement arrives. Those that wait will discover, as many already have with text-based compliance, that retrofitting governance after the fact costs significantly more than building it in from the start. 

Author

Related Articles

Back to top button