Implementing ISO 37122 in Civic AI.

Short answer: you bind municipal systems behind a single ISO 37122-aligned interface layer, instrument every action with provenance, and resolve security tension by treating the AI as an additional consumer of existing access controls — not a replacement for them.

What ISO 37122 actually constrains

ISO 37122 defines indicators for smart cities — performance metrics across economy, governance, environment, and quality of life. It is not a technical standard for AI; it is a measurement standard for outcomes. The implementation question is: how does your AI deployment produce evidence against those indicators without creating new audit liabilities?

The 10+ systems problem

A typical municipality runs ten or more systems with overlapping authority: licensing, complaints, billing, transport, parks, environmental sensors, social services, internal HR, GIS, and at least one legacy mainframe nobody touches. Generative AI must read from these and, sometimes, act on them. The naive integration — direct API calls per system — fails compliance because each integration becomes its own audit surface.

The single-interface pattern

The compliant pattern is one normalised interface layer between AI and the municipal estate. That layer enforces three properties:

• Identity propagation: the AI always acts on behalf of a named human or service identity. No anonymous calls.
• Read/write separation: read endpoints and write endpoints have different audit rules. Writes always require a documented authorising action.
• Standardised provenance: every fact the AI uses to answer carries a citation to its source system and timestamp.

Citizen-facing interfaces and escalation

A citizen cannot opt out of municipal services. Every conversational interface must therefore have a designed human-handoff path before launch — not as a fallback, but as a primary route for any case where the AI is uncertain or where the consequence of error is material.

Data residency in practice

Sovereign residency means more than storage location. It means: inference runs inside the jurisdiction, model weights are not updated using regulated payloads, and any third-party vendor in the stack has a documented exclusion from sensitive data paths. Procurement teams should ask vendors to produce a data-flow diagram, not a privacy statement.

Suggested first deployment

Start with a read-only interface to a single bounded municipal domain — for example, public licensing inquiries. Instrument provenance from day one, run against a public ISO 37122 indicator (e.g. average resolution time), and only after that pilot survives audit, extend to systems that can write.