A new AI-powered hacking tool called ‘Villager’ is being used by attackers to automate complex cyberattacks, researchers have warned.

Developed by China-based group Cyberspike, Villager mimics legitimate penetration testing tools but uses AI to adapt attacks in real time. It runs on Kali Linux, is powered by DeepSeek v3, and has been downloaded over 10,000 times since July 2025.

Unlike older tools like Cobalt Strike, Villager can exploit vulnerabilities based on natural language prompts, detect a target’s setup, and select the most effective method of attack. It creates temporary containers that delete themselves after 24 hours to avoid detection.

Researchers say this dramatically lowers the skill level required to carry out advanced attacks, making it easier for inexperienced hackers to breach systems and establish persistence.

Businesses can protect themselves by patching known vulnerabilities, using strong endpoint detection and response (EDR) tools, and monitoring for suspicious automated activity, especially container-based processes.

A plant-based sachet developed by two young Ugandan entrepreneurs could dramatically cut post-harvest food loss, improve farmer incomes, and support global sustainability goals.

Tackling a Problem Rooted in Waste and Inequality

Every year, more than 1.3 billion tonnes of food are wasted worldwide, according to the UN Food and Agriculture Organisation. Much of this loss occurs before food even reaches consumers. For smallholder farmers in countries like Uganda, rapid fruit spoilage during transport and storage often leads to devastating losses and missed income. At the same time, hundreds of millions of people remain food insecure, creating a stark global imbalance between surplus and scarcity.

First-Hand Experience of the Inventors

One of the main drivers behind the invention came from the co-founders’ own lived experience. Both Sandra Namboozo and Samuel Muyita grew up in farming families and saw how often fresh produce would spoil before reaching market, largely due to a lack of refrigeration and poor infrastructure. That direct exposure to post-harvest loss led them to develop the simple (but science-led) solution of a small sachet that sits inside fruit crates and gradually releases natural plant compounds to slow spoilage and extend shelf life

Karpolax

Karpolax, Sandra Namboozo and Samuel Muyita’s company, based in Kampala, Uganda, was founded in 2020. The company’s core product is the biodegradable sachet that extends the shelf life of fruit by up to 30 days.

How Does The Sachet Work?

Rather than using synthetic preservatives, the sachet contains natural volatile organic compounds (VOCs) extracted from plants such as cloves, lemongrass, eucalyptus, and wintergreen.

These compounds are gradually released during storage and transport, forming a protective atmosphere inside packaging boxes. The vapours inhibit ethylene production (a key trigger for ripening) and suppress the enzyme phospholipase D, which contributes to cellular breakdown in fruit. The sachets also have antimicrobial properties, reducing mould and bacterial contamination without refrigeration.

Tripled The Shelf Life

In a pilot with Uganda’s National Agricultural Research Organisation, mangoes stored with Karpolax sachets stayed fresh for 33 days, which is triple the 11-day shelf life of untreated fruit. The company has since tested the product on bananas, apples and oranges, and is developing new variants for pineapples, berries and peppers.

Recognised Innovation With a Social Mission

Karpolax was recently named a top-10 innovator in the European Patent Office’s 2025 Young Inventors Prize, recognised under the “Community Healers” category. The award celebrates under-30 inventors using technology to meet the UN Sustainable Development Goals.

The company has already supplied over 100 farmers, 250 market vendors and 20 produce exporters in Uganda. Expansion is also planned across East Africa, including to Kenya and Rwanda, where post-harvest losses are similarly high. According to the UN, up to 45 per cent of fruit and vegetables perish before sale in sub-Saharan Africa due to a lack of cold storage and poor market access.

“Our goal was never just to invent something,” said Namboozo. “It was to make science work for the communities we come from.”

Potential Impact on Global Supply Chains

Although Karpolax was created with low-resource regions in mind, its relevance extends far beyond Uganda. For example, the World Bank estimates that halving food loss could feed an additional one billion people. It could also significantly reduce emissions, as food waste contributes 8–10 per cent of global greenhouse gas emissions.

The sachets offer a low-cost, non-electric alternative to cold storage, which is often unaffordable or unavailable in rural areas. However, they may also appeal to exporters, wholesalers, and large retailers in wealthier markets. With growing pressure to meet ESG targets and reduce environmental impact, businesses in the UK and EU could benefit from solutions like Karpolax, especially those sourcing tropical fruits from African or Asian suppliers.

For example, large-scale importers or distributors could use the sachets during long-haul shipping, improving quality at arrival and reducing wastage costs. NGOs and agribusinesses working in sustainable development or supply chain resilience may also view the technology as a practical tool for smallholder empowerment.

Not Without Challenges

Despite its promise, Karpolax faces several hurdles. Like many start-ups in developing countries, access to funding is limited. Muyita has highlighted how early-stage support came from university mentors and competitions. Scaling manufacturing capacity and meeting regulatory standards in export markets will require further investment and strategic partnerships.

There is also a need for independent third-party verification of long-term results, especially under varying climatic and logistical conditions. While internal trials and national pilots show strong early outcomes, widespread adoption may hinge on building trust with new stakeholders, both in Africa and abroad.

Another challenge lies in market education. For example, many smallholder farmers and informal traders are unfamiliar with post-harvest tech, so uptake may depend on targeted awareness campaigns and training support.

A Broader Movement Toward Natural Preservation

It should be noted, however, that Karpolax is not alone in this space. For example, in India, a start-up called GreenPod Labs has developed a similar solution using plant-derived sachets that release active compounds to slow ripening. Their product is aimed at Indian fruits such as guava and papaya and also targets farm-to-market spoilage. Meanwhile, scientists at the University of Guelph in Canada have been exploring natural VOC coatings to prolong shelf life of berries and tomatoes.

Other approaches to reducing spoilage include smart packaging, such as labels that change colour when fruit begins to spoil, or biodegradable wraps that mimic the protective qualities of natural peels. However, many of these are still in R&D phases or face high production costs, limiting access in developing regions.

What sets Karpolax apart is its grounding in local knowledge, use of indigenous plant chemistry, and low-cost manufacturing. One key advantage of the sachets is that they don’t require any behavioural change from farmers, i.e. they simply sit in the box and do their job.

Good for Farmers, Businesses and the Planet

For smallholder farmers, especially in Uganda, the benefits are likely to be immediate. For example, by reducing post-harvest loss, farmers gain more time to sell, access better prices, and reinvest in their operations. This is particularly meaningful for women and young people, who make up a large share of the agricultural workforce in the region.

For businesses, the sachets offer a scalable and environmentally sound solution to the long-standing logistical problem of keeping produce fresh in transit. As climate change brings more volatility to food systems, supply chain resilience is becoming a higher priority for food companies and retailers.

Also, for sustainability goals, Karpolax supports several core UN targets, not just Zero Hunger and Responsible Consumption, but also Climate Action and Decent Work. It could, therefore, be described as a case of locally developed, science-based innovation with global relevance.

What Does This Mean For Your Organisation?

Karpolax’s innovation arrives at a time when both the environmental and economic costs of food waste are under closer scrutiny. A simple, passive preservation tool that extends shelf life by weeks rather than days offers a clear advantage not just in Uganda but across global supply chains. For growers, especially in regions without reliable refrigeration, it means less spoilage and more time to secure better prices. For exporters and logistics firms, it introduces a low-tech, low-cost buffer against delays, contamination and inconsistent storage conditions.

UK businesses operating in import, retail or agri-tech should also take note. As ESG pressures rise and the need for traceable, responsible sourcing grows, solutions like this provide a tangible opportunity to partner with early-stage but high-potential sustainability innovators. Whether as part of ethical sourcing strategies, international aid-linked supply chains, or fresh produce logistics, the commercial use cases are growing. There is also a reputational advantage in being aligned with technologies that promote climate resilience, zero waste and smallholder empowerment.

Still, longer-term success depends on scale, regulation, and proof. Karpolax will need to show that the technology remains effective under broader commercial conditions and that its cost advantage is maintained as production ramps up. The market is also competitive, with similar plant-based sachets and smart packaging tools under development elsewhere. What may give Karpolax an edge is its grounding in real-world problems, its use of local plant chemistry, and its focus on ease of use in resource-limited settings.

For sustainability advocates, this is one of the more promising types of innovation, i.e., low-cost, scalable, and directly aligned with everyday challenges. For farmers, it offers a rare form of control over a process they have often been excluded from. For wider industry, it’s a reminder that some of the most practical solutions may not come from labs in the Global North, but from the people who live and work at the heart of the problem.

Finding files in Windows hasn’t always been that easy but now that’s changed with the new search feature from CoPilot. This short video explains how to use it and then you’ll wonder how you lived without it!

[Note – To Watch This Video without glitches/interruptions, It may be best to download it first]

Protect your sensitive conversations with WhatsApp’s Chat Lock feature, adding an extra layer of security and privacy to your chats.

– Open the chat you want to lock by tapping on it.
– Tap the three dots (⋮) at the top right of the chat screen.
– Select “Lock Chat” to move the conversation to a protected folder.
– Access locked chats using your device’s authentication (fingerprint, face recognition, or passcode) or a secret code.

This feature ensures that confidential business discussions remain protected and accessible only to authorised individuals.

New EU rules on who can access and share data from connected products and cloud services are now live, with major implications for UK firms selling into the bloc.

What Is the EU Data Act?

The EU Data Act is a sweeping piece of digital legislation designed to reshape how data is accessed, shared, and transferred across the European Union. Proposed in February 2022 and adopted in late 2023, it formally came into force on 11 January 2024. Its main provisions, however, only became applicable from 12 September 2025, marking a major shift in Europe’s digital policy landscape.

The Focus

The law’s focus is on non-personal data, particularly that generated by connected devices, such as smart fridges, cars, factory machinery, wearable tech (and suchlike), and the digital services linked to them. It aims to ensure that users, whether individuals or businesses, can access the data generated by their devices and services, and share it with third parties, if they choose.

Its introduction forms part of the EU’s wider strategy to build a fair, innovative, and competitive data economy. It also addresses longstanding concerns over vendor lock-in, contractual imbalances, and a lack of transparency, especially in the cloud computing market.

Why the EU Introduced It

The European Commission has made clear its ambition to create a “single market for data.” With the rapid expansion of the Internet of Things (IoT), vast volumes of data are being produced but often remain locked within platforms controlled by manufacturers or service providers.

EU Commissioner Thierry Breton described the regulation as “a landmark in Europe’s digital decade,” saying it would ensure that “data is fairly shared, stored, and used, and that users have access to the value they help create.”

According to Commission estimates, the volume of industrial data in the EU is expected to increase fivefold between 2018 and 2030. The aim is to open up this data to support innovation across sectors, particularly for small businesses and the public sector.

Who It Applies To and Why UK Businesses Should Pay Attention

Although the Data Act is EU legislation, it has extraterritorial effect, i.e. UK companies can still fall within its scope if they:

– Sell connected products or provide related digital services to users in the EU.

– Offer cloud, edge, or data processing services (such as SaaS, PaaS, or IaaS) to EU-based customers.

– Hold or process non-personal data generated by EU users.

In short, any UK business that interacts with EU clients through connected products or cloud services may need to comply.

Which Are Affected Sectors?

The affected sectors are broad and include:

– Manufacturing (especially smart machinery and industrial equipment).

– Agriculture (IoT-enabled farming tools).

– Transport and logistics (connected vehicles, telematics/vehicle data tracking).

– Consumer tech (smart home devices, wearables).

– Cloud and SaaS providers.

– Facility and building management (smart meters, BMS systems).

What Just Came into Force on 12 September 2025?

From 12 September, many of the Act’s central provisions are now legally applicable across the EU, including:

– The right to access data. Users of connected devices, whether consumers or businesses, can request access to the data those products generate, free of charge and in a usable format.

– The right to share data. Users can also request that their data be shared with a third party of their choice, such as an independent repair provider or external analytics service.

– Fair contract rules. Contracts involving data access or sharing must not include unfair terms. The burden of proof lies with the data holder, who must demonstrate that the terms are fair and non-discriminatory.

– Cloud switching rights. Providers of data processing services must allow customers to switch to another provider more easily. This includes setting out clear porting terms and providing transparency around fees and procedures.

More Dates to Watch

While 12 September 2025 marks the beginning of formal obligations, businesses should also take note of two other key upcoming milestones:

– 12 September 2026. All new connected products placed on the EU market from this date must be designed to enable user access to the data they generate. This introduces a new “data access by design” requirement.

– 12 January 2027. Cloud providers will generally be banned from charging switching or data extraction (egress) fees, unless they can justify those charges objectively. This is likely to reshape the EU cloud market, which has faced repeated criticism over anti-competitive fee structures.

What UK Businesses Should Do Now

UK businesses that are affected need to take the following steps to comply:

– Assess applicability. First, determine whether the business sells connected products or offers relevant digital services within the EU. It is also vital to understand whether the data processed meets the definition of non-personal data generated through usage.

– Map data flows. A clear inventory of data flows is essential, i.e. what data is generated, who generates it, where it is stored, and how it is used or shared. This includes understanding which parties hold what rights over the data.

– Review contracts. Data sharing agreements and cloud service contracts must be updated to reflect new user rights. Any clauses that could be considered unfair, restrictive, or non-transparent may need to be removed or revised to ensure compliance.

– Build access infrastructure. Technical systems must allow users and authorised third parties to access data securely, quickly, and in machine-readable formats. Businesses should also start planning now for September 2026, when connected products must be built with user access in mind.

– Clarify cloud terms. Cloud providers must publish clear switching procedures, exit timelines, and any related fees. Some have already acted. Google Cloud, for example, announced it would waive egress fees to support compliance with the new rules.

– Protect trade secrets. Where businesses have a legitimate reason (e.g. the protection of trade secrets or user safety), they may refuse to share certain data. However, such refusals must be properly justified, and documented procedures should be in place.

– Penalties and Enforcement. Each EU member state is required to appoint a national regulator to enforce the rules. These authorities will have the power to investigate and impose penalties on businesses that fail to comply. The exact penalty levels vary by country, but the Act specifies that enforcement must be “effective, proportionate and dissuasive.” For larger organisations with complex operations, this could mean significant exposure if non-compliance is discovered.

Businesses are also required to keep records demonstrating how they comply with the Act. To support implementation, the European Commission has published model contract clauses and launched a dedicated Data Act Legal Helpdesk for practical support.

Criticism and Challenges

While the Act has been broadly welcomed as a long-overdue update to Europe’s fragmented data landscape, it will come as no surprise that it has not escaped criticism.

For example, some industry voices argue that compliance will be costly, particularly for small businesses that may lack the resources to adapt infrastructure and contracts at pace.

Others have raised concerns about cybersecurity and intellectual property. The ability for third parties to access usage data, even with safeguards in place, has prompted questions about how effectively sensitive information can be protected.

Concerns have also been raised about uneven enforcement. For example, as each EU country sets up its own supervisory regime, multinational businesses may face inconsistency in how the rules are applied or interpreted.

That said, supporters appear to believe that these are reasonable trade-offs in building a more equitable and open data economy. As the European Commission noted in its official guidance, “The Data Act provides a horizontal framework for unlocking data value, while protecting rights and ensuring fairness in the data-driven economy.”

What Does This Mean For Your Business?

For UK companies operating in the EU, the immediate priority is to ensure contracts, systems and internal processes reflect the new rights granted to users. This is particularly relevant for manufacturers of connected products and providers of cloud, edge and data processing services. Organisations that fail to prepare could face compliance risks, contractual disputes or even restricted access to key EU markets.

Those that act early may be better positioned to compete. Building in user data access, transparency and portability could strengthen customer relationships and support future product development. For cloud providers, the pressure to enable smooth switching and eliminate unreasonable fees will only increase as the 2027 deadline approaches.

Beyond UK businesses, the regulation is likely to affect a broad range of stakeholders. Public sector bodies may benefit from greater access to data for emergency response and infrastructure planning. Smaller firms across the EU could gain new opportunities by accessing usage data that was previously unavailable to them. At the same time, larger players may face greater scrutiny over how they manage contractual fairness and protect trade secrets.

While enforcement consistency remains a concern, the main message is that any business interacting with EU customers through connected products or cloud services will need to align with these rules. The next key dates are already set. Those preparing now will be in a stronger position to meet them, reduce legal risk, and remain competitive in a rapidly evolving digital market.

In this Tech Insight, we look at how retailers across the UK are deploying new technology to deter shoplifting, reduce abuse of staff plus gather better evidence, whilst retail crime hits record levels.

Why Retailers Are Acting Now

The British Retail Consortium’s Annual Crime Survey reports losses from customer theft reaching £2.2 billion in 2023/24 and over 20 million shoplifting incidents, while violence and abuse against retail workers rose to more than 2,000 incidents per day. Retailers simultaneously lifted spending on prevention to £1.8 billion, yet it seems that satisfaction with police response remains low, with 61% rating it “poor” or “very poor”. “Retail crime is spiralling out of control,” said BRC chief executive Helen Dickinson, calling for industry, government and police to act together.

Figures from the Institute of Customer Service (ICS) provide more service sector context. For example, 42 per cent of public‑facing workers reported abuse in the prior six months, up 19 per cent year on year. 37 per cent even said they had considered quitting, and over a quarter said they had taken sick leave, according to figures highlighted in national coverage of ICS’s “Service with Respect” campaign and open letter urging stronger legal protections for all service workers.

Bodycams On The Shop Floor

It may surprise many people to know that body‑worn video is now commonplace across parts of the high street. For example, Poundland originally reported an 11 per cent drop in violence after rolling out Motorola Solutions VT100 cameras, with footage managed via Motorola’s evidence platform and linked to CCTV. It should be noted here that Poundland has since been sold (by Pepco Group to Gordon Brothers’ Peach Bidco for £1 on 12 June 2025) and it’s not clear if it’s still using the cameras. Another popular high street name, H&M, is piloting bodycams in three UK stores to test impact on de‑escalation and incident reduction. Also, Tesco now uses bodycams for store and some delivery colleagues, activated when staff feel unsafe. EE even equips store teams with cameras that can stream incidents to monitoring teams. These measures are all intended both to act as visible deterrents and to strengthen evidence for police.

Facial Recognition Trials Move Into The Mainstream

Some chains are trialling facial recognition to identify repeat offenders linked to theft or abuse. For example, Sainsbury’s is running an eight‑week pilot with Facewatch in selected stores in London and Bath, where alerts are generated only when someone on a store‑defined watchlist enters. In terms of how effective it could be, Iceland has reported that its early use of Facewatch led to a 30 per cent reduction in violent incidents where deployed, and that it plans a further roll‑out of the technology later this year. Southern Co‑op and other retailers have used similar watchlist alerts for several years.

Retailers say that systems focus on known repeat offenders and that signage is used at trial sites. Sainsbury’s has framed the pilot as a staff‑safety measure in locations with high repeat offending. Iceland’s Richard Walker argued publicly that the technology helps trained store teams to make calm, proportionate interventions.

AI‑Enhanced CCTV And “Smarter” Monitoring

Beyond face matching, retailers are also now trialling AI‑assisted video analytics that compare what shoppers pick up with what is scanned, flagging likely non‑scans in real time. For example, Trigo Retail recently launched a computer‑vision loss‑prevention platform in the UK that tracks shopping behaviours without storing biometric identifiers, thereby aiming to provide targeted alerts rather than blanket monitoring. As Trigo co‑founder Daniel Gabay recently said, “The most effective retail security technology today isn’t about adding more barriers or locks, it’s about making existing infrastructure smarter”.

Security Hubs, Headsets And Digital Crime Reporting

Tesco has set up a 24/7 national Security Operations Centre in Daventry to analyse thousands of hours of CCTV, join up evidence and share intelligence with police. The supermarket says the hub monitors clusters of stores and operates year‑round.

In a different approach, Currys has opted to roll out VoCoVo headsets across stores so colleagues can call for support instantly and coordinate responses. It has also taken Auror’s crime‑reporting platform nationwide after a 12‑week trial identified 10 repeat offenders, led to three arrests, and prevented about £20,000 of theft. Currys also cites a 58 per cent year‑on‑year reduction in aggressive incidents during March–April. The company says incident logging is faster and more consistent, supporting police engagement.

The Home Secretary has publicly urged more UK retailers to use crime‑intelligence platforms like Auror and signalled support for broader data‑sharing with police where lawful and proportionate.

Fogging Devices And Smart Safes

Alongside analytics and reporting, several retailers are investing in fogging and misting systems that rapidly fill areas with disorienting fog during an incident, forensic marking to tag stolen goods for later recovery, and time‑delay stock safes for high‑value items. EE says these measures, combined with tracking tools for stolen devices, are reducing opportunities for smash‑and‑grab theft and improving staff safety.

Is The Technology Actually Working?

In terms of whether these hi-tech approaches to tackling crime are actually working, it seems that some deployments are reporting measurable impact. For example, Poundland’s reported 11 per cent reduction in violence post‑bodycams does appear to indicate a deterrent effect when incidents are recorded and evidence quality improves. Also, Currys’ 58 per cent drop in aggressive thefts during a focused period, along with identified repeat offenders and arrests, could suggest that intelligence‑led reporting can help direct police resources. However, results vary by store, offender behaviour can displace to nearby locations, and none of these tools replace visible policing.

What Privacy Groups Are Saying

Privacy advocates argue that live facial recognition in shops risks normalising biometric checks for everyday purchases and can harm people when errors occur. For example, Big Brother Watch has urged Sainsbury’s to stop its trial, calling the approach “deeply disproportionate and chilling”, and warning that it “turns shoppers into suspects”. The group also raises concerns about privately run watchlists, limited transparency, and the lack of robust redress when people are wrongly flagged.

Campaigners also point to documented cases and regulatory complaints in which customers were allegedly misidentified in stores using commercial facial recognition. In one case, a woman said she discovered she had been placed on a Facewatch watchlist after a dispute over low-value goods, prompting a complaint to the regulator about necessity and proportionality. Such incidents underline why rights groups want independent oversight, strict targeting to serious repeat offending, and clearer routes to challenge mistakes.

The Information Commissioner’s Office describes facial recognition in public-facing spaces as highly intrusive, and expects organisations to complete a Data Protection Impact Assessment for each deployment, show a strong lawful basis, and evidence that less intrusive methods would not achieve the aim. The regulator’s guidance also stresses governance around watchlists, meaningful human review of matches, recording and correcting false positives, careful data retention, and transparency with clear signage.

The Evolving Legal And Policy Picture

Ministers have pledged to create a standalone offence of assaulting a retail worker in the forthcoming Crime and Policing Bill, and signalled plans to remove perceived barriers to charging thefts under £200. Trade bodies are pressing for police to attend incidents more routinely, and for protections to extend to a wider group of public-facing roles. For retailers piloting facial recognition or AI video analytics, compliance is practical and specific, i.e. to set out a clear lawful basis and DPIA, evidence necessity and proportionality, display clear signage, apply tight retention periods with human review of matches, and provide straightforward routes for people to challenge mistakes.

Operational Reality For Businesses

Understandably, it seems that retailers are focused on what actually works in-store. For example, body cameras are known to deter aggression and produce evidence that can be used. Also, AI video systems can spot items that are not scanned and tighten loss prevention without adding physical barriers. Store headsets and digital crime reporting speed up responses and improve the quality of referrals to the police, and central security hubs connect patterns across regions and help investigations move faster.

It should be noted, however, that introducing these measures is not simply a case of just plug and play. It needs training for staff, clear procedures, and close working with local police so that evidence gathered in store is followed up.

Competitors, Customers And Others

With the use of this kind of tech by some retailers, competitors face a strategic question, i.e. if early adopters show clear reductions in violence and stock losses, others are likely to follow or risk falling behind on safety and loss‑prevention. For customers, the line between protection and surveillance needs careful management to maintain trust. Clear signage, narrow watchlists, rapid deletion of non‑matches and accessible complaint routes matter for legitimacy. For staff and unions, evidence that measures reduce assaults and abuse will be critical to ongoing support. For regulators and campaigners, the priority remains ensuring deployments are narrowly tailored, evidence‑led and subject to meaningful oversight.

Key Challenges To Watch

It seems, however, that questions remain about how these measures perform in real stores. For example, evidence is still building and can vary by location, store format and offender behaviour. Also, facial recognition carries a risk of misidentification, so there must be strong human review and clear routes to correct mistakes. Data retention, watchlist criteria and any information sharing need tight governance and regular audit. Without consistent police follow up, even well documented incidents may not progress, which reduces the deterrent that retailers and staff are looking for.

What Does This Mean For Your Business?

It seems that technology has now moved from trial to toolkit. Bodycams, AI-supported CCTV, crime reporting platforms and central security hubs are all reportedly delivering practical gains where deployments are targeted, well trained and supported by local policing. Facial recognition remains the most contested, which is why governance, human review and visible transparency need to be embedded from the start. None of this is a silver bullet, it is a set of controls that work best together and only when the basics of staff training and incident follow up are in place.

For UK businesses the lesson is to invest where the benefits are clear, measure results store by store, and publish what works so staff and customers can see the value. Build privacy and accuracy into the design, with narrow watchlists, short retention periods and simple routes for people to challenge mistakes. Engage early with police, unions and regulators so evidence gathered in store is acted on, not left on a server. Competitors that delay now look like risking higher losses and lower staff confidence, while those that proceed without robust safeguards risk reputational damage and regulatory attention.

For customers, trust depends on openness and restraint. Clear signage, clear explanations and visible accountability help reassure people that security measures are there to protect, not to monitor ordinary shopping. For staff, the test is whether incidents decline and confidence rises, which should be tracked through surveys and incident data.