We help you navigate the market and make the right technology decisions — always vendor-neutral.

AI and automation create value where processes are repetitive, knowledge-intensive or high-volume — typically customer service, finance, IT support, sales and documentation. Real value only emerges when the technology is embedded in business flows, measured against clear KPIs and combined with training. Expect 20–40% efficiency gains on the right processes within 6–12 months.

ROI is measured through time saved per process, lower cost per case, higher conversion, improved CSAT and reduced attrition. Establish a baseline before the pilot, measure the same KPIs at 3, 6 and 12 months and include both hard costs (licenses, integration, operations) and soft effects (quality, risk reduction). Don't justify ROI against license cost — justify it against business impact.

Start by clarifying the business problem and which KPI it must move. Validate data quality, ownership and legal basis under GDPR. Define responsibility for model choice, integrations, security, operations and decommissioning. Start narrow with a measurable pilot — not a broad platform purchase.

Where is data stored, who has access and under which jurisdiction? Are your models trained on our data? Which certifications (ISO 27001, SOC 2, ISAE 3402) do you hold? What does exit, data portability and pricing look like in 3 years? Who is liable for incorrect output, a data breach or a vendor change?

Evaluate across four dimensions: business impact (KPIs), technical fit (integration, security), legal (GDPR, IP, liability) and vendor risk (financial strength, lock-in, exit). Use a structured scoring matrix and assess at least three alternatives. An independent advisor makes the comparison transparent and the decision defensible.

Encryption at rest and in transit, role-based access, logging of prompts and responses, handling of personal data, separation of customer and training data, model review, vulnerability management and incident response. The requirements must be contractually binding — not merely referenced from a vendor security page.

Lawful basis, purpose limitation, data minimization, retention, data subject rights, a Data Processing Agreement (DPA) and — for transfers outside the EU/EEA — lawful transfer mechanisms (SCCs + a transfer impact assessment). High-risk processing requires a Data Protection Impact Assessment (DPIA) before go-live.

Demand clear answers: storage and processing region, sub-processors, access roles, logging and retention. For sensitive data, European/GDPR-compliant alternatives are often preferable to global platforms. All of this must appear in the DPA — not only in marketing material.

Only if explicitly agreed. The default should be that customer data is never used for training or fine-tuning without separate consent, and that input data is never reused across customers. This must be regulated in both the master agreement and the DPA.

Set up an AI policy, an approved tool register, roles (owner, risk owner, data owner), decision rights for new use cases, DPIA requirements for high-risk processing, periodic model review and incident procedures. Governance must be simple enough to be followed — otherwise shadow AI emerges.

Combine baseline training in responsible AI use with role-specific practice and clear guidelines for what may — and may not — be input. Champions per department accelerate adoption and capture feedback. Training is often the difference between a pilot that dies and a pilot that scales.

An AI assistant — also called conversational AI, chatbot or virtual agent — is a software service that uses artificial intelligence to understand, interpret and respond to human language in text or speech. Modern AI assistants are built on large language models (LLM) and can handle conversations, answer questions, book meetings, guide customers through processes and integrate with business systems such as CRM and booking systems. Unlike traditional rule-based chatbots that follow fixed decision trees, an AI assistant understands context, handles follow-up questions and improves over time.

A real answering service (telephone service) is staffed by people who answer calls, take messages, book appointments and transfer calls. An AI assistant is a fully automated solution that handles the same tasks through text or voice. The answering service offers human warmth, judgment in complex situations and personal service — but costs more per conversation and is limited by opening hours and staffing. The AI assistant is available around the clock, handles unlimited parallel conversations and costs a fraction per interaction — but requires clear instructions and has limitations in empathy and complex judgment. Many companies combine both: the AI assistant handles routine matters and simple bookings around the clock, while the answering service takes over complex or sensitive cases.

An AI assistant excels at repetitive, predictable tasks that follow clear rules: answering common questions, booking meetings, collecting case information, guiding customers through forms and processes, routing cases to the right department and providing 24/7 availability. It creates the most value when integrated with your business systems (CRM, booking, support) so that the assistant can perform actual tasks rather than just provide information. AI assistants are less suitable for emotionally sensitive situations, complex negotiations or cases requiring deep business judgment — there, a human should take over.

Define first which conversations the assistant should handle and which it should escalate. Check data handling — where is conversation data stored and who has access? Demand GDPR compliance, a DPA and clear terms regarding training data. Evaluate the integration capability with your existing systems (CRM, telephony, booking). Test the assistant on your actual customer questions before purchase — not just on the vendor's demo scenarios. Also consider the total cost including setup, training, integrations and ongoing optimization. An AI assistant is never 'done'; it requires continuous tuning to maintain quality.

Hallucinations, data confidentiality, model bias, vendor lock-in, regulatory compliance, IP risk on output and operational risk during outages. Manage risk with piloting, human-in-the-loop, logging, contractual guarantees and an exit strategy from day one.

Yes, provided lawful basis, information, consent (where required), retention, access control and a DPA are in place. For sensitive data or high volumes a DPIA is often required. The technology is not the issue — weak governance and unclear contracts are.

Rules differ across the Nordics — in Sweden, a party to a call may record their own conversation, but companies recording systematically must inform, document purpose and secure storage. For customer calls, clear information and — depending on purpose — consent is required.

Inform clearly before the call starts, document consent (recorded, logged or via opt-in), offer a real option to decline without negative consequence and allow withdrawal. Consent is only valid if the alternative is real.

Storage should be within the EU/EEA with encryption at rest and in transit. Access is controlled via roles, MFA and full logging. Sub-processors must be listed in the DPA. Anything less creates unnecessary compliance risk.

As the customer you should own raw audio, transcripts and any summaries — and be able to export them in a standard format at any time. Make sure this is in the contract, not only in the product documentation.

Retention must follow the purpose: quality assurance (typically 30–90 days), dispute handling (12–24 months), legal requirements (industry-specific). Longer retention requires a specific basis and documentation.

Encryption model, access control, logging, vulnerability management, certifications (ISO 27001, SOC 2), penetration testing, incident response, sub-processors, data region, handling of training data and exit process. Use your security organization's standard checklist and adapt it to AI-specific risks.

It eliminates manual note-taking, frees 30–60 minutes per meeting and sales call, creates structured and searchable customer data, and automates follow-up to CRM and case systems. Value is highest where conversations are not documented at all today.

Yes. Modern AI documentation platforms capture conversations from phone calls, video meetings, email, support chat and even physical meetings — all in a single system. You handle the conversation, AI handles the notes. Each channel has its format but summaries are normalized and can be sent directly to CRM, case systems or your existing workflows.

Beyond raw text, AI can today extract business-critical information: sentiment, business phase, risk level, next steps, action items, key data points and anomalies. A support call can be automatically classified by priority and category; a sales meeting can generate a risk assessment and a to-do list. This transforms conversations from unstructured data into decision material.

Raw transcription provides a verbatim transcript that takes significant time to review. Role-based summaries adapt content, length and focus to who is reading — a sales manager wants business phase and risk, a support manager wants status and escalation, a recruiter wants culture fit and recommendation. Summaries sync automatically to the right systems and save 30–60 minutes per conversation.

Fragmented channels create duplicate work, longer handling times and frustrated customers. An integrated workspace gives full history, the right agent and consistent service across every channel. The effect shows up in CSAT, first-contact resolution and cost per case.

Customers repeat themselves, cases fall between channels, sales opportunities are missed and reporting becomes unreliable. Internally, manual administration grows while the customer experiences inconsistency — and loyalty drops.

Customers meet the same context across every channel, can switch channels without starting over and receive faster, more relevant answers. Internally, agents get a workspace showing full history, reducing stress and raising quality.

AI should offload — not replace — agents: automatic classification, suggested responses, summaries, knowledge search and self-service for simple cases. Complex or sensitive cases must always escalate to a human without friction.

First-contact resolution, average handling time, CSAT/NPS, self-service share, cost per case, sales conversion in service and employee CSAT. Improvements of 15–35% within 6–12 months are common.

Customer journeys and channel requirements, integrations (CRM, ERP, e-commerce, telephony), AI and self-service capabilities, reporting, security and GDPR, SLAs, total cost over 3–5 years and exit terms. An independent evaluation exposes hidden costs and vendor-specific limitations.

Traditional case systems store information but don't handle the handoff from automation to human. Modern platforms with native case management turn every automation break into a tracked case — with queues, ownership, status and full audit trail. When the case is resolved, automation picks the thread back up automatically. Nothing is lost, nothing is repeated.

The human steps in at precisely the right moment — with full conversation history, prior actions taken and suggested next steps pre-populated. The case is assigned an owner in a defined queue, every action is logged and when resolved, automation resumes. This is human-in-the-loop by design, not as an afterthought.

Customer portals with your own branding (logo, colors, domain) provide a unified experience where the customer never leaves your brand. Modern portals feature multi-tenant architecture, role-based access and integrations with CRM, ERP, telephony and business systems — all in real time. The value is fewer support questions, faster self-service and higher customer loyalty.

Event-based workflows react automatically to changes — a new lead, a data update, a completed call — and trigger predefined actions. This includes data transformation between systems, automatic notifications, CRM updates and routing to the right person or department. The result is fewer manual steps, faster processing and less risk of human error.

Current state (volumes, channels, integrations), future needs, requirements for Teams/CRM/contact center, mobile strategy, SLAs, deliverability (porting plan), security, support model, pricing over the contract period and exit. Collect at least three offers and compare in a structured matrix.

Compare functionality, integrations, geographical coverage, support level, security, financial stability, customer references and total cost — not just monthly price per user. The difference between operators is often smaller than the difference between contract terms.

Onboarding, integrations, number porting, hardware, training, call charges outside the bundle, international traffic, support beyond office hours, upgrades and termination fees. Ask for a 36-month TCO calculation — not just list price.

Microsoft Teams, Google Workspace, CRM (Salesforce, HubSpot, Dynamics, Lime, SuperOffice), ERP, case systems, contact center, AI transcription and calendar. The deeper the integration the higher the value — but also the higher the lock-in. Weigh both sides.

Short notice periods, free scaling up/down, modular functionality and open standards keep long-term cost low. Long commitments with fixed volumes look cheap in year 1 — and expensive in year 3.

Through Teams/CRM integration, automatic call logging, AI transcription and summaries, smart routing and self-service. The effect is more closed cases per hour and fewer missed customers — not fewer calls.

All PBX functions exist in a single app — for both the user and administrator. Employees can control availability, see colleague status and transfer calls seamlessly. Administrators can add subscriptions, change opening hours and manage permissions directly without involving the IT department. Integrations with CRM, case systems and calendars make telephony part of the digital workflow.

An AI receptionist answers incoming customer calls with a natural, human voice, identifies the customer's issue, makes bookings according to your predefined rules and transfers to the right person or queue when needed. It is available around the clock, handles unlimited parallel calls and frees up time for receptionists and customer service to focus on complex cases.

AI assistants transcribe, analyze and summarize calls directly in the telephony app. Employees can quickly find important information, decisions and next steps without listening through the entire call. This is especially valuable for salespeople who need to focus on closing rather than administration, and for support who must quickly understand a returning customer's history.

A digital reception improves security, provides traceability, offloads reception staff and creates a professional visitor experience. The value is especially clear in commercial property, housing associations, healthcare and industry where visitor flows are complex.

Pre-registration, ID verification, automatic host notification, real-time evacuation lists, access control integration and full visitor logging. In an incident there is traceability — in an evacuation there is an accurate list.

Via open standards and APIs — a visitor's temporary access is created at check-in and removed automatically at check-out. This should be vendor-neutral so you don't have to replace the access control system to modernize the reception.

Information at registration, lawful basis (usually legitimate interest), minimized collection, short retention (typically 30–90 days), access control and a DPA with the supplier. Photos and ID details must be handled especially restrictively.

Only necessary data is collected, access is limited to authorized roles, storage is encrypted and data is deleted automatically per policy. Security-classified environments may justify longer retention — but a documented basis is required.

When there is a clear and documented purpose (typically crime prevention, safety, access control) and a balancing assessment shows that the benefit outweighs the privacy intrusion. Many locations require notification or a permit from the Swedish data protection authority (IMY).

Lawful basis, purpose, data minimization, retention, access control, encryption, logging, clear on-site information and DPAs with cloud storage and monitoring suppliers. High-risk processing requires a DPIA.

Only as long as needed for the purpose — typically 14–30 days for security surveillance, longer only if an incident or investigation requires it. Retention must be policy-driven and automatically enforced, not manually managed.

Clear signage at the location plus full information (purpose, controller, retention, rights, contact details) available on request or via link/QR. Information must be available before the data subject enters the monitored area.

Fewer incidents and thefts, faster incident response, better evidence for insurance claims, higher perceived safety and operational data (flow, queues, occupancy) — when AI analytics are used responsibly.

AI should be used for anonymous patterns (motion, occupancy, queues, falls) — not for biometric identification without a specific legal basis. Local (edge) processing reduces data transfer, and a human must always make decisions that affect individuals.

Three technologies solving different needs: IP cameras (network cameras): Digital cameras connected to the network via ethernet (often with PoE — Power over Ethernet, power and data over one cable). High resolution (2K, 4K, 8MPX+), in-camera AI analytics and easy scaling. The modern standard for professional installations. Analog cameras (HD-CVI/TVI/AHD): Connected via coaxial cable to a DVR. Simpler and cheaper, ideal when coax is already in place. Lower resolution than modern IP and fewer AI features. Wireless cameras (WiFi/4G): Connected via WiFi or mobile network — no cabling required. Perfect for summer houses, construction sites or places without cabling. Limitations: requires stable WiFi/mobile signal, battery models need charging, and bandwidth can limit resolution and continuous recording. Rule of thumb: - Permanent installation → IP with PoE - Existing coax to reuse → analog HD - Temporary, remote or no cabling possible → wireless/4G

NVR (Network Video Recorder) and DVR (Digital Video Recorder) are recording devices that collect, store and manage video from surveillance cameras. NVR: used for IP cameras, connected via network DVR: used for analog cameras, connected via coax Why you need one: - Central storage of all video on a local hard drive - Continuous recording even when internet is down - Manage multiple cameras in one interface - Secure access, user permissions and logging - Scheduled recording, motion detection and event triggers - Export of footage for investigations Alternative — cloud storage: Some cameras store directly in the cloud without a local NVR/DVR. Convenient for single cameras, but for multiple cameras or high resolution it becomes expensive in subscriptions and heavy on the internet connection. Hybrid (local NVR + cloud backup of critical clips) is often the most robust setup. Sizing: Number of cameras, resolution, frame rate and retention time drive the disk size needed. A system with 8 cameras in 4K and 30 days of retention typically needs 8–16 TB of disk.

Megapixels (MPX) determine how much detail the camera captures — but more MPX is not always better. Reference values: - 2 MPX (Full HD): Good for overview of small areas, short distances - 4–5 MPX: Standard for professional installations, good detail - 8 MPX (4K): Large areas, detailed face or license plate recognition at distance - 12 MPX+: Very large areas, e.g. parking lots, often replacing multiple cameras Why more MPX isn't always better: - Larger files → more storage and bandwidth - Worse low-light performance (smaller pixels capture less light) — unless the sensor compensates - Wasted cost for small areas PTZ cameras (Pan-Tilt-Zoom): Motorized cameras that pan, tilt and zoom — manually or automatically via preset tours or AI tracking. Useful for: - Large areas (parking, harbor, industry) - Active monitoring where an operator follows events - Deterrence — a visibly moving camera signals surveillance Downside: a PTZ can only look one way at a time. It doesn't replace fixed cameras — it complements them.

It depends on scope, environment and requirements. DIY installation works when: - Small systems (1–4 cameras) at home or in a small premise - Ready-made plug & play kits with included cable and instructions - No special requirements on workmanship, documentation or insurance Professional installation is recommended when: - Larger or complex systems (business, association, industry, retail) - Requirements on proper cabling, fire sealing or concealed installations - GDPR documentation, signage and storage policy configuration - Insurance requirements on certified installer - Integration with alarm, access control and building automation - PoE switches, VLAN segmentation and network security to be configured correctly Why it matters: Poorly installed cameras with exposed cables, wrong angles or open network ports are security risks — and expensive to fix afterwards. A professional installation includes design, documentation, post-installation testing and usually 1–3 years of support agreement.

Both models have advantages — the choice depends on cash flow, in-house expertise and how much you want to own yourself. Outright purchase: - You own the hardware — no monthly fees - Full control of the system and data (especially with local storage) - Lower total cost over 5–10 years for stable installations - You handle support, updates and any repairs yourself (or buy a separate support agreement) Subscription (system-as-a-service): - Low upfront cost — spread the investment over time - Usually includes cloud storage, support, updates and some hardware replacement - Predictable monthly cost — easier budgeting - You depend on the supplier; termination may shut down services and access Rule of thumb: - Private or small business with technical interest → outright + optional support agreement - Companies wanting a complete service without internal responsibility → subscription - Large properties and industry → typically outright hardware + service agreement for operations Warning sign: subscriptions where all video is stored only in the supplier's cloud and cannot be exported at termination — always require export rights in the contract.

Different environments impose different requirements on camera, housing and features: Home: Discreet dome or bullet cameras in Full HD or 2K. Two-way audio and motion alerts to phone are common options. Wireless or PoE is usually enough. Mind privacy — never point cameras at neighbours' property or public space without permits. Retail: Combination of overview cameras (entrances/exits), cashier cameras (transaction verification) and shelf cameras (theft-prone zones). AI detection can flag abnormal behavior. Clear signage is a legal requirement. Construction site: 4G cameras with solar panel/battery operating without fixed power and network. IP66/IP67 housings against rain, dust and impact. PTZ with strong zoom to cover the whole site. Mobile mast/container solutions are common. Industry: Vandal-resistant (IK10) cameras with extended temperature range, optical zoom and strong IR for dark facilities. Integration with access control and alarms. Thermal cameras for perimeter protection of large areas. Restaurant/café: Grease- and temperature-resistant cameras in kitchens, overview cameras in dining areas, cashier camera at payment. Summer house/remote location: 4G cameras with battery/solar, motion alerts to phone and cloud storage (since an NVR could be stolen). Deterrent signage is important. Common to all: night vision (IR or color-in-darkness), sufficient resolution for identification, and a storage and access policy that complies with GDPR.

Three levels of detection affecting both accuracy and the number of false alarms: Ordinary motion detection: The camera reacts to pixel changes in the image. Simple and cheap — but triggered by everything: blowing leaves, rain, shadows, animals, car headlights. Result: lots of false alarms and quickly filled hard drives. Active detection (smart motion): Combines motion analysis with zoning, sensitivity settings and often external lighting or audio in response to events. Can be used to deter (light turns on, speaker plays warning) when someone enters a defined zone. AI detection (object recognition): The camera or NVR uses machine learning to distinguish people, vehicles, animals and other objects. Alarms only trigger when defined object types are detected in defined zones. Dramatically fewer false alarms and better event prioritization. Common AI features: - Person and vehicle detection - Line crossing (someone crosses a virtual line) - Loitering (someone stays too long in a zone) - People or vehicle counting - Alarm for abandoned/removed object The GDPR aspect: AI for anonymous patterns (is this a person or a vehicle?) is generally OK. AI for identifying specific individuals (facial recognition, license plate recognition linked to a person) is heavily regulated and usually requires a specific legal basis.

The choice depends on environment, traffic volume and what needs protection — but the difference in practical value is significant. Ordinary motion detection suits when: - The environment is controlled and changes little (e.g. a windowless warehouse at night) - Cost matters more than precision - The camera primarily records for later review, not active alarm AI detection is worth the investment when: - There is much non-relevant motion (trees, animals, shadows, passing cars) - False alarms cause alarm fatigue — no one reacts to real events - Alarms should be sent to guards, alarm center or mobile directly - You need to search recordings quickly ("show only events with people") - Work environment or safety demands quick reaction (perimeter protection, lone working, falls) The decisive practical difference: Motion detection sees the difference between "image changed" and "image unchanged". AI detection sees the difference between "a person walked in" and "a deer passed by". In an environment with 50 motion events per night, AI can reduce it to 3 relevant ones — saving hours of review and preventing alarm fatigue. Hybrid solution: Many modern systems combine both: motion detection starts recording, AI decides whether the event is worth alarming about. This gives low storage cost and high alarm precision.

Modern camera systems offer several types of AI-based alarms that can be combined according to environment and risk profile. Here are the most common and when they are used: Person detection: Triggers when a human is identified in a monitored zone. The most fundamental AI alarm and the one that reduces false alarms the most — distinguishes people from animals, leaves and shadows. Suits almost all environments. Vehicle detection: Detects cars, trucks, bicycles or motorcycles. Useful for parking lots, entrances, industrial areas and to separate pedestrian traffic from vehicle traffic. Line crossing (virtual line / tripwire): An invisible line is drawn in the image. Alarm only triggers when a defined object (person, vehicle) crosses the line in a certain direction. Perfect for distinguishing "someone enters the area" from "someone walks on the sidewalk beside it". Zone intrusion (intrusion / area detection): Alarm when an object is inside a defined zone for a certain time. Good for delimited areas such as loading docks, bicycle parking or loading bays. Loitering: Triggers when a person stays too long in a zone. Used at entrances, parking lots and places where lingering is abnormal, to detect deviant behavior before an incident occurs. Fall or anomaly detection: Detects that someone has fallen, moves abnormally or that an object is left behind. Especially valuable in care, elderly care and industrial environments with lone workers. Counting (crowd / queue detection): Counts the number of people or vehicles in a zone and alarms at threshold values. Good for retail, events and public transport to detect queues or crowding. Object classification: Some advanced systems can distinguish between subcategories — e.g. truck vs. car, or adult vs. child. Useful for logistics and traffic analysis. Practical advice: Start with person and vehicle detection. Add line crossing for perimeter protection and loitering for areas where standing still is abnormal. Each additional alarm type increases complexity — only configure what addresses a real risk.

The right settings are the difference between a system that protects and one that disturbs. Here is a step-by-step guide: 1. Start with correct camera placement: - The camera should film the area straight on, not from above or the side — AI works best when the object is visible all the way - Avoid backlight (sun, floodlights) that silhouettes people - Ensure the zone you want to monitor covers at least 10–15 % of the image - IR illumination must reach the whole zone, not just the center 2. Define zones carefully: - Draw zones where events are actually interesting — not on sidewalks, streets or neighbours' areas - Use several smaller zones instead of one large; this gives better precision - Leave margin at edges where objects may be cut off 3. Sensitivity settings: - Low sensitivity (10–30 %): Only triggers on clear, large objects near the camera. Good for environments with much disturbing motion (trees, bushes, traffic). - Medium sensitivity (40–60 %): Standard for most environments. Good balance between catching events and avoiding false alarms. - High sensitivity (70–90 %): Captures even distant or partially hidden objects. Risk of more false alarms; only use when the environment is clean and controlled. 4. Size and time filters: - Minimum object size: Set so that e.g. a cat or large leaf does not trigger, but a child does - Minimum time in zone: Require the object to be in the zone for 2–5 seconds before alarm — avoids brief passers-by and shadows - Cooldown between alarms: Set e.g. 30 seconds so the same event does not alarm repeatedly 5. Scheduling: - Different settings day and night — daytime may require higher sensitivity, nighttime lower - Only enable alarms during times when no one should be in the area - Turn off person detection when staff are present, but keep vehicle detection 6. Test and fine-tune: - Walk through the zone yourself at normal pace and see if the alarm triggers - Let the system run for a week and review the log — which alarms were relevant? - Adjust one parameter at a time so you know what affects the result Common mistakes: - Too large a zone covering a street or sidewalk → alarm at every passer-by - Too high sensitivity in an environment with vegetation → alarm at every gust of wind - No time delay → alarm when someone just passes by briefly - Forgotten scheduling → alarms around the clock even during working hours

AI detection in cameras processes personal data in ways that raise particular privacy concerns. Proper handling requires conscious choices about what is filmed, who may see it and how long it is stored. Retention and data minimization: - Start with data minimization: configure AI alarms so that only events with people are saved as clips — not continuous recording of everything that happens - Set automatic deletion: event clips 7–14 days, continuous recording max 14–30 days if needed - All retention periods should be policy-driven, not manually managed - Require automatic overwrite or permanent deletion — never downloads to personal devices Access and accountability: - Limit access to designated roles (e.g. security manager, guard supervisor, operations lead) — not the entire management team or external parties - Log who views what and when - Require two-factor authentication and encrypted connections for all remote access - Have a written routine for exporting material to police and insurance companies — not ad hoc transfers Avoiding sensitive areas: - Define zones carefully in the camera so that only the area you have the right to monitor is seen — not sidewalks, playgrounds, neighbours' windows or private patios - Lower or disable AI detection directed at places where people have high privacy protection (changing rooms, toilets, sick rooms, residential entrances) — these are often prohibited or require a specific legal basis - Use line crossing and zones rather than full image coverage: then you only capture events, not all movements - Mark clearly with signage — also for AI-monitored zones — so that passers-by understand that it is an active, analytics-driven camera and not just passive recording Special requirements for AI analytics: - AI for anonymous patterns (person detection, line crossing) requires the same legal basis as ordinary camera surveillance — but a DPIA (data protection impact assessment) is strongly recommended since automated analysis is considered high-risk processing - AI for identifying specific individuals (facial recognition, behaviour analysis, emotion detection) almost always requires a permit from the data protection authority and should be avoided in most standard installations - Request and document a DPA (data processing agreement) with the camera supplier — especially if AI analysis takes place in the cloud - Choose edge processing (in the camera or local NVR) when possible — then the images rarely leave the property Practical checklist before installation: - Have we made a balancing assessment showing that surveillance is proportionate? - Which zones are really necessary — and which can we exclude? - Who has access, and how is usage logged? - What retention period is needed — and is it automatic? - Does the supplier have a correct DPA and store data within the EU/EEA? - Have we informed data subjects and signposted correctly? - Have we done a DPIA if AI analytics is used? Quick GDPR checklist — do a self-check now: ☐ Retention: Max 14–30 days for continuous recording, 7–14 days for event clips — and deletion is automatic ☐ Access: Only designated roles have access; all usage is logged and reviewed regularly ☐ Sensitive areas: No AI zones directed at changing rooms, toilets, residential entrances or neighbours' private areas ☐ Signage: Clear on-site information that active AI surveillance is in operation ☐ Agreement: A DPA is in place with the supplier and data is stored within the EU/EEA ☐ DPIA: Completed if the system uses automated behaviour or identity analysis Tick all six boxes — if any are missing, prioritize it before the system goes live.

Older systems often lack encrypted credentials, central administration, integrations and traceability — creating both security and operational risk. Modernization brings mobile keys, role-based control, integration with visitor management, alarm and HR, and lower total cost.

Encrypted cards/mobile keys, instant revocation on loss, role-based access, time-limited authorization, integration with alarm and camera systems and central visibility across all sites. Permissions follow the organization — not the individual.

Who, where, when, which door, which role, which change — logged tamper-evidently, encrypted and with an automatic retention policy. Logs must be exportable for investigation and integrable with a SIEM.

HR/identity (for automatic on/offboarding), visitor management, alarm, camera, booking, parking, EV charging and building automation. Open standards (OSDP, BACnet, REST) are critical for long-term flexibility.

Current state and growth forecast, requirements for performance, redundancy, security (zero-trust, segmentation), operations and monitoring model, SLAs, geographical coverage, integration with cloud services, exit terms and 5-year TCO. Request reference visits with similar customers.

Outages, security incidents, high migration cost, vendor lock-in, unclear responsibility between providers and limited scalability. The risk rarely shows in year 1 — it shows at the first incident or at contract end.

Model 3- and 5-year scenarios for users, AI traffic, IoT, video, hybrid work and property technology. Size capacity, security and operations for scenarios — not for today's snapshot. Open standards protect against incorrect assumptions.

Network ownership, open architecture, freedom of choice for tenants/residents, integration possibilities with access, camera, EV charging and building automation, and an operations model. Today's decisions govern the property's digital value for 20+ years.

Infrastructure must be planned in the program phase — not at final inspection. Ducting, conduits, tech spaces, fiber, mobile coverage, access, camera, EV charging and smart homes should be designed as one ecosystem, vendor-neutral and with a clear handover to the association or property manager.

From 1 January 2026 new block licenses come into force for the 900 MHz, 2100 MHz and 2600 MHz bands. Operators reallocate their frequencies, which affects repeaters and passive DAS systems configured against specific bands. Consequences: - Repeaters that don't support the new allocations may lose coverage for one or more operators - Incorrectly configured boosters may start interfering with the public network after the change - Older equipment may need replacement or reconfiguration What property owners should do: 1. Inventory existing equipment — supported bands, system age 2. Verify with your installer that filters and amplifiers handle the new allocations 3. Plan upgrades early — installation slots fill up fast ahead of the shift 4. Ensure alarms and security systems dependent on the mobile network are re-tested after the change

WiFi Calling (VoWiFi) lets a phone make and receive calls over WiFi instead of the mobile network, and works well as a complement — but is rarely a complete solution for a property. Where WiFi Calling works well: - Individual users with stable WiFi and a compatible phone/operator - Home offices and smaller premises where everyone is on the same network Limitations: - Requires the phone to be connected to the WiFi — guests, contractors and visitors get no help - Not all operators and plan types support VoWiFi (especially business plans and foreign SIMs) - Handover between WiFi and mobile network can drop calls when moving around the property - Alarm systems, lift alarms and M2M devices cannot use WiFi Calling — they need real mobile coverage Conclusion: For a property with mixed users, security systems and visitors, WiFi Calling rarely suffices. A professional indoor mobile solution (DAS or repeater) is the only way to guarantee coverage for everyone — regardless of operator, device type or network membership.

Signal strength is measured in dBm (decibel-milliwatts) and is a negative number — the closer to zero, the stronger the signal. Reference values for indoor mobile signal: - -50 to -70 dBm: Excellent, no action needed - -70 to -85 dBm: Good, calls and data work fine - -85 to -100 dBm: Weak, calls may drop, data slow - Below -100 dBm: Very weak — calls often fail - Below -110 dBm: No usable coverage How to measure: Android: Settings → About phone → Status → Signal strength iOS: Field Test Mode via a specific dial code Most reliable: a professional site survey with calibrated equipment measuring all operators and frequency bands simultaneously. When a booster is needed: If several points in the property are below -95 dBm, or different operators show very different coverage, an indoor solution (passive or active DAS) is often justified. A professional measurement provides the basis for correct dimensioning — guessing is not worth it.

A serious installation follows a structured process — not 'buy a box and plug it in': 1. Needs analysis Review of property size, building materials, number of users, critical security systems and which operators must be supported. Output: needs report. 2. Site survey & design Measurement of existing signal across the property, planning of antenna placement, cabling, amplifier room and any PTS permits. Output: detailed design plan. 3. Installation & configuration Mounting of rooftop antenna, cable runs, amplifier and indoor antennas. Configuration against approved frequency bands. Carried out by certified technicians. 4. Testing & optimization Post-installation measurement throughout the property to verify coverage targets — in rooms, corridors, lifts and basements. Adjustment of antenna direction and gain. Output: test report. 5. Operations, support & maintenance Ongoing monitoring, fault handling and adjustments when operator networks change (e.g. the 2026 frequency reallocation). An SLA is recommended for business-critical coverage. Warning sign: Vendors who skip the site survey or post-installation measurement rarely deliver a solution that works across the whole property. Require documentation from every step.

Both are technologies for carrying voice calls over the mobile data network — but they build on different generations of infrastructure. VoLTE (Voice over LTE): Calls over the 4G network. After the 2G/3G shutdown, this is the dominant voice technology in the Nordics. Supported by virtually all modern phones and operators. Mature, stable and with nationwide reach. VoNR (Voice over New Radio): Calls over the 5G network — the next generation of voice. Provides faster call setup, better quality and frees 4G capacity for data. Requires phone, operator and local network to all support VoNR — still rolling out. Practical impact on indoor coverage: - 4G often uses lower frequencies → better penetration through concrete and thick walls - 5G uses higher frequencies → faster data but worse indoor coverage without an indoor solution - In properties with poor 5G coverage, phones typically fall back to 4G/VoLTE for calls What a property owner should consider: A modern indoor solution must support both 4G and 5G bands in parallel, so that calls and data work regardless of which technology the phone selects. Systems dimensioned for 4G only will feel outdated within just a few years.

An open network gives freedom of choice, attracts residents and extends the lifespan of the network. A group agreement may be cheaper per user but locks the association to one supplier. Many choose a hybrid: the association owns the network, residents choose the service provider.

Compare openness, freedom of choice, pricing over time, SLA, operational responsibility, exit terms and references from other associations — not just the introductory price. Ask for 5-year total cost and renewal terms.

To manage the association's property long-term, make informed decisions, avoid personal ties to individual suppliers, document the decision basis and ensure solutions are transferable at a board change.

Fast and stable connectivity, freedom of choice of service provider, secure access and camera, indoor mobile coverage, smooth EV charging, package delivery and clear communication from the association. Value emerges in daily life — not at installation.

Invest in open network architecture, capacity for IoT and video, the ability to scale EV charging, integration between access, camera and intercom and vendor-neutral contracts. What looks more expensive today is often cheaper over 10 years.

Already in the program phase, no later than system design. Decisions on ducting, conduits, tech spaces, charging power and fiber connection are expensive to change after construction starts — and govern the property's digital value for 30+ years.

Through lower operating cost, higher attractiveness, longer technical lifespan and new revenue streams (charging, IoT services, shared spaces). The market increasingly values digital maturity in real estate.

Open fiber to every home, mobile coverage, access control and intercom, surveillance of shared areas, scalable EV charging, smart home foundation, building automation and a documented handover to the association or property manager.

As one coherent ecosystem with shared infrastructure (network, power, identity), open standards and separate service providers per domain. This ensures scalability, freedom of choice and protection from lock-in to any single actor.

Lawful basis, purpose, data minimization, retention, data subject rights, security measures (encryption, access, logging), DPAs with suppliers and a DPIA where needed. Transfers outside the EU/EEA require lawful transfer mechanisms (SCCs + TIA).

NIS2 extends cybersecurity and reporting requirements to more sectors (energy, water, healthcare, manufacturing, public sector, digital services, etc.). It requires governance, risk management, incident reporting within 24/72 hours and supply chain control — with personal accountability for leadership.

Start with asset inventory, classification, risk assessment, policies, role assignment, access management, encryption, logging, vulnerability management, security training and incident response. ISO 27001 or an equivalent framework provides the structure.

Nature and purpose of processing, categories of data and data subjects, supplier obligations, security measures, sub-processors, data region, assistance with data subject requests, incidents and audits, and rules for return and deletion on termination.

Lawful basis, clear information, documented consent where required, minimized retention, access control, a DPA and the ability for data subjects to exercise their rights. Industry-specific rules (finance, healthcare) may add stricter requirements.

Purpose, balancing assessment, signage, retention, access control, logging, notification/permit (where required), a DPA with the cloud supplier and — when AI analytics are used — a DPIA. Documentation must be in place before the camera goes live.

Only necessary data, short retention, encrypted storage, role-based access, automatic deletion per policy and a DPA with the supplier. Security-classified environments may justify longer retention — but a documented basis is required.

Retention must follow the purpose — typically 30–90 days for normal operations, longer for ongoing investigations or specific security requirements. Retention must be policy-driven and automatically enforced.

Start from purpose per data category, statutory requirements, business needs and risk. Document, automate and review annually. Less data is better data — from a security, cost and compliance perspective.

We don't own platforms and we don't hold exclusive reseller agreements that lock us to a single vendor. We always recommend the solution that fits you best and evaluate several alternatives side by side with transparent comparison of function, cost and risk.

The market is complex and vendors optimize for their own products. An independent advisor represents only your interests — evaluates the market objectively, drives procurement, lowers the risk of a poor decision and ensures the solution holds over time. The value shows particularly at renewal and at vendor change.