arxiv: 2605.07328 · v1 · submitted 2026-05-08 · 💻 cs.NI

Recognition: no theorem link

Unconsented Sensing: A Sociotechnical Governance Framework for 6G ISAC

Anass Sedrati

Pith reviewed 2026-05-11 00:51 UTC · model grok-4.3

classification 💻 cs.NI

keywords 6GISACprivacygovernanceGDPREU AI Actsociotechnicalsensing

0 comments

The pith

6G ISAC sensing requires redefining trustworthiness as mandatory regulatory and sociotechnical compliance.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper argues that 6G networks will turn into continuous sensing systems for environment and biometrics, but existing privacy efforts in standardization rely too much on technical fixes like encryption. These fixes ignore the legal and social issues arising when machine learning processes the sensing data, leading to conflicts with laws protecting digital rights. It points out specific clashes with the GDPR and EU AI Act around consent and high-risk AI. To address this, the paper introduces a governance framework with three pillars focused on limiting sensing purposes, ensuring citizen awareness, and making algorithms accountable. This matters because failing to adopt it could prevent legal deployment of 6G sensing technology.

Core claim

This position paper argues that technical security is insufficient. ISAC trustworthiness must be redefined as mandatory regulatory and sociotechnical compliance. We identify the specific legal friction points between continuous ISAC surveillance and the mandates of emerging global digital rights regimes, using the stringent requirements of the EU AI Act and GDPR as our primary regulatory baselines. To bridge this gap, we propose a governance framework centered on three pillars: Purpose-bound sensing activation, citizen transparency mechanisms, and algorithmic accountability for ISAC-driven ML models.

What carries the argument

The three-pillar sociotechnical governance framework for ISAC trustworthiness.

If this is right

Purpose-bound sensing activation limits continuous monitoring to only approved uses.
Citizen transparency mechanisms allow individuals to understand and potentially control sensing activities affecting them.
Algorithmic accountability ensures that machine learning models interpreting ISAC data meet legal standards for high-risk systems.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

This approach suggests that similar regulatory structures may be needed for other pervasive sensing technologies beyond 6G.
Implementing the framework could require new standards bodies to include legal experts in their processes.
Public trust in future wireless networks may hinge on visible compliance with these governance measures.

Load-bearing premise

The proposed three-pillar governance framework will successfully resolve the identified legal friction points with GDPR and the EU AI Act.

What would settle it

A concrete demonstration that 6G ISAC systems can achieve full regulatory compliance using only existing technical security measures without the proposed governance pillars would falsify the central argument.

Figures

Figures reproduced from arXiv: 2605.07328 by Anass Sedrati.

read the original abstract

The forthcoming deployment of 6G Integrated Sensing and Communication (ISAC) will transform cellular infrastructure into pervasive, continuous environmental and biometric sensing grids. While current telecom standardization efforts (e.g., 3GPP, ETSI) have formally recognized privacy and trustworthiness as critical pillars for 6G, their proposed mitigations remain overwhelmingly technocentric, relying on cryptographic anonymization and physical layer security. This approach critically underestimates the sociotechnical and legal complexities of the downstream machine learning (ML) models required to interpret raw sensing data, creating a profound collision with existing digital rights legislation. This position paper argues that technical security is insufficient. ISAC trustworthiness must be redefined as mandatory regulatory and sociotechnical compliance. We identify the specific legal friction points between continuous ISAC surveillance and the mandates of emerging global digital rights regimes, using the stringent requirements of the EU AI Act and GDPR as our primary regulatory baselines. To bridge this gap, we propose a governance framework centered on three pillars: Purpose-bound sensing activation, citizen transparency mechanisms, and algorithmic accountability for ISAC-driven ML models. Ultimately, this paper provides a regulatory roadmap to prevent the illegal deployment of 6G sensing infrastructures and ensure they remain viable before physical deployment.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper flags genuine legal friction in 6G ISAC sensing but asserts its three-pillar fix will work without showing mechanisms or evidence.

read the letter

The main takeaway is a position paper that says current 6G standardization efforts treat privacy as a technical add-on and miss the real collision with GDPR and the EU AI Act once ML models start turning raw sensing data into inferences about people. It proposes three pillars—purpose-bound activation, citizen transparency mechanisms, and algorithmic accountability—to force sociotechnical compliance from the design stage onward. That synthesis of specific sensing risks with those two legal regimes is the clearest new piece; general calls for governance exist, but tying them directly to ISAC's continuous biometric-like capabilities is a useful extension. The paper does a clean job laying out why cryptographic fixes alone fall short when downstream models can extract personal data without explicit consent. The argument stays grounded in the cited legal baselines rather than drifting into vague ethics. The soft spots sit in the middle. The central claim that these pillars will resolve the frictions rests on assertion: there are no concrete mappings showing how purpose-bound activation would constrain ML inference on raw channel data, no examples of transparency mechanisms that survive integrated 6G hardware, and no discussion of enforcement when operators control both the radio and the models. As a position paper it skips empirical checks or even worked examples from prior sensing deployments. That leaves the practicality untested. This is for readers in standards groups, telecom regulators, or privacy policy circles who need a concise regulatory roadmap before hardware freezes. A serious referee would be worth it because the legal friction points are real and timely, even if the framework needs substantial fleshing out on implementation. I would send it for review.

Referee Report

2 major / 2 minor

Summary. This position paper argues that forthcoming 6G ISAC deployments will convert cellular infrastructure into pervasive continuous sensing grids capable of biometric data collection. It contends that technocentric mitigations advanced by standardization bodies (3GPP, ETSI) are insufficient because they overlook the sociotechnical and legal complexities introduced by downstream ML models that interpret raw sensing data, producing collisions with GDPR biometric-processing rules and the EU AI Act's high-risk system requirements. The authors therefore propose redefining ISAC trustworthiness as mandatory regulatory and sociotechnical compliance and outline a three-pillar governance framework—purpose-bound sensing activation, citizen transparency mechanisms, and algorithmic accountability—to supply a regulatory roadmap that prevents illegal deployment.

Significance. If the framework can be elaborated with concrete mechanisms and mappings, the paper could usefully bridge 6G standardization and digital-rights scholarship by foregrounding risks that purely technical privacy solutions cannot address. The identification of specific friction points between continuous sensing and existing legislation is a timely contribution that may inform future interdisciplinary work on trustworthy 6G.

major comments (2)

Abstract and the section proposing the governance framework: the claim that the three pillars will resolve the identified legal friction points with GDPR and the EU AI Act is asserted at a high level without concrete mechanisms, legal mappings, or examples showing how purpose-bound activation would constrain ML inference on raw sensing data or enforce consent within integrated 6G infrastructure.
The section on legal friction points: while GDPR and EU AI Act requirements are referenced, the paper supplies no detailed analysis or case illustrations demonstrating that the proposed pillars would actually achieve compliance or prevent the illegal deployments identified as the central risk.

minor comments (2)

Add at least one illustrative deployment scenario that applies the three pillars to a concrete ISAC use case (e.g., environmental monitoring versus biometric tracking) to make the framework more actionable.
Ensure all acronyms (ISAC, GDPR, etc.) are defined at first use and that the distinction between technocentric and sociotechnical approaches is illustrated with references to specific standardization documents.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive and insightful comments, which correctly identify opportunities to strengthen the concrete elements of our proposed governance framework. We address each major comment below and will revise the manuscript to incorporate additional mechanisms, mappings, and illustrations while maintaining the position paper's focus on outlining a high-level regulatory roadmap.

read point-by-point responses

Referee: Abstract and the section proposing the governance framework: the claim that the three pillars will resolve the identified legal friction points with GDPR and the EU AI Act is asserted at a high level without concrete mechanisms, legal mappings, or examples showing how purpose-bound activation would constrain ML inference on raw sensing data or enforce consent within integrated 6G infrastructure.

Authors: We agree that the current presentation of the three pillars is primarily conceptual. The manuscript's intent as a position paper is to foreground the sociotechnical gaps in existing technocentric approaches and to propose the pillars as a foundational roadmap rather than a fully engineered specification. That said, the referee's point is well taken. In the revised manuscript we will expand the governance framework section with concrete mechanisms (for example, protocol-level purpose flags in the ISAC control plane that restrict raw sensing data access to authorized ML models) and explicit legal mappings to GDPR Article 9 biometric processing rules and the EU AI Act's high-risk transparency and conformity requirements. We will also include a worked example showing how purpose-bound activation can limit downstream inference scope within a 6G base-station architecture. revision: yes
Referee: The section on legal friction points: while GDPR and EU AI Act requirements are referenced, the paper supplies no detailed analysis or case illustrations demonstrating that the proposed pillars would actually achieve compliance or prevent the illegal deployments identified as the central risk.

Authors: The legal friction points section currently identifies the core collisions between continuous ISAC sensing and existing legislation. We acknowledge that it stops short of detailed compliance demonstrations. In revision we will add case illustrations, including a scenario of public-space biometric crowd sensing and a step-by-step mapping of how each pillar enforces compliance (purpose-bound activation to satisfy data-minimization obligations, citizen transparency mechanisms to meet information duties, and algorithmic accountability to support EU AI Act audit requirements). These additions will more explicitly link the pillars to the prevention of non-compliant deployments. revision: yes

Circularity Check

0 steps flagged

No circularity: position paper relies on external legal baselines

full rationale

The paper is a sociotechnical position paper that identifies friction points between 6G ISAC sensing and external regulatory texts (GDPR, EU AI Act) then proposes three governance pillars. No mathematical derivations, self-referential definitions, fitted parameters renamed as predictions, or load-bearing self-citations appear in the provided text. Claims rest on critiques of standardization bodies and direct references to independent legal mandates rather than reducing to the paper's own inputs by construction. This is the expected non-finding for a policy-oriented manuscript whose central argument is externally benchmarked.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

This is a policy position paper that proposes a conceptual governance framework. It does not introduce fitted parameters, new physical entities, or unproven mathematical axioms; its load-bearing premises are domain assumptions drawn from external regulations.

axioms (1)

domain assumption The EU AI Act and GDPR create specific legal requirements and friction points for continuous ISAC sensing and its downstream ML models.
The paper explicitly selects these two regulations as primary baselines for identifying collisions with ISAC deployment.

pith-pipeline@v0.9.0 · 5509 in / 1350 out tokens · 58795 ms · 2026-05-11T00:51:40.267090+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

24 extracted references · 3 canonical work pages

[1]

Nabati, M., Mahmoodi, T., Pal, S., & Sarkar, S. (2025). Opportunities & Challenges of Native Sensing in 6G: A Survey on Research and Standardization. IEEE Internet of Things Journal

2025
[2]

L., Zhang, J

Wu, K., Wang, Z., Chen, S. L., Zhang, J. A., & Guo, Y. J. (2025). Isac: From human to environmental sensing. IEEE Journal of Selected Topics in Electromagnetics, Antennas and Propagation

2025
[3]

Respati, M. A. K., & Lee, B. M. (2024). A survey on machine learning enhanced integrated sensing and communication systems: Architectures, algorithms, and applications. IEEE Access

2024
[4]

and Degli-Esposti, V

Zhang, Z., Varshney, N., Senic, J., Caromi, R., Berweger, S., Gentile, C., Vitucci, E.M., He, R. and Degli-Esposti, V. (2026). Deep learning- based human gesture channel modeling for integrated sensing and communication scenarios. IEEE Transactions on Antennas and Propagation

2026
[5]

TR 22.837 V19.4.0: Feasibility Study on Integrated Sensing and Communication (ISAC)

3GPP (2024). TR 22.837 V19.4.0: Feasibility Study on Integrated Sensing and Communication (ISAC). [Online]. Available: https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDeta ils.aspx?specificationId=4044

2024
[6]

GR ISC 004 V1.1.1: Integrated Sensing And Communications (ISAC); Security, Privacy, Trustworthiness and Sustainability

European Telecommunications Standards Institute - ETSI (2026). GR ISC 004 V1.1.1: Integrated Sensing And Communications (ISAC); Security, Privacy, Trustworthiness and Sustainability. [Online]. Available: https://www.etsi.org/deliver/etsi_gr/ISC/001_099/004/01.01.01_60/gr_I SC004v010101p.pdf

2026
[7]

Integrating sensing and communications in 6G? Not until it is secure to do so,

Su, N., Liu, F., Zou, J., Masouros, C., Alexandropoulos, G.C., Mourad, A., Hernando, J.L., Zhang, Q. and Chan, T.T. (2025). Integrating sensing and communications in 6G? Not until it is secure to do so. arXiv preprint arXiv:2503.15243

work page arXiv 2025
[8]

and Durak-Ata, L (2025)

Aldirmaz-Colak, S., Namdar, M., Basgumus, A., Özyurt, S., Kulac, S., Calik, N., Yazici, M.A., Serbes, A. and Durak-Ata, L (2025). A comprehensive review on isac for 6g: Enabling technologies, security, and ai/ml perspectives. IEEE Access

2025
[9]

Opinion 05/2014 on Anonymisation Techniques, WP216, Adopted April 2014

Article 29 Data Protection Working Party (2014). Opinion 05/2014 on Anonymisation Techniques, WP216, Adopted April 2014. [Online]. Available: https://ec.europa.eu/justice/article-29/documentation/opinion- recommendation/files/2014/wp216_en.pdf

2014
[10]

Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act), Official Journal of the European Union, L series

European Parliament and Council (2024). Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act), Official Journal of the European Union, L series. [Online]. Available: https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng

2024
[11]

Regulation (EU) 2016/679 (General Data Protection Regulation)

European Parliament and Council (2016). Regulation (EU) 2016/679 (General Data Protection Regulation). Official Journal of the European Union, L 119/1. [Online]. Available: https://eur- lex.europa.eu/eli/reg/2016/679/oj/eng

2016
[12]

Ni, Z., & Huang, B. (2020). Human identification based on natural gait micro‐Doppler signatures using deep transfer learning. IET Radar, Sonar & Navigation, 14(10), 1640-1646

2020
[13]

A., & Chowdhury, M

Sazid, E. A., & Chowdhury, M. (2024, December). Human Respiration and Heart Rate Estimation Using Wi-Fi Channel State Information and Machine Learning. In 2024 6th International Conference on Sustainable Technologies for Industry 5.0 (STI) (pp. 1-6). IEEE

2024
[14]

Zhang, C., Duan, J., Lu, S., Zhang, D., Temiz, M., Zhang, Y., & Meng, Z. (2025). Design and Experimental Demonstration of an Integrated Sensing and Communication System for Vital Sign Detection. Sensors, 25(12), 3766

2025
[15]

Ahmed, S., & Cho, S. H. (2023). Machine learning for healthcare radars: Recent progresses in human vital sign measurement and activity recognition. IEEE Communications Surveys & Tutorials, 26(1), 461- 495

2023
[16]

Guidelines 3/2019 on processing of personal data through video devices

European Data Protection Board - EDPB (2020). Guidelines 3/2019 on processing of personal data through video devices. [Online]. Available: https://www.edpb.europa.eu/our-work-tools/our- documents/guidelines/guidelines-32019-processing-personal-data- through-video_en

2020
[17]

Transforming industries with integrated sensing and communications [White paper]

5G Americas (2025). Transforming industries with integrated sensing and communications [White paper]. [Online]. Available: https://5gamericas.org/wp-content/uploads/2025/06/Transforming- Industries-with-Integrated-Sensing-and-Communications.pdf

2025
[18]

Sen, P., Dass, P., Köpsell, S., & Fettweis, G. P. (2025, January). RF hardware reconfigurability for privacy-preserving integrated sensing and communication. In 2025 IEEE 5th International Symposium on Joint Communications & Sensing (JC&S) (pp. 1-6). IEEE

2025
[19]

Luca, M., Lepri, B., Gallotti, R., Paolazzi, S., Bigi, M., & Pistore, M. (2024). Towards civic digital twins: Co-design the citizen-centric future of bologna. arXiv preprint arXiv:2412.06328

work page arXiv 2024
[20]

Kopponen, A., Hahto, A., Kettunen, P., Mikkonen, T., Mäkitalo, N., Nurmi, J., & Rossi, M. (2022). Empowering citizens with digital twins: A blueprint. IEEE internet computing, 26(5), 7-16

2022
[21]

Alliance, O. R. A. N. (2026). O-RAN operations and maintenance architecture. O-RAN Alliance, Technical Specification O- RAN.WG10.TS.OAM-Architecture-R005-v17.00

2026
[22]

arXiv preprint arXiv:2502.18535, 2025

Peng, Z., Wang, T., Zhao, C., Liao, G., Lin, Z., Liu, Y., ... & Zhang, S. (2025). A survey of zero-knowledge proof based verifiable machine learning. arXiv preprint arXiv:2502.18535

work page arXiv 2025
[23]

Ma, J., Liu, H., Zhang, M., & Liu, Z. (2024). VPFL: Enabling verifiability and privacy in federated learning with zero-knowledge proofs. Knowledge-Based Systems, 299, 112115

2024
[24]

J., & Han, Z

Pradhan, A., Das, S., Piran, M. J., & Han, Z. (2024). A survey on physical layer security of ultra/hyper reliable low latency communication in 5G and 6G networks: Recent advancements, challenges, and future directions. IEEE Access, 12, 112320-112353

2024