- with Senior Company Executives, HR and Finance and Tax Executives
- in United States
- with readers working within the Technology and Law Firm industries
In this article, the author explores the technical benefits of pairing remotesensing technology with artificial intelligence (AI)–driven analytics across oil, gas, water, and electric systems; examines the evolving legal and regulatory framework governing high-risk AI in critical infrastructure; and outlines key international space law considerations for remote-sensing activities. The author concludes with key takeaways to help organizations operationalize AI governance, as the technology and regulations evolve in this area.
The convergence of space-based remote sensing and advanced artificial intelligence (AI) is reshaping how critical infrastructure operators safeguard pipelines and transmission networks. With satellites providing persistent, wide-area visibility across vast and often inaccessible corridors, and AI systems transforming raw data into actionable intelligence, operators can detect anomalies earlier, prioritize responses with greater precision, and reduce operational risk at scale.
This article explores the technical benefits of pairing remotesensing technology with AI-driven analytics across oil, gas, water, and electric systems; examines the evolving legal and regulatory framework governing high-risk AI in critical infrastructure; and outlines key international space law considerations for remotesensing activities. It concludes with key takeaways to help organizations operationalize AI governance, as the technology and regulations evolve in this area.
AI and Space-Based Remote Sensing Used for Monitoring Critical Infrastructure
Satellites in space and AI systems on the ground are working together to keep critical infrastructure, such as oil, gas, water, and electric transmission lines, safer and more reliable. Satellites monitor large areas quickly and repeatedly, while AI turns those pictures and signals into clear, timely insights.1 Pipeline operators can use satellites to:
- Detect signs of anomalies before they develop into bigger problems, such as corrosions, leaks, or interference;
- Identify when critical components are deteriorating and need to be maintained or replaced; and
- Take immediate action to correct issues even if the pipelines are in remote areas.2
By integrating AI, operators can inspect pipelines at scale and increase defect detection rates.3
In addition, AI and satellite imagery help restore power after natural disasters, such as hurricanes. By using real-time satellite data and AI systems, companies can provide a detailed beforeand-after analysis of ravaged areas, so that crews can determine which areas have downed power lines.4 Satellite and AI technology can also provide early detection for algae blooms, which can clog hydroelectric turbines and interfere with energy generation.5
In short, remote-sensing technology from outer space and AI are becoming core parts of critical infrastructure safety. By pairing wide-area visibility from space with AI analysis on the ground, operators can detect risks earlier; focus crews where they are needed most; and keep oil, gas, water, and electric networks running safely and reliably.
AI Regulations Impacting Critical Infrastructure
Legislatures have been passing regulations focused specifically on AI because of the rapid development of AI systems over the past few years and the potential risks such advanced systems present. Some of these AI regulations focus on high-risk areas, which include critical infrastructure and essential government services, such as the EU Artificial Intelligence Act (the EU AI Act), South Korea's the Basic Act on the Development of AI and Establishment of Foundation for Trust (the Basic AI Act), Colorado's Anti-Discrimination in AI Act (Colorado AI Act), and Montana's Creating the Right to Compute Act and Requiring Shutdowns of AI Controlled Critical Infrastructure (Montana AI Act). With remotesensing technology being increasingly used with AI systems in the context of critical infrastructure and essential government services, such as oil, gas, water, and electricity, operators should consider the potential implications of these new regulations.
EU AI Act
The EU AI Act went into effect on August 1, 2024. Obligations under the law are dependent on whether the AI system's risk is prohibited, high, or minimal. As relevant here, the development and deployment of AI systems in the critical infrastructure context is considered high risk and triggers a majority of the obligations under the law. The compliance obligations for high-risk AI systems enter into force August 2, 2026.
The high-risk obligations related to critical infrastructure apply if the AI system is "intended to be used as safety components in the management and operation of critical digital infrastructure, road traffic, or in the supply of water, gas, heating or electricity."6 If an AI system is used in this context, the operator would need to assess whether it is a provider of the AI system used for critical infrastructure safety (i.e., the developer of the AI system) or deployer (i.e., the entity using the AI system). Depending on the operator's party-role, it would need to implement the following compliance obligations under the EU AI Act:
| Providers | Deployers |
| Risk Management System. Establish, implement, document and maintain a risk management system throughout the AI system's life cycle. | Input Data. Ensure that the input data is relevant and sufficiently representative in view of the AI system's intended purpose, to the extent the input data is under the deployer's control. |
| Providers | Deployers |
| Data Governance and Management Practices. Apply data governance and management practices appropriate for the training, validation, and testing datasets. | Technical and Organizational Measures. Take appropriate technical and organizational measures to ensure that the AI system is used in accordance with the instructions for use. |
| Technical Documentation. Draw up technical documentation containing elements required under Annex IV of the EU AI Act. | Data Protection Impact Assessment. Use the instructions for use to carry out data protection impact assessment, where applicable. |
| Automatic Logging. Ensure that the AI system can automatically record events (logs) over its lifetime. | Fundamental Rights Impact Assessment. Carry out fundamental rights impact assessments where public services are involved. |
| Transparency and Information to Deployers. Provide instructions for use to, and ensure transparency of operation for, deployers. |
Information to Individuals. Inform workers and workers' representatives that individuals are subject to AI system before using in the workplace. Inform individuals that they are subject to use of a stand-alone AI system where the system makes decisions or assists in making decisions relating to individuals. |
| Human Oversight. Ensure that the AI system can be effectively overseen by natural persons during its use. | Human Oversight. Assign human oversight to natural persons who have necessary competence, training, authority, and support. |
| Accuracy, Robustness, and Cybersecurity. Ensure an appropriate level of accuracy, robustness and cybersecurity throughout the AI system's life cycle. | Log Keeping. Retain automatically generated logs, to the extent they are under the deployer's control. |
| Providers | Deployers |
| Quality Management System. Put in place a specified quality management system for EU AI Act compliance. | EU Database Registration. Register the deployer and use of the AI system in the EU database, if the deployer is a public authority or an EU institution, body, office, or agency. |
| EU Harmonization Legislation and Accessibility Legislation. Comply with the requirements of the EU harmonization legislation and accessibility requirements legislation applicable to the AI system. | Cooperation with Competent Authorities. Cooperate in any action taken by authorities relating to the AI system to implement the EU AI Act. |
| Document Keeping. Retain relevant documentation at the disposal of competent authorities for a 10-year period. | Monitoring. Monitor operation of the AI system to ensure that it is following the instructions for use and inform providers where relevant. |
| Log Keeping. Retain automatically generated logs, to the extent they are under the provider's control. | Duty to Inform and Suspend Use. Where the deployer has reason to consider that the AI system presents risk to health or safety or fundamental rights, inform the provider or distributor and relevant market surveillance authority, and suspend use of the AI system. |
| Conformity Assessment Procedure. Carry out a conformity assessment procedure before placing the AI system on the market or putting it into service. | Incident Reporting. Report serious incidents first to the provider, then the importer or distributor and relevant market surveillance authorities of the incident. |
| EU Declaration of Conformity. Draw up and retain at the disposal of competent authorities for a 10-year period. | |
| CE Marking, Name, and Contact Address. Affix to the AI system, or where not possible, on its packaging or accompanying documentation. |
| Providers | Deployers |
| EU Database Registration. Register the provider and AI system in the EU database before placing on the market or putting into service. | |
| Authorized Representative. If the provider is established in a non-EU country, appoint an EUauthorized representative before making the AI system available on the market. | |
| Cooperation with Competent Authorities. Upon request, provide to the competent authority all information and documentation necessary to demonstrate compliance, and automatically generated logs. | |
| Post-Market Monitoring System. Establish and document a postmarket monitoring system in a manner proportionate to the nature of the technologies and AI system risks. | |
|
Corrective Actions and Duty to Inform. Where the AI system on the market does not comply with the EU AI Act, take corrective actions to bring the AI system into conformity and inform relevant parties. Where the AI system on the market presents risk to health and safety or fundamental rights, inform market surveillance authorities. |
|
| Incident Reporting. Report serious incidents to the market surveillance authorities of the EU member state where the incident occurred. |
To view the full pdf, click here.
Footnotes
1. See GIM International, "The Source of Power: How Satellite Imagery Propels the Energy Sector into the Future," https://www.gim-international.com/case-study/the-source-of-power-how-satellite-imagery-propels-theenergy-sector-into-the-future?output=pdf.
2. See Ground Control, "How Satellite IoT Keeps Pipeline Infrastructure Safe in Remote Environments," https://www.groundcontrol.com/blog/ how-satellite-iot-keeps-pipeline-infrastructure-safe/.
3. See Numalis, "AI for Smarter Pipeline Management in Oil and Gas Industry," https://numalis.com/ai-pipeline-management-in-oil-and-gas-industry/.
4. See International Water Power, "Using AI and Satellite Data to Transform Disaster Response and Sustainability," https://www.waterpower magazine.com/analysis/using-ai-and-satellite-data-to-transform-disasterresponse-and-sustainability/?cf-view.
5. See id.
6. EU AI Act, Annex III.2.
Originally published by Journal of Robotics, Artificial Intelligence & Law
Visit us at mayerbrown.com
Mayer Brown is a global services provider comprising associated legal practices that are separate entities, including Mayer Brown LLP (Illinois, USA), Mayer Brown International LLP (England & Wales), Mayer Brown (a Hong Kong partnership) and Tauil & Chequer Advogados (a Brazilian law partnership) and non-legal service providers, which provide consultancy services (collectively, the "Mayer Brown Practices"). The Mayer Brown Practices are established in various jurisdictions and may be a legal person or a partnership. PK Wong & Nair LLC ("PKWN") is the constituent Singapore law practice of our licensed joint law venture in Singapore, Mayer Brown PK Wong & Nair Pte. Ltd. Details of the individual Mayer Brown Practices and PKWN can be found in the Legal Notices section of our website. "Mayer Brown" and the Mayer Brown logo are the trademarks of Mayer Brown.
© Copyright 2025. The Mayer Brown Practices. All rights reserved.
This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
