arXiv: Opportunities and Challenges in Securely Reusing and Repurposing Mobile Devices

This publication is a research paper from arXiv, not a formal regulatory change, but it provides critical analysis relevant to AI safety and data security compliance. It examines the risks and opportunities of reusing and repurposing mobile devices, particularly in the context of AI workloads and edge computing. The paper highlights that such practices can introduce significant vulnerabilities, including residual data exposure, compromised hardware integrity, and insecure AI model deployment, which may conflict with existing data protection and AI governance frameworks.

The findings affect any organization that repurposes mobile hardware for AI or data processing, including telecoms, IoT operators, cloud service providers, and enterprises using refurbished devices for internal AI tasks. Compliance teams in sectors subject to GDPR, the EU AI Act, or NIS2 should pay particular attention, as the paper underscores gaps in secure device lifecycle management and AI model provenance.

Compliance teams should immediately review their asset disposal and repurposing policies, ensuring that all mobile devices used for AI or data processing undergo certified data sanitization and hardware integrity checks. They should also update risk assessments to account for AI-specific threats from reused hardware, and consider adding contractual clauses for vendors supplying refurbished devices. Finally, monitor the EU AI Act’s evolving guidance on secure deployment environments to align with emerging best practices.