Smart city workloads vary by an order of magnitude in latency, privacy sensitivity, and regulatory posture — a gunshot-detection feed is a CJIS-adjacent public-safety workload, while air-quality time-series is open-data by default. The NIST SP 1900-series Smart City framework treats each of these as a distinct "application domain" precisely because the governance controls do not transfer. The most common procurement mistake is bundling them into one contract with a single data-handling clause and then discovering that public-safety video carries restrictions the traffic workload never needed.

The FHWA 2024 Connected Infrastructure Framework and related U.S. DOT guidance set hard latency expectations for the safety-critical layer — miss them and the workload either falls back to a human review loop or is non-compliant with the reference architecture city grant funders expect. Once the pole is in the street, latency is set by physics (backhaul distance, codec, queue depth); it is not a parameter you can improve later with a software release. Specify per-workload SLAs up front so the tower host does not overbuild for environmental sensors or underbuild for public-safety video.

Data residency for municipal workloads is almost always a statutory question, not a contractual preference — and the penalty for getting it wrong is grant clawback under programs like the IIJA smart-city provisions rather than a negotiated credit. CJIS Security Policy in particular treats a criminal-justice video feed as in-scope the moment it is retained, transmitted, or processed on infrastructure an outside vendor controls, and that control test is what forces on-jurisdiction processing. A vendor "data stays in-region" SLA does not satisfy a residency statute that asks where the processor is sited.

FedRAMP Moderate is the de facto baseline for any municipal workload carrying federal grant funds, and StateRAMP has been adopted by a growing set of state procurement offices as the equivalent at state level. Once a workload is tagged FedRAMP-in-scope, the tower-hosting environment must either inherit authorization from an already-authorized cloud service provider or independently achieve it — there is no informal third option. The common failure is a carrier bidding municipal AI hosting on infrastructure that has never been through a 3PAO assessment and discovering mid-procurement that the entire stack is unauthorized.

CJIS Security Policy applies from the point of creation or receipt of criminal-justice information, and it reaches every vendor, contractor, and device in the processing path. The 2023 revision tightened advanced-authentication requirements and vendor-access controls, and any streetside AI hosting contract that touches a CJIS feed inherits those controls whether or not the RFP mentions CJIS by name. Treating CJIS as a downstream concern — bolt it on after the architecture is chosen — is how vendors get disqualified in the final contract review.

Section 508 applies to all federally-funded ICT procurement and most state and municipal procurements mirror it through local accessibility statutes; WCAG 2.1 AA is the practical conformance target. AI-generated outputs — a natural-language 311 response, a traffic-dashboard visualization — are procurement deliverables under 508 just like any other UI, and the Section 508 refresh harmonized the standard with WCAG. Cities have increasingly unwound contracts that delivered inaccessible dashboards, regardless of model quality.

Adding an AI compute module to an existing streetside small cell is an "eligible facilities request" under Section 6409(a) in many cases, which starts a 60-day federal shot clock on local review. Misreading which framework applies is the fastest way to lose a municipal contract: if the carrier asserts Section 6409 and the city disputes it, the whole hosting program can stall in administrative litigation. The regulatory path also determines whether NEPA or NHPA review attaches, and that in turn determines the actual time-to-first-kilowatt at the site.

3GPP Release 18 establishes the 5G-Advanced baseline and Release 19 introduces AI/ML-native features in the air interface that change how model updates and inference hints can ride on the control plane. O-RAN splits change who integrates the radio stack with the edge AI fabric, and CBRS Part 96 SAS coordination imposes its own operational cadence on any site using the 3.5 GHz band. Locking an AI hosting architecture to a specific 3GPP release without a clear upgrade story creates a stranded-asset risk when the city asks for features introduced two releases later.