Why retrofit beats rip-and-replace in 2026
Three reasons consistently push KSA owners toward retrofit:
- Sunk capital. A typical Aramco affiliate or NEOM contractor has SAR 3M+ in working cameras, NVRs and cabling. Replacement asks for that investment to be written off.
- Permit and cabling pain. Re-pulling cable through a live process unit can require fresh hot-work permits, MoMRAH coordination, and downtime that the operations team will not approve.
- AI does not need new optics. A 2 MP IP camera from 2019 produces enough pixels-on-target for most PPE, fall and intrusion classes when paired with a modern model. Optics is rarely the bottleneck.
Step 1 — Inventory what you already have
Before any vendor proposal, run a structured inventory. The fields that matter:
| Field | Why it matters |
|---|---|
| Make / model | Determines ONVIF profile support |
| Firmware | Older firmware may not expose RTSP cleanly |
| Resolution / FPS | Drives pixel-on-target maths |
| Codec | H.264, H.265, MJPEG; affects decoder sizing |
| ONVIF profile | Profile S for streaming, Profile T for advanced |
| Network path | Direct camera vs through NVR |
| Cabling | PoE, coax via encoder, fibre |
Tie this to the ONVIF + RTSP integration page and the how to integrate AI with existing CCTV answer.
Step 2 — Decide the stream source
Two options dominate. Pick one explicitly.
Option A — Direct from camera over RTSP. Lowest latency (typically 200–400 ms end-to-end), highest fidelity, but requires direct network reach to each camera. Good for greenfield additions or for sites where the camera VLAN is open to a new analytics subnet.
Option B — From the NVR. Cleaner network model, single point of integration, but introduces re-encode latency (often 1–3 seconds) and may downsample resolution. Good for highly segmented networks or where the security team will not approve a new analytics VLAN.
In 2026, most KSA brownfield retrofits run Option B for general analytics and Option A only for high-frame-rate use cases like fall detection or vehicle-pedestrian safety.
Step 3 — Size the edge inference server
A practical sizing table for a 2026 retrofit:
| Cameras | GPU | Notes |
|---|---|---|
| 1–8 | Jetson Orin NX 16 GB | Hailo-8 acceptable for single-class workloads |
| 8–32 | NVIDIA L4 or A2 | YOLO26-m at 5 fps per stream |
| 32–96 | NVIDIA L40S or A30 | Multi-class with BoT-SORT tracking |
| 96+ | DGX Spark or H100 partition | Multi-site aggregator |
Include 30% headroom for storm-condition false-positive bursts and for the edge inference glossary recommended persistence rules.
Step 4 — Choose where events land
Three integration targets matter in KSA:
- VMS overlay: events appear inside the existing Hikvision, Hanwha, Bosch, Genetec or Milestone VMS as bookmarks. See the dedicated integration pages: Hikvision, Hanwha Wisenet, Bosch BVMS, Genetec Security Center, Milestone XProtect, Axis Camera Station.
- Analytics platform: events flow to a dedicated dashboard like the AI analytics platform.
- Enterprise system: events post to SAP-PM or to a CMMS for industrial sites — see the Aramco EHS guide.
A retrofit without one of these three targets has no operational value. Pick before procurement.
Step 5 — Plan the storage and PDPL posture
The retrofit does not change the PDPL obligations on the original CCTV system, but it can improve the audit story. Two anchors:
- Clip vault — analytics-triggered clips moved to WORM storage with daily SHA-256 hashes; the rest of the recording roll-off stays as-is.
- Lawful basis register — explicit basis for each AI use case, anchored in the data residency posture and the PDPL compliance checklist.
2026 cost ranges in SAR
Indicative ranges for KSA retrofit (excluding camera replacement):
| Component | SAR per camera per year |
|---|---|
| Edge compute share | 200–600 |
| Software licence | 600–1,800 |
| Integration and tuning | 200–500 (Year 1), 100 ongoing |
| Storage delta for analytics clips | 100–300 |
| Total | 1,200–3,500 |
Compare to SAR 8,000–15,000 per camera for a full rip-and-replace including optics and cable [VERIFY-SME — site-specific]. The retrofit usually pays back inside 18 months on a 200-camera site.
Common retrofit mistakes
- Skipping the codec audit — a site with mixed H.264 and H.265 will hit decoder sizing surprises.
- Trusting NVR clocks — clocks drift; tie all events to NTP-locked edge timestamps.
- Ignoring the security team — analytics traffic must respect the existing VLAN segmentation; surprise traffic kills projects.
- Forgetting ONVIF Profile T — without Profile T, advanced features like analytics metadata pass-through are not available.
Field deployment checklist
- Inventory complete and signed.
- Two cameras chosen for a 14-day proof-of-value.
- Edge server sized and ordered with 30% headroom.
- VMS or analytics platform integration target picked.
- PDPL DPO sign-off on retention delta.
- Shadow mode for the first two weeks.
- Operational handover to security ops.
Next steps
If you are scoping a CCTV retrofit, start with the ONVIF + RTSP integration page, the edge AI vs server-side processing answer and the edge vs cloud architectural piece. Cross-check with the CCTV vs edge AI guide for KSA industrial sites.
Book a brownfield CCTV scoping session and we will produce a camera-by-camera retrofit plan and SAR cost envelope within 10 working days.
