Behavioural analytics watches not just what objects are present but what they do, applying rules to their movement: crossing a line, entering a zone, loitering, gathering into a crowd, or leaving an object behind. It works in two stages — first describe the scene (detect and track objects), then run a rule engine over those tracks to decide whether a defined behaviour occurred. The rules are authored in the VMS, so an operator sets up "alert if anyone crosses this fence line after hours" without touching the model.
This is the workhorse analytic for proactive security, because it turns continuous video into specific, actionable alerts. Several of its rule types are standardised: the ONVIF Analytics specification (Annex A) defines normative rules such as line detector, field (zone) detector, and loitering detector, plus counting, which is what lets these behaviours travel between a conformant camera and VMS. Well-tuned, behavioural rules cut false alarms by 90% or more versus raw motion — but never to zero.
The pitfall is over-trusting the rules and mis-setting the privacy line. Rules fire on appearance, lighting, and edge cases, so they always need tuning and a tolerance for some false alarms. On privacy, ordinary behavioural analytics (counting, line crossing) is personal data but generally not Article 9 biometric, per EDPB Guidelines 3/2019 — it only tips into biometric or EU AI Act Article 5 territory when it identifies a specific person or infers emotion. This is engineering guidance, not legal advice; the detection/tracking model internals belong to the AI for Video Engineering section.
