| GMT |
December 11, 2025 |
| 10:45 |
Navigating the Artificial Intelligence Act: Governance, Innovation & Compliance in the EU
10:45am - 11:30am
The European Union’s landmark Artificial Intelligence Act (Regulation (EU) 2024/1689) has set a new global benchmark for AI governance. With key governance bodies now operational (such as the European Artificial Intelligence Board) and obligations for general-purpose AI (GPAI) models already starting to apply as of 2 August 2025, organisations operating in or exporting to the EU face an urgent need to adapt. This session will examine how firms in the UK/EU zone are managing the transition - from establishing internal governance frameworks and audit-ready processes to engaging with national competent authorities and aligning innovation with regulatory demands.
Participants will dive into the practical questions: How can companies structure model-risk oversight, human-in-loop requirements, and transparency obligations across multiple jurisdictions? How do UK entities (post-Brexit) align with the EU regime while preserving agility in innovation? What are the implications for board oversight, compliance functions and internal audit in an era where AI regulation is becoming pervasive? The panel will bring together regulators, compliance leads and innovation officers to share perspectives and best practices.
Moderator
- Jovita Tam, Business-focused Data/AI Advisor & Attorney (England & NY)
Panelist
|
| 11:30 |
| 11:30 |
From Compliance to Value Driver: How Internal Audit Uncovers Hidden Savings
11:30am - 12:00pm
Join us for an engaging webinar on redefining Internal Audit's role. Learn how to move beyond compliance and become a proactive force in identifying and mitigating financial losses across your organization. We'll explore "value leakage" audits, showing you how to assess controls to detect financial loss, recover overpayments, and drive process improvements. A real-life Accounts Payable case study will demonstrate how data analysis uncovers key opportunities for control enhancements and substantial cost savings. This webinar offers practical insights to elevate your audit function's value and strengthen your organization’s controls, directly contributing to your bottom line.
Learning Objectives:
- Discover how Internal Audit can move beyond compliance to deliver actionable recommendations that improve business performance
- Master “value leakage” audit methodology to proactively identify financial losses and recover overpayments.
- Develop strategies to assess internal controls for detecting and preventing financial leakage.
- Explore how modern audit tools can support data-driven auditing, streamline workflows, and enhance audit effectiveness.
Moderator
Panelist
|
| 12:00 |
| 12:00 |
Data Protection, Cross-Border Flows & Privacy in a Fragmented Europe
12:00pm - 12:45pm
Data privacy remains a foundational pillar of governance in the UK/EU region, yet the landscape is rapidly evolving. With the General Data Protection Regulation (GDPR) firmly in place, firms are now grappling with divergent national privacy regimes, emerging laws in the UK, and the pressures of cross-border data transfers and localisation requirements. The panel will explore how organisations build privacy-by-design into global operations - while navigating mechanisms such as adequacy decisions, standard contractual clauses and national enforcement variances.
The discussion will focus on real-world risks: third-party data flows, vendor ecosystems, and regulators’ increasingly rigorous approach to breach notifications and accountability. UK-based companies operating EU-wide (and vice versa) face the dual challenge of compliance continuity and strategic alignment. We’ll examine how privacy risk is moving from the legal team into enterprise-risk frameworks, how boards are overseeing privacy as a business risk, and how firms are leveraging technology, governance and training to operationalise data protection in a cross-border world.
Moderator
- Nour Mitry, Associate - Technology & Intellectual Property, Latournerie Wolfrom & Associés
Panelist
- Eleonor Duhs, Barrister, Partner, Head of Data & Privacy, Bates Wells LLP
- Maria Victoria Theuma, Chief Compliance Officer, Steadfast Insurance Partners Ltd.
- Tracy Kelleher, Group Director of Legal, Compliance, & Data Protection, Dornan Engineering
- Dean Hogarth, Privacy & Data Protection Director, OCU
|
| 12:45 |
| 12:45 |
Cyber & Digital Ecosystem Risk: Resilience, Regulation and Supply Chains in Europe
12:45pm - 1:30pm
Europe is facing a profound re-assessment of digital risk - spanning cyber-threats, extended supply-chains and regulatory mandates. New frameworks like the Cyber Resilience Act (CRA) and the Network and Information Security 2 Directive (NIS2) are reshaping obligations for manufacturers, software providers, and sectors across the EU. On top of that, recent warnings indicate that Europe has become one of the world’s more targeted cyber-regions, due to geopolitical tension and supply-chain exposures. This panel will centre on how UK/EU organisations are adopting governance frameworks to manage cyber risk at the enterprise level — not merely as a tech issue but as a strategic, board-level concern.
Topics will include: how governance frameworks (risk committees, audit, third-party risk management) adapt to sweeping regulation; how firms define and quantify ecosystem risk (vendors, cloud, SaaS, IoT); and how resilience is defined and measured (beyond prevention to recovery). We’ll explore best practice for oversight, incident readiness, board reporting and alignment with global programmes - all in the context of UK/EU regulations and the evolving threat environment.
Moderator
Panelist
- Asif A. Kabani, MBA Mentor, Senior Fellow - UN SDGs - Internet Governance and Policy (IGP),
United Nations - SDG Centre, Geneva
- Susanne (Zuzana) Bitter, Head of Regional Strategic Alliances (United Kingdom), Cyber Security Forum Initiative
- Vibha Mohan, Group Legal Counsel, Smallpdf
- Craig Clark, Director, Clark & Company Information Governance Services Ltd
- Richard Cassidy, CISO, EMEA
|
| 1:30 |
| 1:30 |
ESG & Ethical Leadership: From UK Stewardship to EU Regulation and Reporting
1:30pm - 2:15pm
The UK and EU continue to accelerate governance expectations around ESG, and boards and risk teams are being asked to step up. The EU has recently advanced regulations on ESG rating providers (e.g., the Regulation on the Transparency and Integrity of Environmental, Social and Governance Rating Activities) to drive transparency and comparability in sustainability metrics. Meanwhile, UK firms face evolving stewardship codes, non-financial reporting requirements and investor demands for ESG oversight. This panel will examine how governance, risk and compliance functions in the UK/EU region are re-defining ethical leadership, board oversight, culture and disclosure to meet stakeholder and regulatory expectations.
Speakers will map the shift from ESG as a compliance-only function to a strategic enabler - considering how boards integrate ESG risk into enterprise-risk frameworks, how talent and leadership cultivate an ethical culture, and how organisations manage supply-chain human-rights and environmental risks. We will also probe emerging tensions - for example between short-term performance pressures and long-term ESG resilience, and how firms are governing third-party ESG exposures across UK/EU value-chains.
Moderator
Panelists
|
| 2:15 |
| 2:15 |
Culture, Talent & Organisational Resilience: The UK/EU Imperative
2:15pm - 3:00pm
Resilience is no longer just about systems — it’s about people, culture, talent and governance. In the UK and across Europe, organisations are responding to workforce shifts (hybrid/remote working), skills gaps, regulatory expectations around culture and increasing operational risk from internal behaviours and external shocks. This panel will focus on how governance and compliance leaders partner with HR, risk and audit to build a risk-aware culture, integrate talent risk into enterprise-risk frameworks, and ensure organisational resilience in a dynamic environment.
Key discussion points will include: what board-level oversight of culture and talent risk looks like in the UK/EU context; how firms measure and monitor culture risk (e.g., via behavioural indicators, ethics/whistle-blowing systems, leadership accountability); and how resilience planning evolves in the face of emerging threats (cyber, supply chain, geopolitical). We’ll also explore how GRC practitioners ensure that talent flows, workforce design and leadership pipelines align with governance imperatives — across multiple jurisdictions and cultural contexts.
Moderator
- Michael Sparks, Ex-Chief Risk & Compliance Officer; Issuer Services, BNY
Panelist
- Ian Day, Associate Professor - Coaching Programmes, University of Warwick & Author of The Coaching Leader, Leadership Coach
- Cha'von K. Clarke-Joell, CEO & Chief AI Ethics & Governance Architect, CKC Cares Group
- Natasha McAllister, Data Responsibility and Privacy Specialist, Cognizant
|
| 3:00 |
| 3:00 |
Risk Quantification & Board Strategy in the UK/EU: Translating Risk into Metrics and Value
3:00pm - 3:45pm
Boards across the UK and Europe are demanding more from risk functions: not just descriptions of risk, but quantification, scenario-analysis, strategic insight and alignment with value creation. This panel will examine how organisations are turning narrative risk into measurable impact - whether financial, reputational or operational - and how this drives board decision-making and strategy. The UK/EU regulatory environment (with evolving expectations around audit committees, risk disclosures and sustainability-linked practices) gives this topic particular urgency.
The session will cover how risk professionals in the UK/EU ecosystem are deploying analytics, dashboards and scenario-modelling to link risk appetite with capital, investment and strategic planning. We’ll explore practical frameworks: how to engage the board with risk metrics; how to integrate risk quantification into governance and audit structures; and how to ensure that UK/EU regulatory and stakeholder expectations (including from investors, regulators and non-financial reporting standards) are met. The aim: making risk management a strategic enabler rather than a cost centre in the UK/EU context.
Moderator
|
| 3:45 |
| 3:45 |
Celebrating PICCASO Awards 2025: Designing for Trust: Dark Patterns, Consent Integrity and the Future of User Rights
3:45pm - 4:30pm
As regulators across the UK and EU intensify their scrutiny of online consent practices, organisations are being pushed to confront the growing risks associated with “dark patterns” — manipulative design techniques that nudge users toward choices they may not fully understand or intend. From asymmetrical cookie banners to deceptive interface flows, the boundaries between optimisation and manipulation are under sharper regulatory and ethical examination. This panel will explore how risk, privacy and compliance leaders can ensure that consent remains freely given, informed and unambiguous, while still enabling legitimate data-driven business models. We will examine the latest enforcement trends, regulatory guidance and legal expectations around UX design, transparency and user autonomy.
At a time when digital trust is becoming a competitive differentiator, organisations must rethink the relationship between user experience and privacy risk. Our speakers will discuss practical strategies for embedding “ethical design” into product development, including testing frameworks, behavioural indicators, governance oversight and collaboration between privacy teams and UX designers. The panel will also consider the reputational and regulatory consequences of poor consent practices, how emerging AI-driven interfaces complicate user rights, and what forward-looking organisations are doing to build trust-by-design into every step of the customer journey.
This panel brings together PICCASO Award participants (winners, shortlisted candidates and companies), celebrating this year's European event in London last month. From Europe to North America, each awards site showcases the commitment to recognising excellence, promoting ethical innovation, and building a truly global privacy community.
Moderator
Panelist
|
| 4:30 |
| 4:30 |
Deepfakes, Sexual Abuse & the New War on Women: Law, Power and the Fight for Safety
4:30pm - 5:15pm
Deepfake pornography has become one of the fastest-growing forms of image-based sexual abuse, overwhelmingly targeting women and girls. With AI tools now able to create hyper-realistic sexualised images from everyday photos, deepfake abuse is no longer the work of fringe online actors - it is being carried out by classmates, colleagues, ex-partners, and strangers with a few clicks. Survivors describe a profound loss of safety, dignity and autonomy, whether they are public figures like Taylor Swift or ordinary women whose social media images are transformed into synthetic sexual content. Despite the devastating mental and social harms - anxiety, humiliation, professional repercussions, and the chilling effect on women’s public participation - legal protections lag behind. In many jurisdictions, including the UK until recently, creating a deepfake was not illegal even though sharing one was, leaving women exposed to a form of “invisible” violence that can occur at any moment, without recourse.
This panel will explore why deepfake sexual abuse represents a new frontier of misogyny - one that normalises the idea that women’s bodies, identities and sexuality are public property to be manipulated. We will examine the systemic failures enabling this epidemic: ambiguous platform policies, slow or inconsistent content removal, AI tools that lack safeguards, and cultural attitudes that trivialise deepfake abuse as fantasy rather than violation. With lawmakers, technologists, survivors and digital-rights advocates, we will discuss the urgent need to criminalise creation as well as distribution, enforce accountability for platforms and AI model developers, and embed safety-by-design into emerging technologies. Ultimately, this session asks a critical question: In a world where any woman can be deepfaked at any time, what must change to make digital life safe for half the population?
Moderator
Panelist
- Eva Blum-Dumontet, Head of Movement Building and Policy, Chayn
- Laura Hamilton, TV Presenter, Property Expert, Entrepreneur, Adventurer
- Cha'von K. Clarke-Joell, Global AI Ethics Advocate, Thought Leader, and Innovator in Data Protection and Inclusivity, CKC Cares
- Donna Etemadi, Founder and Partner, Etemadi Legal Group
|
| 5:15 |
| 5:15 |
Striking the Balance: U.S. AI Innovation, Governance and State-vs-Federal Regulation
5:15pm - 6:00pm
As the U.S. races ahead in AI innovation, its governance structures are struggling to keep pace. With Washington’s light-touch approach contrasted by increasingly assertive state-level initiatives, the patchwork of regulation is creating new complexities for companies. Recent Senate moves to lift the moratorium on state AI laws underscore a future where compliance, accountability, and innovation may depend as much on zip code as on business model. Boards and compliance teams must now define internal guardrails for AI ethics, transparency, and model risk - before regulators decide for them.
This session brings together corporate leaders, policymakers, and AI risk experts to explore how U.S. enterprises can future-proof their governance frameworks amid regulatory fragmentation. What can America learn from global examples like the EU AI Act while preserving its innovation edge? And how can risk professionals translate the uncertainty of AI governance into actionable oversight and board-level strategy?
Moderator
Panelist
- Michael Kurzer, Shareholder, Vedder Price
- Dr. Deborah Wall, Executive Director Principal Data Science (Applied AI), Wells Fargo
- Chris Pahl, Chief Privacy Officer, County Executive Office, County of Santa Clara
|
| 6:00 |
| 6:00 |
Beyond the Firewall: Governance of Cyber & Digital Ecosystem Risk for U.S. Companies
6:00pm - 6:45pm
Cybersecurity is no longer an IT problem - it’s a governance imperative. With the SEC mandating prompt disclosure of material cyber incidents and new reporting standards reshaping board oversight, the U.S. corporate landscape is facing a paradigm shift in how cyber risk is understood and managed. Meanwhile, as digital ecosystems become more entangled - through cloud platforms, software supply chains, and third-party vendors - the attack surface grows wider, and accountability becomes blurred.
This panel examines how U.S. organizations can embed cyber resilience at the governance level, aligning C-suite, board, and risk teams behind a shared understanding of digital risk exposure. Experts will discuss new approaches to third-party due diligence, incident reporting, and resilience metrics that translate technical risk into enterprise-level language. Attendees will leave with practical insights on building a culture of cyber governance that extends beyond the firewall and deep into the digital ecosystem.
Moderator
Panelist
|
| 6:45 |
| 6:45 |
California’s Privacy Reset: Will the Golden State Set a New Standard for America?
6:45pm - 7:30pm
California has once again put itself at the vanguard of digital regulation with a sweeping package of new privacy laws signed by Governor Gavin Newsom in 2025. These measures tighten rules on browser opt-out signals, social media account deletion, and data broker transparency, while introducing groundbreaking protections for children, reproductive health, and even interactions with AI chatbots. From “black box” mental health warnings to new restrictions on geofencing near clinics, the state’s lawmakers are setting ambitious - and controversial - expectations for how technology companies handle sensitive data.
As these laws take effect, attention is shifting to how the rest of the U.S. will respond. Will California’s model become the de facto national standard, as GDPR did for Europe, or will competing state frameworks create a fragmented regulatory patchwork? This session brings together privacy advocates, legal experts, and industry leaders to unpack what these laws mean for compliance, innovation, and the broader balance between consumer protection and commercial freedom in America’s data economy.
Moderator
- Joel Schwarz, Privacy, Cybersecurity and Emerging Tech Attorney, Law Professor, Author, Managing Partner, Schwarz Group LLC Consultants, and Student Data Privacy Advocate
Panelist
- Iman Saleh, Senior Manager - AI Privacy Architecture, Airbnb
- Adedoyin Fadare, Senior Consultant, PriCyai Advisory LP
- Hope Frank, Chief Marketing & AI Officer, Thought Leader, Forbes Communications Council
|
| 7:30 |
| 7:30 |
Metrics, Models & the Boardroom: Quantifying Enterprise Risk for U.S. Strategic Oversight
7:30pm - 8:15pm
The boardroom is under pressure to do more than acknowledge risk - it must quantify it. From AI to cyber to climate, U.S. corporations are moving beyond qualitative “heat maps” toward data-driven risk modelling that informs strategy, capital allocation, and performance oversight. Yet quantification isn’t straightforward: emerging risks often lack historical data, while fast-moving regulatory and geopolitical shifts challenge traditional frameworks. The question for boards is no longer whether to quantify, but how to do so credibly and consistently.
In this discussion, board directors, risk officers, and analytics experts examine how U.S. companies are redefining enterprise risk management to support smarter decision-making. The session explores new tools for scenario analysis, financial quantification, and cross-functional reporting - turning risk language into the metrics that shape boardroom strategy. Participants will gain insight into how quantification, transparency, and governance can coexist to deliver resilience and long-term value.
Moderator
- Vivek Bedi, Chief Product Officer | Board Member | Digital Leader | AI Advisor
Panelist
|
| 8:15 |
