Internal Investigations Under Pressure: Navigating AI, Cybersecurity and Privacy

As digital systems grow more complex, internal investigations are increasingly triggered by AI-related failures, cybersecurity incidents and data protection breaches. This session offers a practical framework for privacy, legal and compliance professionals navigating high-stakes investigations across multiple regulatory environments. We will examine how internal investigations are initiated — often unexpectedly — and what regulators are looking for in terms of cooperation, documentation and transparency. We will cover how to manage legal privilege, coordinate with internal teams and meet regulatory reporting requirements under frameworks such as the AI Act, NIS2, GDPR and the U.K.’s corresponding legal and regulatory obligations. We will also explore how proactive engagement with regulators — such as breach notifications, sandbox participation or transparency reporting — can inadvertently lead to broader scrutiny of adjacent practices. By drawing on real-world experience, this session will equip participants with the tools to anticipate investigative risk, maintain defensible processes and manage the cross-border complexities of today’s regulatory landscape.

What you will learn: 

• Key regulatory triggers under the AI Act, NIS2, GDPR and UK equivalents.
• How to improve coordination across legal, privacy and security teams during investigations.
• How to manage privilege and cross-border risk in regulatory enquiries.