Business risk and technical challenge – Cyber, AI and regulatory readiness

AI is moving faster than the rules designed to govern it. Cyber threats are growing more sophisticated. A wave of new regulations and standards is reshaping what “responsible” technology adoption looks like. Accountability is landing squarely in the boardroom and regulators are already asking the hard questions.

Many organisations are already deploying AI and other technologies in live systems and internal operations, while relying heavily on third‑party platforms, models and automation. Boards are increasingly asking difficult questions about accountability, oversight and compliance, often before organisations feel confident in their answers. The central question for attendees is this: Who owns our AI and cyber risk — and could we defend our oversight to a regulator today?

The discussion will focus on:

• where organisations are exposed to risk
• how cyber and AI risk are amplifying one another
• how to ensure compliance before suppliers, clients or regulators audit your business.

This roundtable, hosted jointly by Tech Industry Forum, Source Code Control, and HCR Law, will work through a practical framework covering:

• AI governance: auditing your organisation’s AI use and stress-testing oversight
• Cyber resilience: preparing for incidents before they happen, not after
• Regulations and standards: making sense of the EU AI Act, NIS2, DORA, ISO/IEC 42001, and what UK boards need to act on now
• Software Bills of Materials: knowing what’s actually inside the software you ship, buy, and rely on
• Quantum readiness: getting ahead of post-quantum cryptography before “harvest now, decrypt later” becomes a board-level problem
• Aligning legal and technical teams : defining what “good” compliance actually looks like