Alright. Good morning, y'all. Thank you for joining me today. Now I admittedly can't see or hear anyone. So if you can't see or hear me, please let me know.But it's truly an honor to be part of a global conference like this one, that's devoted to women and minorities working in technology. These spaces matter, not just for our professional development, but for the progress of the industries that we shape. My name is Maryam Mesilla. I am the founding partner, of the law firm of Pearson and Ferdinand and the cochair of the firm's privacy and data protection practice. The firm is a tech driven law firm, created to reflect the realities that many of us live. It's a place where professional ambition and family responsibility can coexist, and it's where women don't have to choose between career and caregiving. I'm a corporate legal adviser.

I focus my practice on data privacy, cybersecurity, AI governance, and regulatory compliance. I help businesses build secure ethical systems that foster innovation without compromising responsibility. I'm also a mother of two very young daughters, and they're the reason that I push for change in the tech industry specifically. So every decision I make, every strategy I advise on is driven by a belief that we can and must build a world where leadership in technology and law reflects the people it serves. And working in a male dominated space, especially at the intersection of law and emergent emerging tech, has taught me resilience. But more than that, it's taught me that we have to hold the door open for others, and that's why mentorship, especially for women and underrepresented voices, is a cornerstone of my work. Today, we'll talk about how we balance innovation with risk, how we build ethical AI systems that actually protect people, and how legal and business leaders alike can be proactive in creating safer digital ecosystems.

So let's get started. In today's discussion, we'll cover a variety of topics. We'll start by, covering AI's expanding role across industries. We'll touch on cybersecurity and data privacy with respect to AI, and then we'll dive into the core principles of an ethical AI system. Next, we'll navigate the global legal landscape, take a high overview of what where the laws stand today, and then we'll talk about how to balance those laws with innovation and how to mitigate your legal risk. Then we'll talk about how to build a resilient ethical AI framework and the legal strategies to strengthen consumer trust at the same time. And from there, I will go through a few of my perspective points and then a few takeaways, and, of course, I welcome your questions at the end of the presentation. So AI, it's an expanding foot footprint into many regulated industries. It integrates the most sensitive and heavily regulated sectors like health care.

AI powers diagnostic imaging, patient triaging, and personalized treatment plans. But what if AI misdiagnosis due to biased training data? Who's liable then? Is it the hospital, the doctor, the developer of the AI system? It's in finance. Algorithms, for instance, assess creditworthiness. They detect fraud. They flag suspicious activity. But we've seen real world examples where biased models can deny loan applications, for instance, disproportionately based on certain demographics. That, of course, raises red flags under certain antidiscrimination and fair lending laws. AI is now in retail. It drives inventory forecasting, dynamic pricing. It even boosts facial recognition across storefronts and in stores. And at the same time, these applications raise antitrust and privacy concerns that fall into a gray area around biometric regulation.

The legal frameworks governing these industries are ever evolving, but they're not always fast enough to keep up with the technology. And that's why a proactive legal approach to innovation is critical. As AI adoption grows, so does the need for strategic implementation for business leaders and for in house counsel. Let's talk about cybersecurity. AI has transformed cybersecurity so that it could be used both as a shield and a potential vulnerability. It can be used to detect threats in real time, predict future risks, and automate response protocols. But cybercriminals are also using AI. For instance, there's been an increase in deepfakes, and synthetic identity fraud are becoming increasingly sophisticated and increasingly hard to regulate. AI systems are trained on large datasets, but they can inadvertently store or leak personally identifiable information or PII for short, especially if proper data handling protocols aren't in place internally to protect that data.

A breach in an AI system could lead not just to compromised models but to exposure of intellectual property or a misuse of proprietary algorithms. So cybersecurity is a legal and compliance issue, and leaders must ensure that risk assessments and data data governance policies evolve alongside their AI capabilities. As regulators and consumers demand greater accountability, ethical AI has become a legal necessity. And I wanna break down the four pillars of an ethical AI framework. The pillar is transparency. Can an organization or can your organization clearly explain how an AI system reaches its decisions? Can that be clearly explained to a regulator, to a judge, or to your average con consumer? If not, there might be some disclosure requirements that you're running a foul of. The pillar I I wanna touch on is fairness.

Bias in training data can lead to discriminatory outcomes even if they're unintentional. And under US law, although unintentional, those outcomes can violate potentially civil rights laws, employment laws, housing regulations, depending on the application. The pillar is accountability. Companies need to establish responsibility, not just for when things go right, but when things go wrong and there's potential harm. So a well drafted governance policy, that's an internal document, should assign internal ownership and escalation pathways across the end enterprise. Finally, the pillar for an ethical AI framework is explainability. Even in high stakes sectors like insurance, criminal justice, explainability is an optional. It's no longer the case where having a black box system is legally defensible. You have to be able to explain what goes into those systems and those models.

So it's critical to align AI practices with legal and social responsibility practices. They are married together, and ethical designs of those models, of the AI models, supports the ability for your company to stay compliant with applicable regulations and industry standards, but it also enhances brand trust. These standards that we've just discussed are increasingly becoming the baseline for global compliance. So let's delve into the global legal landscape. Where does the law sit today? Admittedly, the legal landscape around AI, and data privacy in general is fragmented, but it's rapidly evolving. In Europe, we see the GDPR, which is about five or six years old at this point. But the GDPR set set out a global standard for data protection, for mandating consents, for data minimization, and for the right of explainability to a data subject.

Companies that operate in or serve data subjects in the EU must comply with the GDPR, or they risk fines up to 4% of their global revenue. Building off the GDPR, the EU recently released its EU AI Act. This was a groundbreaking, regulation because it was the of its kind, the comprehensive AI regulation. And what we see with the EU AI Act is that it characterizes AI systems based on risk. It bans certain high risk applications altogether, like real time biometric surveillance in public spaces. But the less riskier, the more guardrails it puts instead in an attempt to balance the need for innovation while providing necessary guardrails for more higher risk use cases. What about in The US? The US is lagging quite behind, the EU. There are state level privacy laws that are working to fill the gap, though.

The most infamous among them is the CCPA or the CPRA in California, which expanded consumer rights and enforced stricter business obligations towards PII and towards privacy. Following suit, Colorado and Virginia also passed their own set of laws. Today, there are 19 states that have passed a form of a privacy law, and many more are coming down the pipe. If you are in a regulated industry, for instance, like health care, there are long standing regulations that apply such as HIPAA that we're all familiar with. But as you can see, compliance can be pretty complicated, especially for an organization or a business that operates across borders or on a Nash US national perspective. So what should a global compliance framework look like?

Well, for such a company, global compliance strategy needs to include mapping data flows, characterizing the use of the AI system by risk, and also vetting parties providers for cross jurisdictional alignment. Now one of the biggest misconceptions is that, legal review will slow down innovation. In reality, legal over foresight is what enables scalability and sustainable growth and can mediate mitigate, excuse me, some of the long tail risks that we just discussed. Oftentimes, I'm I'm called in, when something's gone gone wrong. A privacy complaint, failed product rollout, God forbid, a lawsuit. I represent many AI producers. The most successful among my clients are the the ones that bring in legal counsel at the very beginning, during the ideation and design phases. And when we come in at the design phase, the very beginning, we are able to then interface with development teams and engineering teams, establish protocols for keeping a human in the loop so that the company or the organization can understand and ensure proper data flows and ultimately ethically train on the data that they collect.

And we're there to help interface and engage the necessary stakeholders across the enterprise for seamless govern governance development. Finally, I'm there to challenge the narrative and to push back against certain implicit biases that might have been baked into, again, implicitly, baked into the model. So involving legal is a strategic decision, and I encourage everyone to use legal as a strategic partner when develop developing or rolling out, AI across their enterprises. The this kind of mindset reduces reworks that happen later on. They limit your exposure down the road to party risk and party risk, but they also help build investor confidence and consumer confidence once you you roll out, the implementation of this the the product that you're thinking about. It is no doubt that ethical AI is the foundation is risk management.

So a resilient AI system is one that can withstand any disruption and can may maintain the integrity across different use cases and in different environments and scenarios. So I always encourage my my clients to ask, what happens if the output provides an incorrect recommendation? What if the assumptions that we're training the model on, have any blind spots or are inaccurate for whatever reason? Is there human oversight in place at each phase of the development, but also after rollout to test and verify the model? Can we even detect or explain the failures that we see? There are certain techniques that we can put into place that that answer these questions. For instance, model monitoring, bias audits, various types of version controls, and red teaming is particularly important.

And that's where we stress our our systems from an environment perspective, a network perspective. These are legal safeguards as much as they are technical ones, but in house legal teams and outside legal counsel should be involved in every step of that process and, in tandem, draft AI specific risk protocols and registers, including breach response protocols. So these protect the business on a holistic level, and they strengthen negotiating positions later on with vendors and partners and, at some point, maybe regulators. So what are the what are the legal strategies around strengthening consumer trust? We all know, especially from a marketing perspective, that trust is the new currency. Right? Legal clarity is the way to earn it. Users, especially more sophisticated ones, want transparency. But more importantly than that, they want control. That's why frameworks like the GDPR and the CCPA introduced data subject rights.

And cal California was the the in The US, but all the states that have passed privacy laws are following suit and providing consumers those same rights, data subject rights, that we were used to seeing in the EU. So are there legal mechanisms that can reinforce these practices and reinforce ethical practices? The regulations emphasize three things, both formally and informally. The is a privacy impact assessment. That's an analysis on your data collection frameworks and principles and how certain mechanisms or AI rollouts and use cases, impact your data collection and your your, your data privacy. These are shared with key stakeholders internally, especially your leadership, your c suite. Then there are vendor management policies that require your vendors or your parties to also uphold the same privacy standards that you require internally. Finally, there are consent mechanisms, but they have to go beyond the check boxes. A a consumer has to have true informed consent in order to participate.

So trust, again, all always comes down to transparency and communication. The legal and compliance teams should partner with their marketing and product teams to ensure that your internal policies are communicated well externally, they are enforceable, and they're understandable to the average consumer. And when consumers believe that you respect their data, they're more likely to remain loyal and less likely to litigate. So from a legal perspective, I would say that as a woman working at the intersection of law and technology, I've seen how, firsthand, how underrepresentation leads to blind spots in AI models, both in how the code is written and how policy is shaped. But when diverse voices are part of the decision making process, the systems we build become more equitable, more secure, more effective. And we need to foster that inclusivity, that ethical innovation in corporate environments.

We need more women and more allies to shape the technologies that are redefining our lives, from boardrooms to regulatory agencies. MyPath has been dedicated to demonstrating that legal integrity and innovations are not always at odds. They're partners in building lasting and ethical impacts. So I wanna leave you with a few key takeaways and action items here. Ethical AI is a strategic and legal advantage. It allows you to move fast without breaking trust. Compliance should be viewed as catalyst for strategy and innovation, not as a checklist or a roadblock. Involve your legal teams early, not just when something is going wrong. Preventative legal insight saves time, it saves resources, and it could save your reputation down the road. Be proactive. Audit your AI systems regularly. Review and strengthen your contracts, and ensure ethics are baked into the development and deployment of any AI system.

But above all of that, build diverse teams. The broader the perspectives, the sharper your risk assessments, the more meaningful your innovation becomes.