The Medical Protection Society, which represents more than 300,000 doctors and healthcare professionals worldwide, argues that under current legislation doctors risk becoming a "liability sink"; the default target for negligence claims, even when harm originates from a flawed AI system they had little control over designing or understanding.

The MPS identifies the Consumer Protection Act 1987 as the core problem. Drafted for tangible physical goods, the Act does not readily accommodate software, meaning AI developers currently operate outside its liability provisions. This effectively shields them from responsibility while leaving clinicians exposed.

The MPS is urging the government to classify AI systems as products subject to strict liability, modelled on the EU's revised Product Liability Directive, which comes into force across member states in December 2026 and explicitly brings software and standalone AI within the product liability framework. Notably, Northern Ireland will automatically adopt the EU directive under the Windsor Framework, creating potential legal divergence within the UK itself.

Who Owns AI Security in the Enterprise? Governance Is Still in Its Infancy
Who actually owns AI security in your organisation — and how mature is your governance around it? Two senior CISOs from vastly different environments give a straight answer: ownership sits with the CISO for now, and governance, even in well-run programmes, is still in its infancy. AI is shifting enterprise risk from defending infrastructure to defending decisions. Agentic AI operates semi- or fully autonomously, traditional security controls don’t fit probabilistic systems, and no single vendor covers the full attack surface. Speakers: Andy Holliday, CISO at Petrofac, Lester Godsey, CISO at Arizona State University and Stewart Tinson, Project Director, AI-360 You’ll learn: • Why the CISO is the only realistic owner of AI security risk for the next 5 years • Why agentic AI breaks deterministic security controls and what to do about it • How ASU built an actionable AI framework supporting 60+ large language models • Practical controls: API key hygiene, command whitelists, blast radius reduction • Why no single vendor can cover AI security end-to-end Key topics: Agentic AI risk • AI governance maturity • Threat model transformation • CISO ownership • Incident response for AI • Ethics & training data bias • Vendor landscape reality • Probabilistic vs deterministic controls For CISOs, CIOs, and risk leaders making decisions about AI adoption now.
BrightTALK

The organisation argues that reform would deliver four concrete benefits: greater clinician confidence driving faster AI adoption; stronger incentives for developers to build safer systems; fairer attribution of liability across the AI supply chain; and protection for NHS finances and individual practitioners against claims arising from defective AI products.

Both the Medicines and Healthcare products Regulatory Agency and the Law Commission are currently reviewing aspects of AI regulation and product liability respectively, with the Law Commission's formal public consultation expected in the second half of 2026.

Deepfake Fraud in Banking and Financial Services: Detection, Compliance and the Race to Keep Up
Deepfakes have moved beyond social media curiosities into a direct threat to the financial services sector. Synthetic identities are bypassing KYC controls, cloned voices are targeting call centres, and automated fraud pipelines are scaling faster than most security roadmaps can respond. In this panel discussion, three practitioners examine the deepfake threat from genuinely different vantage points — compliance and audit, detection technology, and enterprise fraud systems — to assess where the industry stands and what needs to change. Panellists: Nikita Kuzmin, Product Manager, Western Union Vunavia McDuffey, Compliance Consultant, RBC Bank Parya Lotfi, Co-Founder, DuckDuckGoose AI The panel covers: Why deepfakes are shifting from social engineering tricks to full identity replication capable of passing standard verification controls Whether organisations should treat deepfake fraud as a distinct threat category rather than absorbing it into existing AML and fraud programmes Why 60–70% detection accuracy is not an acceptable benchmark for financial services — and what happens when 40% of deepfakes pass through undetected The build-versus-buy decision for detection capability, including where vendor solutions repeatedly break down during integration A real-world case study of a fraudster who opened 46 bank accounts at a major Dutch bank using face-swapped identity documents — caught only because of a gender mismatch on the 47th attempt Why static detection models can degrade within days, and what continuous retraining and production feedback loops look like in practice Concrete 90-day actions for CISOs, CIOs, and compliance leaders, starting with controlled deepfake attack simulations against their own systems This session is essential viewing for senior leaders in banking, financial services, and insurance who need to understand the gap between current defences and the industrialisation of deepfake-driven fraud.
BrightTALK
Share this post
The link has been copied!