2025-10-09 –, Belvedere I/ Security, Compliance & the Law
As governments and regulators push for stronger digital security and AI accountability, the question is no longer if software developers will face legal risk—but when.
This session explores the emerging legal frameworks and liability theories placing developers—especially those working with cryptography, AI, and open-source tools—closer to the legal line. Whether maintaining encryption libraries, integrating LLMs, or building secure-by-design infrastructure, developers may soon find themselves navigating new legal duties, including under the EU AI Act, U.S. product liability laws, and global cybersecurity frameworks.
With real-world examples and forward-looking analysis, this talk unpacks the evolving risk landscape—and what organizations can do now to support and shield their developers.
In a world where encryption failures can lead to regulatory investigations, class actions, or supply chain collapses, the stakes for developers are rising fast.
This session dives into the shifting boundaries of developer liability in the context of secure software development—especially for those working in cryptographic, AI-integrated, and open-source environments. As policymakers introduce digital safety legislation (like the EU AI Act and product liability directive) and cyber incidents become headline news, developers may be held responsible not just for how they build—but for what happens next.
Learning Objectives:
1) Regulatory trends targeting developer accountability for “high-risk” and AI-powered systems
2) Legal theories (e.g., negligence, product liability, contractual indemnity) that could be applied to individual contributors or maintainers
3) OSS challenges: When contribution becomes culpability
4) How legal and engineering teams can collaborate on contracts, policies, and secure-by-default coding practices
5) Protecting developers from downstream misuse of their tools—without chilling innovation
Ashley Pusey is your favorite API—Ashley Pusey Interface—a New York-based attorney navigating the fault lines between AI, cybersecurity, and global data regulation. She advises companies across industries on cyber incident response, privacy compliance, and the legal guardrails around emerging technologies. Whether handling complex breaches across EMEA, LATAM, and APAC or engaging with regulators like the Office for Civil Rights on HIPAA and GLBA issues, Ashley brings clarity and strategy to moments of uncertainty.
But Ashley’s practice isn’t just about managing risk—it’s about building trust. She helps organizations operationalize responsible tech, guiding product launches, adapting to evolving AI regulations, and crafting data governance frameworks.
Her passion for law and innovation didn’t start in a courtroom—it started on the runway. Fascinated by smart textiles and wearable tech disrupting the fashion industry, Ashley found herself drawn to the legal, ethical, and cultural questions embedded in emerging technologies.
Ashley is credentialed with CIPP/US, CIPP/E, CIPM, and the IAPP’s Fellow of Information Privacy (FIP) designation. She holds certifications in Cybersecurity (MIT), Artificial Intelligence (Center for AI and Digital Policy), and Fashion Law (Fashion Law Institute)—a blend that reflects both her creative and regulatory DNA.
At the interface of law, code, and culture, Ashley champions a future where innovation is as ethical as it is exciting—and where every system, suit, or software release is built with integrity.