Impact Session with Oxford Brookes University: AI, Data & Cyber Trends Shaping 2026

The session brought together leading experts from law, academia and technology to provide practical insight into one of the most fast-moving areas affecting organisations today: how to innovate confidently while managing increasing regulatory and cyber risk.

AI Governance & Compliance: What Businesses Need to Know

Luke Dixon, Partner and Head of Data & Information at Freeths LLP in Oxford, opened the session with a clear and commercially focused update on AI compliance.

Luke outlined the UK’s evolving approach to AI governance, highlighting the balance being struck between encouraging innovation and ensuring proportionate regulation. He reinforced the continuing importance of UK GDPR obligations, including transparency, accountability, risk allocation and the need for robust Data Protection Impact Assessments (DPIAs) when deploying higher-risk AI systems.

The session then examined the wider implications of the EU AI Act. With its extraterritorial reach and clearly defined roles for providers and deployers, the Act will have a significant impact on UK organisations operating in European markets. Luke explained the “Pyramid of Risk” framework and how it will determine compliance duties, enforcement exposure and financial risk.

Importantly, the discussion focused not just on regulation, but on commercial reality: reputational exposure, customer trust, board-level accountability and the competitive advantage of being compliance-ready before enforcement tightens.

Practical recommendations included:

• Establishing an AI inventory across the organisation
• Defining internal accountability and governance structures
• Embedding transparency and human oversight
• Preparing for data rights requests and incident response
• Improving AI literacy at board and operational levels

For businesses wanting to remain both compliant and competitive, the message was clear: preparation now will prevent disruption later.

AI in Action: Smart Visitor Management at Blenheim Palace

Matthias Rolf, Associate Professor at Oxford Brookes University, shared insights from a six-year collaboration with UNESCO World Heritage Site Blenheim Palace.

The partnership began in 2020 through a 32-month Knowledge Transfer Partnership (KTP) funded by InnovateUK and has since evolved into an ongoing consultancy relationship. Together, they developed a Smart Visitor Management System using sensor data across the estate, tracking footfall, ticket sales, retail and catering activity.

AI models analyse this data to:

• Predict visitor flows
• Monitor consumption patterns
• Optimise staffing levels
• Improve energy efficiency
• Prevent operational bottlenecks

The result is improved visitor experience alongside better resource allocation and operational efficiency.

Matthias highlighted key lessons learned from deploying AI in real-world, “small-data” environments — demonstrating that impactful AI does not require vast datasets, but instead thoughtful implementation aligned to specific business problems.

The case study provided a compelling example of how academia and business can collaborate to deliver measurable, practical outcomes.

Cyber Security in 2026: Why Zero Trust Matters

Closing the session, Richard Flanders, Commercial Director at Aura Technology, explored the rapidly evolving cyber threat landscape.

His presentation focused on how AI-powered attacks, deepfakes and increasingly sophisticated social engineering techniques are shifting the battleground from systems to people. Traditional perimeter-based security models are no longer sufficient.

A key highlight of the session was the concept of Zero Trust — the principle of “never trust, always verify.” As attackers become more behaviour-driven and harder to detect, Zero Trust architecture ensures that every access request is authenticated, authorised and continuously validated.

The discussion sparked significant audience engagement, reinforcing how critical proactive cyber strategy has become for boards and leadership teams.

The overarching message: visibility, timing and resilience now define effective incident response — and organisations that modernise their security posture will be significantly better positioned to withstand emerging threats.

Continuing the Conversation

The Impact Sessions form part of the wider Oxfordshire Business Summit (OBS) programme, bringing together senior decision-makers, academic leaders and industry experts to address the defining business challenges of our time.

Further information about upcoming Impact Sessions can be found at:
www.oxfordshirebusinesssummit.com/attend-impact-sessions

Footnote: About OBS2026

OBS2026 will build on the momentum of this year’s discussions, convening regional, national and international business leaders to explore innovation, leadership, sustainability and the technologies shaping the future economy. The Summit continues to position Oxfordshire at the forefront of forward-thinking enterprise, collaboration and strategic insight.