AI in Product Development and Product Management

The third practical webinar in the “AI for Business” series for developers and product managers.

Law is increasingly becoming part of IT teams’ day-to-day work — from service architecture to backlog grooming. The GDPR and the EU AI Act, which is being introduced in phases from 2026, are changing the requirements for developing digital products: responsibility formally lies with companies, but it is dev and product teams who make decisions on data, logging, documentation, and automation.

Online | YouTube Broadcast

15:00–16:00
Learn more

What topics will be covered during the webinar?

Introduction: why engineers need law

15:00 (GMT+3)

Regulation (fines, user trust). GDPR, AI Act — phased rollout from 2026. Responsibility lies with companies, but dev/PM are reviewed (architecture, logs, documentation). Poll: “Have you encountered the GDPR/AI Act?”

Basic GDPR principles “translated into code”

15:04 (GMT+3)

Principles: lawfulness, data minimisation, purpose limitation, storage limitation, security. Which fields should not be stored in the database. The PM’s role: to capture these decisions in the requirements.

Users’ rights and what this means for architecture

15:10 (GMT+3)

Rights of access, rectification, erasure, restriction, and data portability; prohibition on purely automated decisions without a human. Product requirements: find a user’s data, export it, delete it. For PMs — reflect this in user stories; for devs — design APIs/scripts.

EU AI Act: how it is structured

15:16 (GMT+3)

The concept of an AI system, a risk-based approach: prohibited, high-risk, limited. What counts as high-risk (credit, HR, biometrics, critical infrastructure, etc.) and why fintech/HR/health are particularly vulnerable. Roles: provider, deployer, integrator — and who bears responsibility.

Obligations under the AI Act in “technical translation”

15:24 (GMT+3)

What is required: risk management, data quality, documentation, logging, human-in-the-loop, post-monitoring. How this breaks down into tasks: a model/feature register, decision logs, descriptions of limitations in documentation, rules on when human review is required. PMs are process owners; devs are implementation owners.

Documentation and artefacts as a “shield” in an audit

15:30 (GMT+3)

Which artefacts are typically reviewed: data flow, system descriptions, records of processing (RoPA), DPIA, logging, descriptions of roles and processes. Why the absence of documentation is treated as the absence of control. How to turn documentation into a standard sprint deliverable (Confluence/Notion + diagrams + repositories).

Q&A and practical steps

15:36 (GMT+3)

Answers to questions. Action items:

  1. compile a list of systems where personal data are processed;
  2. identify whether there are any high-risk AI scenarios inside;
  3. for one key service, sketch a data flow and check whether users’ rights are implementable.

A brief recap of the key idea: law is part of the architecture, not external “oversight”.

Liudmila Yepikhava

Liudmila Yepikhava

Liudmila Yepikhava

Lawyer, IT & IP Practice, REVERA law group

Liudmila provides comprehensive legal support to international and Belarusian IT companies on compliance, personal data protection, and the legal regulation of AI.

She supports the processes of collecting, storing and transferring personal data in accordance with the GDPR and Belarusian legislation, advises on the lawfulness of processing grounds, and on interaction with data subjects.

Her experience includes developing internal data protection policies and procedures, supporting contracts with processors, conducting compliance and security audits, and providing legal support for projects involving new technologies, including AI risk assessment and automated processing.

In addition, Liudmila advises IT companies on intellectual property matters and operations within special legal regimes.

Participants will see which artefacts auditors actually review, how to turn documentation into a standard sprint deliverable, and what practical steps can be taken now so that law becomes part of engineering culture rather than an external constraint.

Please note: your registration confirmation will be sent on April 8. Please check your email inbox, including your Spam folder. Sender: info@revera.legal

Registration

Event completed 09.04.2026