Martha Hirst is an associate in the firm’s Data Strategy & Security practice, based in London. She advises companies on a wide range of artificial intelligence, cybersecurity, digital regulation, and data privacy matters, including related incident response, internal investigations and regulatory defence work.
Ms. Hirst has extensive experience advising corporates on AI governance and adoption. She has served as AI counsel for more than 50 clients, including many of the world’s leading asset managers and broker-dealers, several major insurers, pharmaceutical companies, and other market leaders. She advises on navigating a broad range of AI-related operational, regulatory, and reputational risks, including under UK and EU laws, such as the EU AI Act, and other global regimes.
Ms. Hirst has experience advising companies on European digital and data regulatory issues in relation to products they are developing and investing in. Her work includes counseling on key regulatory regimes, including NIS2, the EU Data Act, DORA, and the Cyber Resilience Act, and helping clients assess and manage associated product, regulatory, and contractual risk.
Ms. Hirst has also supported clients through a number of high-profile multijurisdictional cybersecurity incidents involving nation-state and advanced persistent threat groups. Her recent matters include managing responses to ransomware and extortion incidents, corporate data breaches, fraudulent remote IT worker schemes, and other cybersecurity and operational resilience issues.
Ms. Hirst regularly speaks at events and has hosted panels at conferences including the IAPP Global Summit and IAPP UK Intensive.
She writes for the Debevoise Data Blog, and is a co-author of numerous articles, including “The Second Wave of EU AI Act Requirements are In Force: Five Things Business Should Know,” Competition Policy International (August, 2025); “The EU AI Act Countdown Is Over: First Wave of Requirements Now in Force,” NYU Compliance & Enforcement (February, 2025); “Recently Enacted AI Law in Colorado: Yet Another Reason to Implement an AI Governance Program,” NYU Compliance & Enforcement (June, 2024); “Debevoise & Plimpton Discusses the EU Artificial Intelligence Act,” CLS Blue Sky Blog (December, 2023); “The EU AI Act – Navigating the EU’s Legislative Labyrinth,” NYU Compliance & Enforcement (December, 2023); “Eight GDPR Questions when Adopting Generative AI,” NYU Compliance & Enforcement (October, 2023); “Legal Risks of Using AI Voice Analytics for Customer Service,” NYU Compliance & Enforcement (January, 2023); “Debevoise Discusses What the GDPR Can Tell Us About State Privacy Laws,” CLS Blue Sky Blog (December, 2022); “California’s Age-Appropriate Design Code Act Expands Businesses’ Privacy Obligations Regarding Minors,” NYU Compliance & Enforcement (September, 2022); and “Data, cyber security and AI compliance: managing the evolving landscape,” The Drawdown (August, 2022).
Ms. Hirst joined Debevoise as a trainee solicitor in 2017. She graduated from Peterhouse, University of Cambridge in 2016 with a M.A. (Hons) and subsequently completed the LPC at BPP University Law School. Ms. Hirst was admitted as a Solicitor of the Senior Courts of England & Wales in 2019, and qualified as a Solicitor-Advocate, with rights of audience (civil), in 2022.