Costello Advisory provides retained strategic counsel to boards, general counsel and leadership teams navigating the intersection of data law, AI governance and commercial risk.
"The organisations that will navigate the next decade of data and AI regulation are not the ones with the largest compliance teams. They are the ones with the clearest strategic view."
Legal teams see compliance risk. Technology teams see capability. Leadership often sees neither clearly.
Costello Advisory sits at the intersection of all three — bringing legal rigour to decisions that management consultants approach without it, and commercial pragmatism to questions that lawyers approach without it.
We are not a law firm. We are not a management consultancy. We have no software to sell, no implementation team to deploy, and no interest in expanding an engagement beyond what is genuinely useful. Our advice is our product.
We work with a small number of retained clients at any time. Every engagement involves direct access to Ash Costello — no junior team, no templated deliverables, no pitch deck. The starting point is always a conversation.
We help organisations build governance frameworks for AI deployment, data architecture and information risk that are legally robust, commercially coherent and operationally realistic — not compliance theatre.
The regulatory landscape is moving faster than any single team can map. We translate complexity into decision-ready intelligence: quarterly briefings, board-level summaries, and rapid-response advisory when frameworks shift.
We work directly with boards and executive teams who need a trusted, independent view on data and AI risk — including audit committee briefings, C-suite advisory, and strategic input into AI deployment decisions.
The collapse of third-party cookies, Google's abandoned Privacy Sandbox, and evolving ICO and CNIL enforcement are reshaping digital advertising. We advise on consent management, tracking technologies, and what comes next.
Privacy and data governance due diligence for M&A transactions and private equity investments. We identify the regulatory liabilities that standard legal due diligence misses — and advise on post-acquisition remediation.
Regulatory strategy for fintech business models, payments, e-money, and blockchain infrastructure. We have advised DAOs, smart contract platforms, tokenisation structures and DLT ecosystems since the sector's earliest days.
Banksy's new Pall Mall statue — a suited man, blinded by his own flag, striding off a plinth — is the most accurate depiction of organisational AI governance in 2025. The EU commits €1.3 billion to AI in classrooms while neuroscience says pen and paper produces better learners. We are Brunelleschi in reverse.
Request the full pieceEU AI Act Article 4 literacy obligations now in force. ICO updated cookie guidance. CPRA enforcement accelerating. US state privacy law diverging across Texas, Colorado and Florida. Online Safety Act age assurance duties taking effect. What it means for your organisation.
Subscribe to the briefingWhen an employee pastes client correspondence into a large language model, they have created a data transfer outside every Record of Processing Activity their organisation maintains. This is not an edge case. It is the daily operational reality of an AI-enabled workforce.
Discuss with AshVoice and likeness rights. AI in financial services under FCA scrutiny. The post-cookie adtech market. Digital identity frameworks. NIST AI RMF adoption. The convergence of US and EU privacy enforcement. Six developments every board should understand before they become headlines.
Request the briefingAsh Costello is a data and AI governance strategist with over twenty years of multi-jurisdictional experience advising global technology platforms, financial institutions and high-growth companies on their most complex data, AI and digital regulatory challenges.
Triply qualified across England & Wales, Ireland, and New York, she has operated at the most senior levels of in-house legal practice — including as Global Head of Legal at one of the world's leading alternative asset administrators — a global platform with over $1 trillion in assets under administration, operating across 22 entities as a division of one of the ten largest financial groups in the world — and as a partner in global law firms advising on commercial technology, privacy, AI governance, fintech, blockchain, and digital platform regulation.
She has advised on blockchain and distributed ledger technology since the sector's earliest years, serving on the Expert Panel of the EU Blockchain Observatory and Forum and as Co-Chair of the Privacy Working Group of the International Association of Trusted Blockchain Applications.
Through Costello Advisory, she provides retained strategic counsel to a small number of organisations at any time — working directly with boards, general counsel and leadership teams who need more than compliance: a coherent, commercially grounded position on where regulation is going and what it means for how they operate.
Costello Advisory is the trading name of Zenzyc Law PLLC. Ash is based across London, New York and Catania, Sicily.
Costello Advisory takes on a limited number of retained clients at any time. There is no sales process. If you are considering an engagement, the starting point is a direct conversation with Ash.
Costello Advisory does not provide regulated legal advice. Enquiries are treated in strict confidence. No unsolicited marketing.