Loading…
Johnie T Young
AI Expert
Johnie T Young is an AI expert and governance practitioner with deep experience helping fast-moving technology companies implement responsible AI practices at small-team scale. With a focus on practical, actionable frameworks, Johnie built AI Policy Desk to close the gap between enterprise-grade compliance tooling and the real-world needs of lean product teams. Before founding AI Policy Desk, Johnie worked across a range of technology companies advising on AI risk management, GDPR readiness, and EU AI Act compliance. With the rapid emergence of AI regulation globally, Johnie identified a clear need: governance resources written for 10-person teams, not Fortune 500 legal departments — practical templates, checklists, and guides that teams can pick up and use today.
- AI governance practitioner
- EU AI Act and GDPR specialist
- AI risk management expert
- Compliance frameworks for small teams
EU AI Act complianceAI governance frameworksGDPRRisk assessmentShadow AI managementVendor evaluationAI incident responseModel risk management
249 articles by Johnie T Young
Guides·8 min
Read →AI compliance cost for small teams 2026: what you actually pay
How much does AI compliance actually cost? DIY documentation starts at $0. Bias audits run $5,000 to $50,000 per tool. ISO 42001 certification costs $15,000 to $40,000 in year one. Most 1-50 person teams can cover solid compliance for under $5,000 per year if no bias audits are required. Full cost breakdown by team size.
compliancecostbudgetsmall-teams
AI Security·5 min
Read →AI Agent API Token Leak: 24-Hour Incident Response Playbook
24-hour runbook for leaked AI agent tokens: revoke, rotate, audit blast radius, and restore access before costs spiral. 7 copy-paste steps.
ai-securityincident-responseapi-tokensai-agents
Guides·10 min
Read →EU AI Act Digital Omnibus August 2026: will the deadline hold?
The EU Digital Omnibus provisional agreement (May 7, 2026) would delay most high-risk AI obligations from August 2, 2026 to December 2, 2027. But formal adoption is not guaranteed before the August deadline. What deployers must do now regardless of which path the Omnibus takes.
eu-ai-actdigital-omnibusaugust-2026deadlines
Guides·8 min
Read →AI Coding Tools Are Destroying SSDs: What Your Acceptable Use Policy Must Address
OpenAI Codex was silently writing 640 TB/year to developer SSDs through a logging bug. This is a governance gap most acceptable-use policies miss. Here is what IT and compliance teams need to add.
ai-governanceacceptable-use-policyai-coding-toolsshadow-ai
Guides·9 min
Read →NYC Local Law 144 AI Bias Audit: Employer Guide 2026
NYC Local Law 144 requires employers using AI hiring tools to conduct annual independent bias audits, publish results, and notify candidates. DCWP enforcement began July 5, 2023. Penalties run $500 to $1,500 per violation, with each day of use and each missed notice counted separately. Six-step compliance checklist.
nyclocal-law-144bias-audithiring
Guides·9 min
Read →Trump's June 2026 AI Executive Order: What Compliance Teams and Federal Contractors Must Do
Trump signed a new AI executive order on June 2, 2026. Here is what it requires, what is voluntary, who must act, and what federal contractors and compliance teams should do now.
ai-governanceexecutive-orderfederal-contractorsai-compliance
Guides·11 min
Read →AI Browser Agents (Atlas, Comet): 7-Point Governance Policy for Small Teams (2026)
ChatGPT Atlas and Perplexity Comet act inside your logged-in sessions, which breaks the old browser security model. Here is a copy-paste governance policy for teams of 5-50, plus the prompt-injection risk you need to brief staff on now.
ai-agentsai-browserprompt-injectionai-security
Guides·10 min
Read →AI Meeting Transcription Apps: The Data Risks Your Team May Not Know About
Otter.ai, Fireflies, Read.ai, and similar tools upload your meeting audio to US cloud servers for processing. Free tier accounts may retain transcripts indefinitely. If any participant is an EU resident, GDPR transfer rules apply. Here is what to do.
shadow-aiai-privacygdprcompliance
Guides·8 min
Read →Amazon KDP AI Book Surge: What the Tripling of AI Content Means for Disclosure Enforcement
Monthly new e-book releases on KDP nearly tripled between 2022 and 2025 as AI-generated content flooded the platform. Amazon has responded with account-level enforcement for undisclosed AI content. Here is what publishers and authors need to document before enforcement tightens further.
amazon-kdpai-disclosureai-compliancepublishing
Guides·9 min
Read →Human-in-the-Loop AI: What EU AI Act Article 14 Actually Requires (Not What Vendors Say)
EU AI Act Article 14 sets specific technical and operational requirements for human oversight of high-risk AI; most vendor "human-in-the-loop" claims don't satisfy them. Here is what effective oversight actually means, how to evaluate vendor implementations, and a 10-item compliance checklist for deployers.
eu-ai-acthuman-oversighthitlcompliance
Guides·10 min
Read →OpenAI Enterprise Privacy: What trust.openai.com Actually Covers (2026 Guide)
What trust.openai.com contains, which certifications apply to which ChatGPT tier, and how to use OpenAI's DPA and enterprise-privacy commitments to satisfy GDPR Article 28 before deploying ChatGPT Enterprise or the API in your organization.
openaichatgptprivacygdpr
Guides·8 min
Read →Pentagon Used Grok AI to Fire 2,000 Missiles: What It Means for Enterprise AI Governance
Cameron Stanley, the Pentagon's chief AI officer, confirmed in sworn court testimony that Grok Gov helped fire more than 2,000 munitions at Iran in 96 hours. What every enterprise AI governance team should learn from the scrutiny that followed.
ai-governanceautonomous-aihuman-oversightaccountability