Loading…
Johnie T Young
AI Expert
Johnie T Young is an AI expert and governance practitioner with deep experience helping fast-moving technology companies implement responsible AI practices at small-team scale. With a focus on practical, actionable frameworks, Johnie built AI Policy Desk to close the gap between enterprise-grade compliance tooling and the real-world needs of lean product teams. Before founding AI Policy Desk, Johnie worked across a range of technology companies advising on AI risk management, GDPR readiness, and EU AI Act compliance. With the rapid emergence of AI regulation globally, Johnie identified a clear need: governance resources written for 10-person teams, not Fortune 500 legal departments — practical templates, checklists, and guides that teams can pick up and use today.
- AI governance practitioner
- EU AI Act and GDPR specialist
- AI risk management expert
- Compliance frameworks for small teams
EU AI Act complianceAI governance frameworksGDPRRisk assessmentShadow AI managementVendor evaluationAI incident responseModel risk management
219 articles by Johnie T Young
Guides·10 min
Read →Colorado AI Act Overhaul: What Employers Must Know About SB 26-189 Before January 1, 2027
Colorado replaced its original AI Act with SB 26-189, signed May 14, 2026. The new law drops bias audits and impact assessments in favor of a lighter notice-and-transparency framework. Effective January 1, 2027, it requires pre-use notice, post-adverse-action notice within 30 days, and 3-year recordkeeping for any employer using AI in hiring, promotions, or terminations.
colorado-ai-lawai-hiringemployment-lawcompliance
Governance·10 min
Read →Miasma Worm and Phantom Gyp: The npm Supply Chain Attack That Bypasses Security Tools (June 2026)
A self-spreading worm compromised 57 npm packages in under 2 hours using binding.gyp instead of postinstall scripts, bypassing security scanners. What it means for teams that run npm install, and the 5 controls that limit your exposure.
ai-securitysupply-chainnpmdeveloper-tools
Governance·10 min
Read →AI Support Chatbots with Account Actions Are a Security Risk: The Meta Instagram Incident and What Your Team Must Govern (2026)
Hackers social-engineered Meta AI into resetting passwords on high-profile Instagram accounts by simply asking. What the attack means for any team deploying an AI chatbot that can take account actions, and the 6 controls that prevent it.
ai-securityai-governancechatbotprompt-injection
Guides·9 min
Read →EU AI Act August 2026: What's Delayed and What Still Applies
The EU provisional agreement pushed high-risk AI obligations to late 2027. But Article 50 transparency rules still apply August 2, 2026, GPAI requirements have applied since August 2, 2025, and the prohibited-practices ban has been in force since February 2, 2025. Here is exactly what changed and what did not.
eu-ai-actcompliancedeadlineai-regulation
Governance·10 min
Read →Reviewing AI-Generated Pull Requests: A Review Policy and 9-Point Checklist (2026)
AI now writes a large share of the pull requests your team reviews. A copy-paste policy and 9-point checklist for reviewing AI-generated PRs, who is accountable, what to require, and where AI code fails review.
ai-governancecode-reviewai-codingengineering
Governance·11 min
Read →AI Spend Governance: 5 Token Budget Controls That Stop Runaway AI Bills (2026)
One company burned $500M on Claude in a month with no usage limits. Five copy-paste controls, usage caps, budget alerts, per-seat limits, a kill switch, and a monthly review, to keep token-based AI billing from blowing up your budget.
ai-governanceai-costtoken-billingfinops
Guides·10 min
Read →Generative AI copyright ownership 2026: who owns AI-generated content
The US Copyright Office has ruled that purely AI-generated content cannot be copyrighted. But most AI outputs involve human creative choices. This guide explains what you can and cannot protect, and how to document the human contribution that matters.
copyrightintellectual-propertygenerative-aiai-governance
Governance·9 min
Read →Vetting AI Tools: How to Avoid Fake AI Apps and Malware (7-Step Check, 2026)
Searching for popular AI tools now surfaces fake malware sites and typosquatted packages at the top of results. A 7-step vetting check to confirm an AI tool is the real one before your team installs it.
ai-governanceshadow-aisecurityvendor-risk
Guides·11 min
Read →Agentic AI Liability: Who Is Responsible When Your AI Agent Makes a Mistake? (2026)
When your AI agent sends a wrong email, makes a bad purchase, or deletes data, the law says you are responsible, not the AI. Here is what small teams must do before deploying autonomous agents in 2026.
ai-agentsliabilitylegalgovernance
Guides·10 min
Read →AI Agent Memory and GDPR: How to Handle Persistent Context Without a Compliance Timebomb
AI agents that store personal data in RAG systems and vector databases cannot easily fulfill GDPR erasure requests. Here is what Spanish regulators found in 2026 and how to fix it before your next audit.
gdprai-agentsprivacyrag
Guides·10 min
Read →AI Output Copyright Risk: Which Providers Indemnify You and What to Do Before Publishing (2026)
Courts are now targeting AI outputs, not just training data. After the $1.5B Anthropic settlement, here is which AI providers actually indemnify commercial output and what your team must do before publishing AI-generated content.
copyrightai-contentlegalindemnification
Guides·8 min
Read →Amazon KDP AI Disclosure: Copy-Paste Language for Every Scenario (2026)
Exact copy-paste text for the Amazon KDP AI disclosure checkbox and notes field, covering fully AI-generated text, AI cover art, AI translation, AI-assisted editing (no disclosure), and hybrid books. No guessing what to write.
amazon-kdpai-disclosureself-publishingai-governance