Loading…
Johnie T Young
AI Expert
Johnie T Young is an AI expert and governance practitioner with deep experience helping fast-moving technology companies implement responsible AI practices at small-team scale. With a focus on practical, actionable frameworks, Johnie built AI Policy Desk to close the gap between enterprise-grade compliance tooling and the real-world needs of lean product teams. Before founding AI Policy Desk, Johnie worked across a range of technology companies advising on AI risk management, GDPR readiness, and EU AI Act compliance. With the rapid emergence of AI regulation globally, Johnie identified a clear need: governance resources written for 10-person teams, not Fortune 500 legal departments — practical templates, checklists, and guides that teams can pick up and use today.
- AI governance practitioner
- EU AI Act and GDPR specialist
- AI risk management expert
- Compliance frameworks for small teams
EU AI Act complianceAI governance frameworksGDPRRisk assessmentShadow AI managementVendor evaluationAI incident responseModel risk management
221 articles by Johnie T Young
Guides·10 min
Read →Texas TRAIGA Safe Harbor: NIST AI RMF Alignment Checklist (2026)
Texas TRAIGA carries civil penalties up to $200,000 per violation plus up to $40,000 per day for continuing violations. The safe harbor, an affirmative defense, is substantial NIST AI RMF compliance. This checklist covers what you need and how to use the 60-day cure period.
texas-ai-lawtraiganist-ai-rmfcompliance
Guides·11 min
Read →AI incident reporting obligations: when you must notify regulators in 2026
Multiple AI regulations now include mandatory incident reporting. EU AI Act Article 73 requires serious incident reports within 72 hours. This guide covers all reporting obligations across jurisdictions, what triggers them, and how to build a compliant incident response process.
ai-governanceincident-reportingeu-ai-actcompliance
Guides·13 min
Read →Multi-state AI compliance in 2026: operating across US and EU AI laws at once
Companies operating across multiple US states and the EU face overlapping AI obligations from a dozen different laws. This guide shows how to build one governance program that satisfies all of them without running 12 parallel compliance tracks.
ai-compliancemulti-stateeu-ai-actnist-ai-rmf
Security·13 min
Read →TypeScript AI Agent Observability and Tracing: 5 Paste-Ready Modules (2026)
5 TypeScript modules for AI agent observability: trace context, token and cost metering, structured event logging, tool-call tracing, and OpenTelemetry export. Express and Next.js compatible, with the governance reasons each one matters.
ai-securitytypescriptobservabilityai-agents
Guides·10 min
Read →Amazon KDP AI Disclosure 2026: Every Content Type, Every Edge Case
Amazon KDP's AI disclosure requirement covers text, images, and translations, but the line between 'generated' and 'assisted' is not always obvious. This guide covers 12 content types and 8 edge cases, with the correct disclosure decision for each.
amazon-kdpai-disclosureself-publishingai-governance
Governance·9 min
Read →Anthropic Says AI Could Soon Build Itself: What Recursive Self-Improvement Means for Your AI Governance Policy
Anthropic published research on June 4, 2026 showing Claude now writes 80% of its own codebase, and called for the ability to pause frontier AI development. What recursive self-improvement means for human oversight policies and agentic AI governance.
ai-governanceai-safetyagentic-aihuman-oversight
Templates·11 min
Read →Board AI governance reporting: what to tell your board every quarter in 2026
Boards are now accountable for AI governance failures. SEC expects AI risk disclosure, and the EU AI Act requires governance at the highest level. This guide covers what quarterly AI reports to boards should contain and a copy-paste template.
ai-governanceboard-reportingcompliancesec-disclosure
Governance·10 min
Read →ChatGPT Memory Upgrade (Dreaming V3): What It Means for Business Privacy and Data Governance
OpenAI''s Dreaming V3 memory update stores persistent user profiles across ChatGPT sessions including business plan users. What teams using ChatGPT need to govern, disable, and disclose under GDPR and CCPA.
ai-governancechatgptdata-privacygdpr
Guides·10 min
Read →Shadow AI Policy for Small Teams: 2026 Detection and Governance Guide
Shadow AI adds $670K to breach costs, and small teams have the highest exposure. How to detect unsanctioned AI tools and govern them without an IT team.
shadow-aiai-governanceai-policycompliance
Guides·12 min
Read →AI red-teaming and security testing: what regulators now expect in 2026
EU AI Act, NIST AI RMF, and the White House AI executive order all include red-teaming requirements for AI systems. This guide covers what red-teaming means for AI, what testing is required at each risk tier, and how small teams can comply.
ai-securityai-governancered-teamingcompliance
Governance·10 min
Read →California AB 2013 Compliance Guide: What AI Developers Must Disclose About Training Data (2026)
California AB 2013 requires generative AI developers to post 12 categories of training data information on their website before making a system available to Californians. Effective January 1, 2026. What to disclose, who is covered, and the xAI lawsuit that tried and failed to block it.
ai-compliancecaliforniatraining-dataai-transparency
Guides·10 min
Read →AI governance for legal teams and general counsel: privilege, confidentiality, and risk 2026
Legal departments face distinct AI risks: attorney-client privilege waiver, bar ethics rules on confidentiality, and liability for AI-assisted legal work. This guide covers what in-house counsel and law firms must do before using AI for legal work.
legal-aiattorney-client-privilegeai-governancelegal-compliance