Loading…
Johnie T Young
AI Expert
Johnie T Young is an AI expert and governance practitioner with deep experience helping fast-moving technology companies implement responsible AI practices at small-team scale. With a focus on practical, actionable frameworks, Johnie built AI Policy Desk to close the gap between enterprise-grade compliance tooling and the real-world needs of lean product teams. Before founding AI Policy Desk, Johnie worked across a range of technology companies advising on AI risk management, GDPR readiness, and EU AI Act compliance. With the rapid emergence of AI regulation globally, Johnie identified a clear need: governance resources written for 10-person teams, not Fortune 500 legal departments — practical templates, checklists, and guides that teams can pick up and use today.
- AI governance practitioner
- EU AI Act and GDPR specialist
- AI risk management expert
- Compliance frameworks for small teams
EU AI Act complianceAI governance frameworksGDPRRisk assessmentShadow AI managementVendor evaluationAI incident responseModel risk management
222 articles by Johnie T Young
Guides·11 min
Read →AI Coding Tool Governance: 6 Controls When Costs Hit Six Figures
When AI coding tool costs hit six figures, the CFO demands ROI proof. This AI coding tool governance guide helps you control spend and set per-team budgets.
cost governanceAI coding toolsROItoken costs
Industry·9 min
Read →AI Zero-Days: What Project Glasswing Means for Small Teams
Anthropic's Project Glasswing autonomously found thousands of AI zero-days. Three security posture updates every small team using AI vendor APIs must make now.
securityzero-daygovernancerisk
Industry·10 min
Read →Open-Source LLM Bans: 3 Controls for Your AI Contribution Policy
Redox OS banned LLM-generated code contributions over copyright and quality concerns. Policy lesson: attestation beats prohibition; gates should be AI-neutral.
policygovernanceopen-sourceai-tools
Templates·8 min
Read →CEO's AI Tool Approval Checklist: 10 Questions Before You Say Yes
Before approving Cursor, ChatGPT, Claude, or Notion AI, run these 10 questions. Takes 30 minutes and prevents most governance mistakes small teams make.
checklistsecurityceotools
Governance·10 min
Read →FTC AI Enforcement 2026: What Small Teams Are Actually Getting Fined For
FTC, SEC, state AGs, DOJ, and EEOC are all pursuing AI enforcement simultaneously using existing law, no new federal AI statute required. Four enforcement tracks running now: deceptive AI claims (FTC Section 5), AI washing in investor comms (SEC), biased automated decisions (EEOC), inadequate incident disclosure.
ai-enforcementftcai-regulationcompliance
Governance·9 min
Read →AI Training Data Copyright: What the Bartz Ruling Means
Bartz ruling 2026: AI training on licensed books is fair use, pirated copies are not. What it means for data provenance and legal risk for small teams.
ai-copyrightai-governancetraining-datalegal-risk
Governance·14 min
Read →Colorado AI Act Compliance: Enforcement Suspended (April 2026): SB 189 Sets January 1, 2027
Colorado SB 24-205 enforcement suspended April 27, 2026. SB 189 replacement sets January 1, 2027 effective date. Transparency statement template, impact assessment checklist, and 7-step plan.
colorado-ai-actai-regulationcompliancestate-ai-laws
Governance·11 min
Read →Federal AI Preemption 2026: Which State AI Laws Still Apply to Your Business?
No federal AI preemption has passed. 10+ state AI laws are live obligations now. Which states apply to your team and what changes if preemption passes.
ai-regulationcompliancefederal-ai-lawstate-ai-laws
Governance·10 min
Read →SEC AI Examination 2026: What Examiners Will Ask Your Team About AI
The SEC embedded AI oversight into every FY2026 exam category. The questions examiners ask and documentation needed for investment and compliance teams.
sec-complianceai-governancefinancial-servicesmodel-risk
Governance·12 min
Read →AI Vendor Security Incident Response: 4-Step Playbook for TypeScript AI Agent Teams
When your AI vendor has a security incident, your team has hours to respond. Scope, credential rotation, and documentation steps for small teams.
ai-securityincident-responsevendor-riskgovernance
Compliance·20 min
Read →AI Data Privacy for Small Teams: 9-Tool DPA Table + GDPR/CCPA Checklist (2026)
GDPR and CCPA compliance for AI tools: 9-tool DPA status table, Article 22 automated decision rules, training data opt-out guide, and a copy-paste DPA request email template. Includes 2026 enforcement fines. Updated May 2026.
gdprccpaprivacygovernance
Guides·16 min
Read →What Roles to Define in an AI Governance Structure: A 3-Role Model for Small Teams (2026)
An AI governance structure needs three named roles, not a big compliance team. This guide answers what roles and responsibilities to define, with a copy-paste RACI for small teams running AI without dedicated compliance staff.
governancerolesraciframework