Janus Compliance

AI governance for the agent era

When you deploy AI that acts, agents that book, pay, decide, and touch customer data, your board and your counsel ask one question: who is accountable, and is this defensible? That is the question answered here.

By Michael K. Onyekwere, CIPP/E, a common law qualified lawyer with 10+ years across Royal Bank of Scotland, Fidelity, TMF Group, and UnitedHealth. Author of the AI Agent Incident Register.

Free download

Get the AI API Compliance Checklist

OpenAI / Anthropic DPA setup, zero-retention config, and the documentation a procurement or DPIA review will ask for. Worked example included.

Built for engineers implementing AI and the founders or compliance leads responsible for signing it off.

·DPA setup steps for OpenAI and Anthropic API accounts
·Zero-retention configuration: when it applies, what it changes, how to evidence it
·Retention and logging questions to answer before launch
·Audit documentation pack a procurement reviewer will accept

Your email is used to deliver the PDF and (if you opt in) the newsletter. No spam. Privacy policy.

Work with Michael →Read the AI Agent Incident Register →

AI governance analysis: agent risk classification and liability mapping

The practice

What I do

Governance for AI and AI agents, written by someone who reads the law and runs the systems.

Agent & AI governance reviews

A written assessment of an AI or agent deployment: the data flows, the tool boundaries, the decision points, the liability across the chain, and the documentation a regulator or a buyer will ask for.

DPIAs & EU AI Act readiness

Data Protection Impact Assessments for AI and agentic systems, risk classification under the AI Act, Article 50 transparency, and the conformity work for anything high-risk.

Fractional DPO

Ongoing Data Protection Officer coverage for organisations deploying AI: the standing governance, the records, and the accountability model that agent adoption now demands.

View all services →

The work

The analysis behind the advice

The public record of how this lane is thought about. The advice clients pay for is the same analysis, applied to their system before the incident.

AI Agent Incident Register

A numbered public corpus: every significant AI agent failure analysed legally. What happened, which duty was engaged, who bears liability, and the governance that would have prevented it.

AI and your rights

The individual-rights side: what UK law gives you when an algorithm screens, scores, or rejects you, and what the deployer owes in return.

Compliance Engineering

Practitioner-grade writing on AI compliance: DPIAs, the EU AI Act, the OpenAI and Anthropic API setup, and the governance of agents.

Build, with the governance included

Need the system built too?

We also build compliant AI systems: chatbots, workflow automation, and document processing, each shipped with the DPIA, the AI Act classification, and the documentation a review will ask for. The build and the compliance work come from one team.

See what we build →

Credentials

CIPP/E

Certified

10+ Years

Financial Services

LLB · LLM

Common Law Qualified

RBS · Fidelity

Previous Roles

Sample Deliverables

See the work before you buy

Blog posts explain the ideas. These sample deliverables show what the work product actually looks like.

Most useful for GDPR + AI buyers

Sample DPIA structure for an AI chatbot

A redacted outline showing the sections, risk analysis, and controls we include in a real AI-system DPIA.

View sample Download PDF

Quick proof of practical drafting

Sample privacy notice update

A before-and-after example showing how a privacy notice changes once an AI system is introduced.

View sample Download PDF

Useful before hiring any AI vendor

AI vendor due diligence checklist

A practical checklist covering DPAs, retention, subprocessors, transfers, security, and exit risk.

View sample Download PDF

Start with a £500 scoping review

Start with the scoping review.

A written review of your AI or agent deployment: the risk, the documentation gap, and what the full work should cost. One week, fixed price.

Book the £500 scoping review See sample deliverables

Insights

Latest articles

Employment Law

AI Rejected Your Job Application: Your Rights under UK Law in 2026

What UK law says when an algorithm screens, ranks, or rejects your job application. The new automated decision-making rules in force since 5 February 2026, the four safeguards you can demand, how the Equality Act applies to biased hiring tools, and the EU AI Act dates that actually matter.

7 min read

Family Law

Cryptoassets in Divorce (England and Wales, 2026): Disclosure, Tracing, Valuation, and What the New Law Changes

How cryptocurrency and digital assets are treated in UK divorce financial settlements. The Property (Digital Assets etc) Act 2025, the Form E disclosure duty, how hidden crypto gets traced, how courts handle volatile valuations, and what Standish v Standish means for crypto bought before the marriage.

7 min read

Family Law

Cohabitation Rights for Unmarried Couples in the UK (2026): The Common Law Marriage Myth, What You Actually Have, and the Reform on the Table

Unmarried couples in England and Wales have no automatic rights over each other's property, pension, or inheritance, however long they live together. The current law under TOLATA and the 1975 Act, the June 2026 government consultation on reform, and how to protect yourself now.

8 min read

View all articles →

Questions

What does Michael K. Onyekwere do?

Practitioner-grade AI governance. DPIAs and EU AI Act readiness for AI and agent deployments, automated-decision compliance under the UK and EU rules, and fractional Data Protection Officer services. He also authors the AI Agent Incident Register, the public legal analysis of how AI agents fail and who is liable when they do.

Do I need EU AI Act compliance?

If you deploy AI in the EU or UK, probably. The Article 50 transparency obligations apply from 2 August 2026. The high-risk obligations moved to 2 December 2027 under the May 2026 Omnibus agreement. Most customer-facing AI needs at least a risk classification and transparency disclosures, and agent deployments need a governance and accountability model on top.

What makes this different from other AI compliance advisers?

Most advisers have never run the systems they govern. Michael is a common law qualified lawyer and CIPP/E who operates real AI systems and publishes the legal analysis behind the advice. You get the law and the engineering reality from one person, not a policy template.

What regions do you work in?

United Kingdom and Ireland primarily. Michael also advises on NDPA compliance for businesses operating in Nigeria.

Ready when you are.

Start with a written scoping review. Reply within 48 hours.

Book the £500 scoping review