Compliance Engineering
Practical AI compliance for engineers and founders
For founders, compliance leads, and product teams who need a clear yes/no path before procurement, launch, or vendor approval.
Written by Michael K. Onyekwere, CIPP/E certified, 10+ years across Royal Bank of Scotland, Fidelity, TMF Group, UnitedHealth. What GDPR and the EU AI Act actually require, for people who build.
Free download
Get the AI API Compliance Checklist
OpenAI / Anthropic DPA setup, zero-retention config, and the documentation a procurement or DPIA review will ask for. Worked example included.
Built for engineers implementing AI and the founders or compliance leads responsible for signing it off.
- ·DPA setup steps for OpenAI and Anthropic API accounts
- ·Zero-retention configuration: when it applies, what it changes, how to evidence it
- ·Retention and logging questions to answer before launch
- ·Audit documentation pack a procurement reviewer will accept
Your email is used to deliver the PDF and (if you opt in) the newsletter. No spam. Privacy policy.
Services
What we build
Every system ships with compliance documentation. Not as an add-on, as part of the build.
AI Chatbots
Customer service bots that handle real queries, hand off to humans when needed, and process data lawfully. GDPR consent, transparency disclosures, audit logging built in.
From £3,000
Workflow Automation
Pipelines that replace manual work like data entry, document routing, and approval flows. Self-hosted, audit-logged, with data residency controls.
From £3,000
Document Processing
RAG systems, data extraction, intelligent search over your documents. Compliant data handling and retention policies from the start.
From £4,000
Process
How we work
From first conversation to deployed system, typically 3 weeks.
You tell us what you need
A conversation, not a pitch. We figure out what AI should do for your business and whether it makes sense.
We scope and quote
Fixed price. You know exactly what you're paying before anything starts. No hourly billing, no surprises.
We build it
Working system, tested, deployed on infrastructure you control. You see progress throughout, not just at the end.
We deliver the docs
DPIA, DPA review, privacy notices, AI Act classification. Everything a regulator would ask for, alongside the system.
Portfolio
What we've built
Working systems built by our team. Each one shipped with full compliance documentation.
AI Shield
Three-stage forensic pipeline for detecting AI-generated images, video, and audio. Processes biometric data under GDPR Article 9.
AgentScore
Real-time trust scoring platform for AI agents. Multi-source data aggregation with algorithmic transparency and cross-border compliance.
Credentials
CIPP/E
Certified
10+ Years
Financial Services
LLB · LLM
Legal Qualifications
RBS · Fidelity
Previous Roles
Sample Deliverables
See the work before you buy
Blog posts explain the ideas. These sample deliverables show what the work product actually looks like.
Most useful for GDPR + AI buyers
Sample DPIA structure for an AI chatbot
A redacted outline showing the sections, risk analysis, and controls we include in a real AI-system DPIA.
Quick proof of practical drafting
Sample privacy notice update
A before-and-after example showing how a privacy notice changes once an AI system is introduced.
Useful before hiring any AI vendor
AI vendor due diligence checklist
A practical checklist covering DPAs, retention, subprocessors, transfers, security, and exit risk.
Start with the scoping review.
The first step is a written review of your AI system, workflow, or planned build. You get clarity on scope, risk, and what the full work should cost.
Insights
Latest articles
AI Compliance
The AI Agent DPIA: What Changes When AI Stops Answering and Starts Acting
Most teams writing the DPIA for an AI agent copy a chatbot template and call it done. Five things change from the core out: tool-use as a processing step, Article 22 in scope, autonomous-action risk entries, action authorisation gates, and residual risk that admits the unknown.
9 min read
GDPR
OpenAI API Compliance Setup: DPA, Zero-Retention, and Documentation Checklist for 2026
How to configure the OpenAI API for GDPR compliance. The DPA signing click path, zero-retention request flow, retention and logging controls, the PII sanitisation layer, the DPIA, and the documentation pack a procurement or DPIA reviewer will accept.
13 min read
GDPR
DPIA Ireland: Do You Need One for Your AI System?
If you deploy AI in Ireland, you almost certainly need a DPIA under GDPR. What the DPC expects, what triggers the requirement, and how to do one that actually holds up.
6 min read
Questions
What does Janus Compliance actually do?
We build AI systems (chatbots, automation, document processing) and deliver the compliance documentation alongside them. DPIA, privacy notices, DPA review, AI Act classification. One team does both.
Do I need AI Act compliance?
If you deploy AI in the EU or UK, probably. The high-risk obligations kick in August 2, 2026. Most businesses using AI for customer-facing decisions need at minimum a risk classification and transparency disclosures.
How are you different?
Most consultancies advise. We build. You get a working system and the compliance documentation in one engagement, one invoice. No separate compliance workstream, no rework.
What regions do you work in?
United Kingdom and Ireland primarily. We also advise on NDPA compliance for businesses operating in Nigeria.
Ready when you are.
Start with a written scoping review. Reply within 48 hours.
Book the £500 scoping review