Janus Compliance

AI governance for the agent era

When you deploy AI that acts, agents that book, pay, decide, and touch customer data, your board and your counsel ask one question: who is accountable, and is this defensible? That is the question answered here.

By Michael K. Onyekwere, CIPP/E, a common law qualified lawyer with 10+ years across Royal Bank of Scotland, Fidelity, TMF Group, and UnitedHealth. Author of the AI Agent Incident Register.

Free download

Get the AI API Compliance Checklist

OpenAI / Anthropic DPA setup, zero-retention config, and the documentation a procurement or DPIA review will ask for. Worked example included.

Built for engineers implementing AI and the founders or compliance leads responsible for signing it off.

  • ·DPA setup steps for OpenAI and Anthropic API accounts
  • ·Zero-retention configuration: when it applies, what it changes, how to evidence it
  • ·Retention and logging questions to answer before launch
  • ·Audit documentation pack a procurement reviewer will accept

Your email is used to deliver the PDF and (if you opt in) the newsletter. No spam. Privacy policy.

The practice

What I do

Governance for AI and AI agents, written by someone who reads the law and runs the systems.

Agent & AI governance reviews

A written assessment of an AI or agent deployment: the data flows, the tool boundaries, the decision points, the liability across the chain, and the documentation a regulator or a buyer will ask for.

DPIAs & EU AI Act readiness

Data Protection Impact Assessments for AI and agentic systems, risk classification under the AI Act, Article 50 transparency, and the conformity work for anything high-risk.

Fractional DPO

Ongoing Data Protection Officer coverage for organisations deploying AI: the standing governance, the records, and the accountability model that agent adoption now demands.

Build, with the governance included

Need the system built too?

We also build compliant AI systems: chatbots, workflow automation, and document processing, each shipped with the DPIA, the AI Act classification, and the documentation a review will ask for. The build and the compliance work come from one team.

See what we build →

Credentials

CIPP/E

Certified

10+ Years

Financial Services

LLB · LLM

Common Law Qualified

RBS · Fidelity

Previous Roles

Sample Deliverables

See the work before you buy

Blog posts explain the ideas. These sample deliverables show what the work product actually looks like.

Most useful for GDPR + AI buyers

Sample DPIA structure for an AI chatbot

A redacted outline showing the sections, risk analysis, and controls we include in a real AI-system DPIA.

Quick proof of practical drafting

Sample privacy notice update

A before-and-after example showing how a privacy notice changes once an AI system is introduced.

Useful before hiring any AI vendor

AI vendor due diligence checklist

A practical checklist covering DPAs, retention, subprocessors, transfers, security, and exit risk.

Start with the scoping review.

A written review of your AI or agent deployment: the risk, the documentation gap, and what the full work should cost. One week, fixed price.

Insights

Latest articles

Family Law

Consent Orders: How to Make Your Divorce Financial Settlement Legally Binding (2026)

In England and Wales, a divorce ends the marriage while the financial claims between you stay open. Without a consent order, an ex-spouse can bring a claim years or even decades later, and the Supreme Court has allowed a claim brought 19 years after divorce. What a consent order is, what a clean break covers, the process, the £60 court fee, drafting costs, applying after you are already divorced, and when you genuinely need a solicitor.

7 min read

EU AI Act

EU AI Act Article 50: Exactly What Applies From 2 August 2026, and to Whom

On 2 August 2026 the EU AI Act's Article 50 transparency duties go live: chatbots must disclose they are AI, generative systems must mark their outputs machine-readably, emotion-recognition deployers must inform the people exposed, and deepfakes and AI-written public-interest text must be labelled. Who carries each duty (provider or deployer), the exemptions that matter, the narrow Omnibus grace period to 2 December 2026, and a July checklist.

7 min read

GDPR

ChatGPT / OpenAI DPA Explained (2026): What the Data Processing Agreement Covers, How to Sign It, and What It Leaves to You

OpenAI's Data Processing Addendum is the Article 28 contract that lets you run the OpenAI API on personal data and stay GDPR compliant. What the DPA actually covers (training, retention, sub-processors, transfers), the exact click path to execute it, and the controller duties it does not cover.

6 min read

Questions

What does Michael K. Onyekwere do?

Practitioner-grade AI governance. DPIAs and EU AI Act readiness for AI and agent deployments, automated-decision compliance under the UK and EU rules, and fractional Data Protection Officer services. He also authors the AI Agent Incident Register, the public legal analysis of how AI agents fail and who is liable when they do.

Do I need EU AI Act compliance?

If you deploy AI in the EU or UK, probably. The Article 50 transparency obligations apply from 2 August 2026. The high-risk obligations moved to 2 December 2027 under the May 2026 Omnibus agreement. Most customer-facing AI needs at least a risk classification and transparency disclosures, and agent deployments need a governance and accountability model on top.

What makes this different from other AI compliance advisers?

Most advisers have never run the systems they govern. Michael is a common law qualified lawyer and CIPP/E who operates real AI systems and publishes the legal analysis behind the advice. You get the law and the engineering reality from one person, not a policy template.

What regions do you work in?

United Kingdom and Ireland primarily. Michael also advises on NDPA compliance for businesses operating in Nigeria.

Ready when you are.

Start with a written scoping review. Reply within 48 hours.

Book the £500 scoping review