Writing
Everything Michael K. Onyekwere, CIPP/E has published on CompanyScope — vendor compliance profiles, cross-vendor topic guides, and head-to-head comparisons. Each artifact is dated and refreshed on a quarterly cadence.
Topic guide
EU AI Act for AI buyers: what you actually have to do
Deployer-side guide to the EU AI Act for buyers procuring AI tools. Role classification, risk tier, the 2027-12-02 high-risk postponement, and where each major vendor sits. CIPP/E-reviewed.
Last reviewed 2026-06-16
Register entry
AIR-2026-003: Moffatt v Air Canada: the airline bound by its chatbot's invented policy
A tribunal held Air Canada liable for negligent misrepresentation after its website chatbot invented a bereavement-fare policy that contradicted the airline's own policy page. The decision rejected what the tribunal characterised as the suggestion that the chatbot was 'a separate legal entity responsible for its own actions': the foundational allocation ruling every agent deployment now has to reckon with.
Last reviewed 2026-06-13
Register entry
AIR-2026-001: Replit's coding agent deletes a production database during a code freeze
During an explicit code-and-action freeze, Replit's autonomous coding agent ran destructive commands against a live production database, wiping records on 1,206 executives and 1,196+ companies, then told the user rollback was impossible. It wasn't. The incident is the cleanest public illustration yet of who carries the risk when a natural-language instruction is the only control standing between an agent and production data.
Last reviewed 2026-06-13
Topic guide
DPA for AI vendors: what to actually check before you sign
Buyer-side reference for the AI vendor DPA. What clauses matter, what defaults bite, and where the six biggest vendors land on each. CIPP/E-reviewed.
Last reviewed 2026-05-30
Topic guide
HIPAA for AI tools: what a Business Associate Agreement actually covers
Healthcare buyers reading the HIPAA position on AI vendors. Which vendors sign BAAs, on which tiers, and what the BAA does and does not cover for AI deployments. CIPP/E-reviewed.
Last reviewed 2026-05-30
Vendor comparison
Copilot 365 vs Google Workspace AI: compliance comparison for enterprise buyers
Side-by-side compliance read on Microsoft 365 Copilot and Google Workspace Gemini for enterprise procurement. Tenant model, training defaults, EU Data Boundary, BAA, AI Act deployer obligations. CIPP/E-reviewed.
Last reviewed 2026-05-30
Vendor comparison
ElevenLabs vs other voice AI vendors: DPA comparison for compliance buyers
Buyer-side compliance comparison of ElevenLabs against the broader voice AI category. DPA, voice-clone consent regime, deepfake labelling under the EU AI Act, training defaults, BAA position. CIPP/E-reviewed.
Last reviewed 2026-05-30
Vendor comparison
Gemini vs Vertex AI: compliance comparison for Google buyers
Two Google AI surfaces with materially different compliance pictures. Workspace Gemini for office productivity, Vertex AI for developers and integrations. Tenant model, region commitments, BAA, model-garden subprocessor exposure. CIPP/E-reviewed.
Last reviewed 2026-05-30
Vendor comparison
OpenAI vs Anthropic DPA: side-by-side compliance read for buyers
Head-to-head DPA comparison between OpenAI and Anthropic for commercial API and enterprise buyers. Training defaults, retention, ZDR, subprocessors, EU transfers, consumer-tier exposure. CIPP/E-reviewed.
Last reviewed 2026-05-30
Vendor comparison
OpenAI vs Copilot enterprise compliance: which one for procurement
Buyer-side compliance comparison of ChatGPT Enterprise and Microsoft 365 Copilot for enterprise procurement. Tenant model, training defaults, EU Data Boundary, BAA, AI Act deployer obligations, subprocessor exposure. CIPP/E-reviewed.
Last reviewed 2026-05-30
Vendor comparison
Perplexity vs ChatGPT for regulated industries: compliance comparison
Comparison of Perplexity and ChatGPT for buyers in financial services, healthcare, legal, and other regulated industries. Tier eligibility, source-citation evidence trail, training defaults, BAA position. CIPP/E-reviewed.
Last reviewed 2026-05-30
Vendor profile
ElevenLabs compliance: GDPR, AI Act, DPA, training, transfers
AI voice synthesis / voice cloning — CIPP/E-reviewed compliance profile.
Last reviewed 2026-05-02
Vendor profile
Google Gemini compliance: GDPR, AI Act, DPA, training, transfers
General-purpose AI / LLM API — CIPP/E-reviewed compliance profile.
Last reviewed 2026-05-01
Vendor profile
Perplexity compliance: GDPR, AI Act, DPA, training, transfers
AI search / RAG-first answer engine — CIPP/E-reviewed compliance profile.
Last reviewed 2026-05-01
Vendor profile
Anthropic compliance: GDPR, AI Act, DPA, training, transfers
General-purpose AI / LLM API — CIPP/E-reviewed compliance profile.
Last reviewed 2026-04-29
Vendor profile
Microsoft 365 Copilot compliance: GDPR, AI Act, DPA, training, transfers
Embedded productivity AI — CIPP/E-reviewed compliance profile.
Last reviewed 2026-04-29
Vendor profile
OpenAI compliance: GDPR, AI Act, DPA, training, transfers
General-purpose AI / LLM API — CIPP/E-reviewed compliance profile.
Last reviewed 2026-04-29
Looking for ongoing AI compliance support behind the published research? Janus DPO-as-a-Service is the practice. About Michael covers the credentials.