Writing

Writing on AI governance, evidence, and control

Plain-language explainers and positions for the people who have to answer for AI: what the terms mean, what the rules require, and where control actually belongs.

July 4, 2026Position5 min

Agentic AI governance: control the action, not the prompt

Agents act on their own at machine speed. Why agentic AI governance must move to the action boundary, and why the signed record is the only witness.

Read the post
July 4, 2026Position6 min

An AI acceptable use policy is not enforcement

Most institutions have an AI acceptable use policy. Few can show it held. AI policy enforcement means decisions at execution, plus a record that proves it.

Read the post
July 4, 2026Compliance6 min

CJIS compliance and AI: what Security Policy v6.0 requires before staff use AI tools

Officers already use AI. What CJIS Security Policy v6.0 requires before CJI touches an AI tool, what auditors will ask, and what a defensible record looks like.

Read the post
July 4, 2026Compliance5 min

Is ChatGPT HIPAA compliant? What healthcare teams need to know

No AI tool is HIPAA certified, because no such certification exists. What a business associate agreement covers, what it does not, and how PHI stays governed.

Read the post
July 4, 2026Explainer6 min

What is an AI audit trail, and what makes one trustworthy

An AI audit trail records who used which AI tool, what was sent and returned, when, and whether policy held. What separates evidence from a text file of logs.

Read the post
July 4, 2026Explainer5 min

What is shadow AI? A plain guide for regulated institutions

Shadow AI is the AI in use that no one approved and no one can see. Why it grows, why bans fail, and how shadow AI detection brings it under one policy.

Read the post

Questions a post did not answer?

Tell us your sector and what you need to prove. We will point you at the right document, or write the missing one.