Writing
Everything Michael K. Onyekwere, CIPP/E has published on CompanyScope — vendor compliance profiles, cross-vendor topic guides, and head-to-head comparisons. Each artifact is dated and refreshed on a quarterly cadence.
Topic guide
DPA for AI vendors: what to actually check before you sign
Buyer-side reference for the AI vendor DPA. What clauses matter, what defaults bite, and where the six biggest vendors land on each. CIPP/E-reviewed.
Last reviewed 2026-05-30
Topic guide
EU AI Act for AI buyers: what you actually have to do
Deployer-side guide to the EU AI Act for buyers procuring AI tools. Role classification, risk tier, the 2027-12-02 high-risk postponement, and where each major vendor sits. CIPP/E-reviewed.
Last reviewed 2026-05-30
Topic guide
HIPAA for AI tools: what a Business Associate Agreement actually covers
Healthcare buyers reading the HIPAA position on AI vendors. Which vendors sign BAAs, on which tiers, and what the BAA does and does not cover for AI deployments. CIPP/E-reviewed.
Last reviewed 2026-05-30
Vendor comparison
Copilot 365 vs Google Workspace AI: compliance comparison for enterprise buyers
Side-by-side compliance read on Microsoft 365 Copilot and Google Workspace Gemini for enterprise procurement. Tenant model, training defaults, EU Data Boundary, BAA, AI Act deployer obligations. CIPP/E-reviewed.
Last reviewed 2026-05-30
Vendor comparison
ElevenLabs vs other voice AI vendors: DPA comparison for compliance buyers
Buyer-side compliance comparison of ElevenLabs against the broader voice AI category. DPA, voice-clone consent regime, deepfake labelling under the EU AI Act, training defaults, BAA position. CIPP/E-reviewed.
Last reviewed 2026-05-30
Vendor comparison
Gemini vs Vertex AI: compliance comparison for Google buyers
Two Google AI surfaces with materially different compliance pictures. Workspace Gemini for office productivity, Vertex AI for developers and integrations. Tenant model, region commitments, BAA, model-garden subprocessor exposure. CIPP/E-reviewed.
Last reviewed 2026-05-30
Vendor comparison
OpenAI vs Anthropic DPA: side-by-side compliance read for buyers
Head-to-head DPA comparison between OpenAI and Anthropic for commercial API and enterprise buyers. Training defaults, retention, ZDR, subprocessors, EU transfers, consumer-tier exposure. CIPP/E-reviewed.
Last reviewed 2026-05-30
Vendor comparison
OpenAI vs Copilot enterprise compliance: which one for procurement
Buyer-side compliance comparison of ChatGPT Enterprise and Microsoft 365 Copilot for enterprise procurement. Tenant model, training defaults, EU Data Boundary, BAA, AI Act deployer obligations, subprocessor exposure. CIPP/E-reviewed.
Last reviewed 2026-05-30
Vendor comparison
Perplexity vs ChatGPT for regulated industries: compliance comparison
Comparison of Perplexity and ChatGPT for buyers in financial services, healthcare, legal, and other regulated industries. Tier eligibility, source-citation evidence trail, training defaults, BAA position. CIPP/E-reviewed.
Last reviewed 2026-05-30
Vendor profile
ElevenLabs compliance: GDPR, AI Act, DPA, training, transfers
AI voice synthesis / voice cloning — CIPP/E-reviewed compliance profile.
Last reviewed 2026-05-02
Vendor profile
Google Gemini compliance: GDPR, AI Act, DPA, training, transfers
General-purpose AI / LLM API — CIPP/E-reviewed compliance profile.
Last reviewed 2026-05-01
Vendor profile
Perplexity compliance: GDPR, AI Act, DPA, training, transfers
AI search / RAG-first answer engine — CIPP/E-reviewed compliance profile.
Last reviewed 2026-05-01
Vendor profile
Anthropic compliance: GDPR, AI Act, DPA, training, transfers
General-purpose AI / LLM API — CIPP/E-reviewed compliance profile.
Last reviewed 2026-04-29
Vendor profile
Microsoft 365 Copilot compliance: GDPR, AI Act, DPA, training, transfers
Embedded productivity AI — CIPP/E-reviewed compliance profile.
Last reviewed 2026-04-29
Vendor profile
OpenAI compliance: GDPR, AI Act, DPA, training, transfers
General-purpose AI / LLM API — CIPP/E-reviewed compliance profile.
Last reviewed 2026-04-29
Looking for ongoing AI compliance support behind the published research? Janus DPO-as-a-Service is the practice. About Michael covers the credentials.