⚡ Introducing The Leash. Compliance gap assessments delivered in minutes, not weeks. Powered by AAIG™.
Learn More →Hart AI Governance · Principal Consultant
These are not
edge cases.
These are Tuesday.
A medical device company used ChatGPT to write their procedures before an FDA inspection. The investigator didn't just find it. It appeared twice in the 483.
Your attorney wrote a solid HIPAA procedure. Your engineers added an AI tool to the workflow. Nobody updated the procedure.
Your vendor runs Gemini on your data. Your DPA doesn't mention it.
These don't announce themselves. That's the problem. Finding them is free. Fixing them is what I do.
I was doing compliance before AI was a boardroom conversation.
I started in FDA-regulated pharmaceutical IT in 1999. That's 21 CFR Part 11 since the beginning, through Y2K, through GDPR, through the full arc of regulated-industry compliance. I have spent 27 years inside the kinds of organizations that cannot afford to get it wrong: Pfizer, Novartis, Genzyme, Gilead, Baxter.
In 2025 I founded HAIG (Hart AI Governance) to bring that depth of experience to the AI governance space. Not as a generalist. Not as someone who read the frameworks last year. As someone who has been building compliance infrastructure, running audits with zero findings, and managing 200+ projects across the most regulated industries in the world.
I hold a Master of Science in Operations and Project Management and have maintained my PMP certification for 20 years. I developed the national AI governance framework for the Republic of Liberia and created the trademarked AAIG™ methodology.
Regulations Don't Stop at Your Old Compliance Stack.
HIPAA. FDA 21 CFR Part 11. SOC 2. GDPR. You already have a compliance floor. AI adds obligations on top of it that most organizations haven't mapped yet. That's the gap I find, and the gap I fix.
You have a compliance baseline. AI added obligations on top of it. I assess your systems against every applicable framework. HIPAA, FDA, SOC 2, GDPR, EU AI Act, ISO 42001, and more. I show you exactly where the gaps are and what to do about them.
Full implementation support across the major regulatory frameworks including EU AI Act, ISO 42001, NIST AI RMF, GDPR, HIPAA, and FDA 21 CFR Part 11. Policies, procedures, controls, and audit-ready documentation that hold up when an investigator shows up.
Executive-level compliance and privacy leadership without the full-time cost. I step in as your Privacy Officer, AI Officer, or compliance lead for as long as you need. I already know the regulations your organization is operating under.
Built compliance from zero for AI startups before they had a compliance team. Correcting GDPR gaps, standing up governance programs, and getting you audit-ready on a startup timeline. The regulations apply from day one whether you're ready or not.
Developed the national AI governance framework for the Republic of Liberia. Available for government advisory, enterprise transformation, and policy-level engagements where the regulatory stakes are highest.
Contributing author to The FDA Group newsletter. Ongoing analysis of FDA guidance, EU AI Act developments, and emerging compliance requirements across regulated industries. Regulations are moving faster than most organizations are tracking.
Your people are already using AI. The question is whether anyone is governing how. I assess automation bias, human oversight, and meaningful human control, then build the policies and review procedures that keep a person accountable for what AI produces. Mapped to the EU AI Act, ISO 42001, and NIST AI RMF.
Your compliance picture, in full.
Most organizations don't know exactly where they stand against the EU AI Act, ISO 42001, or NIST AI RMF. My gap assessment gets you that picture in one day, not weeks, without a discovery phase that takes longer than the work itself.
Aligned With What Regulators Actually Require.
I work across every major AI governance, privacy, and compliance framework.
Four Books. Each One Built From Real Work.
Written for compliance professionals, business leaders, and anyone who needs to understand what AI governance actually requires.
The AI vocabulary that makes compliance professionals feel behind is mostly old work wearing new names. A guardrail is a control. Red-teaming is penetration testing. An audit trail is an audit trail. Written in a plain, direct voice, this book walks you term by term until the intimidating part of AI governance turns out to be the part you already do.
View on Amazon →Your company said use AI. Nobody explained how, what not to do, or what happens when the output is wrong and a regulator is asking questions. Written for professionals in regulated industries where your name goes on the output and accountability is real. This is the training your organization should have provided.
View on Amazon →A practical guide to leading AI governance using EU AI Act, ISO 42001, and NIST AI RMF. Written for compliance professionals ready to move into the AI space.
View on Amazon →The AI wrote you a guide. It has opinions about how you have been using it. Practical, direct, and occasionally irreverent, this is the book for anyone who wants to stop treating AI like a vending machine and start actually working with it.
View on Amazon →Not Sure How Complex Your AI Is?
Try the AI Workflow Complexity Scorer. Free, no signup required. Describe what you want to automate and get a complexity score, platform recommendation, build estimate, and governance flags in seconds.
Try the Free Tool →Find the gaps. Before someone else does.
The Leash is HAIG's automated compliance gap assessment platform. It covers 12 major frameworks and 25 states. You don't need an AI system to use it. If you have a compliance gap in HIPAA, SOC 2, FDA, GDPR, or anything else, it will find it.
Describe your system or organization, answer a few targeted questions, and receive a complete gap assessment as a professional Word document. It gives you a clear first look at where your gaps are and what they mean. When you see what it found, call me.
No account required. Sessions are confidential and automatically deleted after your report is generated.
How It Works
Let's Talk About What You're Building.
Whether you need a gap assessment, a full compliance program, a fractional Privacy Officer, or just a conversation about where to start. I'm easy to reach.