Legal Compliance

• Contract review and negotiation — You need to analyze contract terms, identify risk provisions (limitation of liability, indemnification, IP ownership), and determine appropriate approval levels based on contract value and risk.
• Regulatory compliance assessment — You're implementing or auditing compliance programs for SOX, GDPR, HIPAA, FCPA, or UK Bribery Act and need detailed requirement checklists and penalty structures.
• Corporate governance guidance — You're structuring board committees, evaluating fiduciary duties, or navigating change-of-control scenarios under the Business Judgment Rule or Revlon duties.
• Risk assessment and mitigation — You need to classify legal risks (regulatory, contractual, litigation, compliance), calculate risk scores using probability-impact matrices, and develop response strategies.
• IP portfolio management — You're conducting freedom-to-operate analysis, managing patent/trademark prosecution, or performing IP due diligence for M&A transactions.
• Litigation management — You need to implement litigation hold processes, budget litigation phases, or perform settlement value analysis.

• Jurisdiction-specific legal advice — This skill provides general frameworks and U.S.-centric regulatory guidance; it does not replace qualified legal counsel for specific jurisdictions or fact patterns.
• Real-time regulatory updates — Regulatory requirements evolve; this skill provides foundational frameworks but may not reflect the latest amendments or enforcement guidance.
• Non-legal compliance domains — For technical security compliance (ISO 27001, SOC 2) or industry-specific standards outside legal/regulatory scope, consider specialized security or industry skills.

Detailed guidance on board composition requirements (independent directors, committee structure, diversity), fiduciary duties (care, loyalty, good faith, disclosure), and the Business Judgment Rule. Includes enhanced scrutiny standards for change-of-control scenarios (Revlon duties) and NYSE/NASDAQ listing requirements.

Comprehensive coverage of SOX (Sections 302, 404, 906 with COSO framework), GDPR (lawful basis, data subject rights, breach notification, DPO requirements), HIPAA (Privacy Rule, Security Rule, breach notification tiers), and anti-corruption laws (FCPA, UK Bribery Act). Each regime includes penalty structures, compliance checklists, and program requirements.

Essential contract review checklist (15+ critical terms), key provision negotiation guidance (limitation of liability, indemnification, IP ownership, confidentiality, termination, warranties), and risk-based approval matrix by contract value ($100K to $10M+ tiers).

Patent, trademark, and trade secret strategy frameworks covering freedom-to-operate analysis, filing strategies, geographic coverage, and enforcement programs. M&A IP due diligence checklist covering ownership, encumbrances, validity, infringement claims, and license change-of-control provisions.

Litigation hold process (trigger events, custodian identification, preservation steps), phase-based budget management (pre-litigation through appeal), and settlement value analysis formula (probability × recovery - costs) with qualitative factors (reputational impact, precedent, business relationships).

Legal risk categorization matrix (regulatory, contractual, litigation, compliance, transactional, reputational) with probability-impact scoring (1-9 scale) and response strategies. DOJ-aligned compliance program framework covering 9 elements: standards, leadership, training, reporting, risk assessment, monitoring, incentives, third-party management, and continuous improvement.

A public company's finance team uses the SOX compliance framework to document key controls, design a testing program for design and operating effectiveness, evaluate control deficiencies (significant deficiency vs. material weakness), and prepare management's assessment report and external auditor attestation requirements.

A SaaS company's privacy team references the GDPR compliance section to establish a Data Subject Request (DSR) process covering access, rectification, erasure, and portability rights. They use the 72-hour breach notification requirement and penalty structure (up to 4% global revenue) to prioritize incident response procedures.

A corporate development team uses the IP due diligence checklist to assess a target company's patent portfolio (ownership, encumbrances, validity, infringement claims), trademark registrations and common law rights, copyright assignments and work-for-hire documentation, trade secret protection measures, and inbound/outbound license agreements with change-of-control provisions.

A procurement team implements the contract risk matrix to route agreements based on value and risk level: contracts under $100K to department managers, $100K-$1M to directors/VPs, $1M-$10M to SVP/EVP, and over $10M to C-suite/board. They use the contract review checklist to ensure essential terms (limitation of liability, indemnification, IP ownership, termination rights) are addressed before approval.