A SaaS vendor sends you a 47-page MSA. Your CEO wants it signed by Thursday. Your "legal department" is you, a Google search, and a vague memory of a contracts class from 2014.
You paste the MSA into ChatGPT. It gives you a summary that misses the auto-renewal trap in clause 14.3, ignores the unlimited liability carve-out, and does not flag that the governing law is Delaware — which matters because you are based in Berlin.
This is the cost of generic AI on legal work. It sounds competent. It misses the things that cost you money. And unlike a coding error that breaks visibly, a legal error sits quietly until it detonates — in a dispute, an audit, or a regulatory investigation.
The problem is not that AI cannot do legal analysis. The problem is that generic AI does not know what matters in legal analysis. It treats every clause equally. It does not know which deviations from market standard are red flags. It does not apply the structured methodology that a trained lawyer uses when reviewing a contract or assessing compliance.
Below are 12 of the highest-scored legal and compliance skills on supaskills. Each one is built around specific legal frameworks, jurisdictional awareness, and the methodologies that practicing lawyers actually use. They carry Platinum or Gold SupaScore tiers across 6 quality dimensions, including research depth and decision usefulness — because in legal work, the quality of the analysis is everything.
Not a replacement for a lawyer. But the difference between walking into a negotiation prepared and walking in blind.
Contract Review: Find the Traps Before You Sign
Contracts are where money is made and lost. Not in the headline terms — everyone reads those. In the definitions section, the limitation of liability, the termination provisions, and the IP assignment clauses that nobody reads until there is a dispute.
Contract Review Analyst
Platinum-tier. The workhorse of legal AI. Feed it any commercial contract — SaaS agreements, vendor contracts, partnership deals — and it produces a structured risk analysis. It applies a priority-based review methodology: commercial terms first, then risk allocation, then compliance requirements, then operational provisions. It flags problematic clauses, identifies missing protections, and highlights terms that deviate from market standard. Think of it as a first-pass review by a senior associate who bills at EUR 500/hour.
What it catches that generic AI misses: indemnification asymmetries, liability cap exclusions, change-of-control triggers, audit right limitations, and assignment restrictions. The things that matter when something goes wrong — which is exactly when you need your contracts to be solid.
SaaS Agreement Architect
Platinum-tier. If you sell software, this is your template builder. It structures SaaS agreements from scratch — subscription terms, SLA commitments, data processing obligations, acceptable use policies, and support level definitions. Follows established SaaS contracting standards and adapts to your pricing model (per-seat, usage-based, tiered). It knows the clauses that protect you as a vendor: limitation of liability tied to subscription fees, warranty disclaimers for third-party integrations, and suspension rights for non-payment. Saves 10-15 hours per agreement versus starting from a generic template found on the internet.
SaaS Agreement Negotiation Coach
Platinum-tier. The flip side: when you are the buyer. This skill identifies negotiation leverage points in vendor SaaS agreements. Where to push back (data portability, SLA credits, termination for convenience), what concessions are realistic (vendors rarely negotiate on limitation of liability structure, but they often negotiate on caps), and which clauses are deal-breakers versus standard friction. Your procurement team will look like they hired outside counsel. The skill also flags terms that should trigger escalation to actual outside counsel — because knowing when you need a lawyer is as valuable as knowing when you do not.
GDPR and Data Protection: Stay Compliant, Stay Operating
GDPR fines hit EUR 2.1 billion in 2025. The regulation is not going away, and the enforcement is getting sharper. These skills cover the operational reality of data protection — not just the theory, but the documents, assessments, and processes you actually need.
Cross-Border Data Transfer Specialist
Platinum-tier — the highest-scored legal skill in the catalog. Post-Schrems II, international data transfers are a minefield. US cloud providers, Indian outsourcing partners, global CDNs — each data flow creates transfer obligations. This skill structures Transfer Impact Assessments, evaluates Standard Contractual Clauses applicability, and identifies the supplementary measures required for specific jurisdictions. It distinguishes between adequate and non-adequate countries, and knows when supplementary technical measures (encryption, pseudonymization) are required versus when contractual measures suffice. If you transfer personal data outside the EU — and almost every SaaS company does — this skill prevents the kind of compliance gap that regulators now actively look for.
Data Processing Agreement Composer
Platinum-tier. Every vendor relationship involving personal data needs a DPA. This is not optional — it is a legal requirement under Article 28 GDPR. This skill drafts them covering sub-processor obligations, data breach notification procedures (72-hour notification requirement to the controller, who then has 72 hours to the supervisory authority), deletion and return protocols, and audit rights. It also identifies when a vendor is a controller rather than a processor — a distinction that changes the entire legal basis. Produces agreements that your DPO will not need to rewrite.
DPIA Operations Advisor
Gold-tier. Data Protection Impact Assessments are mandatory for high-risk processing activities. This skill walks through the assessment methodology: necessity, proportionality, risk identification, and mitigation measures. Structures the documentation in a format that satisfies supervisory authorities. If you have ever stared at a blank DPIA template wondering where to start, this is the skill that gets you past that.
Cookie Consent Compliance Expert
Platinum-tier. Cookie banners are the most visible compliance touchpoint — and the one most companies get wrong. This skill audits cookie implementations against ePrivacy requirements, CNIL guidance, and ICO standards. It identifies non-compliant patterns (pre-ticked boxes, dark patterns in consent flows, missing cookie categories) and recommends compliant implementations. Because a EUR 10M fine for a cookie banner is a bad way to make headlines.
Employment Law: Protect Yourself and Your People
Employment disputes are expensive, disruptive, and almost always avoidable with proper documentation. These skills do not replace employment counsel, but they ensure you do not walk into obvious problems.
Employment Contract Specialist
Gold-tier. Drafts and reviews employment contracts across jurisdictions. Covers probation periods, non-compete enforceability (which varies wildly — California bans them entirely, Germany enforces them with compensation requirements, UK enforces them if reasonable in scope), IP assignment clauses, inventions provisions, and termination provisions. Knows the difference between at-will (US) and statutory notice periods (EU). If you are hiring across borders, this skill prevents the clause that turns out to be unenforceable — or worse, the missing clause that should have been there. It also flags when local counsel is required, because employment law is one area where jurisdiction-specific advice is non-negotiable.
Employment Termination Compliance Advisor
Gold-tier. Terminations are where legal risk concentrates. A poorly handled termination costs more in litigation than the severance would have cost. This skill walks through the compliance requirements: proper notice periods, documentation standards, severance obligations, garden leave considerations, and protected class analysis. It structures the process to minimize litigation risk and ensures you have the paper trail that protects you if a claim is filed. Because the cost of doing it wrong is always higher than the cost of doing it right.
Compliance Frameworks: Audit-Ready, Not Audit-Panicked
SOC 2, ISO 27001, and their relatives are table stakes for selling to enterprise. These skills take you from "we should probably do that" to "here are the controls, evidence, and documentation."
SOC 2 Compliance Guide
Gold-tier. Maps your existing controls to Trust Services Criteria, identifies gaps, and structures a remediation plan. Covers all five categories: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Most startups need Type I first (point-in-time) before moving to Type II (operating effectiveness over a period). This skill helps you plan for both, and more importantly, it identifies which controls you probably already have in place — most engineering teams are more compliant than they think, they just have not documented it. If your sales team keeps losing deals because you cannot produce a SOC 2 report, this is where you start.
ISO 27001 Implementation Guide
Gold-tier. ISO 27001 certification is a project that most companies underestimate. This skill structures the implementation: scope definition, risk assessment methodology, Statement of Applicability (Annex A controls), control implementation, and internal audit preparation. It helps you decide which of the 93 Annex A controls are applicable to your organization and which can be excluded with proper justification. It does not do the work for you, but it ensures you do the right work in the right order — and do not discover at the certification audit that you missed a mandatory requirement.
Internal Audit Strategist
Gold-tier. Audits are not just for compliance — they are how you find problems before regulators or customers do. This skill designs audit programs: scope, methodology, sampling approach, findings documentation, and corrective action tracking. It knows the difference between a compliance audit and an operational audit, and when each is appropriate. The difference between an audit that produces a report nobody reads and an audit that produces improvement you can measure.
IP and Trademark: Protect What You Built
Intellectual property is often a startup's most valuable asset and its most neglected legal concern. These skills cover the basics that every company should have in place.
Trademark Application Specialist
Platinum-tier. Walks through the trademark registration process: classification selection, search strategy, specimen requirements, and response to office actions. Covers USPTO, EUIPO, and WIPO Madrid Protocol filings. If you have ever tried to file a trademark yourself and given up at the Nice Classification, this skill gets you through it.
Intellectual Property Advisor
Gold-tier. Broader IP strategy: patent vs. trade secret decisions, licensing structures, IP due diligence for fundraising, and freedom-to-operate assessments. Helps you understand what you own, what you should protect, and what is at risk. The conversation most founders need to have but never do because it costs $800/hour to have it with a partner at an IP firm.
How to Choose
If you are a startup founder without in-house counsel, start with three: Contract Review Analyst for every agreement that crosses your desk, Cross-Border Data Transfer Specialist if you handle EU personal data, and SaaS Agreement Architect if you sell software.
If you are in-house counsel at a growing company, the compliance cluster saves the most time. SOC 2 Compliance Guide and ISO 27001 Implementation Guide together cover the two frameworks your sales team is asking about. Add DPIA Operations Advisor for the GDPR documentation backlog.
If you are a DPO or privacy professional, Cross-Border Data Transfer Specialist, Data Processing Agreement Composer, and Cookie Consent Compliance Expert cover the three areas that generate the most regulatory risk.
A note on expectations: these skills are not lawyers. They do not provide legal advice. What they do is give you the structured analysis, the right framework, and the specific questions you need to bring to your lawyer — so your billable hours go to decisions, not to research. The EUR 500/hour lawyer in your terminal, doing the prep work that used to take days.
Every skill listed here is available on supaskills. Browse the legal and compliance collection, activate what you need, and run it inside Claude Code.