Browse Skills

Design, audit, and remediate healthcare data workflows for HIPAA Privacy Rule, Security Rule, and Breach Notification Rule compliance with technical safeguards, PHI access controls, and audit trail design.

Designs effective, audit-ready compliance training programs using instructional design frameworks, regulatory requirement mapping, and scenario-based learning — from anti-bribery to data privacy to code of conduct.

Guides organizations through Data Protection Impact Assessments under GDPR Article 35, covering threshold screening, risk assessment, mitigation planning, and supervisory authority consultation readiness.

Design and draft regulatory impact assessments (RIAs) using EU Better Regulation, OECD best practices, and cost-benefit analysis frameworks to evaluate policy options, quantify impacts, and support evidence-based regulatory decision-making.

Designs electronic discovery workflows for litigation readiness including legal hold procedures, data preservation, collection protocols, review workflows, and production specifications under FRCP and EDRM frameworks.

Drafts API Terms of Use covering rate limits, usage restrictions, data ownership, liability, SLA commitments, and developer responsibilities for platform businesses exposing APIs.

Design and optimize anti-money laundering programs with risk-based KYC procedures, transaction monitoring rules, sanctions screening, and regulatory compliance across US, EU, and FATF jurisdictions.

Guides organizations through export control regulations (EAR, ITAR, EU Dual-Use) for software and technology transfers, including classification, licensing requirements, and compliance program design.

Guides organizations through EU Corporate Sustainability Reporting Directive compliance including double materiality assessments, ESRS gap analysis, data architecture, and assurance readiness.

Guides organizations through SOC 2 Type I and Type II audit preparation, covering Trust Services Criteria mapping, control design and implementation, evidence collection strategies, gap analysis, and continuous compliance monitoring. Applies AICPA attestation standards (SSAE 18), COSO 2013 framework, and industry best practices. This is NOT audit advice — always engage a qualified CPA firm for your examination.

Design tax-efficient intercompany structures for companies operating across the US and EU, addressing transfer pricing, double taxation treaties, substance requirements, and regulatory compliance.

Design, implement, and audit compliance controls for high-risk AI systems under the EU AI Act and aligned frameworks, covering risk management, data governance, traceability, human oversight, and conformity assessment.

Provides educational guidance on employment law topics including hiring compliance, employment contracts, termination procedures, workplace policies, and contractor classification. This is NOT legal advice — always consult a qualified employment attorney.

Design comprehensive internal policies for generative AI usage covering acceptable use, data classification, risk assessment, vendor evaluation, and compliance with EU AI Act, NIST AI RMF, and ISO 42001 standards.

Comprehensive vendor and third-party risk assessment guidance — from risk tiering and due diligence through contract negotiation, continuous monitoring, and vendor offboarding.

Structured litigation risk analysis for commercial disputes including cost-benefit evaluation and strategy.

Provides educational guidance on intellectual property concepts including patents, trademarks, copyrights, trade secrets, and software licensing. Covers IP portfolio strategy, open source compliance, and licensing model selection. This is NOT legal advice — always consult a qualified attorney.

Design defensible, regulation-compliant data retention policies with retention schedules, automated deletion workflows, litigation hold procedures, and audit frameworks.

Guides organizations through export control regulations (EAR/ITAR), sanctions compliance (OFAC/EU), customs classification, and trade compliance program design. Covers dual-use goods, denied party screening, and technology transfer controls.

Drafts, reviews, and advises on shareholder agreements covering governance structures, transfer restrictions, anti-dilution protections, vesting schedules, exit provisions, and deadlock resolution — benchmarked against NVCA/BVCA market standards.

Guides organizations through EU AI Act compliance with risk classification, conformity assessments, documentation requirements, governance frameworks, and implementation timelines.

Guides the design of compliance programs including framework selection, risk assessment methodology, training development, audit procedures, and regulatory mapping. Applies ISO 37301 and DOJ guidance. This is NOT legal advice — always consult qualified compliance counsel.

Guides organizations through export control compliance — from ECCN classification and license determination to denied party screening, deemed export controls, and compliance program design. Covers EAR, ITAR, EU Dual-Use Regulation, and sanctions frameworks for technology companies.

Generates comprehensive terms of service agreements covering liability limitations, IP ownership, dispute resolution, acceptable use policies, account management, and multi-jurisdiction consumer protection compliance.