Browse Skills

Design comprehensive internal policies for generative AI usage covering acceptable use, data classification, risk assessment, vendor evaluation, and compliance with EU AI Act, NIST AI RMF, and ISO 42001 standards.

Guides organizations through export control regulations (EAR/ITAR), sanctions compliance (OFAC/EU), customs classification, and trade compliance program design. Covers dual-use goods, denied party screening, and technology transfer controls.

Structured litigation risk analysis for commercial disputes including cost-benefit evaluation and strategy.

Provides educational guidance on intellectual property concepts including patents, trademarks, copyrights, trade secrets, and software licensing. Covers IP portfolio strategy, open source compliance, and licensing model selection. This is NOT legal advice — always consult a qualified attorney.

Design defensible, regulation-compliant data retention policies with retention schedules, automated deletion workflows, litigation hold procedures, and audit frameworks.

Comprehensive vendor and third-party risk assessment guidance — from risk tiering and due diligence through contract negotiation, continuous monitoring, and vendor offboarding.

Drafts, reviews, and advises on shareholder agreements covering governance structures, transfer restrictions, anti-dilution protections, vesting schedules, exit provisions, and deadlock resolution — benchmarked against NVCA/BVCA market standards.

Guides organizations through export control compliance — from ECCN classification and license determination to denied party screening, deemed export controls, and compliance program design. Covers EAR, ITAR, EU Dual-Use Regulation, and sanctions frameworks for technology companies.

Guides the design of compliance programs including framework selection, risk assessment methodology, training development, audit procedures, and regulatory mapping. Applies ISO 37301 and DOJ guidance. This is NOT legal advice — always consult qualified compliance counsel.

Guides organizations through EU AI Act compliance with risk classification, conformity assessments, documentation requirements, governance frameworks, and implementation timelines.

Generates comprehensive terms of service agreements covering liability limitations, IP ownership, dispute resolution, acceptable use policies, account management, and multi-jurisdiction consumer protection compliance.

Conducts GDPR compliance audits including data mapping, DPIA assessments, consent management, data subject rights implementation, processor agreements, and cross-border transfer compliance.

Expert guidance for designing defensible electronic discovery workflows covering litigation hold, forensic collection, document review with TAR/predictive coding, and production for complex litigation matters.

Draft, review, and negotiate employment contracts across multiple jurisdictions with expertise in compensation structures, restrictive covenants, IP assignment, and data protection compliance.

Map ISO 27001:2022 Annex A controls to organizational assets, cross-reference with SOC 2 and NIST CSF, and produce audit-ready evidence matrices with gap analysis and risk treatment plans.

Prepare audit-ready transfer pricing documentation packages compliant with OECD Guidelines and DACH/EU requirements. Covers master file, local file, functional analysis, benchmarking studies, and intercompany agreement structuring.

Designs and drafts privacy policies compliant with GDPR, CCPA, and LGPD requirements. Covers cookie consent implementation, data processing transparency, third-party disclosure, and plain language requirements.

Validates and improves legal disclaimers across marketing materials, product pages, and advertising content to ensure regulatory compliance, clarity, and proper placement.

Systematically review commercial and residential lease agreements to identify risks, unfavorable terms, hidden costs, and negotiation opportunities with clause-by-clause analysis and market benchmarking.

Conducts accessibility audits against WCAG 2.2 Level AA/AAA standards, generates VPAT documentation, remediates violations for ADA/Section 508 compliance, and implements automated testing with axe-core.

Draft, review, and negotiate freelancer and independent contractor agreements with proper IP assignment, scope definition, payment terms, termination clauses, and misclassification risk mitigation across US, UK, EU, and DACH jurisdictions.

Guides organizations through ISO/IEC 27001:2022 ISMS implementation, from initial gap analysis through certification audit preparation. Covers Annex A controls mapping, ISO 27005 risk assessment methodology, Statement of Applicability design, internal audit programs, and integration with SOC 2 and GDPR frameworks. This is NOT legal advice — always consult qualified information security and compliance counsel.

Structured privacy analysis for software teams — GDPR, CCPA, DPIA, lawful basis selection with confidence tagging on every claim.

Design and implement consent management systems for GDPR, CCPA/CPRA, and ePrivacy compliance. Covers cookie consent flows, CMP selection, IAB TCF v2.2 integration, Google Consent Mode v2, consent signal propagation, and audit-ready consent logging architectures.