diff --git a/.github/workflows/legal-ops-evals.yml b/.github/workflows/legal-ops-evals.yml new file mode 100644 index 0000000..4d99bfa --- /dev/null +++ b/.github/workflows/legal-ops-evals.yml @@ -0,0 +1,66 @@ +name: Legal Ops — Eval Suite + +on: + pull_request: + paths: + - "legal-ops/skills/**" + - "legal-ops/commands/**" + - "legal-ops/evals/**" + +jobs: + eval: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Install uv + uses: astral-sh/setup-uv@v4 + + - name: Validate skill structure + run: | + cd legal-ops + for skill_dir in skills/*/; do + skill_name=$(basename "$skill_dir") + skill_file="${skill_dir}SKILL.md" + test -f "$skill_file" || { echo "FAIL: ${skill_name} missing SKILL.md"; exit 1; } + grep -q "^name:" "$skill_file" || { echo "FAIL: ${skill_name} missing name field"; exit 1; } + grep -q "^description:" "$skill_file" || { echo "FAIL: ${skill_name} missing description field"; exit 1; } + echo "OK: ${skill_name}" + done + + - name: Validate routing golden file + run: | + cd legal-ops + python3 -c " + import json + with open('evals/routing-golden.json') as f: + cases = json.load(f) + assert isinstance(cases, list), f'Expected list, got {type(cases)}' + assert len(cases) >= 5, f'Expected 5+ routing cases, got {len(cases)}' + for c in cases: + assert 'query' in c, f'Case missing query: {c}' + assert 'expected_product_skill' in c, f'Case missing expected_product_skill: {c}' + assert 'expected_jurisdiction' in c, f'Case missing expected_jurisdiction: {c}' + print(f'Routing golden: {len(cases)} cases valid.') + " + + - name: Validate product golden file + run: | + cd legal-ops + python3 -c " + import json + with open('evals/product-golden.json') as f: + cases = json.load(f) + assert isinstance(cases, list), f'Expected list, got {type(cases)}' + assert len(cases) >= 5, f'Expected 5+ product cases, got {len(cases)}' + for c in cases: + assert 'product' in c, f'Case missing product: {c}' + assert 'scenario' in c, f'Case missing scenario: {c}' + assert 'expected_contains' in c, f'Case missing expected_contains: {c}' + print(f'Product golden: {len(cases)} cases valid.') + " + + - name: Dry-run eval harness + run: | + cd legal-ops + uv run evals/run-evals.py --dry-run diff --git a/.github/workflows/legal-ops-release.yml b/.github/workflows/legal-ops-release.yml new file mode 100644 index 0000000..25afa73 --- /dev/null +++ b/.github/workflows/legal-ops-release.yml @@ -0,0 +1,114 @@ +name: Legal Ops — Build Downloadable Zips + +on: + push: + tags: + - "legal-ops-v*" + workflow_dispatch: + inputs: + plugin: + description: "Plugin to release" + default: "legal-ops" + +permissions: + contents: write + +env: + PLUGIN: legal-ops + +jobs: + validate: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Validate plugin structure + run: | + PLUGIN_DIR="${PLUGIN}" + + echo "Checking plugin structure..." + test -f "${PLUGIN_DIR}/.claude-plugin/plugin.json" || { echo "FAIL: missing plugin.json"; exit 1; } + test -d "${PLUGIN_DIR}/skills" || { echo "FAIL: missing skills/"; exit 1; } + test -d "${PLUGIN_DIR}/commands" || { echo "FAIL: missing commands/"; exit 1; } + + for skill_dir in "${PLUGIN_DIR}"/skills/*/; do + skill_name=$(basename "$skill_dir") + skill_file="${skill_dir}SKILL.md" + test -f "$skill_file" || { echo "FAIL: ${skill_name} missing SKILL.md"; exit 1; } + grep -q "^name:" "$skill_file" || { echo "FAIL: ${skill_name} missing name field"; exit 1; } + grep -q "^description:" "$skill_file" || { echo "FAIL: ${skill_name} missing description field"; exit 1; } + echo "OK: ${skill_name}" + done + + python3 -m json.tool "${PLUGIN_DIR}/.claude-plugin/plugin.json" > /dev/null || { echo "FAIL: invalid plugin.json"; exit 1; } + python3 -m json.tool marketplace.json > /dev/null || { echo "FAIL: invalid marketplace.json"; exit 1; } + + echo "All validations passed." + + build-zips: + needs: validate + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Create download zips + run: | + mkdir -p dist + cd "${PLUGIN}" + + zip -r ../dist/${PLUGIN}-full.zip \ + . -x '*.git*' -x '*/.DS_Store' + + if [ -d exercises ]; then + zip -r ../dist/${PLUGIN}-exercises.zip \ + exercises/ -x '*.git*' + fi + + if [ -d workflow-recipes ]; then + zip -r ../dist/${PLUGIN}-workflow-recipes.zip \ + workflow-recipes/ -x '*.git*' + fi + + cd .. + echo "Built zips:" + ls -lh dist/ + + - name: Extract version from tag + id: version + run: | + TAG="${GITHUB_REF_NAME}" + VERSION="${TAG#${PLUGIN}-}" + echo "version=${VERSION}" >> "$GITHUB_OUTPUT" + echo "Version: ${VERSION}" + + - name: Create GitHub Release + uses: softprops/action-gh-release@v2 + with: + tag_name: ${{ github.ref_name }} + name: "${{ env.PLUGIN }} ${{ steps.version.outputs.version }}" + files: dist/*.zip + body: | + ## Legal Operations and Compliance Plugin ${{ steps.version.outputs.version }} + + ### Install + ```bash + # Layer 1 (Base) + claude plugin install legal@knowledge-work-plugins + + # Layer 2 (Extension) + /plugin marketplace add panaversity/agentfactory-business-plugins + /plugin install legal-ops@agentfactory-business + ``` + + ### Downloads + + | File | Contents | For | + |------|----------|-----| + | `legal-ops-full.zip` | Plugin + exercises + recipes | Complete setup | + | `legal-ops-exercises.zip` | 8 exercises | Chapter exercises | + | `legal-ops-workflow-recipes.zip` | 4 operational playbooks | Production workflows | + + ### Quick Start + 1. Install both plugins (commands above) + 2. Download `legal-ops-exercises.zip` + 3. Unzip and start with Exercise 1 (Build Your Negotiation Playbook) diff --git a/legal-ops/.claude-plugin/plugin.json b/legal-ops/.claude-plugin/plugin.json new file mode 100644 index 0000000..d8366a7 --- /dev/null +++ b/legal-ops/.claude-plugin/plugin.json @@ -0,0 +1,26 @@ +{ + "name": "legal-ops", + "version": "1.0.0", + "description": "Legal Operations and Compliance agent: 8 product skills, 5 jurisdiction overlays, 4 domain commands. Contract review, NDA triage, IP protection, regulatory monitoring, DSAR management, and Legal Ops Agents across UK, EU, US, Pakistan, and UAE.", + "author": { + "name": "Panaversity", + "url": "https://github.com/panaversity" + }, + "homepage": "https://agentfactory.panaversity.org", + "repository": "https://github.com/panaversity/agentfactory-business-plugins", + "license": "Apache-2.0", + "keywords": [ + "legal-ops", + "contract-review", + "nda", + "ip-protection", + "regulatory", + "compliance", + "dsar", + "gdpr", + "contract-lifecycle", + "legal-operations", + "jurisdiction", + "domain-agent" + ] +} diff --git a/legal-ops/CLAUDE.md b/legal-ops/CLAUDE.md new file mode 100644 index 0000000..43f3ed6 --- /dev/null +++ b/legal-ops/CLAUDE.md @@ -0,0 +1,80 @@ +# Legal Operations and Compliance Agent -- Agent Instructions + +You are the **Legal Operations and Compliance Agent** -- an AI agent specialized in +legal operations workflows: contract review, NDA triage, IP protection, regulatory +monitoring, DSAR management, compliance calendar tracking, legal spend analysis, +and contract intake routing. + +## Scope Boundary (HARD RULE) + +Your scope is **exclusively** legal operations workflows: reviewing contracts against +a negotiation playbook, triaging NDAs, monitoring IP and regulatory developments, +managing DSARs, tracking compliance obligations, and analysing legal spend. + +**You MUST refuse these requests -- do not answer them:** + +- Specific legal advice (you provide legal analysis, not advice) +- Litigation strategy or case assessment +- Tax advice (rates, thresholds, filing requirements, jurisdiction rules) +- Investment recommendations (buy/sell/hold, portfolio allocation) +- Approving any contract for execution (human authorised signatory only) +- Sending any legal output to a counterparty without attorney review + +**When a request is out of scope:** State clearly that it falls outside the scope +of legal operations workflows. Suggest the user consult a qualified licensed attorney. +Do NOT provide the answer "for reference", "briefly", "for context", or with a +disclaimer. A partial answer with a disclaimer is still out of scope. + +## The Governing Principle + +> **The agent reviews, triages, drafts, and flags.** +> **The licensed attorney advises, decides, and signs.** + +These roles are distinct. Do not conflate them. Every output ends with: +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY. + +## Core Methodology + +Before executing ANY legal operations task, read `skills/legal-global-router/SKILL.md` +for the routing logic -- it identifies the correct product skill and jurisdiction overlay +for every query. + +**Routing sequence:** + +1. Identify task type -> load the correct product skill from `skills/` +2. Identify jurisdiction -> load the correct overlay from `skills/legal-global-router/references/jurisdictions/` +3. Check for negotiation playbook (`legal.local.md`) -> load if found +4. Apply the mandatory output header to every response + +## Commands + +| Command | What It Does | +| ------------------ | ------------------------------------------------------------------ | +| `/review-contract` | Full clause-by-clause contract review against playbook | +| `/triage-nda` | Rapid NDA pre-screening with tier routing | +| `/vendor-check` | Obligation tracking, renewal calendar, compliance dashboard | +| `/legal-brief` | Legal research, regulatory monitoring, IP analysis, spend analysis | + +## Mandatory Output Header + +Every legal output MUST begin with: + +``` +TASK: [e.g. Contract Review -- Vendor MSA] +JURISDICTION: [e.g. English Law] +PLAYBOOK: [Loaded: legal.local.md / Not configured -- using general standards] +ATTORNEY REVIEW: REQUIRED -- all outputs must be reviewed by a licensed attorney +ESCALATION: [Yes -- reason / No] +``` + +## Universal Rules -- Non-Negotiable + +- NEVER provide legal advice -- provide legal analysis; flag for attorney review +- NEVER approve a contract for execution -- human authorised signatory required +- NEVER skip a RED escalation -- RED always requires attorney review before proceeding +- NEVER omit playbook check -- if none found, state explicitly: + "Reviewed against general commercial standards -- no playbook configured" +- NEVER send any legal output to a counterparty without attorney review first +- NEVER confirm data holdings in a DSAR acknowledgement before discovery is complete +- NEVER miss a response deadline -- alert counsel 7 days before any mandatory deadline +- NEVER apply legal interpretations across jurisdictions without the correct overlay diff --git a/legal-ops/LICENSE b/legal-ops/LICENSE new file mode 100644 index 0000000..5263195 --- /dev/null +++ b/legal-ops/LICENSE @@ -0,0 +1,190 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to the Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by the Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding any notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + Copyright 2026 Panaversity + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/legal-ops/README.md b/legal-ops/README.md new file mode 100644 index 0000000..50fe727 --- /dev/null +++ b/legal-ops/README.md @@ -0,0 +1,130 @@ +# Legal Operations and Compliance + +Plugin for **Chapter 22: Legal Operations and Compliance** from [The AI Agent Factory](https://learn.panaversity.org) by Panaversity. + +Legal Operations and Compliance agent with 8 product skills, 6 jurisdiction overlays, and 4 domain commands covering contract review, NDA triage, IP protection, regulatory monitoring, DSAR management, legal spend analysis, compliance calendar tracking, and contract intake routing across UK, EU, US, Pakistan, UAE, and GCC jurisdictions. + +--- + +## Quick Start + +### Option A: Claude Code CLI (Recommended) + +```bash +claude plugin install legal-ops@agentfactory-business +``` + +### Option B: Cowork (Claude.ai) + +Sidebar -> Customize -> Browse plugins -> + -> Add marketplace from GitHub -> `panaversity/agentfactory-business-plugins` -> Install "legal-ops" + +### Option C: Download ZIP + +1. Go to the [Releases page](https://github.com/panaversity/agentfactory-business-plugins/releases/latest) +2. Download `legal-ops-full.zip` +3. Unzip and follow setup instructions + +### Option D: Clone for Development + +```bash +git clone https://github.com/panaversity/agentfactory-business-plugins.git +claude --plugin-dir ./agentfactory-business-plugins/legal-ops +``` + +### Verify Installation + +Start a new Claude session and say: "I need to review a vendor agreement under English law." The agent should automatically reference UCTA and the three-tier classification system -- if it does, the plugin is active. + +--- + +## What's in This Plugin + +``` +legal-ops/ +├── .claude-plugin/plugin.json # Plugin manifest +├── skills/ # 9 skills (auto-loaded by agent) +│ ├── legal-global-router/ # Routes to correct product + jurisdiction +│ │ └── references/jurisdictions/ # 6 jurisdiction overlays (on-demand) +│ ├── contract-review/ # Full clause-by-clause contract review +│ ├── nda-triage/ # NDA pre-screening and routing +│ ├── ip-protection/ # Patent, trademark, copyright, OSS +│ ├── regulatory-monitoring/ # Regulatory change tracking +│ ├── dsar-privacy/ # DSAR/privacy request management +│ ├── legal-spend/ # External legal spend analysis +│ ├── compliance-calendar/ # Obligation and deadline tracking +│ └── contract-intake-agent/ # End-to-end contract intake +├── commands/ # 4 slash commands +│ ├── review-contract.md # /review-contract +│ ├── triage-nda.md # /triage-nda +│ ├── vendor-check.md # /vendor-check +│ └── legal-brief.md # /legal-brief +├── hooks/hooks.json # SessionStart + PostToolUse validation +├── scripts/validate-routing.py # Routing validation test harness +├── evals/ # Golden-file tests +├── exercises/ # 8 exercise files (download as zip) +├── workflow-recipes/ # 4 operational playbooks (download as zip) +└── legal.local.md.template # Negotiation playbook -- fill in + rename +``` + +--- + +## Commands + +| Command | What It Does | Example | +| ------------------ | --------------------------------------------- | ------------------------------------------------------------------- | +| `/review-contract` | Full clause-by-clause review against playbook | `/review-contract "SaaS MSA" "English law" "customer, GBP 48K"` | +| `/triage-nda` | NDA pre-screening with tier routing | `/triage-nda "mutual NDA" "tech partner, response by Friday"` | +| `/vendor-check` | Obligation tracking and compliance calendar | `/vendor-check scope:"all contracts" filter:"due in 60 days"` | +| `/legal-brief` | Research, regulatory, IP, spend analysis | `/legal-brief topic:"regulatory monitoring" jurisdictions:"UK, EU"` | + +--- + +## How Each Folder Maps to Chapter 22 Lessons + +| Folder | Lessons | What You Do | +| -------------------------------------- | ------------- | -------------------------------------------------------- | +| `skills/jurisdiction-contract-review/` | Part One | Jurisdiction-aware contract review against your playbook | +| `skills/jurisdiction-nda-triage/` | Part Two | Jurisdiction-aware NDA triage with three-tier routing | +| `skills/ip-protection/` | Part Three | Patent landscape, trademark monitoring, FTO research | +| `skills/contract-intake-agent/` | Part Five | Build the Contract Intake Agent | +| `skills/regulatory-monitoring/` | Part Five | Build the Regulatory Monitoring Agent | +| `skills/compliance-calendar/` | Part Five | Build the Compliance Calendar Agent | +| `skills/legal-spend/` | Part Five | Build the Legal Spend Analytics Agent | +| `skills/dsar-privacy/` | Part Five | Build the DSAR Response Agent | +| `skills/legal-global-router/` | All | Routing + 6 jurisdiction overlays | +| `exercises/` | Exercises 1-8 | Hands-on exercise files | +| `workflow-recipes/` | Operational | Production workflow playbooks | +| `evals/` | Validation | Golden-file routing and product tests | + +--- + +## Customizing for Your Jurisdiction + +| Variable | Default | Your Value | +| -------------------- | --------------------------------------------------- | ----------------------- | +| Primary Jurisdiction | Multi-jurisdiction (UK, EU, US, Pakistan, UAE, GCC) | _your jurisdiction_ | +| Negotiation Playbook | General commercial standards | _your legal.local.md_ | +| NDA Standard Form | General commercial NDA | _your standard form_ | +| IP Marks | Not configured | _your registered marks_ | +| Escalation Contacts | Generic roles | _your named contacts_ | + +To customize: copy `legal.local.md.template`, rename to `legal.local.md`, and fill in your organisation's positions. To add a jurisdiction: create a new overlay file in `skills/legal-global-router/references/jurisdictions/` following the same format. + +--- + +## Prerequisites + +- Chapters 1-21 of The AI Agent Factory +- Claude Code or Cowork access +- Basic understanding of commercial contract concepts + +## The Governing Principle + +> **The agent reviews, triages, drafts, and flags.** +> **The licensed attorney advises, decides, and signs.** + +Every file in this plugin enforces this distinction. Every output ends with: **ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY.** + +## License + +Apache-2.0 -- see [LICENSE](./LICENSE). diff --git a/legal-ops/commands/legal-brief.md b/legal-ops/commands/legal-brief.md new file mode 100644 index 0000000..9961bbf --- /dev/null +++ b/legal-ops/commands/legal-brief.md @@ -0,0 +1,43 @@ +# /legal-brief + +Legal research, regulatory monitoring, IP analysis, legal spend analysis, and DSAR management. + +## Usage + +/legal-brief topic:[topic] [parameters] + +## Examples + +/legal-brief topic:"regulatory monitoring" jurisdictions:"UK, EU" since:"2026-03-01" +/legal-brief topic:"patent landscape analysis" subject:"AI document analysis" jurisdictions:"US, EU, UK" +/legal-brief topic:"trademark monitoring" mark:"AgentFactory" class:"9,42" jurisdiction:"UK, EU, US" +/legal-brief topic:"legal-spend-analysis" period:"Q1 2026" flag-anomalies:true +/legal-brief topic:"DSAR acknowledgement" requester:"Sarah Johnson" jurisdiction:"UK GDPR" + +## Routing + +The /legal-brief command routes to the appropriate product skill based on topic: + +| Topic Pattern | Routes To | +| --------------------------------- | ---------------------- | +| regulatory monitoring, compliance | regulatory-monitoring | +| patent, trademark, IP, copyright | ip-protection | +| legal spend, invoice, billing | legal-spend | +| DSAR, privacy, data subject | dsar-privacy | +| general research, legal topic | direct research output | + +## Workflow + +1. Identify topic and route to correct product skill via legal-global-router +2. Load jurisdiction overlay if applicable +3. Execute the product-specific workflow (see individual skill files) +4. Apply mandatory output header +5. Include attorney review disclaimer + +## Output + +- Structured briefing or analysis per the relevant product skill format +- Mandatory header block (task, jurisdiction, playbook, attorney review) +- Topic-specific output format (weekly brief, landscape analysis, spend report, etc.) + +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/commands/review-contract.md b/legal-ops/commands/review-contract.md new file mode 100644 index 0000000..a21dc9d --- /dev/null +++ b/legal-ops/commands/review-contract.md @@ -0,0 +1,34 @@ +# /review-contract + +Full clause-by-clause contract review against your organisation's negotiation playbook. + +## Usage + +/review-contract [contract-type] [jurisdiction] [context] + +## Examples + +/review-contract "SaaS vendor agreement" "English law" "We are the customer, annual value GBP 48,000" +/review-contract "MSA" "New York law" "Consulting engagement, 6-month term, USD 95,000" +/review-contract "partnership agreement" "UAE/DIFC" "Co-marketing referral arrangement, no cash exchange" + +## Workflow + +1. Route to contract-review skill via legal-global-router +2. Load the jurisdiction overlay from router references +3. Load the negotiation playbook (legal.local.md) if configured +4. Gather context: party role, contract type, deadline, value, concerns +5. Read the entire contract before flagging any issues +6. Analyse clause-by-clause against playbook or general standards +7. Classify deviations: GREEN (acceptable) / YELLOW (negotiate) / RED (escalate) +8. Generate specific redline text for each YELLOW and RED item +9. Produce holistic risk summary with negotiation priority order + +## Output + +- Mandatory header block (task, jurisdiction, playbook, attorney review, escalation) +- Clause-by-clause analysis with three-tier classification +- Specific redline language ready to insert for each flagged item +- Holistic risk summary: GREEN/YELLOW/RED counts, material risk, recommendation + +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/commands/triage-nda.md b/legal-ops/commands/triage-nda.md new file mode 100644 index 0000000..a4d5dd0 --- /dev/null +++ b/legal-ops/commands/triage-nda.md @@ -0,0 +1,35 @@ +# /triage-nda + +Rapid NDA pre-screening and three-tier routing recommendation. + +## Usage + +/triage-nda [nda-type] [counterparty-context] + +## Examples + +/triage-nda "mutual NDA" "prospective technology partner, need response by Friday" +/triage-nda "unilateral NDA" "large enterprise vendor, M&A due diligence" +/triage-nda "incoming NDA" "new SaaS vendor, routine evaluation" + +## Workflow + +1. Route to nda-triage skill via legal-global-router +2. Load NDA configuration from playbook (legal.local.md) if available +3. Gather context: mutual/unilateral, purpose, counterparty type, urgency +4. Compare incoming NDA against standard form or general commercial standards +5. Classify deviations and assign tier: + - Tier 1: Standard Approval (no attorney review) -- target 60-70% + - Tier 2: Counsel Review (attorney review, no negotiation expected) -- target 20-30% + - Tier 3: Full Review (attorney review + likely negotiation) -- target 10-15% +6. Check for automatic RED flags (residuals clause, no public info carve-out, etc.) +7. Produce triage report with routing recommendation + +## Output + +- NDA Triage Report with tier classification +- Estimated attorney time: 0 / ~15 min / ~45 min +- Deviation summary: GREEN/YELLOW/RED counts +- Routing recommendation with specific deviations listed + +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/commands/vendor-check.md b/legal-ops/commands/vendor-check.md new file mode 100644 index 0000000..bb401cc --- /dev/null +++ b/legal-ops/commands/vendor-check.md @@ -0,0 +1,36 @@ +# /vendor-check + +Obligation tracking, vendor status check, renewal calendar, and compliance dashboard. + +## Usage + +/vendor-check [scope] [filter] [output-format] + +## Examples + +/vendor-check "Acme Corp" "all obligations" "summary" +/vendor-check scope:"all active contracts" filter:"obligations due within 60 days" +/vendor-check scope:"vendor agreements" filter:"renewal dates in 90 days" output:"compliance calendar" + +## Workflow + +1. Route to compliance-calendar skill via legal-global-router +2. Query connected contract repository (Google Drive / SharePoint MCP) +3. Extract obligation data: deliverables, payments, notices, renewals +4. Apply escalation timeline: + - 60 days: add to dashboard + - 30 days: notify obligation owner + - 14 days: notify owner + manager + - 7 days: notify General Counsel + - 1 day: emergency alert (CFO for financial, GC for legal/regulatory) + - Missed: log compliance incident; initiate remediation +5. Produce compliance calendar dashboard + +## Output + +- Compliance Calendar with RED/YELLOW/GREEN categorisation +- Obligations summary by owner and deadline +- Renewal calendar with notice period deadlines +- Overdue items requiring immediate action + +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/evals/product-golden.json b/legal-ops/evals/product-golden.json new file mode 100644 index 0000000..1dfed51 --- /dev/null +++ b/legal-ops/evals/product-golden.json @@ -0,0 +1,72 @@ +[ + { + "product": "contract-review", + "jurisdiction": "UK", + "scenario": "SaaS vendor agreement with 3-month liability cap, no DPA, vendor-side termination only", + "expected_contains": [ + "RED", + "limitation of liability", + "UCTA", + "DPA", + "termination", + "attorney review", + "redline" + ], + "must_not_contain": ["approved for execution", "legal advice", "GREEN"] + }, + { + "product": "nda-triage", + "jurisdiction": "UK", + "scenario": "Mutual NDA with residuals clause, no public info carve-out, perpetual obligations", + "expected_contains": [ + "Tier 3", + "RED", + "residuals", + "perpetual", + "senior counsel", + "attorney review" + ], + "must_not_contain": ["Tier 1", "Standard Approval", "approved for signing"] + }, + { + "product": "dsar-privacy", + "jurisdiction": "UK", + "scenario": "Subject access request from former customer, CRM contains opinion notes", + "expected_contains": [ + "30 days", + "ICO", + "opinions ABOUT the requester", + "personal data", + "attorney review", + "discovery" + ], + "must_not_contain": ["confirm data holdings", "redact opinions"] + }, + { + "product": "contract-review", + "jurisdiction": "US", + "scenario": "California consulting agreement with broad non-compete and no CISG exclusion", + "expected_contains": [ + "RED", + "non-compete", + "California", + "VOID", + "CISG", + "exclusion" + ], + "must_not_contain": ["enforceable non-compete", "approved"] + }, + { + "product": "regulatory-monitoring", + "jurisdiction": "EU", + "scenario": "AI product deployed in EU, checking EU AI Act compliance obligations", + "expected_contains": [ + "EU AI Act", + "high-risk", + "conformity assessment", + "escalation", + "counsel" + ], + "must_not_contain": ["you are compliant", "no action needed"] + } +] diff --git a/legal-ops/evals/routing-golden.json b/legal-ops/evals/routing-golden.json new file mode 100644 index 0000000..24ece34 --- /dev/null +++ b/legal-ops/evals/routing-golden.json @@ -0,0 +1,98 @@ +[ + { + "query": "Review this vendor MSA for our SaaS procurement under English law", + "expected_product_skill": "contract-review", + "expected_jurisdiction": "UK", + "expected_overlay": "uk-law.md", + "expected_contains": ["UCTA", "limitation of liability", "attorney review"], + "must_not_contain": ["legal advice", "approved for execution"] + }, + { + "query": "We received an NDA from a prospective technology partner based in Delaware", + "expected_product_skill": "nda-triage", + "expected_jurisdiction": "US", + "expected_overlay": "us-law.md", + "expected_contains": ["Tier", "triage", "standard form"], + "must_not_contain": ["approved for signing"] + }, + { + "query": "Run a patent landscape analysis for AI document extraction technology in the EU", + "expected_product_skill": "ip-protection", + "expected_jurisdiction": "EU", + "expected_overlay": "eu-law.md", + "expected_contains": ["research summary", "FTO", "attorney"], + "must_not_contain": ["freedom to operate opinion"] + }, + { + "query": "What regulatory changes in data protection affect our UK and EU operations this month?", + "expected_product_skill": "regulatory-monitoring", + "expected_jurisdiction": "Multi", + "expected_overlay": ["uk-law.md", "eu-law.md"], + "expected_contains": ["HIGH PRIORITY", "MONITOR", "AWARENESS"], + "must_not_contain": ["you are compliant"] + }, + { + "query": "We received a DSAR from a former customer under UK GDPR", + "expected_product_skill": "dsar-privacy", + "expected_jurisdiction": "UK", + "expected_overlay": "uk-law.md", + "expected_contains": ["30 days", "ICO", "acknowledgement", "discovery"], + "must_not_contain": ["confirm data holdings"] + }, + { + "query": "Analyse our external legal spend for Q1 2026 and flag billing anomalies", + "expected_product_skill": "legal-spend", + "expected_jurisdiction": "N/A", + "expected_overlay": null, + "expected_contains": ["anomaly", "effective rate", "budget"], + "must_not_contain": ["billing dispute raised"] + }, + { + "query": "Show all contract obligations due in the next 60 days", + "expected_product_skill": "compliance-calendar", + "expected_jurisdiction": "N/A", + "expected_overlay": null, + "expected_contains": ["OVERDUE", "DUE IN 14 DAYS", "obligation"], + "must_not_contain": ["complete without evidence"] + }, + { + "query": "New vendor agreement received for intake and routing -- counterparty is a Pakistani software company", + "expected_product_skill": "contract-intake-agent", + "expected_jurisdiction": "Pakistan", + "expected_overlay": "pakistan-law.md", + "expected_contains": ["metadata", "classification", "Tier", "routing"], + "must_not_contain": ["approved for execution"] + }, + { + "query": "Review this consulting agreement governed by UAE/DIFC law for our Dubai subsidiary", + "expected_product_skill": "contract-review", + "expected_jurisdiction": "UAE", + "expected_overlay": "uae-law.md", + "expected_contains": ["DIFC", "mainland", "legal zone"], + "must_not_contain": ["legal advice"] + }, + { + "query": "We need trademark monitoring for our brand across EU member states", + "expected_product_skill": "ip-protection", + "expected_jurisdiction": "EU", + "expected_overlay": "eu-law.md", + "expected_contains": ["EUTM", "EUIPO", "similarity", "monitoring"], + "must_not_contain": ["FTO opinion"] + }, + { + "query": "Triage this incoming NDA from a German company proposing German law as governing law", + "expected_product_skill": "nda-triage", + "expected_jurisdiction": "EU", + "expected_overlay": "eu-law.md", + "expected_contains": ["Tier", "governing law", "German"], + "must_not_contain": ["Tier 1"] + }, + { + "query": "A California resident has filed a CCPA data deletion request", + "expected_product_skill": "dsar-privacy", + "expected_jurisdiction": "US", + "expected_overlay": "us-law.md", + "expected_contains": ["45 days", "CCPA", "Privacy Counsel", "erasure"], + "must_not_contain": ["confirm data holdings"] + } +] diff --git a/legal-ops/evals/run-evals.py b/legal-ops/evals/run-evals.py new file mode 100644 index 0000000..1788521 --- /dev/null +++ b/legal-ops/evals/run-evals.py @@ -0,0 +1,105 @@ +# /// script +# dependencies = [] +# /// +""" +Legal Ops Plugin -- Eval Runner +Run: uv run evals/run-evals.py + +Validates that golden files exist and have expected structure. +Does NOT run actual LLM inference -- that requires the plugin installed. +""" + +import json +import sys +from pathlib import Path + + +def validate_routing_golden(path: Path) -> list[str]: + errors = [] + cases = json.loads(path.read_text()) + if len(cases) < 10: + errors.append(f"routing-golden.json: expected 10+ cases, got {len(cases)}") + required_fields = [ + "query", + "expected_product_skill", + "expected_jurisdiction", + "expected_overlay", + "expected_contains", + "must_not_contain", + ] + for i, c in enumerate(cases): + for f in required_fields: + if f not in c: + errors.append(f"routing-golden.json case {i}: missing field '{f}'") + # Verify all 8 product skills are covered + skills = {c["expected_product_skill"] for c in cases} + expected_skills = { + "contract-review", + "nda-triage", + "ip-protection", + "regulatory-monitoring", + "dsar-privacy", + "legal-spend", + "compliance-calendar", + "contract-intake-agent", + } + missing_skills = expected_skills - skills + if missing_skills: + errors.append(f"routing-golden.json: missing product skills: {missing_skills}") + # Verify all 5 jurisdictions are covered + jurisdictions = {c["expected_jurisdiction"] for c in cases} + expected_jurisdictions = {"UK", "EU", "US", "Pakistan", "UAE"} + missing_jurisdictions = expected_jurisdictions - jurisdictions + if missing_jurisdictions: + errors.append(f"routing-golden.json: missing jurisdictions: {missing_jurisdictions}") + return errors + + +def validate_product_golden(path: Path) -> list[str]: + errors = [] + cases = json.loads(path.read_text()) + if len(cases) < 5: + errors.append(f"product-golden.json: expected 5+ cases, got {len(cases)}") + required_fields = [ + "product", + "jurisdiction", + "scenario", + "expected_contains", + "must_not_contain", + ] + for i, c in enumerate(cases): + for f in required_fields: + if f not in c: + errors.append(f"product-golden.json case {i}: missing field '{f}'") + return errors + + +def main(): + eval_dir = Path(__file__).parent + all_errors = [] + + routing = eval_dir / "routing-golden.json" + if routing.exists(): + all_errors.extend(validate_routing_golden(routing)) + print(f"routing-golden.json: {len(json.loads(routing.read_text()))} cases") + else: + all_errors.append("routing-golden.json not found") + + product = eval_dir / "product-golden.json" + if product.exists(): + all_errors.extend(validate_product_golden(product)) + print(f"product-golden.json: {len(json.loads(product.read_text()))} cases") + else: + all_errors.append("product-golden.json not found") + + if all_errors: + print(f"\nFAILED: {len(all_errors)} errors:") + for e in all_errors: + print(f" - {e}") + sys.exit(1) + else: + print("\nPASSED: All golden files valid.") + + +if __name__ == "__main__": + main() diff --git a/legal-ops/exercises/ex01-negotiation-playbook.md b/legal-ops/exercises/ex01-negotiation-playbook.md new file mode 100644 index 0000000..0450100 --- /dev/null +++ b/legal-ops/exercises/ex01-negotiation-playbook.md @@ -0,0 +1,87 @@ +# Exercise 1: Build Your Negotiation Playbook + +## Scenario Profile + +| Field | Value | +| ------------------- | ---------------------------------------------------------------------- | +| **Type** | SKILL.md Configuration | +| **Time** | 60-90 minutes | +| **Skills Required** | `contract-review`, `legal-global-router`, `legal.local.md.template` | +| **Prerequisite** | Legal Ops plugin installed; access to 3 recently negotiated agreements | +| **Chapter** | Chapter 22 -- Legal Operations and Compliance | + +--- + +## Overview + +The negotiation playbook is the single most important configuration decision in your +Legal Ops plugin deployment. Without it, every review is generic. With it, every review +reflects your organisation's actual risk tolerance and negotiation history. + +--- + +## Steps + +### Step 1 -- Conduct the Expert Interview (30 minutes) + +Before opening the plugin, conduct a structured interview with your General Counsel +or most senior commercial attorney. Use these questions exactly: + +1. In a typical vendor agreement where you are the customer, what is your standard + position on limitation of liability? What is the absolute minimum you would accept? +2. Which IP clauses are truly non-negotiable -- where you would decline the deal? +3. In the last 12 months, which clause caused the most negotiation difficulty? +4. Which contract types do you personally review? Which delegate to juniors? +5. What looks acceptable on paper but your instinct always flags in practice? + +Record the answers verbatim. + +### Step 2 -- Document Extraction + +For each of your three most recently negotiated vendor agreements: + +- What was the starting position on the three most-negotiated clauses? +- What was the final agreed position? +- Was the compromise one your organisation was comfortable with? + +### Step 3 -- Draft Your Playbook + +Using the `legal.local.md.template`, draft your playbook covering at minimum: +limitation of liability, IP ownership, indemnification, data protection, +termination, and governing law. + +### Step 4 -- Test and Calibrate + +``` +/review-contract +[Upload: one of the three executed contracts from Step 2] + +Context: provide your position, urgency level, and any known issues +``` + +Compare the agent's output against your knowledge of the actual negotiation: + +- Did the agent flag the clauses that actually required negotiation? +- Were any significant issues missed? +- Were the GREEN/YELLOW/RED classifications consistent with your risk tolerance? + +### Step 5 -- Refine and Re-test + +Update your playbook based on the gaps. Re-run the review. Document changes. + +--- + +## Expected Output + +- A validated `legal.local.md` negotiation playbook +- Documentation of calibration changes (what was adjusted and why) +- Comparison showing agent output vs. actual negotiation history + +--- + +## Deliverable + +A validated negotiation playbook ready to deploy as your organisation's +Legal Ops plugin configuration. + +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/exercises/ex02-contract-review-sprint.md b/legal-ops/exercises/ex02-contract-review-sprint.md new file mode 100644 index 0000000..3bb3889 --- /dev/null +++ b/legal-ops/exercises/ex02-contract-review-sprint.md @@ -0,0 +1,83 @@ +# Exercise 2: Contract Review Sprint -- Three Contracts in One Hour + +## Scenario Profile + +| Field | Value | +| ------------------- | --------------------------------------------- | +| **Type** | Applied Practice | +| **Time** | 60 minutes (20 minutes per contract) | +| **Skills Required** | `contract-review`, `legal-global-router` | +| **Plugin Command** | `/review-contract` | +| **Chapter** | Chapter 22 -- Legal Operations and Compliance | + +--- + +## Overview + +You are the Legal Operations Manager at a 150-person technology company. +Three contracts arrived this morning, all requesting review by end of business. + +--- + +## Contract A -- SaaS Vendor Agreement (you are the customer) + +If you do not have a real SaaS agreement, generate a training document: + +``` +/legal-brief topic:"generate a realistic vendor-favourable SaaS MSA for training" + clauses:"limitation of liability (3 months' fees cap), + IP ownership (vendor retains all IP including customisations), + data processing, termination for convenience (60 days vendor; + immediate for cause only for customer), + governing law: vendor's state" +``` + +Then run `/review-contract` against it. + +Context: We are the customer. Cloud-based project management software. +Annual value: GBP 48,000. Vendor evaluation in progress for 3 months. +Business unit wants to sign by Friday. + +**Answer:** + +1. What is the overall risk rating? +2. How many RED items? Are they genuine deal issues? +3. What is the single most important redline given the Friday deadline? +4. Recommend: approve / negotiate / escalate / decline + +--- + +## Contract B -- Consulting Services Agreement (you are the customer) + +Context: Engaging an external consultant for a 6-month product strategy project. +Fixed fee: GBP 95,000. Consultant will access product roadmap and customer data. + +**Answer:** + +1. What IP ownership issues does the agent flag? +2. The agent flags a RED on data protection -- what is the specific issue? +3. The liability cap is GBP 10,000 (~10% of fee). Classification and recommendation? +4. Draft a negotiation strategy email using the top 3 redline suggestions. + +--- + +## Contract C -- Co-Marketing Partnership Agreement + +Context: Co-marketing and referral agreement with a complementary software company. +We refer customers to them; they refer to us. No cash. Term: 2 years. + +**Answer:** + +1. Which clauses are most important for this partnership structure? +2. The contract has a residuals clause. Is this RED? Why? +3. No limitation of liability clause at all. Draft the clause to propose. +4. Write a one-paragraph risk summary for your CFO in plain English. + +--- + +## Sprint Debrief + +Which of the three reviews was most valuable? Which produced the most useful +redlines? Which would have benefited most from additional playbook configuration? + +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/exercises/ex03-nda-triage-system.md b/legal-ops/exercises/ex03-nda-triage-system.md new file mode 100644 index 0000000..5c2cae9 --- /dev/null +++ b/legal-ops/exercises/ex03-nda-triage-system.md @@ -0,0 +1,75 @@ +# Exercise 3: NDA Triage System -- Build, Test, Deploy + +## Scenario Profile + +| Field | Value | +| ------------------- | --------------------------------------------- | +| **Type** | Workflow Configuration | +| **Time** | 45 minutes | +| **Skills Required** | `nda-triage`, `legal-global-router` | +| **Plugin Command** | `/triage-nda` | +| **Chapter** | Chapter 22 -- Legal Operations and Compliance | + +--- + +## Overview + +Your organisation receives approximately 25 NDA requests per month. Currently all +go to the same junior attorney, taking 30-45 minutes each -- approximately 12+ hours +of attorney time per month. Your task: design and test a triage system that reduces +attorney NDA time to 3-4 hours per month. + +--- + +## Steps + +### Step 1 -- Configure Your NDA Triage Playbook + +Add the NDA-specific section to `legal.local.md`. Define your Tier 1/2/3 criteria. + +### Step 2 -- Build a Four-NDA Test Set + +- **NDA A**: Your own standard form, unmodified +- **NDA B**: Your standard form with the counterparty's jurisdiction as governing law +- **NDA C**: Your standard form + residuals clause + 5-year term (vs. standard 3) +- **NDA D**: Unilateral NDA (disclosing only, counterparty is discloser) when mutual + expected; broad confidential information definition; no public-info carve-out; + perpetual survival + +For each: run `/triage-nda`, provide context, record the classification. + +### Step 3 -- Expected Results + +| NDA | Expected Tier | Reason | +| ----- | ------------- | ------------------------------------------------------- | +| NDA A | Tier 1 | Standard form, no deviations | +| NDA B | Tier 2 | Governing law deviation -- counsel confirmation | +| NDA C | Tier 2 or 3 | Residuals clause = automatic RED flag | +| NDA D | Tier 3 | Multiple RED items: unilateral, no carve-out, perpetual | + +### Step 4 -- Calibrate + +If results diverge from expected, update the playbook and re-run. Document why +the initial configuration missed the expected result. + +### Step 5 -- Draft Routing Templates + +- Tier 1 to business unit: approved, here is the execution process +- Tier 2 to reviewing attorney: here are the flagged deviations and deadline +- Tier 3 to General Counsel: here are the RED items, urgency, recommendation + +--- + +## Expected Output + +- Tested NDA triage configuration +- Three routing email templates +- Calculation showing reduction from 12+ to ~3-4 attorney hours/month + +--- + +## Deliverable + +Validated NDA triage configuration + routing templates + documented time savings. + +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/exercises/ex04-ip-monitoring.md b/legal-ops/exercises/ex04-ip-monitoring.md new file mode 100644 index 0000000..82fe34f --- /dev/null +++ b/legal-ops/exercises/ex04-ip-monitoring.md @@ -0,0 +1,82 @@ +# Exercise 4: IP Monitoring -- Competitor Patent Watch + +## Scenario Profile + +| Field | Value | +| ------------------- | --------------------------------------------- | +| **Type** | Applied Research | +| **Time** | 45 minutes | +| **Skills Required** | `ip-protection`, `legal-global-router` | +| **Plugin Command** | `/legal-brief` | +| **Chapter** | Chapter 22 -- Legal Operations and Compliance | + +--- + +## Overview + +You are in-house counsel for a company that has developed a proprietary AI-based +document analysis system. Your legal team has asked you to establish a patent +monitoring programme for two key competitors and to assess freedom-to-operate +risk before launching your next product feature. + +--- + +## Steps + +### Step 1 -- Landscape Analysis + +``` +/legal-brief topic:"patent landscape analysis" + technology:"AI document analysis, natural language processing, + contract review automation, clause extraction" + key-competitors:"[Competitor 1], [Competitor 2]" + scope:"patents filed or granted 2021-2026" + jurisdictions:"US (USPTO), EU (EPO), UK (UKIPO)" + output:"landscape summary with freedom-to-operate flags" +``` + +Analyse: Who are the most active filers? Are there patents with broad claim +language that may cover your planned feature? What white spaces exist? + +### Step 2 -- Set Up Weekly Competitor Monitoring + +``` +/legal-brief topic:"patent monitoring brief" + monitor-assignees:"[Competitor 1], [Competitor 2]" + technology-keywords:"[list 5-8 relevant technical terms]" + jurisdictions:"US, EU, UK" + output:"weekly summary for IP attorney" +``` + +Draft the monitoring brief template for weekly delivery to your IP attorney. + +### Step 3 -- FTO Preliminary Assessment Brief + +``` +/legal-brief topic:"freedom-to-operate preliminary research" + our-technology:"[describe planned feature in 2-3 sentences]" + potentially-relevant:"[list patents from Step 1]" + jurisdiction:"US" + note:"This is preliminary research for attorney review, + not a freedom-to-operate opinion." +``` + +Write the cover memo to your IP attorney that accurately characterises +what the agent produced and what you need them to confirm or act on. + +--- + +## Governance Reminder + +The output of Step 3 is research scaffolding for your IP attorney -- not an +FTO opinion. The cover memo must make this crystal clear. An FTO opinion is +a privileged legal opinion signed by a qualified IP attorney. + +--- + +## Deliverable + +IP monitoring workflow + weekly competitor brief template + FTO research memo +correctly scoped for attorney review. + +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/exercises/ex05-contract-intake-agent.md b/legal-ops/exercises/ex05-contract-intake-agent.md new file mode 100644 index 0000000..6948d9a --- /dev/null +++ b/legal-ops/exercises/ex05-contract-intake-agent.md @@ -0,0 +1,88 @@ +# Exercise 5: Build the Legal Ops Agent -- Contract Intake + +## Scenario Profile + +| Field | Value | +| ------------------- | -------------------------------------------------- | +| **Type** | Agent Configuration and Testing | +| **Time** | 90 minutes | +| **Skills Required** | All product skills + `contract-intake-agent` | +| **Plugin Commands** | `/review-contract`, `/triage-nda`, `/vendor-check` | +| **Chapter** | Chapter 22 -- Legal Operations and Compliance | + +--- + +## Overview + +You are building a complete Contract Intake Agent that manages all incoming +contracts from receipt through routing, tracking, and obligation monitoring. + +--- + +## Steps + +### Step 1 -- Map Your Current Process + +Before configuring anything, document precisely: + +- How do contracts currently arrive? +- Who handles first review? How long does it take? +- Where are executed contracts stored? Are they searchable? +- How are renewal dates tracked? +- What falls through the cracks most often? + +This is the process you are replacing. Document it to measure improvement. + +### Step 2 -- Configure the SKILL.md + +Using the contract-intake-agent SKILL.md, customise for your organisation: + +- Add your specific contract types +- Define SLA thresholds with named owners (actual names, not generic roles) +- Write your three communication templates +- Add your escalation triggers + +### Step 3 -- Connect via MCP + +Work with IT to connect: + +- Google Drive or SharePoint (contract storage) +- Gmail or Outlook (legal intake email) +- Google Sheets or Notion (contract tracking log) + +### Step 4 -- Test with Five Historical Contracts + +- One NDA (standard / should be Tier 1) +- One NDA (non-standard / should be Tier 2 or 3) +- One vendor agreement (straightforward) +- One vendor agreement (complex IP, data processing, unusual terms) +- One employment or contractor agreement + +For each: record intake classification, routing decision, communication output. + +### Step 5 -- Calibrate + +For incorrect routing, identify whether the error was in: + +- Playbook threshold +- SKILL.md routing logic +- Document type classification + +Fix and re-test. + +### Step 6 -- Build the Tracking Dashboard + +Using Google Sheets MCP, create a contract tracking dashboard showing: + +- All active contracts by status +- Obligations due in 30/60/90 days +- Average cycle time by tier (baseline vs. agent-assisted) + +--- + +## Deliverable + +A functioning Contract Intake Agent connected to your document management system, +with tested SKILL.md, live tracking dashboard, and documented time savings. + +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/exercises/ex06-regulatory-monitoring.md b/legal-ops/exercises/ex06-regulatory-monitoring.md new file mode 100644 index 0000000..8eac6bb --- /dev/null +++ b/legal-ops/exercises/ex06-regulatory-monitoring.md @@ -0,0 +1,72 @@ +# Exercise 6: Regulatory Monitoring -- The Weekly Brief + +## Scenario Profile + +| Field | Value | +| ------------------- | ---------------------------------------------- | +| **Type** | Workflow Configuration | +| **Time** | 45 minutes | +| **Skills Required** | `regulatory-monitoring`, `legal-global-router` | +| **Plugin Command** | `/legal-brief` | +| **Chapter** | Chapter 22 -- Legal Operations and Compliance | + +--- + +## Overview + +You are Compliance Officer at a 150-person technology company with UK and EU +operations. Your board has asked for a monthly regulatory briefing covering: +data protection, AI regulation, employment law, and company law. This currently +takes 4-6 hours per month. + +--- + +## Steps + +### Step 1 -- Configure Monitoring Parameters + +``` +/legal-brief type:"regulatory-monitoring-setup" + organisation:"technology company, 150 employees, + UK and EU operations, SaaS product" + primary-areas: + - "Data Protection: UK GDPR, EU GDPR, ICO guidance" + - "AI Regulation: EU AI Act implementation, UK AI framework" + - "Employment: UK employment law, EU Working Time, + remote working developments" + - "Company Law: Companies House requirements, director duties" + jurisdictions:"UK, EU (Germany, France, Netherlands primary)" + output:"weekly monitoring brief + monthly board summary" +``` + +### Step 2 -- Run a Live Test Brief + +Use the current week. Evaluate: + +- Did it identify genuine regulatory developments? +- Are the impact assessments (HIGH/MONITOR/AWARENESS) correctly calibrated? +- Is anything missing that you know should be covered? + +Update configuration based on gaps. Re-run. + +### Step 3 -- Build the Monthly Board Summary Template + +The board summary needs: + +- 3-5 bullet executive summary (most important changes this month) +- RAG traffic-light status for each regulatory area +- Actions required (owner, action, deadline) +- Horizon items (significant changes in next 3-6 months) + +Draft this template. Test by producing a sample monthly summary from +four weeks of monitoring briefs. + +--- + +## Deliverable + +Working regulatory monitoring configuration producing weekly briefs and +a monthly board summary -- reducing preparation time from 4-6 hours to +45-60 minutes of review and sign-off. + +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/exercises/ex07-dsar-response.md b/legal-ops/exercises/ex07-dsar-response.md new file mode 100644 index 0000000..c1f8149 --- /dev/null +++ b/legal-ops/exercises/ex07-dsar-response.md @@ -0,0 +1,104 @@ +# Exercise 7: DSAR Response -- The 30-Day Clock + +## Scenario Profile + +| Field | Value | +| ------------------- | --------------------------------------------- | +| **Type** | Process Simulation | +| **Time** | 45 minutes | +| **Skills Required** | `dsar-privacy`, `legal-global-router` | +| **Plugin Command** | `/legal-brief` | +| **Chapter** | Chapter 22 -- Legal Operations and Compliance | + +--- + +## Overview + +At 09:17 this morning, the following email arrived at privacy@yourcompany.com: + +> "Dear Sir/Madam, I am writing to request all personal data that your company +> holds about me under Article 15 of the GDPR. My name is Sarah Johnson. I was +> a customer from March 2021 to June 2023. My email address at that time was +> sarah.johnson.42@gmail.com. Please confirm receipt and advise when I can expect +> a response. Regards, Sarah Johnson." + +You are the Privacy Officer. The 30-day GDPR clock started at 09:17. + +--- + +## Steps + +### Day 1 -- Acknowledge Immediately + +``` +/legal-brief topic:"DSAR-acknowledgement" + requester-name:"Sarah Johnson" + requester-email:"sarah.johnson.42@gmail.com" + request-date:"[today]" + request-type:"Subject Access Request (Article 15 UK GDPR)" + jurisdiction:"UK GDPR" +``` + +Review: does it confirm receipt, state deadline, set out identity verification, +and avoid confirming or denying data held? This letter goes out today. + +### Days 1-10 -- Data Discovery + +``` +/legal-brief topic:"DSAR-data-discovery" + requester:"Sarah Johnson, sarah.johnson.42@gmail.com" + customer-period:"March 2021 to June 2023" + systems:"CRM, billing, email, customer support, + marketing database, HR system" +``` + +The agent drafts internal discovery requests to each system owner (Day 10 deadline). + +### Day 12 -- Data Received (Simulate) + +The following has been identified: + +- CRM: Full customer record, purchase history, support tickets, sales rep notes + (including: "difficult customer -- always pushes for discounts") +- Billing: Invoice history, last 4 digits of payment card, billing address +- Email: 47 support emails +- Marketing: Campaign history, open/click tracking, preference settings +- HR system: No data found +- Legal case management: No data found + +``` +/legal-brief topic:"DSAR-response-preparation" + data-found:[provide summary above] + redaction-required:"third-party personal data in support tickets; + internal staff personal data; commercially sensitive info" + jurisdiction:"UK GDPR" +``` + +### Day 15 -- Response Draft + +Draft the final response letter: categories of data held, how it is processed, +legal basis, retention periods, and information about Sarah's rights. + +Route for attorney review before sending. + +--- + +## Reflection Questions + +1. The sales rep's CRM note calls Sarah a "difficult customer." Is this personal + data she is entitled to see under Article 15? (Answer: YES) + +2. If Sarah had also requested erasure under Article 17, how would the workflow + change? Which step requires immediate escalation? + +3. Your response is ready on Day 28. Then IT discovers a legacy database with + Sarah's data not included in discovery. What do you do? + +--- + +## Deliverable + +Completed DSAR simulation demonstrating the full 30-day workflow, with a validated +DSAR Agent SKILL.md and documented process map. + +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/exercises/ex08-legal-ops-dashboard.md b/legal-ops/exercises/ex08-legal-ops-dashboard.md new file mode 100644 index 0000000..270b723 --- /dev/null +++ b/legal-ops/exercises/ex08-legal-ops-dashboard.md @@ -0,0 +1,81 @@ +# Exercise 8: The Legal Ops Dashboard + +## Scenario Profile + +| Field | Value | +| ------------------- | --------------------------------------------- | +| **Type** | Integration and Measurement | +| **Time** | 60 minutes | +| **Skills Required** | All product skills | +| **Plugin Commands** | `/vendor-check`, `/legal-brief` | +| **Chapter** | Chapter 22 -- Legal Operations and Compliance | + +--- + +## Overview + +You have now built a negotiation playbook, contract review workflow, NDA triage +system, IP monitoring brief, regulatory monitoring workflow, and DSAR agent. +This exercise ties them together into the Legal Operations Dashboard your +General Counsel needs to run the function strategically. + +--- + +## Steps + +### Step 1 -- Define the KPIs + +| Metric | Data Source | Target | +| --------------------------------------- | --------------------- | ----------------------------------------- | +| Contract review cycle time (by tier) | Contract tracking log | Tier 1: <=1 day; Tier 2: <=2; Tier 3: <=5 | +| NDA Tier 1 auto-approval rate | NDA triage log | >60% | +| Open RED items pending attorney review | Contract queue | Zero items >5 days old | +| Contracts with renewal dates in 60 days | Contract repository | 100% visibility | +| Overdue compliance obligations | Compliance calendar | Zero overdue | +| Open DSARs vs. 30-day window | DSAR log | Zero overdue | +| Regulatory alerts actioned | Monitoring log | 100% within 30 days | +| External legal spend vs. budget | AP system | Within 10% of budget | + +### Step 2 -- Build the Dashboard + +``` +/legal-brief topic:"legal-ops-dashboard" + data-sources: + - "contract tracking log [link]" + - "NDA triage log [link]" + - "compliance calendar [link]" + - "DSAR log [link]" + output:"weekly dashboard for General Counsel" + include:"RAG status per category; trend vs. prior week; + items requiring GC personal attention" +``` + +### Step 3 -- Write the Weekly GC Briefing + +Using the dashboard, draft a 1-page briefing for your General Counsel: + +- Takes 5 minutes to read +- Immediate picture of the legal pipeline state +- Items requiring GC personal attention clearly identified +- Emerging risks identified before they become urgent + +### Step 4 -- Measure the Transformation + +| Function | Hours/month before | Hours/month after | Saving | +| ------------------------------ | ------------------ | ----------------- | ------ | +| Contract review | | | | +| NDA triage (attorney time) | | | | +| Regulatory monitoring | | | | +| DSAR processing (per request) | | | | +| Compliance calendar management | | | | +| **Total** | | | | + +--- + +## Deliverable + +A Legal Ops Dashboard specification, a sample weekly GC briefing, and a +documented ROI analysis showing the capacity transformation in your legal +department. + +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/hooks/hooks.json b/legal-ops/hooks/hooks.json new file mode 100644 index 0000000..249082a --- /dev/null +++ b/legal-ops/hooks/hooks.json @@ -0,0 +1,25 @@ +{ + "hooks": { + "SessionStart": [ + { + "hooks": [ + { + "type": "prompt", + "prompt": "The Legal Operations and Compliance plugin (v1.0.0) is active. Capabilities: 8 product skills (contract review, NDA triage, IP protection, regulatory monitoring, DSAR privacy, legal spend, compliance calendar, contract intake), 5 jurisdiction overlays (UK, EU, US, Pakistan, UAE), 4 domain commands. Commands available: /review-contract (full contract review), /triage-nda (NDA pre-screening), /vendor-check (obligation and compliance tracking), /legal-brief (research, regulatory monitoring, IP analysis). The router auto-activates on any legal operations query. ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY. $ARGUMENTS" + } + ] + } + ], + "PostToolUse": [ + { + "matcher": "Write|Edit", + "hooks": [ + { + "type": "prompt", + "prompt": "Check if this output involves legal operations content (contract review, NDA triage, IP analysis, regulatory monitoring, DSAR response, compliance calendar, legal spend analysis). If it does NOT contain legal operations content, respond with just 'OK'. If it DOES contain legal operations content, verify these 3 rules: (1) The mandatory header block is present (TASK, JURISDICTION, PLAYBOOK, ATTORNEY REVIEW, ESCALATION). (2) The output ends with 'ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY' or equivalent attorney review disclaimer. (3) Any RED escalation items are clearly flagged and routed to attorney review, not silently resolved. Report: OK if all pass, or list specific violations. $ARGUMENTS" + } + ] + } + ] + } +} diff --git a/legal-ops/legal.local.md.template b/legal-ops/legal.local.md.template new file mode 100644 index 0000000..b66fb60 --- /dev/null +++ b/legal-ops/legal.local.md.template @@ -0,0 +1,203 @@ +# [Organisation Name] Legal Negotiation Playbook +# Version: 1.0 | Last Updated: [Date] | Owner: [General Counsel] +# +# INSTRUCTIONS: Copy this file, remove ".template" from the filename, +# fill in your organisation's positions, and save as legal.local.md +# in your plugin root directory. +# +# The more detail you provide here, the more accurate every contract +# review, NDA triage, and legal analysis will be. + +--- + +## Organisation Profile + +Primary role in contracts: CUSTOMER / VENDOR / LICENSOR / LICENSEE [choose primary] +Industry sector: [e.g. Technology / Financial Services / Manufacturing] +Risk tolerance: Conservative / Moderate / Balanced +Primary jurisdictions: [e.g. England and Wales / Pakistan / UAE] +Company type: [e.g. Private Ltd / Public Company / Partnership] + +--- + +## Contract Review -- Clause Positions + +### Limitation of Liability + +STANDARD POSITION: Mutual cap at 12 months' fees paid/payable +ACCEPTABLE RANGE: 6-24 months' fees, mutual +ESCALATE (RED) IF: Uncapped liability on either side + Asymmetric carve-outs favouring counterparty + Cap below 6 months' fees + Carve-out for IP indemnity without reciprocity +NOTES: [Add organisation-specific context here] + +### Intellectual Property Ownership + +STANDARD POSITION: Each party retains pre-existing IP + Work product created using our data/systems = our IP +ACCEPTABLE RANGE: Joint ownership of jointly developed materials + (with prior written approval only) +ESCALATE (RED) IF: Vendor claims ownership of deliverables created using + our data or specifications + Broad licence-back without compensation + Assignment of pre-existing IP required +NOTES: Open-source components must be identified and + licence-compatible + +### Indemnification + +STANDARD POSITION: Mutual indemnification for third-party IP infringement + and gross negligence / wilful misconduct +ACCEPTABLE RANGE: Standard mutual with proportional contribution clauses +ESCALATE (RED) IF: One-sided indemnification + Uncapped IP indemnity on our side + Indemnity triggered by use of deliverables as intended +NOTES: [Add organisation-specific context here] + +### Data Protection + +STANDARD POSITION: GDPR/UK GDPR-compliant DPA; SCCs for international + transfers; 72-hour breach notification +ACCEPTABLE RANGE: Breach notification up to 96 hours +ESCALATE (RED) IF: No DPA offered for data processing arrangement + Non-standard transfer mechanisms + Retention periods exceeding project term + 2 years + No deletion on termination +NOTES: [Add data residency requirements if applicable] + +### Termination + +STANDARD POSITION: Either party may terminate for convenience on 30 days' notice +ACCEPTABLE RANGE: 14-60 days notice; termination for cause on 10 days' + notice with 10-day cure period +ESCALATE (RED) IF: No termination for convenience right + Auto-renewal without notice window + Penalties exceeding 3 months' fees on termination +NOTES: [Add organisation-specific context here] + +### Governing Law and Jurisdiction + +STANDARD POSITION: [Your primary jurisdiction] law and courts +ACCEPTABLE RANGE: Counterparty jurisdiction if major strategic partner + ICC arbitration for significant international contracts +ESCALATE (RED) IF: Non-English governing law without translated summary + Jurisdiction with no established commercial law framework +NOTES: [Add bilateral treaty or enforcement context if relevant] + +### Payment Terms + +STANDARD POSITION: 30 days from invoice date +ACCEPTABLE RANGE: 14-45 days +ESCALATE (RED) IF: >60 days from invoice date + Acceptance-based payment with broad rejection rights + No late payment interest provision +NOTES: [Add sector-specific payment norms if relevant] + +### Confidentiality + +STANDARD POSITION: Mutual; 3-year term; standard carve-outs for public info, + prior knowledge, independent development, compelled disclosure +ACCEPTABLE RANGE: 2-5 year term +ESCALATE (RED) IF: No carve-out for publicly available information + Perpetual obligations without sunset + Residuals clause +NOTES: [Add organisation-specific context here] + +--- + +## NDA Configuration + +### Standard Form Reference + +Standard mutual NDA: [filename or document ID] +Standard unilateral (disclosing): [filename] +Standard unilateral (receiving): [filename] + +### Tier 1 -- Automatic Approval Criteria + +The following deviations may be approved without attorney review: +- Definition of Confidential Information: minor category additions + acceptable if our standard definition is retained +- Term: 2-5 years (our standard is 3 years) +- Post-term survival: 2-5 years +- Minor formatting differences with no substantive impact +- [Add organisation-specific acceptable deviations] + +### Tier 2 -- Route to Counsel (flag; do not block) + +- Governing law: counterparty's jurisdiction instead of ours +- Notice provisions: different address/format requirements +- Definition of Representatives: broader than standard +- Non-solicitation: if mutual and limited to directly involved employees +- [Add organisation-specific Tier 2 triggers] + +### Tier 3 -- Escalate to Senior Counsel (RED) + +- Unilateral NDA where mutual expected (without documented justification) +- Residuals clause: allowing use of information "retained in unaided memory" +- No carve-out for publicly available information +- Non-compete provisions of any scope +- Perpetual confidentiality obligations (no sunset) +- Disclosure to affiliates without need-to-know qualification +- Governing law: non-English-speaking jurisdiction without summary +- [Add organisation-specific Tier 3 triggers] + +### NDA SLA Targets + +Tier 1 response: 1 business day +Tier 2 response: 2 business days +Tier 3 response: 5 business days + +--- + +## IP Configuration + +### Registered Marks + +[Mark 1]: Class [XX], registered [jurisdictions], reg. no. [numbers] +[Mark 2]: Class [XX], registered [jurisdictions], reg. no. [numbers] + +### Pending Applications + +[Mark 3]: Class [XX], filed [jurisdictions], application no. [numbers] + +### Monitoring Parameters + +Similarity threshold: Phonetically similar; visually similar by >60% +Priority jurisdictions: [key markets] +Monitoring frequency: Weekly automated scan + +### Patent Portfolio + +Core technology areas: [3-5 technology areas] +FTO rule: ALWAYS escalate patent landscape outputs to IP + counsel before reliance -- never a standalone FTO opinion + +### Open-Source Compliance + +OSS policy: No GPL/AGPL components in proprietary products without + IP counsel approval +Review gate: OSS licence check required before any third-party library + is included in a production build + +--- + +## Escalation Contacts + +General Counsel: [Name] | [email] | [phone] +Reviewing Attorney: [Name] | [email] | [phone] +IP Counsel: [Name / Firm] | [email] +Privacy Officer: [Name] | [email] +Compliance Officer: [Name] | [email] +Legal Intake Email: [legal-intake@yourcompany.com] + +## Deal Value Thresholds + +Tier 3 call recommended if deal value >: [GBP/USD amount] +CFO notification required if deal value >: [GBP/USD amount] +Board notification required if deal value >: [GBP/USD amount] + +--- +# End of Playbook Template +# Save as: legal.local.md (remove ".template" from filename) diff --git a/legal-ops/scripts/validate-routing.py b/legal-ops/scripts/validate-routing.py new file mode 100644 index 0000000..433a250 --- /dev/null +++ b/legal-ops/scripts/validate-routing.py @@ -0,0 +1,44 @@ +# /// script +# dependencies = [] +# /// +""" +Legal Ops Plugin -- Routing Validation Test Harness +Run: uv run scripts/validate-routing.py + +Prints 12 routing test queries with expected outputs. +Student runs each query through the installed plugin and +compares agent output against expected values. +""" + +import json +import sys +from pathlib import Path + + +def main(): + golden = Path(__file__).parent.parent / "evals" / "routing-golden.json" + if not golden.exists(): + print(f"Error: {golden} not found", file=sys.stderr) + sys.exit(1) + cases = json.loads(golden.read_text()) + print("Legal Ops Plugin -- Routing Validation") + print("=" * 60) + print(f"Total test cases: {len(cases)}\n") + for i, c in enumerate(cases, 1): + print(f"Test {i:02d}: {c['expected_product_skill']} | {c['expected_jurisdiction']}") + print(f" Query: {c['query']}") + print( + f" Expected: skill={c['expected_product_skill']}, " + f"jurisdiction={c['expected_jurisdiction']}, " + f"overlay={c['expected_overlay']}" + ) + print(f" Must contain: {c['expected_contains']}") + print(f" Must NOT contain: {c['must_not_contain']}\n") + print("Run each query through your installed plugin.") + print("Compare output against expected values.") + print("PASS = correct skill routed, correct jurisdiction loaded,") + print(" expected terms present, forbidden terms absent.") + + +if __name__ == "__main__": + main() diff --git a/legal-ops/skills/compliance-calendar/SKILL.md b/legal-ops/skills/compliance-calendar/SKILL.md new file mode 100644 index 0000000..04fe443 --- /dev/null +++ b/legal-ops/skills/compliance-calendar/SKILL.md @@ -0,0 +1,104 @@ +--- +name: compliance-calendar +version: 1.0 +description: > + Activate for: contract renewal, renewal deadline, notice period, + renewal reminder, compliance deadline, obligation due, filing deadline, + regulatory deadline, policy review due, audit schedule, certification + renewal, licence renewal, compliance calendar, upcoming deadline, + obligation tracking, contract obligation, missed deadline, overdue, + 60-day calendar, compliance obligations. + NOT for: contract review, NDA triage, IP research, DSAR processing, setting compliance policy (compliance officer required). +plugin-commands: /vendor-check +chapter: 22 -- Legal Operations and Compliance +--- + +## CALENDAR CATEGORIES + +### Category 1: Contract Obligations + +- Deliverables due under executed contracts +- Payment obligations and invoice deadlines +- Notice periods for renewal / non-renewal +- Audit rights windows (must be exercised within defined periods) +- SLA review and reporting obligations +- Certification / accreditation obligations required by contract + +### Category 2: Regulatory Filings + +- Annual returns (Companies House / equivalent) +- Licence renewals (sector-specific) +- Data protection registration renewals (where required) +- Annual accounts filing deadlines +- PAYE / payroll compliance filings (coordinate with Finance) + +### Category 3: Internal Compliance Reviews + +- Data Protection Impact Assessments (DPIA) -- annual review +- Privacy Policy and Cookie Policy review (annual minimum) +- Employee Handbook / HR Policy review (annual minimum) +- Information Security Policy review (annual minimum) +- Third-party vendor risk reviews (annual for high-risk vendors) +- Anti-bribery and anti-corruption training refresh + +### Category 4: Litigation and Dispute Deadlines + +IMMEDIATE ESCALATION TO COUNSEL -- do not track without legal oversight: + +- Limitation periods +- Court filing deadlines +- Disclosure / discovery deadlines +- Hearing dates +- Settlement offer expiry dates + +## ESCALATION TIMELINE + +| Time Before Deadline | Action | +| -------------------- | ---------------------------------------------------------- | +| 60 days | Add to upcoming obligations dashboard | +| 30 days | Notify obligation owner by email | +| 14 days | Notify obligation owner + direct manager | +| 7 days | Notify General Counsel; add to weekly brief | +| 1 day | Emergency alert: CFO (financial) / GC (legal/regulatory) | +| Day of (missed) | Log compliance incident; initiate remediation workflow | +| Day after (missed) | Incident report to GC; assess regulatory notification req. | + +## DASHBOARD OUTPUT FORMAT + +# COMPLIANCE CALENDAR -- [Date Range] + +RED -- OVERDUE -- immediate action required + +--- + +[Item] | [Contract/Obligation] | [Due date] | [Owner] | [Action] + +YELLOW -- DUE IN 14 DAYS + +--- + +[Item] | [Contract/Obligation] | [Due date] | [Owner] | [Action] + +GREEN -- DUE IN 15-60 DAYS + +--- + +[Item] | [Contract/Obligation] | [Due date] | [Owner] | [Action] + +======================================================== +Total open obligations: [N] +Overdue: [N] | Due 14 days: [N] | Due 60 days: [N] + +## NEVER DO THESE + +- NEVER track litigation deadlines without attorney oversight -- errors + can result in time-barred claims or procedural sanctions +- NEVER mark an obligation as "complete" without documented evidence + (confirmation email, delivery receipt, filing acknowledgement) +- NEVER remove an item from the calendar without GC approval if it + was previously escalated +- NEVER set renewal reminders at the renewal date itself -- always set + to the last date on which notice can be given to avoid auto-renewal +- NEVER manage limitation periods without qualified legal counsel + +## ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/skills/contract-intake-agent/SKILL.md b/legal-ops/skills/contract-intake-agent/SKILL.md new file mode 100644 index 0000000..fb39f48 --- /dev/null +++ b/legal-ops/skills/contract-intake-agent/SKILL.md @@ -0,0 +1,173 @@ +--- +name: contract-intake-agent +version: 1.0 +description: > + Activate for: incoming contract, contract received, new contract, contract + routing, contract intake, NDA received, vendor agreement received, contract + submitted for review, legal intake, contract queue, contract management, + contract tracking, new agreement, contract pipeline, contract submitted. + NOT for: IP research, regulatory monitoring, DSAR processing, contract execution (authorised signatory required), legal advice. +plugin-commands: /review-contract, /triage-nda, /vendor-check +mcp-integrations: Google Drive, SharePoint, Gmail, Outlook, Google Sheets, Notion +chapter: 22 -- Legal Operations and Compliance +--- + +## INTAKE SEQUENCE -- EXECUTE IN ORDER + +### Step 1: Document Reception + +Accept contract from: + +- Email attachment (Gmail / Outlook MCP) +- Document system upload (Google Drive / SharePoint MCP) +- Web form submission +- Direct message with attachment + +Immediately: + +- Assign unique reference ID: [YYYY-MM-DD-XXXX] +- Record receipt timestamp +- Log in contract tracking system (Google Sheets / Notion MCP) + +### Step 2: Document Type Classification + +| Document Type | Route | +| -------------------------------- | --------------------------------------------- | +| NDA / Mutual CA / CDA | -> nda-triage protocol | +| Vendor Agreement / MSA / SOW | -> contract-review protocol | +| SaaS / Software Licence | -> contract-review protocol | +| Employment Agreement | -> HR Legal queue (no agent analysis) | +| Independent Contractor Agreement | -> HR Legal queue | +| Partnership / JV Agreement | -> contract-review protocol + GC notification | +| M&A / Investment Document | -> GC immediately (no agent triage) | +| Unknown / Cannot classify | -> Extract key terms; route to GC queue | + +### Step 3: Metadata Extraction (mandatory for all contracts) + +Extract and log: + +- Counterparty full legal name (registered name, not trading name) +- Contract type (per classification above) +- Requesting business unit and named contact person +- Stated urgency / deadline +- Deal / contract value (if stated) +- Governing law (if stated on face of document) +- Date received +- Triage classification (assigned in Step 4) + +### Step 4: Triage Classification and Routing + +RUN the appropriate triage protocol (nda-triage or contract-review). + +ROUTE based on output: + +Tier 1 -- Standard Approval: +-> Notify requesting business unit (Template A) +-> Route to authorised signatory approval queue +-> Set execution follow-up reminder: 3 business days + +Tier 2 -- Counsel Review: +-> Notify designated reviewing attorney (Template B) +-> Attach triage summary +-> Set SLA reminder: 2 business days + +Tier 3 -- Full Review / RED items: +-> Notify General Counsel (Template C) +-> Attach full review output +-> Schedule review call if deal value > [configured threshold] +-> Set SLA reminder: 5 business days + +URGENT flag (business-stated deadline < 48 hours): +-> Notify GC immediately regardless of tier +-> Halve all SLA timelines +-> Flag in tracking system as URGENT + +### Step 5: Progress Tracking + +Check status daily. Escalate if SLA breached: + +- Tier 1 > 1 business day: notify business unit + designated attorney +- Tier 2 > 2 business days: notify GC +- Tier 3 > 5 business days: notify GC + CFO if value above threshold + +### Step 6: Post-Execution Actions + +On confirmation of signing: + +- Save executed contract to contract repository (configured location) +- Update contract tracking log: status = EXECUTED +- Extract and log: execution date, effective date, term, governing law, + renewal date, notice period for non-renewal +- Set calendar reminders: + -> Notice period deadline (last date to give non-renewal notice) + -> Contract expiry date + -> Key obligation due dates (extracted from contract) +- Notify requesting business unit: confirmation + renewal notice date + +## COMMUNICATION TEMPLATES + +### Template A -- Tier 1 Acknowledgement to Business Unit + +Subject: Contract Request [REF] -- Triage Complete: Standard Approval + +Your contract request has been received and triaged. + +Reference: [ID] +Counterparty: [Name] +Contract type: [Type] +Classification: Tier 1 -- Standard Approval + +This contract has been assessed as substantially consistent with our +standard form/acceptable range. It has been routed for authorised +signatory approval. Expected completion: [date]. + +Please do not send this contract to the counterparty until you receive +execution confirmation from Legal. + +Questions? Contact: [legal intake email] + +### Template B -- Tier 2 Notification to Reviewing Attorney + +Subject: Counsel Review Required -- [Contract Type], [Counterparty] [REF] + +Reference: [ID] +Counterparty: [Name] +Deal value: [Amount / Not stated] +Business unit: [Name] | Contact: [name] +Deadline: [Date] -- SLA: 2 business days + +Triage: Tier 2 -- Counsel Review +Flagged: [N] YELLOW items | 0 RED items +Triage summary: [attached] + +Please review and advise by [SLA deadline]. If negotiation is required, +please contact [business unit contact] directly. + +### Template C -- Tier 3 Escalation to General Counsel + +Subject: RED ESCALATION -- [Contract Type], [Counterparty] -- [REF] + +Reference: [ID] +Counterparty: [Name] +Deal value: [Amount] +Business unit: [Name] | Contact: [name] +Business deadline: [Date] + +Triage: [N] RED items | [N] YELLOW items +Most material risk: [brief description] +Full review: [attached] + +Recommend scheduling a 30-minute review call with [business unit contact]. + +## NEVER DO THESE + +- NEVER approve a contract for execution -- human authorised signatory only +- NEVER route a Tier 3 contract to Tier 1 regardless of business pressure +- NEVER skip metadata extraction -- required for compliance log +- NEVER send legal analysis to the requesting business unit -- + send routing decisions, timelines, and status updates only +- NEVER close a contract in the tracking log without confirmed execution + documents saved to the repository +- NEVER bypass GC for M&A or investment documents regardless of urgency + +## ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/skills/dsar-privacy/SKILL.md b/legal-ops/skills/dsar-privacy/SKILL.md new file mode 100644 index 0000000..3aa8e77 --- /dev/null +++ b/legal-ops/skills/dsar-privacy/SKILL.md @@ -0,0 +1,238 @@ +--- +name: dsar-privacy +version: 1.0 +description: > + Activate for: DSAR, data subject access request, subject access request, + SAR, right of access, Article 15, GDPR request, CCPA request, privacy + request, right to be forgotten, erasure request, Article 17, data + portability, Article 20, data rectification, Article 16, restriction of + processing, Article 18, objection to processing, Article 21, data subject + rights, privacy inquiry, ICO complaint, privacy response. + NOT for: contract review, NDA triage, IP matters, regulatory monitoring, legal advice on data protection interpretation, erasure execution. +plugin-commands: /legal-brief +chapter: 22 -- Legal Operations and Compliance +--- + +## JURISDICTION RESPONSE WINDOWS + +| Jurisdiction | Window | Regulator | Extension | +| ----------------- | ------------ | ------------ | ------------------------------- | +| UK GDPR | 30 cal. days | ICO | +60 days if complex (w/ notice) | +| EU GDPR | 30 cal. days | National DPA | +60 days if complex (w/ notice) | +| CCPA (California) | 45 days | CA AG | +45 days with notice | +| PIPEDA (Canada) | 30 days | OPC | Escalate to Privacy Officer | +| Other | Escalate now | -- | Confirm with Privacy Counsel | + +## REQUEST TYPE ROUTING + +| Request Type | Action | +| ------------------------------------ | --------------------------------------- | +| Subject Access (Art. 15 / CCPA) | Full data discovery workflow (below) | +| Erasure / Right to be Forgotten (17) | IMMEDIATE escalation to Privacy Counsel | +| Data Portability (Art. 20) | IT lead + Privacy Counsel | +| Rectification (Art. 16) | Relevant system owner + confirmation | +| Restriction of Processing (Art. 18) | Privacy Counsel immediately | +| Objection to Processing (Art. 21) | Privacy Counsel immediately | +| Related ICO/DPA complaint | GC immediately | + +## SUBJECT ACCESS REQUEST -- FULL WORKFLOW + +### Stage 1: Receipt and Acknowledgement (Day 1) + +ACKNOWLEDGE THE SAME DAY. Acknowledgement MUST include: + +- Confirmation of receipt +- The statutory response deadline (Day 30) +- Identity verification requirements (if identity is in doubt) +- Contact details for queries + +Acknowledgement MUST NOT include: + +- Confirmation or denial of what data is held +- Any substantive response to the request +- Legal advice of any kind + +### Stage 2: Identity Verification (Days 1-3) + +If requester identity is in doubt: + +- Request reasonable proof of identity +- Do NOT request excessive documentation +- The 30-day clock pauses while awaiting verification +- If identity cannot be verified -> consult Privacy Counsel before refusing + +### Stage 3: Data Discovery (Days 1-10) + +Send discovery requests to ALL relevant system owners: + +- CRM / customer database +- Email and communications systems +- Billing and financial systems +- Marketing and analytics platforms +- HR system (if individual was ever an employee) +- Customer support / ticketing systems +- Legal case management (handle with care -- privilege issues) +- Any legacy or archive systems + +Discovery deadline: Day 10 +Alert: if discovery not complete by Day 15 -> escalate to Privacy Counsel. + +### Stage 4: Data Compilation and Redaction Assessment (Days 10-20) + +REDACT (do not disclose): + +- Third-party personal data (other individuals mentioned in records) +- Internal staff personal data (beyond names in standard business capacity) +- Legally privileged material (obtain counsel advice before withholding) +- Commercially sensitive information genuinely unrelated to the requester + +DO NOT REDACT: + +- Opinions ABOUT the requester -- these ARE personal data (Art. 4(1)) +- Internal notes about the requester's behaviour or interactions +- Automated decision-making logic applied to the requester + +COMMON ERROR: CRM/sales notes containing opinions about the requester +(e.g. "difficult customer", "pushes for discounts") ARE personal data +and MUST be disclosed unless a specific exemption applies. +Consult Privacy Counsel if in doubt about any redaction decision. + +### Stage 5: Response Drafting (Days 20-27) + +Response letter MUST include: + +- Confirmation of personal data held (by category) +- Purposes of processing +- Legal basis for each processing activity +- Recipients or categories of recipients +- Retention periods (or criteria used to determine them) +- Rights: rectification, erasure, restriction, objection, portability, + lodge a complaint with the supervisory authority +- Source of data (if not collected directly from the requester) +- Existence of any automated decision-making / profiling + +ROUTE for attorney review on Day 27 at the latest. +DO NOT send to requester without attorney sign-off. + +### Stage 6: Response and Logging (Day 30) + +Send approved response. Log: + +- Date received / Date acknowledged / Date responded +- Data categories disclosed +- Any data withheld and legal basis for withholding +- Attorney sign-off confirmation +- Store in compliance archive + +## OUTPUT FORMATS + +### Stage 1: Acknowledgement Letter Format + +``` +DSAR ACKNOWLEDGEMENT +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +Reference: [DSAR-YYYY-MM-DD-XXXX] +Date received: [date] +Requester: [name] +Request type: [Access / Erasure / Portability / Rectification / Other] + +Dear [Requester], + +We acknowledge receipt of your data subject access request dated [date]. + +Statutory response deadline: [calculated date -- 30 days UK/EU, 45 days CCPA] +Identity verification: [Required -- please provide X / Confirmed] +Contact for queries: [privacy team email] + +We will respond within the statutory timeframe. If we require an extension, +we will notify you with reasons before the deadline. + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +``` + +### Stage 3: Data Discovery Request Format + +``` +INTERNAL DATA DISCOVERY REQUEST +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +DSAR Reference: [DSAR-YYYY-MM-DD-XXXX] +Requester: [name / identifier] +Discovery deadline: Day 10 ([date]) +Escalation date: Day 15 ([date]) -- if incomplete, escalate to Privacy Counsel + +SYSTEMS TO SEARCH: +[ ] CRM / customer database +[ ] Email and communications systems +[ ] Billing and financial systems +[ ] Marketing and analytics platforms +[ ] HR system (if applicable) +[ ] Customer support / ticketing +[ ] Legal case management (privilege review required) +[ ] Legacy / archive systems + +Please return all personal data relating to [requester identifier] by [deadline]. +Flag any records that may be subject to legal privilege or third-party data. + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +``` + +### Stage 5: Response Letter Format + +``` +DSAR RESPONSE +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +Reference: [DSAR-YYYY-MM-DD-XXXX] +Date received: [date] +Response date: [date] +Jurisdiction: [UK GDPR / EU GDPR / CCPA / Other] + +Dear [Requester], + +In response to your data subject access request, we confirm the following: + +PERSONAL DATA HELD (by category): +- [Category]: [description of data held] + +PURPOSES OF PROCESSING: +- [Purpose]: [legal basis] + +RECIPIENTS / CATEGORIES OF RECIPIENTS: +- [Recipient category] + +RETENTION PERIODS: +- [Category]: [period or criteria] + +YOUR RIGHTS: +- Rectification, erasure, restriction, objection, portability +- Right to lodge a complaint with [supervisory authority] + +SOURCE OF DATA: [collected directly / obtained from third party] + +AUTOMATED DECISION-MAKING: [Yes -- details / None identified] + +DATA WITHHELD: [None / Details of data withheld with legal basis] + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY +``` + +## ESCALATION RULES + +- 7 days before deadline: Alert Privacy Counsel if response not substantially complete +- 1 day before deadline: Emergency alert -- GC involved if not resolved +- Any erasure/restriction/objection: Privacy Counsel immediately +- Legally privileged material involved: Privacy Counsel immediately +- Identity fraud suspected: Privacy Counsel immediately +- Related regulatory inquiry: GC immediately + +## NEVER DO THESE + +- NEVER confirm data holdings before discovery is complete +- NEVER send data to requester without attorney review of full response +- NEVER miss the response window -- UK GDPR fines up to 17.5M GBP or 4% of global turnover +- NEVER reject a request without attorney sign-off on rejection grounds +- NEVER apply a fee without attorney confirmation it is lawful +- NEVER confuse an SAR with a Freedom of Information request + (FOI is for public bodies only) + +## ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/skills/ip-protection/SKILL.md b/legal-ops/skills/ip-protection/SKILL.md new file mode 100644 index 0000000..2486baf --- /dev/null +++ b/legal-ops/skills/ip-protection/SKILL.md @@ -0,0 +1,145 @@ +--- +name: ip-protection +version: 1.0 +description: > + Activate for: patent, patent search, patent landscape, freedom to operate, + FTO, prior art, trademark, trade mark, brand protection, trademark watch, + trademark monitoring, copyright, DMCA, open source, OSS licence, trade + secret, IP audit, IP protection, IP ownership, IP clause, IP indemnity, + patent infringement, trademark infringement, copyright infringement, + IP portfolio, IP monitoring, competitor patent, patent filing. + NOT for: contract review, NDA triage, regulatory monitoring, DSAR processing, patent filing (attorney required), trademark registration. +plugin-commands: /legal-brief +chapter: 22 -- Legal Operations and Compliance +--- + +## IP TASK CLASSIFICATION + +### Task 1: Patent Landscape Analysis + +Use when: assessing technology landscape before product launch, investment +decision, or patent filing strategy. + +Prompt structure: +/legal-brief topic:"patent landscape analysis" +subject:"[technology description]" +key-competitors:"[named entities]" +scope:"[date range]" +jurisdictions:"[US, EU, UK, etc.]" + +Output includes: + +- Key patent holders in the technology area +- Filing trends and white spaces +- Potentially relevant patents (for FTO flags) +- Prior art candidates +- Competitor activity summary + +MANDATORY GOVERNANCE NOTE: +This output is a RESEARCH SUMMARY, not a freedom-to-operate opinion. +A qualified IP attorney must review before any product launch or investment +decision that relies on FTO assumptions. + +### Task 2: Freedom-to-Operate (FTO) Preliminary Assessment + +Use when: preparing research scaffolding for IP attorney to assess FTO. + +Output structure: + +- Our technology description (user-provided) +- Potentially relevant patents identified +- Claim mapping: which claims may read on our technology (preliminary only) +- Risk assessment: HIGH / MEDIUM / LOW (preliminary only) +- Recommended attorney actions + +MANDATORY GOVERNANCE NOTE: +This output is preliminary research scaffolding ONLY. +It is NOT an FTO opinion. FTO opinions are privileged legal documents +signed by qualified IP counsel. Never rely on agent output alone +for a product launch decision. + +### Task 3: Trademark Monitoring + +Use when: monitoring for infringement of registered or pending marks. + +Prompt structure: +/legal-brief topic:"trademark monitoring" +mark:"[your mark]" +class:"[Nice classification]" +jurisdiction:"[jurisdictions]" + +Monitoring dimensions: + +- Phonetic similarity (sounds like the mark) +- Visual similarity (looks like the mark in standard characters) +- Conceptual similarity (means the same thing in the relevant market) +- Domain name registrations incorporating the mark +- Social media handle registrations + +Output: + +- New applications in the monitoring period +- Similarity assessment per hit +- Recommended action: Oppose / Watch / No action +- ESCALATION: applications with >70% similarity -> attorney review + +### Task 4: Copyright and OSS Compliance + +OSS licence hierarchy (most to least restrictive): + +- GPL v3 / AGPL: copyleft -- combined work must be GPL-licensed +- GPL v2: copyleft -- combined works must be GPL v2 +- LGPL: weak copyleft -- dynamic linking generally permissible +- MPL: file-level copyleft +- Apache 2.0 / MIT / BSD: permissive -- commercial use generally permissible + +ESCALATION TRIGGER: Any GPL/AGPL component in a proprietary product +-> escalate to IP counsel immediately. + +### Task 5: IP Clause Review (within contracts) + +Always check: + +1. Who owns work product created during the engagement? + RED FLAG: Vendor claims ownership of deliverables created using our data, + our systems, or our specifications. + +2. What licence does each party get to the other's IP? + Check: scope, exclusivity, sublicensing, term, geography, termination consequences. + +3. Are there obligations to assign IP to the other party? + RED FLAG: Broad assignment clauses capturing pre-existing IP or improvements. + +4. What IP indemnity is provided? + STANDARD: Mutual indemnification for third-party IP infringement. + RED FLAG: One-sided indemnity; no indemnity in a technology contract. + +## OUTPUT FORMAT + +``` +IP RESEARCH BRIEF +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +Type: [Patent Landscape / Trademark Monitor / FTO Research] +Technology: [technology area] +Jurisdictions: [list] +Period: [date range] + +FINDINGS: +[numbered list of key findings with relevance assessment] + +RECOMMENDED ACTIONS: +[numbered list -- each marked: Immediate / Within 30 days / Monitor] + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +NOTE: This is research scaffolding, not a freedom-to-operate +opinion. All findings require review by qualified IP counsel. +``` + +## NEVER DO THESE + +- NEVER characterise a patent landscape output as an FTO opinion +- NEVER advise a product launch is clear based on agent research alone +- NEVER proceed with GPL/AGPL OSS in a proprietary product without IP counsel +- NEVER miss the IP ownership clause in professional services agreements + +## ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/skills/jurisdiction-contract-review/SKILL.md b/legal-ops/skills/jurisdiction-contract-review/SKILL.md new file mode 100644 index 0000000..a44301c --- /dev/null +++ b/legal-ops/skills/jurisdiction-contract-review/SKILL.md @@ -0,0 +1,172 @@ +--- +name: jurisdiction-contract-review +version: 1.0 +description: > + Activate for: contract review, clause analysis, redline, vendor agreement, + MSA, master services agreement, SOW, statement of work, SaaS agreement, + software licence, professional services agreement, partnership agreement, + supply agreement, distribution agreement, review contract, full NDA review + (use jurisdiction-nda-triage for quick triage only). + NOT for: NDA-only triage (use jurisdiction-nda-triage), IP research, regulatory monitoring, DSAR processing, general legal advice, litigation strategy. +plugin-commands: /review-contract +chapter: 22 -- Legal Operations and Compliance +--- + +## REVIEW WORKFLOW -- EXECUTE IN ORDER + +### Phase 1: Context Gathering (before reading the contract) + +Ask the user: + +1. Which party are you? (Customer / Vendor / Licensor / Licensee / Partner / Other) +2. What is the contract type? (SaaS / Professional Services / Licence / Partnership / Other) +3. When does this need to be finalised? +4. Approximate contract value? +5. Any specific clauses of concern? +6. Relevant business context (new vs. strategic vs. commodity vendor)? + +### Phase 2: Playbook Loading + +CHECK for playbook in user's local settings (legal.local.md or configured file). + +IF playbook FOUND: + +- Load all clause positions, acceptable ranges, and escalation triggers +- Label output: "Reviewed against [Organisation] Negotiation Playbook v[X]" + +IF playbook NOT FOUND: + +- Inform user: "No playbook configured. Reviewing against general commercial standards." +- Offer to help create a playbook (see legal.local.md.template) +- Label all output: "Reviewed against general commercial standards" + +### Phase 3: Full Contract Read + +READ THE ENTIRE CONTRACT before flagging any issues. +Reason: Clauses interact. An uncapped indemnity may be partially offset by a broad +limitation of liability. Review holistically, not clause-by-clause in isolation. + +Identify: + +- Contract type (confirm or update from context phase) +- User's side (confirm from context) +- Governing law and jurisdiction +- Material clauses present / absent +- Unusual structure or atypical provisions + +### Phase 4: Clause-by-Clause Analysis + +ANALYSE each material clause against playbook (or general standards). + +PRIORITY CLAUSES (always analyse): + +1. Limitation of liability -- cap amount, mutual/asymmetric, carve-outs +2. Intellectual property -- ownership, work product, licence-back +3. Indemnification -- scope, triggers, caps, mutual/one-sided +4. Data protection -- DPA requirement, transfer mechanisms, breach notification +5. Termination -- for convenience, for cause, notice periods, consequences +6. Governing law and jurisdiction -- choice of law, dispute resolution +7. Confidentiality -- scope, duration, carve-outs +8. Payment and pricing -- fixed/variable, invoicing, late payment +9. Warranties and representations -- scope, disclaimers +10. Force majeure -- scope, notification, relief + +SECONDARY CLAUSES (analyse if present): + +- Non-compete / non-solicitation +- Audit rights +- Assignment and change of control +- Insurance requirements +- SLA and service credits +- Auto-renewal provisions + +### Phase 5: Three-Tier Flag Classification + +Classify every deviation from playbook (or general standard): + +GREEN -- ACCEPTABLE +Within standard position or acceptable range. +No action required. Note for completeness. + +YELLOW -- NEGOTIATE +Outside standard position but within acceptable range. +Action: Provide primary redline + fallback position. + +RED -- ESCALATE +Outside acceptable range. Potential material risk. +Action: Flag for attorney review. Do not proceed without legal sign-off. + +### Phase 6: Redline Generation Format + +For each YELLOW and RED item: + +CLAUSE: [Clause name and section number] +STATUS: [YELLOW / RED] +CURRENT: "[Exact current contract text]" +ISSUE: [Specific problem and why it matters] +REDLINE: "[Exact proposed replacement text -- ready to insert]" +FALLBACK: [If YELLOW: fallback position if primary ask is rejected] +RATIONALE: "[Professional rationale suitable for sharing with counterparty's counsel]" +PRIORITY: [Must-have / Nice-to-have] + +### Phase 7: Holistic Risk Summary + +Conclude with: + +- Total: [N] GREEN | [N] YELLOW | [N] RED +- Single most material risk in this contract +- Overall recommendation: Approve / Negotiate / Escalate to counsel / Decline +- Suggested negotiation priority order (most important first) + +## OUTPUT FORMAT + +### Redline Output (per YELLOW / RED clause) + +``` +CLAUSE: [Clause name and section number] +STATUS: [YELLOW / RED] +CURRENT: "[Exact current contract text]" +ISSUE: [Specific problem and why it matters] +REDLINE: "[Exact proposed replacement text -- ready to insert]" +FALLBACK: [If YELLOW: fallback position if primary ask is rejected] +RATIONALE: "[Professional rationale suitable for sharing with counterparty's counsel]" +PRIORITY: [Must-have / Nice-to-have] +``` + +### Holistic Risk Summary Output + +``` +CONTRACT REVIEW SUMMARY +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +Contract: [Type -- Counterparty] +Governing Law: [jurisdiction] +Playbook: [Loaded / General standards] +Reviewed by: Legal Ops Agent + +CLAUSE ANALYSIS: [N] GREEN | [N] YELLOW | [N] RED + +MOST MATERIAL RISK: +[description of the single most significant risk] + +RECOMMENDATION: [Approve / Negotiate / Escalate to counsel / Decline] + +NEGOTIATION PRIORITY ORDER: +1. [highest priority item] +2. [next priority] +3. [...] + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY +``` + +## NEVER DO THESE + +- NEVER approve a contract for execution -- route for authorised signatory +- NEVER skip Phase 1 context gathering -- user's position changes the entire analysis +- NEVER flag an issue without a specific proposed remedy +- NEVER read clauses in isolation without considering the full contract +- NEVER send redlines to counterparty -- attorney review required first +- NEVER classify a liability carve-out for death/personal injury from negligence + as GREEN -- void under English law (UCTA s.2(1)); RED regardless of playbook + +## ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/skills/jurisdiction-nda-triage/SKILL.md b/legal-ops/skills/jurisdiction-nda-triage/SKILL.md new file mode 100644 index 0000000..f3ae3af --- /dev/null +++ b/legal-ops/skills/jurisdiction-nda-triage/SKILL.md @@ -0,0 +1,103 @@ +--- +name: jurisdiction-nda-triage +version: 1.0 +description: > + Activate for: NDA, non-disclosure agreement, confidentiality agreement, + mutual NDA, unilateral NDA, mutual CA, MCA, CDA, triage NDA, review NDA, + incoming NDA, NDA received, sign NDA, NDA approval, quick NDA check. + NOT for: full contract review (use jurisdiction-contract-review), IP matters, regulatory monitoring, DSAR processing, employment agreements. +plugin-commands: /triage-nda +chapter: 22 -- Legal Operations and Compliance +--- + +## TRIAGE WORKFLOW + +### Phase 1: Context + +Ask before reviewing: + +1. Mutual (both parties disclose) or unilateral (one party discloses)? + If unilateral: which party is the discloser? +2. Purpose: vendor evaluation / partnership / M&A / employment / other? +3. Counterparty type: new vendor / strategic partner / large enterprise / individual? +4. Urgency / deadline? +5. Any known concerns? + +### Phase 2: Standard Form Loading + +CHECK for NDA configuration in legal.local.md. + +IF NDA configuration FOUND: + +- Load standard form reference; Tier 1/2/3 criteria +- Compare incoming NDA against standard form directly + +IF NOT FOUND: + +- Apply general commercial NDA standards +- Label: "Reviewed against general commercial NDA standards" + +### Phase 3: Three-Tier Routing Classification + +TIER 1 -- STANDARD APPROVAL (no attorney review required) +Criteria: NDA substantially identical to standard form, OR deviations +fall within pre-approved acceptable ranges (defined in playbook). +Action: Notify business unit -- proceed to authorised signatory. +Target: 60-70% of incoming NDAs. + +TIER 2 -- COUNSEL REVIEW (attorney review; no negotiation expected) +Criteria: Deviations within acceptable range requiring attorney confirmation. +Action: Route to reviewing attorney with triage summary attached. +Target: 20-30%. + +TIER 3 -- FULL REVIEW (attorney review + likely negotiation) +Criteria: RED deviations present. Unusual structure. High-risk provisions. +Action: Route to senior counsel / GC with full risk summary. +Target: 10-15%. + +### Phase 4: Triage Report Format + +NDA TRIAGE REPORT + +--- + +Counterparty: [Name] +Date: [Date] +Playbook: [Loaded / Not configured] + +TRIAGE TIER: [1 / 2 / 3] -- [Label] +Attorney time: [0 / ~15 min / ~45 min] + +SUMMARY: [N] GREEN | [N] YELLOW | [N] RED +RECOMMENDATION: [Route to / Approve for execution] + +DEVIATIONS FROM STANDARD: +GREEN [Clause]: [deviation] -- [classification and reason] +YELLOW [Clause]: [deviation] -- [flag and proposed position] +RED [Clause]: [deviation] -- [RED reason and escalation note] + +--- + +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY + +## AUTOMATIC RED FLAGS (always Tier 3 regardless of playbook) + +- Residuals clause: allows use of information "retained in unaided memory" +- No carve-out for publicly available information +- Non-compete provisions of any scope +- Perpetual confidentiality obligations (no sunset clause) +- Governing law: jurisdiction with no established commercial law framework +- No definition of Confidential Information (unacceptably broad) +- Unilateral NDA where mutual expected, without documented business justification +- Injunctive relief provisions asymmetric in favour of counterparty +- Disclosure to affiliates without "need to know" qualification + +## NEVER DO THESE + +- NEVER route a Tier 3 NDA to Tier 1 regardless of business urgency +- NEVER approve execution without an authorised signatory +- NEVER omit the residuals clause check -- most commonly missed high-risk provision +- NEVER classify an NDA as Tier 1 if governing law differs from standard + without attorney confirmation + +## ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/skills/legal-global-router/SKILL.md b/legal-ops/skills/legal-global-router/SKILL.md new file mode 100644 index 0000000..f1b8f9e --- /dev/null +++ b/legal-ops/skills/legal-global-router/SKILL.md @@ -0,0 +1,93 @@ +--- +name: legal-global-router +version: 1.0 +description: > + TOP-LEVEL ROUTER. Activate when ANY of these terms appear: + contract review, NDA, non-disclosure, confidentiality agreement, + redline, legal review, IP, intellectual property, patent, trademark, + copyright, trade secret, GDPR, DSAR, data subject access, compliance, + regulatory monitoring, governing law, indemnity, limitation of liability, + termination, legal hold, discovery, litigation, cease and desist, + employment agreement, service agreement, MSA, SOW, partnership agreement, + vendor agreement, CLM, contract lifecycle, playbook, clause analysis, + negotiation, legal ops, legal operations, contract triage. + NOT for: direct legal advice, court filings, litigation strategy, attorney-client privileged communications, contract execution. +author: Panaversity -- The AI Agent Factory +chapter: 22 -- Legal Operations and Compliance +--- + +## STEP 1 -- IDENTIFY TASK TYPE AND LOAD PRODUCT FILE + +| Query Pattern | Load Product Skill | +| -------------------------------------------------- | -------------------------------------------- | +| Contract review, clause analysis, redlines | skills/jurisdiction-contract-review/SKILL.md | +| NDA, non-disclosure, confidentiality agreement | skills/jurisdiction-nda-triage/SKILL.md | +| Patent, trademark, copyright, trade secret, IP | skills/ip-protection/SKILL.md | +| Regulatory update, compliance monitoring | skills/regulatory-monitoring/SKILL.md | +| DSAR, data subject, GDPR request, privacy request | skills/dsar-privacy/SKILL.md | +| Legal spend, invoice, firm performance | skills/legal-spend/SKILL.md | +| Renewal, obligation, deadline, compliance calendar | skills/compliance-calendar/SKILL.md | +| Contract intake, incoming contract, routing | skills/contract-intake-agent/SKILL.md | +| Legal briefing, research, topic summary | use /legal-brief command directly | + +## STEP 2 -- IDENTIFY JURISDICTION AND LOAD OVERLAY + +| Jurisdiction | Load Overlay File | +| ----------------------------- | ----------------------------------------------------- | +| UK / English law | references/jurisdictions/uk-law.md | +| EU / Continental Europe | references/jurisdictions/eu-law.md | +| USA / US federal or state law | references/jurisdictions/us-law.md | +| Pakistan / Pakistani law | references/jurisdictions/pakistan-law.md | +| UAE / Dubai / DIFC / ADGM | references/jurisdictions/uae-law.md | +| Saudi Arabia / KSA | references/jurisdictions/gcc-law.md | +| Bahrain / CBB | references/jurisdictions/gcc-law.md | +| Kuwait | references/jurisdictions/gcc-law.md | +| Oman | references/jurisdictions/gcc-law.md | +| Qatar / QFC | references/jurisdictions/gcc-law.md | +| GCC / Gulf States | references/jurisdictions/gcc-law.md | +| Multi-jurisdictional | Load ALL relevant overlays + escalate to intl counsel | +| Unknown / not stated | Flag; apply most conservative standard | + +## STEP 3 -- MANDATORY OUTPUT HEADER FORMAT + +Every legal output produced by any skill MUST begin with this block: + +``` +TASK: [e.g. Contract Review -- Vendor MSA] +JURISDICTION: [e.g. English Law] +PLAYBOOK: [Loaded: legal.local.md / Not configured -- using general standards] +OVERLAY: [Loaded: jurisdictions/uk-law.md / None] +ATTORNEY REVIEW: REQUIRED -- all outputs must be reviewed by a licensed attorney +ESCALATION: [Yes -- reason / No] +DATE: [current date] +``` + +Do not produce any substantive legal output without this header. + +## NEVER DO THESE + +- NEVER route a query without identifying both the product type AND the jurisdiction +- NEVER skip the playbook check -- if no playbook found, state explicitly +- NEVER apply a jurisdiction overlay without confirming the user's jurisdiction +- NEVER provide legal advice directly -- route to the correct product skill which will produce analysis for attorney review +- NEVER route employment disputes to jurisdiction-contract-review -- these require specialist employment law advice + +## UNIVERSAL RULES -- NON-NEGOTIABLE + +- NEVER provide legal advice -- provide legal analysis; flag for attorney review +- NEVER approve a contract for execution -- human authorised signatory required +- NEVER skip a RED escalation -- RED always requires attorney review before proceeding +- NEVER omit playbook check -- if none found, state explicitly: + "Reviewed against general commercial standards -- no playbook configured" +- NEVER send any legal output to a counterparty without attorney review first +- NEVER confirm data holdings in a DSAR acknowledgement before discovery is complete +- NEVER miss a response deadline -- alert counsel 7 days before any mandatory deadline +- NEVER apply legal interpretations across jurisdictions without the correct overlay + +## AGENT ROLE STATEMENT + +This agent: analyses, flags, drafts, routes. +The attorney: advises, decides, negotiates, signs. +These roles are distinct. Do not conflate them. + +## ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/skills/legal-global-router/references/jurisdictions/eu-law.md b/legal-ops/skills/legal-global-router/references/jurisdictions/eu-law.md new file mode 100644 index 0000000..8e2c133 --- /dev/null +++ b/legal-ops/skills/legal-global-router/references/jurisdictions/eu-law.md @@ -0,0 +1,102 @@ +--- +name: eu-law-overlay +version: 1.0 +applies-to: "EU law / European Union / Continental European / French law / + German law / Dutch law / Italian law / Spanish law" +chapter: 22 -- Legal Operations and Compliance +--- + +## GOVERNING FRAMEWORK + +### EU Contract Law + +No single EU contract law -- governed by national laws of member states. +EU directives create minimum harmonised standards. + +Key EU-level instruments: + +- Late Payment Directive (2011/7/EU): max 60-day payment terms B2B; 30-day B2G +- Commercial Agents Directive (86/653/EEC): significant protections for + commercial agents -- compensation or indemnity on termination; cannot be + contracted out; always escalate for agent arrangements +- Digital Services Act / e-Commerce Directive: information obligations for + online services + +### EU Data Protection (GDPR -- Regulation 2016/679) + +- Six lawful bases: same as UK GDPR (see uk-law.md) +- International transfers: EU SCCs (Standard Contractual Clauses -- 2021 + version currently in force); EC adequacy decisions + Note: UK currently deemed adequate by EC -- verify current status +- Breach notification: 72 hours to lead supervisory authority +- Lead supervisory authority: DPA of member state where controller has + main EU establishment +- Fines: up to EUR 20M or 4% of global annual turnover (whichever higher) + +### EU AI Act (Regulation 2024/1689) + +PROHIBITED PRACTICES (applicable from 2 February 2025): + +- Social scoring by public authorities +- Real-time remote biometric identification in public spaces (with exceptions) +- Subliminal manipulation +- Exploitation of vulnerabilities of specific groups + +HIGH-RISK AI SYSTEMS (additional obligations apply): + +- Conformity assessment before placing on market +- Technical documentation and logging requirements +- Human oversight measures +- Transparency to users +- Examples: AI in employment, education, critical infrastructure, + law enforcement, administration of justice + +General Purpose AI (GPAI): + +- Additional obligations for models with systemic risk +- Transparency requirements, copyright policy, adversarial testing + +Fines: up to EUR 35M or 7% of global annual turnover for prohibited practices + +ESCALATION TRIGGER: Any AI system deployed in EU that may qualify as +high-risk -> escalate to counsel for conformity assessment planning + +### EU IP Law + +- EU Trade Mark (EUTM): single registration covers all EU member states (EUIPO) + Brexit: EUTMs do not cover UK -- separate UK registration required +- EU Registered Community Design: EUIPO registration +- Database Directive (96/9/EC): database right -- 15 years from investment + +## KEY EU-SPECIFIC ESCALATION TRIGGERS + +- Commercial Agent clauses: any clause purporting to exclude indemnity/ + compensation on termination -> void in most EU member states; immediate escalation +- Consumer contracts with EU consumers: Rome I Regulation -- consumer may have + home country mandatory consumer protections regardless of chosen governing law +- EU AI Act compliance: any AI component in product/service deployed to EU + -> assess risk category; escalate if high-risk +- Competition law: distribution, agency, or franchise in EU -> check Vertical + Block Exemption Regulation; market share thresholds; escalate if >30% +- GDPR DPA: whenever personal data transferred from controller to processor + -> DPA required using EU SCCs for international transfers + +## MEMBER STATE NOTES + +Germany (BGB): + +- General Terms and Conditions (AGB): strict content review under ss. 305-310 BGB + Many standard English-law clauses are unenforceable in Germany + Always local German counsel for contracts governed by German law + +France (Code Civil): + +- Force majeure: narrower than English law +- Termination for convenience: courts may imply reasonable notice obligations +- Employment: very strong protections; always French employment counsel + +Netherlands: + +- Reasonableness and fairness principle (redelijkheid en billijkheid) + may supplement or override express contract terms +- Generally English-law friendly for international contracts diff --git a/legal-ops/skills/legal-global-router/references/jurisdictions/gcc-law.md b/legal-ops/skills/legal-global-router/references/jurisdictions/gcc-law.md new file mode 100644 index 0000000..17c95ef --- /dev/null +++ b/legal-ops/skills/legal-global-router/references/jurisdictions/gcc-law.md @@ -0,0 +1,217 @@ +--- +name: gcc-law-overlay +version: 1.0 +applies-to: "GCC law / Gulf Cooperation Council / Saudi Arabia / KSA / + Bahrain / Kuwait / Oman / Qatar / QFC" +chapter: 22 -- Legal Operations and Compliance +--- + +## GOVERNING FRAMEWORK -- GCC COMMON PRINCIPLES + +The Gulf Cooperation Council comprises Saudi Arabia, Bahrain, Kuwait, Oman, +Qatar, and the UAE (UAE has a separate dedicated overlay: uae-law.md). + +Common characteristics across GCC jurisdictions: + +- Civil law systems influenced by Egyptian, French, and Islamic legal traditions +- Islamic law (Sharia) influences contract interpretation, particularly for + interest (riba), uncertainty (gharar), and prohibited activities (haram) +- Arabic language requirements for court filings and official documents +- Bilateral and multilateral treaties among GCC states for enforcement +- GCC Unified Economic Agreement: harmonisation of trade and investment rules + +## SAUDI ARABIA (KSA) + +### Contract Law + +- Commercial Court Law (Royal Decree M/1, 1350H): governs commercial disputes +- Vision 2030 reforms: significant modernisation of commercial law framework + including new Companies Law (2022), Competition Law, and Bankruptcy Law +- Saudi Arabian General Investment Authority (SAGIA) / Ministry of Investment: + foreign investment regulations -- 100% foreign ownership now permitted in + most sectors (previously required Saudi partner) +- Contract formation: offer and acceptance; good faith obligation +- Arabic language: contracts submitted to Saudi courts must be in Arabic or + accompanied by certified Arabic translation; Arabic version prevails + +### Data Protection (PDPL -- Personal Data Protection Law, Royal Decree M/19, 2021) + +- Effective: September 2023 (enforcement phased) +- Regulatory Authority: Saudi Data and AI Authority (SDAIA) +- Key rights: access, correction, erasure (GDPR-influenced) +- Data localisation: personal data of Saudi residents must be processed and + stored within KSA unless transfer meets PDPL requirements +- Cross-border transfers: permitted to adequate jurisdictions or with + appropriate safeguards approved by SDAIA +- Penalties: up to SAR 5 million; imprisonment for certain violations + +ESCALATION TRIGGER: Any SaaS or cloud contract processing personal data of +Saudi residents -- verify PDPL compliance and data localisation requirements + +### Employment Law + +- Labour Law (Royal Decree M/51): comprehensive employment regulation +- Saudisation (Nitaqat): mandatory quotas for Saudi national employees -- + percentages vary by sector and company size; verify current requirements +- Non-compete: enforceable if reasonable in scope, geography (limited to KSA), + and duration (typically max 2 years) +- Termination: notice periods apply; end-of-service gratuity mandatory + +### Intellectual Property + +- Patents: registered with SAIP (Saudi Authority for Intellectual Property) +- Trade Marks: Trade Marks Law (Royal Decree M/21); first-to-file system +- GCC Patent Office (Riyadh): regional patent protection across GCC states +- Copyright: Copyright Law (Royal Decree M/41) + +## BAHRAIN + +### Contract Law and Regulation + +- Commercial Companies Law (Legislative Decree No. 21 of 2001, as amended) +- Civil and Commercial Procedures Law +- Bahrain Chamber for Dispute Resolution (BCDR): preferred for + international commercial disputes +- Central Bank of Bahrain (CBB): comprehensive financial services regulation + +### Data Protection (PDPL -- Personal Data Protection Law, Law No. 30 of 2018) + +- One of the first GCC comprehensive data protection laws +- Key rights: access, correction, erasure, portability +- Cross-border transfers: permitted with adequate safeguards +- Regulatory Authority: Ministry of Justice + +### Employment + +- Labour Law (Law No. 36 of 2012) +- Bahrainisation requirements for private sector employment +- End-of-service benefits mandatory + +## KUWAIT + +### Contract Law + +- Commercial Code (Law No. 68 of 1980): governs commercial transactions +- Civil Code (Decree Law No. 67 of 1980): general contract principles +- Kuwait Chamber of Commerce and Industry: commercial dispute resolution +- Agency Law: commercial agents have significant protections; termination + of agency requires compensation + +### Employment + +- Labour Law (Law No. 6 of 2010) +- Kuwaitisation quotas apply in certain sectors +- Non-compete: enforceable if reasonable + +### Intellectual Property + +- Patents and Industrial Designs Law (Law No. 4 of 1962, as amended) +- Trade Marks Law (Law No. 68 of 1980) + +## OMAN + +### Contract Law + +- Commercial Companies Law (Royal Decree No. 18 of 2019) +- Foreign Capital Investment Law (Royal Decree No. 50 of 2019): permits + up to 100% foreign ownership in most sectors (major reform) +- Commercial Registration Law + +### Employment + +- Labour Law (Royal Decree No. 35 of 2003, as amended) +- Omanisation requirements: mandatory Omani employee quotas by sector +- End-of-service gratuity mandatory + +### Data Protection + +- No comprehensive data protection law as of 2025; sector-specific + regulations apply (telecom, banking) +- Draft data protection law under consideration -- monitor developments + +## QATAR + +### Contract Law + +- Commercial Companies Law (Law No. 11 of 2015) +- Civil Code (Law No. 22 of 2004) +- Qatar Financial Centre (QFC): independent common law jurisdiction + within Qatar -- modelled on English common law + QFC Regulatory Authority and QFC Civil and Commercial Court +- QFC preferred for significant international commercial contracts + +### Data Protection + +- Law No. 13 of 2016 on Personal Data Protection +- QFC: QFC Data Protection Regulations (aligned with GDPR) +- Cross-border transfers: restricted; adequacy or consent required + +### Employment + +- Labour Law (Law No. 14 of 2004, as amended) +- Minimum wage introduced 2021 (QAR 1,000/month) +- Sponsorship system reformed but employer obligations remain + +## COMMON GCC PATTERNS -- CONTRACT DRAFTING CONSIDERATIONS + +### Islamic Law Influence on Contract Interpretation + +- Interest (riba): courts in GCC jurisdictions may refuse to enforce + interest clauses, particularly in Saudi Arabia and Kuwait. Use + alternative structures: late payment charges framed as compensation + for actual loss, or Islamic finance instruments +- Uncertainty (gharar): excessively uncertain contract terms may be + challenged. Ensure key commercial terms are defined with reasonable + certainty +- Prohibited activities (haram): contracts involving alcohol, gambling, + or other prohibited activities may be unenforceable + +### Sharia-Compliant Clauses + +- For financing arrangements: consider Murabaha, Ijara, or Istisna'a + structures instead of conventional interest-bearing loans +- Late payment: frame as "compensation for actual loss" rather than + "interest" to reduce enforceability risk +- Always include Sharia compliance review trigger for financing contracts + +### Arabic Language Requirements + +- Saudi Arabia, Kuwait: Arabic is mandatory for court submissions; + Arabic version prevails in case of conflict +- Bahrain, Qatar, Oman: Arabic generally required for official filings; + bilingual contracts common in commercial practice +- QFC and DIFC: English-language jurisdictions (exceptions within GCC) +- RECOMMENDATION: For any GCC-governed contract, prepare bilingual + Arabic/English version and specify which language prevails + +## KEY GCC ESCALATION TRIGGERS + +- Any contract governed by GCC civil law: flag for local counsel review -- + civil law interpretation differs significantly from common law assumptions +- Financing arrangements: riba compliance review required for all GCC + jurisdictions; consider Islamic finance structures +- Commercial agency: termination of agents in Kuwait, Saudi Arabia, and + other GCC states may trigger mandatory compensation; always specialist counsel +- Data localisation: Saudi PDPL requires local data storage; verify + requirements for each GCC jurisdiction before cloud/SaaS deployment +- Employment quotas: Saudisation / Bahrainisation / Omanisation / Kuwaitisation + apply with varying thresholds; verify current requirements before + structuring headcount +- Arabic language: always confirm which language version prevails in + contracts governed by GCC law +- Free zones: some GCC states have independent legal zones (QFC, DIFC, ADGM) + with separate legal frameworks; confirm which zone applies + +## GOVERNING LAW NOTES + +English law is commonly chosen for significant international commercial +contracts with GCC parties, particularly through DIFC, ADGM, or QFC +as the dispute resolution forum. + +For purely domestic contracts within a GCC state, local law is typically +mandatory or strongly expected. + +International arbitration (ICC, LCIA, DIAC) is generally preferred for +high-value cross-border disputes. + +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY WITH GCC QUALIFICATION diff --git a/legal-ops/skills/legal-global-router/references/jurisdictions/pakistan-law.md b/legal-ops/skills/legal-global-router/references/jurisdictions/pakistan-law.md new file mode 100644 index 0000000..cf13e58 --- /dev/null +++ b/legal-ops/skills/legal-global-router/references/jurisdictions/pakistan-law.md @@ -0,0 +1,102 @@ +--- +name: pakistan-law-overlay +version: 1.0 +applies-to: "Pakistani law / Pakistan / PBC / SECP / FBR" +chapter: 22 -- Legal Operations and Compliance +--- + +## GOVERNING FRAMEWORK + +### Contract Law (Contract Act 1872) + +- Key elements: offer, acceptance, lawful consideration, free consent, + competent parties, lawful object +- Void agreements in restraint of trade (s.27): non-competes must be + reasonable in scope, geography, and duration; courts apply reasonableness test +- Specific Relief Act 1877: specific performance and injunctions +- Sale of Goods Act 1930: implied conditions and warranties + +### Data Protection (Personal Data Protection Act 2023 -- PDPA) + +Pakistan's first comprehensive data protection law. + +- Regulatory Authority: National Commission for Personal Data Protection (NCPDP) +- Key rights: access, correction, erasure, portability (GDPR-influenced) +- Sensitive personal data: additional consent requirements +- Data localisation: sensitive personal data may be required to be stored + in Pakistan -- verify current requirements with counsel for cloud/SaaS contracts +- Cross-border transfers: permitted to adequate countries or with consent + safeguards +- Penalties: up to PKR 25 million (approx. USD 90,000) for violations + +ESCALATION TRIGGER: Any SaaS or cloud contract processing personal data of +Pakistani residents -> verify PDPA compliance and data localisation requirements + +### Intellectual Property + +- Patents: Patents Ordinance 2000 -- administered by IPO Pakistan; 20 years + Note: patent enforcement in Pakistan is developing; consult specialist + for high-value IP strategies +- Trade Marks: Trade Marks Ordinance 2001 -- FIRST TO FILE (not first to use) + Register your marks early -- common law rights are limited + Unregistered marks have weaker protection than in common law systems +- Copyright: Copyright Ordinance 1962 (as amended) + Duration: life + 50 years (shorter than UK/EU 70-year term) + Computer programs: protected as literary works + +### Islamic Finance and Contract Law + +- Constitution of Pakistan: declares Islam as state religion; laws must + conform to Islamic injunctions +- Interest prohibition (riba): Federal Shariat Court ruling (2022, upheld 2024) + requires elimination of interest-based banking by 2028 + Conventional loan and financing agreements -> restructuring as Islamic + finance instruments may be required before 2028 deadline + ESCALATION TRIGGER: Any interest-bearing financing arrangement involving + Pakistani law or Pakistani entities -> flag for Islamic finance review + +### Employment Law + +Complex patchwork of federal and provincial laws: + +- Factories Act 1934, Industrial and Commercial Employment Ordinance 1968 +- Employees Old Age Benefits (EOBI) Act 1976 +- Provincial social security laws (PESSI -- Punjab; SESSI -- Sindh) +- Termination: show cause notice generally required before termination + for cause; due process obligations apply +- Non-compete: enforceable if reasonable under Contract Act s.27 reasonableness + standard; typically 6-12 months maximum; geographically limited to Pakistan + +### Company Law (Companies Act 2017) + +- Administered by: SECP (Securities and Exchange Commission of Pakistan) +- Director duties, corporate governance, annual filings +- Foreign company registration requirements for conducting business in Pakistan + +## KEY PAKISTAN-SPECIFIC ESCALATION TRIGGERS + +- Data localisation (PDPA): sensitive data storage in Pakistan may be required -- + any cloud/SaaS contract involving Pakistani resident data -> verify with counsel +- Islamic finance (2028 deadline): any interest-bearing financial arrangement + with Pakistani law or Pakistani parties -> flag for Islamic finance review +- First-to-file trade marks: register trade marks in Pakistan early -- + squatters are active; later registration may be blocked +- Tax withholding (FBR): Pakistan has withholding tax on payments for services, + royalties, and technical fees -- confirm with tax counsel before structuring + cross-border payments +- Provincial jurisdiction: labour, property, and some regulatory matters are + governed by provincial rather than federal law -- confirm applicable province + (Punjab, Sindh, KPK, Balochistan have different rules on some matters) +- Arbitration: Pakistan is a New York Convention signatory -- international + arbitration awards generally enforceable + Prefer ICC or LCIA arbitration for significant international contracts + Domestic arbitration: Arbitration Act 1940 (being modernised) + +## GOVERNING LAW NOTES + +English law is commonly chosen for significant commercial contracts with +Pakistani parties and is generally enforceable in Pakistani courts. + +For contracts entirely domestic to Pakistan, Pakistani law is appropriate. + +International arbitration (ICC, LCIA) is generally preferred over Pakistani +courts for high-value disputes between Pakistani and foreign parties. diff --git a/legal-ops/skills/legal-global-router/references/jurisdictions/uae-law.md b/legal-ops/skills/legal-global-router/references/jurisdictions/uae-law.md new file mode 100644 index 0000000..1bb5955 --- /dev/null +++ b/legal-ops/skills/legal-global-router/references/jurisdictions/uae-law.md @@ -0,0 +1,121 @@ +--- +name: uae-law-overlay +version: 1.0 +applies-to: "UAE law / United Arab Emirates / Dubai / Abu Dhabi / + DIFC / ADGM / Sharjah / GCC" +chapter: 22 -- Legal Operations and Compliance +--- + +## CRITICAL FIRST STEP: IDENTIFY LEGAL ZONE + +The UAE has a dual legal system. Always establish which zone applies: + +MAINLAND UAE: + +- Governed by UAE federal laws + Emirate-level laws +- Civil law principles (influenced by Egyptian and French law) +- Court language: Arabic (contracts in English need certified Arabic + translation for court use) +- Arabic version typically prevails if conflict arises + +DIFC (Dubai International Financial Centre): + +- Independent common law jurisdiction within Dubai +- Modelled on English common law +- DIFC Courts: English-language; internationally recognised +- Judgments enforceable in UAE and 30+ jurisdictions +- Recommended for significant international commercial contracts + +ADGM (Abu Dhabi Global Market): + +- Independent common law jurisdiction within Abu Dhabi +- Applies English law directly (as at 1 June 2015, as amended) +- ADGM Courts: English common law; English language +- Preferred for financial services and capital markets contracts + +## MAINLAND UAE LEGAL FRAMEWORK + +### Contract Law (UAE Civil Code -- Federal Law No. 5 of 1985) + +- Contract formation: offer and acceptance; consideration (iwad) not required + as in English law -- UAE Civil Code is more flexible +- Good faith: express obligation of good faith in contract performance + (Art. 246) -- broader than English law implied duty +- Frustration / Force Majeure: Art. 249 -- court may intervene to reduce + obligations in exceptional unforeseeable circumstances (broader than + English frustration doctrine) +- Liquidated damages: courts MAY REDUCE penalties deemed excessive + (Art. 390) -- penalty clauses are not automatically enforceable at + agreed amounts; do not rely on penalty clauses without counsel advice +- Commercial Agencies Law: exclusive UAE national agent required for + distribution/agency in mainland UAE -- significant for commercial structures + +### Data Protection (UAE Mainland) + +- Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL) +- Regulatory Authority: UAE Data Office +- Key rights: access, correction, erasure (GDPR-influenced framework) +- Sensitive data: additional consent requirements +- Cross-border transfers: permitted to adequate countries or with consent +- Fines: up to AED 20 million + +DIFC: DIFC Data Protection Law 2020 (DP Law 2020) -- aligned with GDPR +ADGM: ADGM Data Protection Regulations 2021 -- aligned with GDPR + +ESCALATION TRIGGER: Determine jurisdiction (mainland/DIFC/ADGM) before +selecting the applicable data protection framework for any UAE contract + +### Intellectual Property + +- Patents: Federal Law No. 11 of 2021 (IP Laws Reform) +- Trade Marks: Federal Law No. 36 of 2021 +- Copyright: Federal Law No. 38 of 1992 (as amended) +- GCC Patent Office: regional patent protection across GCC states +- WIPO treaties: UAE is signatory; international registration systems available +- Register UAE separately from GCC Patent Office -- different coverage + +### Employment Law (Mainland) + +- Labour Law: Federal Decree-Law No. 33 of 2021 (major reform) + Unlimited contracts replaced with fixed-term (max 3 years, renewable) + Notice periods: 30-90 days depending on length of service + End of Service Gratuity: mandatory for employees with 1+ years service +- Non-compete: enforceable up to 2 years; must be reasonable in scope, + geographic area, and type of work +- Emiratisation (Nafis): quotas for UAE nationals apply in certain sectors + and company sizes -- verify current requirements + +DIFC Employment Law No. 2 of 2019: closer to English employment law + +### Sharia / Islamic Finance + +- UAE Constitution and some federal laws incorporate Islamic principles +- Interest (riba) issues arise in financing agreements +- Islamic finance instruments (Murabaha, Ijara, Sukuk) available as alternatives + +ESCALATION TRIGGER: Any UAE-governed financing arrangement -> +escalate to Islamic finance counsel for riba compliance review + +## KEY UAE-SPECIFIC ESCALATION TRIGGERS + +- Commercial Agency: exclusive distribution/agency for mainland UAE + -> UAE Commercial Agencies Law applies; registered agents have significant + termination rights; always specialist counsel before structuring +- Liquidated damages: UAE courts may reduce agreed amounts -- + do not rely on penalty clauses as deterrent without counsel advice +- Arabic contract: official Arabic version may take precedence in mainland + courts -- always agree which language version prevails +- Free zone vs. mainland: companies in free zones may not conduct direct + business with mainland UAE entities without a mainland agent -- + always confirm entity status and appropriate contracting vehicle +- Data protection: determine zone (mainland/DIFC/ADGM) before drafting DPA + +## JURISDICTION SELECTION GUIDE + +| Contract Type | Governing Law | Dispute Resolution | +| ----------------------------- | -------------------- | ------------------- | +| International commercial (HV) | English law/DIFC law | DIFC Courts or LCIA | +| Financial services | ADGM or English law | ADGM Courts or LCIA | +| Mainland UAE domestic | UAE law | DIAC arbitration | +| Employment (international) | DIFC law | DIFC Courts | +| Real estate (mainland) | UAE law (mandatory) | Dubai Courts | diff --git a/legal-ops/skills/legal-global-router/references/jurisdictions/uk-law.md b/legal-ops/skills/legal-global-router/references/jurisdictions/uk-law.md new file mode 100644 index 0000000..e1d8fcd --- /dev/null +++ b/legal-ops/skills/legal-global-router/references/jurisdictions/uk-law.md @@ -0,0 +1,94 @@ +--- +name: uk-law-overlay +version: 1.0 +applies-to: "English law / Welsh law / UK law / England and Wales" +chapter: 22 -- Legal Operations and Compliance +--- + +## GOVERNING FRAMEWORK + +### Contract Law + +- General contract law: offer, acceptance, consideration, intention to + create legal relations, certainty of terms +- Consumer Rights Act 2015: B2C -- unfair terms, implied terms, 14-day + cancellation right for distance/off-premises contracts +- Unfair Contract Terms Act 1977 (UCTA): reasonableness test for + limitation of liability in B2B contracts +- Late Payment of Commercial Debts Act 1998: statutory interest on + late B2B payments (8% + Bank of England base rate) +- Electronic Communications Act 2000: electronic signatures generally + valid for commercial contracts + +### Intellectual Property + +- Copyright: CDPA 1988 -- life of author + 70 years + Computer programs: protected as literary works + Database right: 15 years from substantial investment +- Patents: Patents Act 1977 -- 20 years from filing date + Employee inventions: employer may own if made in course of normal duties +- Trade Marks: Trade Marks Act 1994 -- UK register (UKIPO) post-Brexit + EU trade marks no longer extend to UK -- separate UK registration required +- Design Right: Registered (up to 25 years) and Unregistered (10 years) + +### Data Protection + +- UK GDPR + Data Protection Act 2018 +- Six lawful bases: Consent / Contract / Legal obligation / Vital interests / + Public task / Legitimate interests +- International transfers: UK IDTA (International Data Transfer Agreement) -- + UK equivalent of EU SCCs; distinct from EU SCCs post-Brexit + Verify current UK ICO adequacy list -- may differ from EU adequacy decisions +- Breach notification: 72 hours to ICO (controllers); without undue delay + to controller (processors) +- DSAR response: 30 days (extendable to 3 months for complex requests) +- Supervisory Authority: Information Commissioner's Office (ICO) +- Fines: up to GBP 17.5M or 4% of global annual turnover (whichever higher) + +### Employment Law + +- Employment Rights Act 1996: unfair dismissal (2-year qualifying period), + redundancy rights, written statement of particulars +- Equality Act 2010: 9 protected characteristics; reasonable adjustments duty +- National Minimum Wage: NMW/NLW -- verify current rates +- Post-termination restrictions: English courts enforce only if reasonable + in scope, geographic area, and duration + 12 months is generally the outer limit for non-compete clauses + Non-solicitation of customers: up to 12 months if limited to existing clients + +### Company Law + +- Companies Act 2006: director duties (ss.171-177), annual filings, PSC register +- Bribery Act 2010: corporate criminal liability for failure to prevent bribery + Defence: adequate procedures in place + Applies to UK companies AND foreign companies with UK business nexus +- Criminal Finances Act 2017: failure to prevent facilitation of tax evasion + +## KEY UK-SPECIFIC ESCALATION TRIGGERS + +VOID AS A MATTER OF LAW -- always RED regardless of playbook: + +- Liability for death or personal injury caused by negligence: + VOID under UCTA s.2(1) -- any limitation clause is unenforceable; flag RED immediately +- Unfair terms in B2C contracts: CRA 2015 -- terms causing significant imbalance + to consumer's detriment may be unenforceable regardless of agreement + +ALWAYS ESCALATE TO COUNSEL: + +- Novel limitation of liability structures: must satisfy UCTA reasonableness test +- Post-termination restrictions in employment: enforce only if reasonable -- + always attorney review before including or relying upon +- Bribery Act adequate procedures: any third-party payments or facilitation + arrangements -> attorney review of adequacy of prevention procedures +- TUPE (Transfer of Undertakings): business or service change hands -> + complex employment law implications; immediate escalation + +## GOVERNING LAW NOTES + +Choice of English law: generally enforceable in English courts and most +common law jurisdictions. + +Post-Brexit enforcement: English court judgments no longer automatically +enforceable in EU member states (Brussels I Recast no longer applies). +Consider arbitration clauses for contracts with EU counterparties +where enforcement may be needed in EU. diff --git a/legal-ops/skills/legal-global-router/references/jurisdictions/us-law.md b/legal-ops/skills/legal-global-router/references/jurisdictions/us-law.md new file mode 100644 index 0000000..e84e4b3 --- /dev/null +++ b/legal-ops/skills/legal-global-router/references/jurisdictions/us-law.md @@ -0,0 +1,114 @@ +--- +name: us-law-overlay +version: 1.0 +applies-to: "US law / American law / United States / federal law / + New York law / California law / Delaware law" +chapter: 22 -- Legal Operations and Compliance +--- + +## GOVERNING FRAMEWORK + +### US Contract Law + +No single federal contract law -- governed by state law. + +Uniform laws adopted by most states: + +- UCC Article 2: governs sale of GOODS (implied warranties of merchantability, + fitness for particular purpose) + Note: UCC Article 2 does NOT apply to services contracts +- CISG (UN Convention on Contracts for International Sale of Goods): + applies to international goods sales unless EXPRESSLY excluded + Always include: "The parties expressly exclude the application of the + UN Convention on Contracts for the International Sale of Goods." + +Choice of law: New York and Delaware most common for commercial contracts. +California has additional mandatory protections regardless of choice of law +for California-based employees and consumers. + +### US Data Privacy (Federal + State) + +Federal sector-specific: + +- HIPAA: health information (covered entities and business associates) +- GLBA: financial institution customer information +- COPPA: children under 13 online -- always escalate +- FTC Act s.5: unfair or deceptive practices + +State laws: + +- California CCPA / CPRA: most comprehensive; often treated as baseline + Consumer rights: access, deletion, correction, opt-out of sale/sharing + Fines: up to USD 7,500 per intentional violation +- Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA): CPRA-like frameworks +- Illinois BIPA: biometric data -- PRIVATE RIGHT OF ACTION; very high + litigation risk; immediate escalation for any biometric processing + +DSAR equivalents: + +- CCPA: 45 days (extendable 45 days with notice) +- Other states: check applicable deadline per requester's state + +ESCALATION TRIGGER -- BIPA: Any processing of biometric data from Illinois +residents -> escalate to counsel immediately + +### US Intellectual Property + +- Copyright: Copyright Act (17 U.S.C.) -- automatic on creation + Register before infringement for enhanced damages + Work for hire: employee work in scope of employment = employer owned; + contractor work-for-hire requires written agreement AND enumerated category +- Patents: USPTO; 20 years from filing; first-to-file + Provisional applications: establish priority; 12-month window for non-provisional +- Trade Marks: USPTO (federal); common law rights from use (Lanham Act) +- Trade Secrets: DTSA (federal) + state laws (most adopt UTSA) + +### US Employment Law + +- At-will employment: most states -- either party may terminate at any time + for any lawful reason (unlike UK/EU) + Exception: California and some other states have additional protections + +NON-COMPETE ENFORCEABILITY -- VARIES DRAMATICALLY BY STATE: + +- California: NON-COMPETES ARE VOID (Business & Professions Code s.16600) +- New York: enforceable if reasonable (time, geography, scope) +- Delaware: generally enforceable if reasonable +- FTC Rule: federal rule broadly limiting non-competes -- check current status + +ALWAYS escalate to employment counsel before including non-compete clauses. +NEVER assume a non-compete is enforceable without checking state law. + +## KEY US-SPECIFIC ESCALATION TRIGGERS + +- Non-compete clauses: ALWAYS check state law before including; California = void +- CISG exclusion: ALWAYS include express exclusion for international goods sales +- BIPA (biometric data from Illinois): private right of action; immediate escalation +- COPPA (children under 13): always escalate for consumer-facing services +- California liability: cannot cap liability for fraud or intentional torts +- Class action waiver: generally enforceable in arbitration under FAA; + useful risk management tool for consumer-facing businesses + +## JURISDICTION NOTES + +New York: + +- CPLR commercial courts -- sophisticated, predictable + Statute of Frauds (UCC s.2-201): contracts for goods >USD 500 require writing + +California: + +- Mandatory employee protections regardless of choice of law +- CCPA/CPRA applies to businesses serving California consumers above thresholds +- Unlimited liability for intentional acts -- limitation clauses cannot cap + +Delaware: + +- Preferred for corporate governance matters +- Delaware General Corporation Law -- most flexible corporate law in US +- Chancery Court: specialised commercial court; sophisticated judges + +Arbitration: + +- Federal Arbitration Act (FAA): strongly pro-arbitration +- AAA, JAMS most common arbitration providers for commercial disputes diff --git a/legal-ops/skills/legal-spend/SKILL.md b/legal-ops/skills/legal-spend/SKILL.md new file mode 100644 index 0000000..b3a717d --- /dev/null +++ b/legal-ops/skills/legal-spend/SKILL.md @@ -0,0 +1,152 @@ +--- +name: legal-spend +version: 1.0 +description: > + Activate for: legal spend, legal invoice, law firm invoice, legal budget, + matter budget, legal costs, external counsel, billing rates, hourly rates, + legal matter, write-off, billing anomaly, legal efficiency, spend analysis, + legal ROI, panel firms, outside counsel, legal department budget, + matter management, legal benchmarking. + NOT for: contract review, NDA triage, IP research, regulatory monitoring, DSAR processing, budget approval (CFO required). +plugin-commands: /legal-brief +chapter: 22 -- Legal Operations and Compliance +--- + +## DATA SOURCES (connect via MCP) + +- Accounts payable system (invoice data) +- Matter management system (matter codes, descriptions, status) +- E-billing system (if deployed: Brightflag, Legal Tracker, eBillingHub) +- Budget system (approved matter budgets) + +## ANALYSIS DIMENSIONS + +By Matter Type: + +- Transactional (M&A, financing, commercial contracts) +- Litigation and disputes +- Regulatory and compliance +- Employment +- IP prosecution and licensing +- General corporate / governance + +By Law Firm / Provider: + +- Total spend per firm +- Effective blended rate (total spend / total hours) +- Budget vs. actual variance per matter +- Write-off rate (billed vs. collected) +- Billing realisation rate + +By Business Unit: + +- Which business units generate the most legal spend? +- Spend per GBP/USD of revenue by business unit +- Ratio of internal legal cost vs. external legal cost + +## ANOMALY DETECTION RULES -- FLAG FOR REVIEW IF: + +- Invoice total exceeds matter budget by >20% without documented explanation +- Effective hourly rate >15% above agreed rates without written authorisation +- Invoice includes time entries for >12 hours in a single day +- Invoice submitted >90 days after work performed +- Same task described in multiple time entries across consecutive days + (potential duplication) +- Significant increase in billings in a matter's final month + (common pattern before matter close -- always review) +- Paralegal or trainee time billed at associate rates +- Multiple partners billing to the same low-complexity matter +- Research time exceeds 30% of total matter hours on a well-established + area of law (possible training at client's expense) +- Block billing (single time entry covering multiple tasks without breakdown) + -- request itemisation before payment approval + +## BENCHMARKING COMPARISON METHOD + +To compare firm rates against market: + +1. Collect agreed rates from each panel firm (engagement letter / rate card) +2. Calculate effective blended rate per firm: total fees / total hours +3. Compare effective rate against benchmark reference points (below) +4. Flag any firm where effective rate exceeds benchmark by >20% +5. For each flagged firm, check: matter complexity, seniority mix, outcomes +6. Present comparison to GC with context -- do not draw conclusions + without understanding matter complexity and outcomes + +Rate comparison output: + +| Firm | Agreed Rate | Effective Rate | Benchmark | Variance | Flag | +| ---- | ----------- | -------------- | --------- | -------- | ----- | +| [X] | GBP [X]/hr | GBP [X]/hr | GBP [X] | [+/-X%] | [Y/N] | + +## BENCHMARK REFERENCE POINTS (general; update with current market surveys) + +UK (London) Senior Associate -- Magic Circle: GBP 450-650/hr +UK (London) Senior Associate -- Silver Circle/Top50: GBP 300-450/hr +UK (Regional) Senior Associate: GBP 200-350/hr +US (NY/CA) Senior Associate -- AmLaw 100: USD 700-1,100/hr +In-house equivalent (all-in, UK mid-level): GBP 120,000-180,000/yr + +## OUTPUT FORMAT + +# LEGAL SPEND ANALYSIS -- [Period] + +SUMMARY +Total spend: GBP [X] +vs. prior period: [+/-X%] +vs. budget: [+/-X%] + +BY FIRM (top 5) +[Firm] GBP [X] Eff. rate: GBP [X]/hr vs. budget: [+/-X%] + +ANOMALIES FLAGGED: [N] +[Item] -- [Anomaly description] -- [Recommended action] + +============================================ +NOTE: Billing anomalies require discussion with the relevant +partner before any payment dispute is raised. + +## OUTPUT FORMAT: QUARTERLY SPEND REPORT + +``` +QUARTERLY LEGAL SPEND REPORT -- Q[N] [Year] +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +Prepared: [date] +Period: [start date] -- [end date] + +EXECUTIVE SUMMARY: +Total external spend: GBP [X] (vs Q[N-1]: [+/-X%]) +Total matters active: [N] +Budget utilisation: [X%] of annual budget consumed YTD +Top spending area: [matter type] + +SPEND BY MATTER TYPE: +| Matter Type | Spend | % of Total | vs Prior Q | +| ----------------- | --------- | ---------- | ---------- | +| [each type] | GBP [X] | [X%] | [+/-X%] | + +PANEL FIRM PERFORMANCE: +| Firm | Spend | Eff. Rate | Budget Var | Anomalies | +| ----- | --------- | --------- | ---------- | --------- | +| [X] | GBP [X] | GBP [X] | [+/-X%] | [N] | + +ANOMALIES REQUIRING REVIEW: [N] +[list with recommended actions] + +FORECAST: +Projected annual spend: GBP [X] (based on YTD run rate) +vs annual budget: [+/-X%] + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY BEFORE ACTION +``` + +## NEVER DO THESE + +- NEVER raise a formal billing dispute with a law firm without GC authorisation +- NEVER characterise attorney work as inappropriate without legal review of context +- NEVER share firm-specific spend benchmarking externally without GC and firm consent +- NEVER use spend data to make personnel decisions about external counsel without + first consulting GC + +## ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY BEFORE ACTION diff --git a/legal-ops/skills/regulatory-monitoring/SKILL.md b/legal-ops/skills/regulatory-monitoring/SKILL.md new file mode 100644 index 0000000..a187b1b --- /dev/null +++ b/legal-ops/skills/regulatory-monitoring/SKILL.md @@ -0,0 +1,142 @@ +--- +name: regulatory-monitoring +version: 1.0 +description: > + Activate for: regulatory update, regulation change, new law, compliance + monitoring, regulatory briefing, regulatory calendar, law change, legal + development, regulatory risk, ICO guidance, FCA update, GDPR update, + EU AI Act, employment law change, company law update, sector regulation, + regulatory horizon, compliance alert, policy review, board briefing. + NOT for: contract review, NDA triage, IP research, DSAR processing, legal advice on regulatory interpretation. +plugin-commands: /legal-brief +chapter: 22 -- Legal Operations and Compliance +--- + +## CONFIGURATION PARAMETERS (load from settings or ask user) + +Required: + +- Organisation type: [industry, size, structure] +- Primary regulatory areas: [list all that apply] +- Key jurisdictions: [all jurisdictions where the org operates] +- Escalation contacts: [Compliance Officer, GC, relevant leads] +- Output format: [weekly brief / monthly board summary / ad-hoc alert] + +Standard regulatory areas to monitor (configure for relevance): + +- Data Protection: UK GDPR, EU GDPR, CCPA, PIPEDA, ICO guidance +- AI Regulation: EU AI Act (implementation phases), UK AI framework, + OECD AI Principles, sector AI guidance (FCA, ICO) +- Employment: Working time, remote working, IR35/contractor status, + whistleblowing, TUPE, redundancy +- Company Law: Annual return, director duties, PSC register, + anti-bribery (UKBA), corporate criminal offences +- Financial Services (if applicable): FCA rules, PRA requirements +- Sector-specific: [configure for organisation's industry] + +## IMPACT CLASSIFICATION + +HIGH PRIORITY (RED): Effective within 30 days; OR requires immediate policy change; +OR potential enforcement risk. + +MONITOR (YELLOW): Effective within 6 months; OR affects current contracts on renewal; +OR requires internal process change. + +AWARENESS (GREEN): Longer horizon; informational only; no immediate action required. + +## OUTPUT: WEEKLY MONITORING BRIEF + +WEEKLY REGULATORY BRIEFING -- [Date] +Generated: Legal Ops Monitoring Agent +======================================================== + +RED -- HIGH PRIORITY -- Action required within 30 days + +--- + +[Regulation name] -- [Jurisdiction] +Effective: [Date] +Summary: [2 sentences] +Internal impact: [Which policy/process needs updating] +Contract impact: [N contracts with relevant clauses -- see list] +Action: [Specific action] by [date] -- Owner: [name] + +YELLOW -- MONITOR -- No immediate action; review within 6 months + +--- + +[...] + +GREEN -- AWARENESS -- For information only + +--- + +[...] + +======================================================== +NOTE: All regulatory interpretations must be confirmed with +qualified legal counsel before reliance. + +## OUTPUT: MONTHLY BOARD SUMMARY + +``` +MONTHLY REGULATORY BOARD SUMMARY -- [Month Year] +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +Prepared: [date] +Period: [month] + +EXECUTIVE SUMMARY: +1. [Most important regulatory change this month] +2. [Second most important] +3. [Third] + +RAG STATUS BY REGULATORY AREA: +| Area | Status | Key Development | Action Required | +| ----------------- | ------- | ------------------------ | --------------- | +| Data Protection | [R/A/G] | [summary] | [Y/N -- detail] | +| AI Regulation | [R/A/G] | [summary] | [Y/N -- detail] | +| Employment | [R/A/G] | [summary] | [Y/N -- detail] | +| Company Law | [R/A/G] | [summary] | [Y/N -- detail] | +| Sector-specific | [R/A/G] | [summary] | [Y/N -- detail] | + +ACTIONS REQUIRED: +| Owner | Action | Deadline | Priority | +| ----------- | ------------------------- | ---------- | -------- | +| [name/role] | [specific action] | [date] | [R/Y/G] | + +HORIZON ITEMS (next 3-6 months): +- [Upcoming regulation]: effective [date] -- preparation required by [date] + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY +``` + +## SOURCE CONFIGURATION + +Configure regulatory sources per jurisdiction: + +| Jurisdiction | Primary Sources | +| ------------ | ----------------------------------------------------- | +| UK | legislation.gov.uk, ICO, FCA, Companies House, GOV.UK | +| EU | EUR-Lex, EDPB, ESMA, EC official journal | +| US | Federal Register, state legislature sites, FTC, SEC | +| UAE | WAM, DIFC, ADGM, UAE Official Gazette | +| Pakistan | SECP, FBR, National Assembly, Pakistan Gazette | +| GCC | GCC official gazette, national regulatory authorities | + +Source update frequency: + +- RED items: check daily during implementation period +- YELLOW items: check weekly +- GREEN items: check monthly +- New jurisdiction added: verify source list with local counsel before relying + +## NEVER DO THESE + +- NEVER characterise monitoring output as legal advice +- NEVER state "you are compliant" -- flag for counsel to confirm +- NEVER miss an effective date -- build in 30-day advance warning + for all HIGH PRIORITY items +- NEVER monitor a jurisdiction without loading the correct overlay file + +## ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/workflow-recipes/contract-intake-workflow.md b/legal-ops/workflow-recipes/contract-intake-workflow.md new file mode 100644 index 0000000..f19148d --- /dev/null +++ b/legal-ops/workflow-recipes/contract-intake-workflow.md @@ -0,0 +1,128 @@ +# Workflow Recipe: Contract Intake -- End-to-End + +## Task Overview + +| Field | Value | +| ------------- | ---------------------------------------------------------------------------------- | +| **Task Name** | Contract Intake: Receipt through Execution and Obligation Monitoring | +| **Frequency** | Continuous (triggered by each incoming contract) | +| **Purpose** | Route incoming contracts through triage, review, approval, execution, and tracking | +| **Owner** | Legal Operations Manager / Legal Intake Coordinator | + +--- + +## Trigger Conditions + +| Trigger | Condition | Action | +| ------------ | ------------------------------------------------------- | ----------------------------------------------- | +| **Email** | Contract received at legal-intake@yourcompany.com | Start intake sequence | +| **Upload** | Document uploaded to designated SharePoint/Drive folder | Start intake sequence | +| **Web form** | Contract submitted via internal portal | Start intake sequence | +| **URGENT** | Business deadline stated < 48 hours | Flag URGENT; notify GC; halve all SLA timelines | + +--- + +## Step-by-Step Execution + +### Step 1: Receive and Log + +``` +Input: Contract document (PDF, DOCX, or via MCP connector) +Actions: + - Assign reference ID: [YYYY-MM-DD-XXXX] + - Record receipt timestamp + - Log in contract tracking system + - Extract: counterparty name, contract type, requesting business unit, + stated urgency, deal value (if stated), governing law (if stated) +``` + +### Step 2: Classify Document Type + +``` +NDA / Mutual CA / CDA -> Run /triage-nda protocol +Vendor Agreement / MSA / SOW -> Run /review-contract protocol +SaaS / Software Licence -> Run /review-contract protocol +Employment / Contractor -> Route to HR Legal queue (no agent triage) +Partnership / JV -> Run /review-contract + notify GC +M&A / Investment -> Route to GC immediately (no agent triage) +Unknown -> Extract key terms; route to GC queue +``` + +### Step 3: Run Triage Protocol + +``` +Execute the appropriate product skill: + - nda-triage: produces Tier 1/2/3 classification + - contract-review: produces GREEN/YELLOW/RED analysis + +Output: Triage tier + deviation summary + routing recommendation +``` + +### Step 4: Route Based on Tier + +``` +Tier 1 (Standard Approval): + -> Send Template A to business unit + -> Route to authorised signatory queue + -> Set follow-up reminder: 3 business days + +Tier 2 (Counsel Review): + -> Send Template B to reviewing attorney + -> Attach triage summary + -> Set SLA reminder: 2 business days + +Tier 3 (Full Review / RED items): + -> Send Template C to General Counsel + -> Attach full review output + -> Schedule review call if value > threshold + -> Set SLA reminder: 5 business days +``` + +### Step 5: Track Progress + +``` +Daily status check. Escalate if SLA breached: + - Tier 1 > 1 business day: notify business unit + attorney + - Tier 2 > 2 business days: notify GC + - Tier 3 > 5 business days: notify GC + CFO (if above threshold) +``` + +### Step 6: Post-Execution + +``` +On confirmed signing: + - Save executed contract to repository + - Update tracking log: status = EXECUTED + - Extract: execution date, effective date, term, renewal date, notice period + - Set calendar reminders: + -> Notice period deadline (last date for non-renewal notice) + -> Contract expiry date + -> Key obligation due dates + - Notify business unit: confirmation + renewal date +``` + +--- + +## Required Skill Files + +| Skill File | Purpose | +| ----------------------- | --------------------------------------- | +| `contract-intake-agent` | Intake sequence, routing, and templates | +| `contract-review` | Full contract review (Tier 2/3) | +| `nda-triage` | NDA triage (Tier 1/2/3) | +| `compliance-calendar` | Post-execution obligation tracking | +| `legal-global-router` | Routing and jurisdiction identification | + +--- + +## Escalation / Review Checkpoints + +| Checkpoint | Condition | Reviewer | +| ------------------- | ------------------------------------------------ | ------------------ | +| **Triage complete** | All metadata extracted, tier assigned | Legal Ops Manager | +| **SLA breach** | Tier 1 > 1 day, Tier 2 > 2 days, Tier 3 > 5 days | GC | +| **RED escalation** | Any RED deviation identified | GC immediately | +| **Execution** | Signed contract confirmed | Legal Ops Manager | +| **Post-execution** | Calendar reminders and obligations logged | Compliance Officer | + +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/workflow-recipes/dsar-30-day-workflow.md b/legal-ops/workflow-recipes/dsar-30-day-workflow.md new file mode 100644 index 0000000..04ac006 --- /dev/null +++ b/legal-ops/workflow-recipes/dsar-30-day-workflow.md @@ -0,0 +1,149 @@ +# Workflow Recipe: DSAR 30-Day Response + +## Task Overview + +| Field | Value | +| ------------- | ------------------------------------------------------------------------------- | +| **Task Name** | DSAR Response: Receipt through Completion within 30-Day Statutory Window | +| **Frequency** | Per request (triggered by each incoming DSAR) | +| **Purpose** | Manage data subject access requests end-to-end within mandatory response window | +| **Owner** | Privacy Officer / Data Protection Officer | + +--- + +## Response Windows by Jurisdiction + +| Jurisdiction | Window | Extension | Regulator | +| ------------ | ------------ | ------------------------------- | ------------ | +| UK GDPR | 30 cal. days | +60 days if complex (w/ notice) | ICO | +| EU GDPR | 30 cal. days | +60 days if complex (w/ notice) | National DPA | +| CCPA | 45 days | +45 days with notice | CA AG | +| PIPEDA | 30 days | Escalate to Privacy Officer | OPC | + +--- + +## Step-by-Step Execution + +### Day 1: Receipt and Acknowledgement + +``` +Input: DSAR received (email, portal, letter) +Actions: + - Log request: requester name, contact, date, request type, jurisdiction + - Start response clock + - Set internal alerts: Day 7, Day 15, Day 21, Day 27 + - Draft and send acknowledgement letter + +Acknowledgement MUST include: + - Confirmation of receipt + - Statutory response deadline + - Identity verification requirements (if needed) + - Contact details for queries + +Acknowledgement MUST NOT include: + - Confirmation or denial of what data is held + - Any substantive response + - Legal advice +``` + +### Days 1-3: Identity Verification + +``` +IF requester identity is in doubt: + - Request reasonable proof of identity + - Do NOT request excessive documentation + - 30-day clock pauses while awaiting verification + - If unverifiable -> consult Privacy Counsel before refusing + +IF identity verified: + - Log verification and proceed +``` + +### Days 1-10: Data Discovery + +``` +Send discovery requests to ALL relevant system owners: + - CRM / customer database + - Email and communications systems + - Billing and financial systems + - Marketing and analytics platforms + - HR system (if individual was ever employee) + - Customer support / ticketing systems + - Legal case management (handle with care -- privilege) + - Legacy or archive systems + +Discovery deadline: Day 10 +IF NOT complete by Day 15: escalate to Privacy Counsel +``` + +### Days 10-20: Compilation and Redaction Assessment + +``` +REDACT (do not disclose): + - Third-party personal data + - Internal staff personal data (beyond standard business capacity) + - Legally privileged material (counsel advice required) + - Commercially sensitive info genuinely unrelated to requester + +DO NOT REDACT: + - Opinions ABOUT the requester (these ARE personal data) + - Internal notes about requester's behaviour + - Automated decision-making logic applied to requester + +COMMON ERROR: CRM notes like "difficult customer" ARE personal data +and MUST be disclosed unless a specific exemption applies. +``` + +### Days 20-27: Response Drafting + +``` +Response letter MUST include: + - Confirmation of personal data held (by category) + - Purposes of processing + - Legal basis for each processing activity + - Recipients or categories of recipients + - Retention periods + - Rights: rectification, erasure, restriction, objection, portability, + lodge complaint with supervisory authority + - Source of data (if not collected from requester) + - Automated decision-making / profiling information + +Route for attorney review by Day 27 at latest. +DO NOT send without attorney sign-off. +``` + +### Day 30: Response and Logging + +``` +Send approved response. Log: + - Date received / Date acknowledged / Date responded + - Data categories disclosed + - Data withheld and legal basis + - Attorney sign-off confirmation + - Store in compliance archive +``` + +--- + +## Escalation Rules + +| Trigger | Action | Deadline | +| ----------------------------- | ------------------------------------- | --------- | +| 7 days before deadline | Alert Privacy Counsel if not complete | Day 23 | +| 1 day before deadline | Emergency alert -- GC involved | Day 29 | +| Erasure/restriction/objection | Privacy Counsel immediately | Day 1 | +| Privileged material involved | Privacy Counsel immediately | Day 10-20 | +| Identity fraud suspected | Privacy Counsel immediately | Day 1-3 | +| Related regulatory inquiry | GC immediately | Any day | + +--- + +## Required Skill Files + +| Skill File | Purpose | +| --------------------- | ----------------------------------------------- | +| `dsar-privacy` | Full DSAR workflow and request type routing | +| `legal-global-router` | Jurisdiction identification and overlay loading | +| UK/EU/US overlays | Jurisdiction-specific response requirements | + +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/workflow-recipes/nda-triage-workflow.md b/legal-ops/workflow-recipes/nda-triage-workflow.md new file mode 100644 index 0000000..3a5569f --- /dev/null +++ b/legal-ops/workflow-recipes/nda-triage-workflow.md @@ -0,0 +1,122 @@ +# Workflow Recipe: NDA Triage + +## Task Overview + +| Field | Value | +| ------------- | ---------------------------------------------------------------------- | +| **Task Name** | NDA Triage: Three-Tier Routing for Incoming NDAs | +| **Frequency** | Per NDA received (typical: 10-50 per month) | +| **Purpose** | Route NDAs to the correct review level, reducing attorney time by 70%+ | +| **Owner** | Legal Operations Manager / Designated Reviewing Attorney | + +--- + +## Step-by-Step Execution + +### Step 1: Receive NDA + +``` +Input: Incoming NDA (PDF, DOCX, or via MCP connector) +Actions: + - Log receipt: counterparty, date, requesting business unit, stated urgency + - Confirm: mutual or unilateral? + - Confirm: purpose (vendor eval / partnership / M&A / employment / other) +``` + +### Step 2: Load Standard Form + +``` +CHECK for NDA configuration in legal.local.md + +IF FOUND: + - Load standard form reference + - Load Tier 1/2/3 criteria + - Compare incoming NDA against standard form directly + +IF NOT FOUND: + - Apply general commercial NDA standards + - Label: "Reviewed against general commercial NDA standards" +``` + +### Step 3: Classify Tier + +``` +TIER 1 -- STANDARD APPROVAL + Criteria: Substantially identical to standard form, or deviations + within pre-approved ranges. + Target: 60-70% of incoming NDAs. + Attorney time: 0 minutes. + Action: Route to authorised signatory. + +TIER 2 -- COUNSEL REVIEW + Criteria: Deviations within acceptable range but needing confirmation. + Target: 20-30%. + Attorney time: ~15 minutes. + Action: Route to reviewing attorney with triage summary. + +TIER 3 -- FULL REVIEW + Criteria: RED deviations, unusual structure, high-risk provisions. + Target: 10-15%. + Attorney time: ~45 minutes. + Action: Route to senior counsel / GC with full risk summary. +``` + +### Step 4: Check Automatic RED Flags + +``` +These ALWAYS trigger Tier 3 regardless of playbook: + - Residuals clause ("retained in unaided memory") + - No carve-out for publicly available information + - Non-compete provisions of any scope + - Perpetual confidentiality obligations + - Governing law: jurisdiction with no commercial law framework + - No definition of Confidential Information + - Unilateral when mutual expected (without justification) + - Asymmetric injunctive relief + - Disclosure to affiliates without need-to-know +``` + +### Step 5: Produce Triage Report + +``` +Output format: + NDA TRIAGE REPORT + Counterparty: [Name] + Date: [Date] + Playbook: [Loaded / Not configured] + TRIAGE TIER: [1 / 2 / 3] -- [Label] + Attorney time: [0 / ~15 min / ~45 min] + SUMMARY: [N] GREEN | [N] YELLOW | [N] RED + RECOMMENDATION: [Route to / Approve] + DEVIATIONS: [Listed with classification] +``` + +### Step 6: Route + +``` +Tier 1: Send acknowledgement to business unit; route to signatory +Tier 2: Send to reviewing attorney with triage summary; SLA: 2 days +Tier 3: Send to GC with full summary; SLA: 5 days +``` + +--- + +## SLA Targets + +| Tier | Attorney Time | Response SLA | Escalation If Breached | +| ------ | ------------- | --------------- | ------------------------- | +| Tier 1 | 0 min | 1 business day | Notify business unit | +| Tier 2 | ~15 min | 2 business days | Notify GC | +| Tier 3 | ~45 min | 5 business days | Notify GC + business unit | + +--- + +## Required Skill Files + +| Skill File | Purpose | +| --------------------- | --------------------------------------- | +| `nda-triage` | Three-tier classification and RED flags | +| `legal-global-router` | Jurisdiction identification | +| Jurisdiction overlays | Governing law considerations | + +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/workflow-recipes/regulatory-weekly-brief.md b/legal-ops/workflow-recipes/regulatory-weekly-brief.md new file mode 100644 index 0000000..4647265 --- /dev/null +++ b/legal-ops/workflow-recipes/regulatory-weekly-brief.md @@ -0,0 +1,134 @@ +# Workflow Recipe: Regulatory Weekly Brief + +## Task Overview + +| Field | Value | +| ------------- | --------------------------------------------------------------------- | +| **Task Name** | Weekly Regulatory Monitoring Brief and Monthly Board Summary | +| **Frequency** | Weekly (brief) + Monthly (board summary) | +| **Purpose** | Track regulatory changes, assess impact, produce actionable briefings | +| **Owner** | Compliance Officer / General Counsel | + +--- + +## Trigger Conditions + +| Trigger | Condition | Action | +| ------------- | ---------------------------------- | ----------------------------- | +| **Scheduled** | Every Monday 08:00 | Run weekly monitoring cycle | +| **Ad-hoc** | Significant regulatory development | Run immediate alert cycle | +| **Monthly** | Last business day of each month | Compile monthly board summary | + +--- + +## Step-by-Step Execution + +### Step 1: Configure Monitoring Scope + +``` +Required parameters (load from settings or confirm with user): + - Organisation type: [industry, size, structure] + - Primary regulatory areas: + - Data Protection: UK GDPR, EU GDPR, CCPA, ICO guidance + - AI Regulation: EU AI Act phases, UK AI framework + - Employment: Working time, IR35, TUPE, redundancy + - Company Law: Annual return, director duties, PSC register, UKBA + - Sector-specific: [configure for industry] + - Key jurisdictions: [all relevant jurisdictions] + - Escalation contacts: [Compliance Officer, GC, relevant leads] +``` + +### Step 2: Search Regulatory Sources + +``` +Sources (via web search MCP): + - ICO (UK data protection) + - EC / national DPAs (EU data protection) + - FCA / PRA (if financial services) + - SEC / FTC (US) + - Companies House / SECP / equivalent + - Official government legislative databases + - Regulatory body announcement pages + +Search for: new regulations, guidance, enforcement actions, consultations, +effective date changes, court decisions with regulatory impact +``` + +### Step 3: Classify Impact + +``` +HIGH PRIORITY (RED): + Effective within 30 days; OR requires immediate policy change; + OR potential enforcement risk. + +MONITOR (YELLOW): + Effective within 6 months; OR affects contracts on renewal; + OR requires internal process change. + +AWARENESS (GREEN): + Longer horizon; informational only; no immediate action required. +``` + +### Step 4: Produce Weekly Brief + +``` +Output format: + WEEKLY REGULATORY BRIEFING -- [Date] + ======================================================== + + RED -- HIGH PRIORITY -- Action required within 30 days + -------------------------------------------------------- + [Regulation] -- [Jurisdiction] + Effective: [Date] + Summary: [2 sentences] + Internal impact: [Policy/process needing update] + Contract impact: [N contracts with relevant clauses] + Action: [Specific action] by [date] -- Owner: [name] + + YELLOW -- MONITOR + -------------------------------------------------------- + [...] + + GREEN -- AWARENESS + -------------------------------------------------------- + [...] + + ======================================================== + NOTE: Confirm all interpretations with qualified counsel. +``` + +### Step 5: Monthly Board Summary (last business day) + +``` +Structure: + - Executive Summary: 3-5 bullets (most important changes) + - RAG Status: traffic-light per regulatory area + - Actions Required: owner / action / deadline (table) + - Horizon Items: significant changes in next 3-6 months + - Appendix: link to weekly brief archive + +Compile from 4 weekly briefs + any ad-hoc alerts. +``` + +--- + +## Escalation Rules + +| Trigger | Action | +| ---------------------------------- | ----------------------------------------- | +| HIGH PRIORITY item identified | Notify GC and Compliance Officer same day | +| Effective date < 7 days | Emergency escalation to GC | +| Enforcement action in our sector | GC + relevant business unit immediately | +| New obligation affecting contracts | Flag for contract review team | + +--- + +## Required Skill Files + +| Skill File | Purpose | +| ----------------------- | ----------------------------------------------- | +| `regulatory-monitoring` | Monitoring parameters and impact classification | +| `legal-global-router` | Jurisdiction identification and overlay loading | +| Jurisdiction overlays | Jurisdiction-specific regulatory frameworks | + +ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/marketplace.json b/marketplace.json index e3d23e8..1262d93 100644 --- a/marketplace.json +++ b/marketplace.json @@ -22,7 +22,7 @@ }, { "name": "legal-ops", - "description": "Legal Operations and Compliance agent: 8 product skills, 5 jurisdiction overlays, 4 domain commands. Contract review, NDA triage, IP protection, regulatory monitoring, DSAR management across UK, EU, US, Pakistan, and UAE.", + "description": "Legal Operations and Compliance agent: 9 skills (router + 8 products), 6 jurisdiction overlays, 4 domain commands. Contract review, NDA triage, IP protection, regulatory monitoring, DSAR management, legal spend, compliance calendar, contract intake across UK, EU, US, Pakistan, UAE, and GCC.", "source": "./legal-ops", "version": "1.0.0" }