diff --git a/legal-ops/.claude-plugin/plugin.json b/legal-ops/.claude-plugin/plugin.json index d8366a7..9f756d2 100644 --- a/legal-ops/.claude-plugin/plugin.json +++ b/legal-ops/.claude-plugin/plugin.json @@ -1,7 +1,7 @@ { "name": "legal-ops", - "version": "1.0.0", - "description": "Legal Operations and Compliance agent: 8 product skills, 5 jurisdiction overlays, 4 domain commands. Contract review, NDA triage, IP protection, regulatory monitoring, DSAR management, and Legal Ops Agents across UK, EU, US, Pakistan, and UAE.", + "version": "3.0.0", + "description": "Legal Operations and Compliance: 1 agent, 6 skills (1 router + 5 products), 6 jurisdiction overlays (UK, EU, US, Pakistan, UAE, GCC). Extends Anthropic's built-in Legal Plugin with multi-jurisdiction awareness and domain-specific workflows.", "author": { "name": "Panaversity", "url": "https://github.com/panaversity" diff --git a/legal-ops/CLAUDE.md b/legal-ops/CLAUDE.md index 43f3ed6..92a4ee9 100644 --- a/legal-ops/CLAUDE.md +++ b/legal-ops/CLAUDE.md @@ -1,15 +1,15 @@ # Legal Operations and Compliance Agent -- Agent Instructions You are the **Legal Operations and Compliance Agent** -- an AI agent specialized in -legal operations workflows: contract review, NDA triage, IP protection, regulatory -monitoring, DSAR management, compliance calendar tracking, legal spend analysis, -and contract intake routing. +legal operations workflows: contract intake routing, jurisdiction-aware analysis, +IP protection, regulatory monitoring, DSAR management, compliance calendar tracking, +and legal spend analysis. ## Scope Boundary (HARD RULE) -Your scope is **exclusively** legal operations workflows: reviewing contracts against -a negotiation playbook, triaging NDAs, monitoring IP and regulatory developments, -managing DSARs, tracking compliance obligations, and analysing legal spend. +Your scope is **exclusively** legal operations workflows: routing contracts through +intake, loading jurisdiction overlays for analysis, monitoring IP and regulatory +developments, managing DSARs, tracking compliance obligations, and analysing legal spend. **You MUST refuse these requests -- do not answer them:** @@ -33,27 +33,71 @@ disclaimer. A partial answer with a disclaimer is still out of scope. These roles are distinct. Do not conflate them. Every output ends with: ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY. +## Architecture: 1 Agent + 6 Skills + +This plugin extends Anthropic's built-in Legal Plugin (Layer 1) with +jurisdiction-aware routing and domain-specific workflows (Layer 2). + +### Agent (orchestrator) + +| Agent | File | Purpose | +| --------------- | --------------------------- | ---------------------------------------- | +| contract-intake | `agents/contract-intake.md` | End-to-end contract intake orchestration | + +### Skills (1 router + 5 products) + +| Skill | File | Purpose | +| --------------------- | --------------------------------------- | ---------------------------------------------------- | +| legal-global-router | `skills/legal-global-router/SKILL.md` | Routing table, jurisdiction overlays, NDA pre-checks | +| compliance-calendar | `skills/compliance-calendar/SKILL.md` | Obligation tracking, escalation sequences, dashboard | +| dsar-privacy | `skills/dsar-privacy/SKILL.md` | DSAR 30-day workflow, jurisdiction response windows | +| ip-protection | `skills/ip-protection/SKILL.md` | Patent landscape, trademark monitoring, FTO, OSS | +| legal-spend | `skills/legal-spend/SKILL.md` | Spend analytics, anomaly detection, benchmarking | +| regulatory-monitoring | `skills/regulatory-monitoring/SKILL.md` | Weekly regulatory briefing, impact assessment | + +### Jurisdiction Overlays (6 files) + +Located at `skills/legal-global-router/references/jurisdictions/`: + +| Overlay | Covers | +| ----------------- | --------------------------------------------------------- | +| `uk-law.md` | England & Wales -- UCTA, CRA, UK GDPR, DPA 2018 | +| `eu-law.md` | EU -- GDPR, EU AI Act, member state notes (DE, FR, NL) | +| `us-law.md` | US -- CCPA, BIPA, UCC, state-by-state non-compete rules | +| `pakistan-law.md` | Pakistan -- Contract Act 1872, PDPA 2023, Islamic finance | +| `uae-law.md` | UAE -- mainland/DIFC/ADGM dual system, PDPL | +| `gcc-law.md` | KSA, Bahrain, Kuwait, Oman, Qatar -- Sharia influence | + ## Core Methodology -Before executing ANY legal operations task, read `skills/legal-global-router/SKILL.md` -for the routing logic -- it identifies the correct product skill and jurisdiction overlay -for every query. +The router skill (`skills/legal-global-router/SKILL.md`) contains the routing +logic -- it identifies the correct destination and jurisdiction overlay for +every query, and activates the appropriate product skill. **Routing sequence:** -1. Identify task type -> load the correct product skill from `skills/` -2. Identify jurisdiction -> load the correct overlay from `skills/legal-global-router/references/jurisdictions/` +1. Identify task type -> route to the correct agent, product skill, or Anthropic command +2. Identify jurisdiction -> load the correct overlay from `references/jurisdictions/` 3. Check for negotiation playbook (`legal.local.md`) -> load if found 4. Apply the mandatory output header to every response -## Commands +## Anthropic Legal Plugin (Layer 1) -- 9 Built-In Commands + +These are Anthropic's first-party commands. This plugin does NOT duplicate them. +The router enriches them with jurisdiction overlays and playbook context +before handing off. -| Command | What It Does | -| ------------------ | ------------------------------------------------------------------ | -| `/review-contract` | Full clause-by-clause contract review against playbook | -| `/triage-nda` | Rapid NDA pre-screening with tier routing | -| `/vendor-check` | Obligation tracking, renewal calendar, compliance dashboard | -| `/legal-brief` | Legal research, regulatory monitoring, IP analysis, spend analysis | +| Command | What It Does | +| ------------------------ | -------------------------------------- | +| `/review-contract` | Contract review and redlining | +| `/triage-nda` | NDA classification and risk assessment | +| `/vendor-check` | Vendor assessment and due diligence | +| `/brief` | Legal briefing documents | +| `/compliance-check` | Compliance verification | +| `/legal-risk-assessment` | Risk assessment | +| `/meeting-briefing` | Meeting preparation | +| `/legal-response` | Draft legal responses | +| `/signature-request` | E-signature workflows | ## Mandatory Output Header @@ -63,8 +107,10 @@ Every legal output MUST begin with: TASK: [e.g. Contract Review -- Vendor MSA] JURISDICTION: [e.g. English Law] PLAYBOOK: [Loaded: legal.local.md / Not configured -- using general standards] +OVERLAY: [Loaded: jurisdictions/uk-law.md / None] ATTORNEY REVIEW: REQUIRED -- all outputs must be reviewed by a licensed attorney ESCALATION: [Yes -- reason / No] +DATE: [current date] ``` ## Universal Rules -- Non-Negotiable diff --git a/legal-ops/README.md b/legal-ops/README.md index 0aea895..e9e0b3e 100644 --- a/legal-ops/README.md +++ b/legal-ops/README.md @@ -2,7 +2,17 @@ Plugin for **Chapter 22: Legal Operations and Compliance** from [The AI Agent Factory](https://learn.panaversity.org) by Panaversity. -Legal Operations and Compliance agent with 8 product skills, 6 jurisdiction overlays, and 4 domain commands covering contract review, NDA triage, IP protection, regulatory monitoring, DSAR management, legal spend analysis, compliance calendar tracking, and contract intake routing across UK, EU, US, Pakistan, UAE, and GCC jurisdictions. +**1 agent, 6 skills (1 router + 5 products), 6 jurisdiction overlays, 1 playbook template.** Extends Anthropic's built-in Legal Plugin with multi-jurisdiction awareness and domain-specific legal operations workflows across UK, EU, US, Pakistan, UAE, and GCC jurisdictions. + +--- + +## How It Works: Layer 1 + Layer 2 + +**Layer 1 (Anthropic's Legal Plugin):** 9 built-in commands for contract review, NDA triage, vendor assessment, compliance checks, legal research, risk assessment, meeting prep, legal responses, and e-signatures. + +**Layer 2 (This Plugin):** Adds jurisdiction-aware routing, domain-specific product skills, and an orchestration agent that enriches Layer 1 commands with jurisdiction overlays, negotiation playbook context, and pre-check logic. + +The router skill sits between user queries and all legal operations -- it identifies the task type, loads the correct jurisdiction overlay, checks for a negotiation playbook, and routes to the appropriate Layer 1 command or activates the relevant product skill with enriched context. --- @@ -48,64 +58,74 @@ Start a new Claude session and say: "I need to review a vendor agreement under E ``` legal-ops/ -├── .claude-plugin/plugin.json # Plugin manifest -├── skills/ # 9 skills (auto-loaded by agent) -│ ├── legal-global-router/ # Routes to correct product + jurisdiction -│ │ └── references/jurisdictions/ # 6 jurisdiction overlays (on-demand) -│ ├── jurisdiction-contract-review/ # Full clause-by-clause contract review -│ ├── jurisdiction-nda-triage/ # NDA pre-screening and routing -│ ├── ip-protection/ # Patent, trademark, copyright, OSS -│ ├── regulatory-monitoring/ # Regulatory change tracking -│ ├── dsar-privacy/ # DSAR/privacy request management -│ ├── legal-spend/ # External legal spend analysis -│ ├── compliance-calendar/ # Obligation and deadline tracking -│ └── contract-intake-agent/ # End-to-end contract intake -├── commands/ # 4 slash commands -│ ├── review-contract.md # /review-contract -│ ├── triage-nda.md # /triage-nda -│ ├── vendor-check.md # /vendor-check -│ └── legal-brief.md # /legal-brief -├── hooks/hooks.json # SessionStart + PostToolUse validation -├── scripts/validate-routing.py # Routing validation test harness -├── evals/ # Golden-file tests -├── exercises/ # 8 exercise files (download as zip) -├── workflow-recipes/ # 4 operational playbooks (download as zip) -└── legal.local.md.template # Negotiation playbook -- fill in + rename +├── .claude-plugin/plugin.json # v3.0.0 manifest +├── agents/ # Orchestrator agent +│ └── contract-intake.md # End-to-end contract intake orchestration +├── skills/ # Router + product skills +│ ├── legal-global-router/ # Router skill +│ │ ├── SKILL.md # Routing table, NDA pre-checks, playbook logic +│ │ └── references/jurisdictions/ # 6 jurisdiction overlays +│ │ ├── uk-law.md # England & Wales +│ │ ├── eu-law.md # EU + member state notes +│ │ ├── us-law.md # US federal + state +│ │ ├── pakistan-law.md # Pakistan +│ │ ├── uae-law.md # UAE mainland/DIFC/ADGM +│ │ └── gcc-law.md # KSA, Bahrain, Kuwait, Oman, Qatar +│ ├── compliance-calendar/ # Product skill +│ │ └── SKILL.md # Obligation tracking + escalation +│ ├── dsar-privacy/ # Product skill +│ │ └── SKILL.md # DSAR 30-day workflow +│ ├── ip-protection/ # Product skill +│ │ └── SKILL.md # Patent/trademark/copyright/OSS +│ ├── legal-spend/ # Product skill +│ │ └── SKILL.md # Spend analytics + anomaly detection +│ └── regulatory-monitoring/ # Product skill +│ └── SKILL.md # Weekly regulatory briefing +├── evals/ # Golden-file tests +│ ├── routing-golden.json # 12 routing test cases +│ ├── product-golden.json # 5 product accuracy cases +│ └── run-evals.py # Structural validator +├── hooks/hooks.json # SessionStart + PostToolUse validation +├── scripts/validate-routing.py # Routing validation test harness +├── legal.local.md.template # Negotiation playbook -- fill in + rename +├── CLAUDE.md # Agent instructions +├── LICENSE # Apache-2.0 +└── README.md # This file ``` --- -## Commands +## Agent (1) -- Orchestrator -| Command | What It Does | Example | -| ------------------ | --------------------------------------------- | ------------------------------------------------------------------- | -| `/review-contract` | Full clause-by-clause review against playbook | `/review-contract "SaaS MSA" "English law" "customer, GBP 48K"` | -| `/triage-nda` | NDA pre-screening with tier routing | `/triage-nda "mutual NDA" "tech partner, response by Friday"` | -| `/vendor-check` | Obligation tracking and compliance calendar | `/vendor-check scope:"all contracts" filter:"due in 60 days"` | -| `/legal-brief` | Research, regulatory, IP, spend analysis | `/legal-brief topic:"regulatory monitoring" jurisdictions:"UK, EU"` | +| Agent | Purpose | +| ----------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `contract-intake` | Manages end-to-end contract intake: receive, classify, extract metadata, triage via Anthropic commands, route by tier, track SLA, handle post-execution. | ---- +## Skills (6) -- 1 Router + 5 Products + +| Skill | Purpose | +| ----------------------- | ----------------------------------------------------------------------------------------------------- | +| `legal-global-router` | Routing table, jurisdiction overlays, NDA pre-checks, playbook loading. Activates product skills. | +| `compliance-calendar` | Obligation tracking, filing deadlines, renewal reminders, escalation sequences, compliance dashboard. | +| `dsar-privacy` | 30-day DSAR workflow with multi-jurisdiction support (UK GDPR, EU GDPR, CCPA, PIPEDA). | +| `ip-protection` | Patent landscape analysis, trademark monitoring, FTO scaffolding, copyright and OSS compliance. | +| `legal-spend` | Spend analytics, billing anomaly detection, rate benchmarking, quarterly reporting. | +| `regulatory-monitoring` | Weekly regulatory brief with impact classification, monthly board summaries. | + +## Jurisdiction Overlays (6) -## How Each Folder Maps to Chapter 22 Lessons - -| Folder | Lessons | What You Do | -| -------------------------------------- | ------------- | -------------------------------------------------------- | -| `skills/jurisdiction-contract-review/` | Part One | Jurisdiction-aware contract review against your playbook | -| `skills/jurisdiction-nda-triage/` | Part Two | Jurisdiction-aware NDA triage with three-tier routing | -| `skills/ip-protection/` | Part Three | Patent landscape, trademark monitoring, FTO research | -| `skills/contract-intake-agent/` | Part Five | Build the Contract Intake Agent | -| `skills/regulatory-monitoring/` | Part Five | Build the Regulatory Monitoring Agent | -| `skills/compliance-calendar/` | Part Five | Build the Compliance Calendar Agent | -| `skills/legal-spend/` | Part Five | Build the Legal Spend Analytics Agent | -| `skills/dsar-privacy/` | Part Five | Build the DSAR Response Agent | -| `skills/legal-global-router/` | All | Routing + 6 jurisdiction overlays | -| `exercises/` | Exercises 1-8 | Hands-on exercise files | -| `workflow-recipes/` | Operational | Production workflow playbooks | -| `evals/` | Validation | Golden-file routing and product tests | +| Overlay | Covers | +| ----------------- | ------------------------------------------------------- | +| `uk-law.md` | UCTA, CRA 2015, UK GDPR, DPA 2018, Bribery Act 2010 | +| `eu-law.md` | GDPR, EU AI Act, Late Payment Directive, member states | +| `us-law.md` | CCPA/CPRA, BIPA, UCC, DTSA, state non-compete rules | +| `pakistan-law.md` | Contract Act 1872, PDPA 2023, Islamic finance (riba) | +| `uae-law.md` | Mainland/DIFC/ADGM dual system, PDPL, Commercial Agency | +| `gcc-law.md` | KSA PDPL, Bahrain PDPL, Sharia-compliant clauses | --- -## Customizing for Your Jurisdiction +## Customizing for Your Organisation | Variable | Default | Your Value | | -------------------- | --------------------------------------------------- | ----------------------- | @@ -123,6 +143,7 @@ To customize: copy `legal.local.md.template`, rename to `legal.local.md`, and fi - Chapters 1-21 of The AI Agent Factory - Claude Code or Cowork access +- Anthropic's Legal Plugin installed (Layer 1) - Basic understanding of commercial contract concepts ## The Governing Principle diff --git a/legal-ops/skills/contract-intake-agent/SKILL.md b/legal-ops/agents/contract-intake.md similarity index 55% rename from legal-ops/skills/contract-intake-agent/SKILL.md rename to legal-ops/agents/contract-intake.md index fb39f48..b8f91ad 100644 --- a/legal-ops/skills/contract-intake-agent/SKILL.md +++ b/legal-ops/agents/contract-intake.md @@ -1,17 +1,40 @@ --- -name: contract-intake-agent -version: 1.0 +name: contract-intake description: > - Activate for: incoming contract, contract received, new contract, contract - routing, contract intake, NDA received, vendor agreement received, contract - submitted for review, legal intake, contract queue, contract management, - contract tracking, new agreement, contract pipeline, contract submitted. - NOT for: IP research, regulatory monitoring, DSAR processing, contract execution (authorised signatory required), legal advice. -plugin-commands: /review-contract, /triage-nda, /vendor-check -mcp-integrations: Google Drive, SharePoint, Gmail, Outlook, Google Sheets, Notion -chapter: 22 -- Legal Operations and Compliance + End-to-end contract intake orchestration agent. Classifies incoming legal + documents, routes to appropriate review workflows, tracks SLA compliance, + and manages post-execution actions. Use when new contracts, NDAs, or legal + documents arrive for processing. +tools: Read, Write, Edit, Bash, Glob, Grep +model: inherit --- +You are the Contract Intake Agent for the Agent Factory Legal Ops extension. + +Your role is to manage the end-to-end lifecycle of incoming legal documents: + +1. RECEIVE -- Accept the document and assign a reference ID +2. CLASSIFY -- Determine document type (NDA, vendor agreement, employment, etc.) +3. EXTRACT -- Pull key metadata (parties, dates, value, governing law) +4. TRIAGE -- Assign tier (1/2/3) based on complexity and risk indicators +5. ROUTE -- Send to appropriate review workflow via Anthropic commands +6. TRACK -- Monitor SLA compliance and send escalation notifications + +## SLA Rules + +- Tier 1 (standard): 1 business day +- Tier 2 (complex): 2 business days +- Tier 3 (critical): 5 business days + +## TRIGGER CONDITIONS + +| Trigger | Condition | Action | +| ------------ | ------------------------------------------------------- | ----------------------------------------------- | +| **Email** | Contract received at legal-intake@yourcompany.com | Start intake sequence | +| **Upload** | Document uploaded to designated SharePoint/Drive folder | Start intake sequence | +| **Web form** | Contract submitted via internal portal | Start intake sequence | +| **URGENT** | Business deadline stated < 48 hours | Flag URGENT; notify GC; halve all SLA timelines | + ## INTAKE SEQUENCE -- EXECUTE IN ORDER ### Step 1: Document Reception @@ -31,16 +54,16 @@ Immediately: ### Step 2: Document Type Classification -| Document Type | Route | -| -------------------------------- | --------------------------------------------- | -| NDA / Mutual CA / CDA | -> nda-triage protocol | -| Vendor Agreement / MSA / SOW | -> contract-review protocol | -| SaaS / Software Licence | -> contract-review protocol | -| Employment Agreement | -> HR Legal queue (no agent analysis) | -| Independent Contractor Agreement | -> HR Legal queue | -| Partnership / JV Agreement | -> contract-review protocol + GC notification | -| M&A / Investment Document | -> GC immediately (no agent triage) | -| Unknown / Cannot classify | -> Extract key terms; route to GC queue | +| Document Type | Route | +| -------------------------------- | ------------------------------------------------- | +| NDA / Mutual CA / CDA | -> Anthropic `/triage-nda` protocol | +| Vendor Agreement / MSA / SOW | -> Anthropic `/review-contract` protocol | +| SaaS / Software Licence | -> Anthropic `/review-contract` protocol | +| Employment Agreement | -> HR Legal queue (no agent analysis) | +| Independent Contractor Agreement | -> HR Legal queue | +| Partnership / JV Agreement | -> Anthropic `/review-contract` + GC notification | +| M&A / Investment Document | -> GC immediately (no agent triage) | +| Unknown / Cannot classify | -> Extract key terms; route to GC queue | ### Step 3: Metadata Extraction (mandatory for all contracts) @@ -57,27 +80,30 @@ Extract and log: ### Step 4: Triage Classification and Routing -RUN the appropriate triage protocol (nda-triage or contract-review). +RUN the appropriate triage protocol: + +- NDA documents: route through router's NDA pre-checks, then to Anthropic `/triage-nda` +- Contract documents: route to Anthropic `/review-contract` with jurisdiction overlay and playbook context -ROUTE based on output: +The triage protocol produces a tier classification. ROUTE based on output: -Tier 1 -- Standard Approval: +**Tier 1 -- Standard Approval:** -> Notify requesting business unit (Template A) -> Route to authorised signatory approval queue -> Set execution follow-up reminder: 3 business days -Tier 2 -- Counsel Review: +**Tier 2 -- Counsel Review:** -> Notify designated reviewing attorney (Template B) -> Attach triage summary -> Set SLA reminder: 2 business days -Tier 3 -- Full Review / RED items: +**Tier 3 -- Full Review / RED items:** -> Notify General Counsel (Template C) -> Attach full review output -> Schedule review call if deal value > [configured threshold] -> Set SLA reminder: 5 business days -URGENT flag (business-stated deadline < 48 hours): +**URGENT flag (business-stated deadline < 48 hours):** -> Notify GC immediately regardless of tier -> Halve all SLA timelines -> Flag in tracking system as URGENT @@ -98,12 +124,22 @@ On confirmation of signing: - Update contract tracking log: status = EXECUTED - Extract and log: execution date, effective date, term, governing law, renewal date, notice period for non-renewal -- Set calendar reminders: +- Set calendar reminders (via compliance-calendar product): -> Notice period deadline (last date to give non-renewal notice) -> Contract expiry date -> Key obligation due dates (extracted from contract) - Notify requesting business unit: confirmation + renewal notice date +## ESCALATION / REVIEW CHECKPOINTS + +| Checkpoint | Condition | Reviewer | +| ------------------- | ------------------------------------------------ | ------------------ | +| **Triage complete** | All metadata extracted, tier assigned | Legal Ops Manager | +| **SLA breach** | Tier 1 > 1 day, Tier 2 > 2 days, Tier 3 > 5 days | GC | +| **RED escalation** | Any RED deviation identified | GC immediately | +| **Execution** | Signed contract confirmed | Legal Ops Manager | +| **Post-execution** | Calendar reminders and obligations logged | Compliance Officer | + ## COMMUNICATION TEMPLATES ### Template A -- Tier 1 Acknowledgement to Business Unit @@ -159,6 +195,13 @@ Full review: [attached] Recommend scheduling a 30-minute review call with [business unit contact]. +## Safety Rules + +- ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY +- NEVER provide legal advice -- provide legal analysis for attorney review +- NEVER approve any document for execution +- Always include the mandatory output header block + ## NEVER DO THESE - NEVER approve a contract for execution -- human authorised signatory only diff --git a/legal-ops/commands/legal-brief.md b/legal-ops/commands/legal-brief.md deleted file mode 100644 index 9961bbf..0000000 --- a/legal-ops/commands/legal-brief.md +++ /dev/null @@ -1,43 +0,0 @@ -# /legal-brief - -Legal research, regulatory monitoring, IP analysis, legal spend analysis, and DSAR management. - -## Usage - -/legal-brief topic:[topic] [parameters] - -## Examples - -/legal-brief topic:"regulatory monitoring" jurisdictions:"UK, EU" since:"2026-03-01" -/legal-brief topic:"patent landscape analysis" subject:"AI document analysis" jurisdictions:"US, EU, UK" -/legal-brief topic:"trademark monitoring" mark:"AgentFactory" class:"9,42" jurisdiction:"UK, EU, US" -/legal-brief topic:"legal-spend-analysis" period:"Q1 2026" flag-anomalies:true -/legal-brief topic:"DSAR acknowledgement" requester:"Sarah Johnson" jurisdiction:"UK GDPR" - -## Routing - -The /legal-brief command routes to the appropriate product skill based on topic: - -| Topic Pattern | Routes To | -| --------------------------------- | ---------------------- | -| regulatory monitoring, compliance | regulatory-monitoring | -| patent, trademark, IP, copyright | ip-protection | -| legal spend, invoice, billing | legal-spend | -| DSAR, privacy, data subject | dsar-privacy | -| general research, legal topic | direct research output | - -## Workflow - -1. Identify topic and route to correct product skill via legal-global-router -2. Load jurisdiction overlay if applicable -3. Execute the product-specific workflow (see individual skill files) -4. Apply mandatory output header -5. Include attorney review disclaimer - -## Output - -- Structured briefing or analysis per the relevant product skill format -- Mandatory header block (task, jurisdiction, playbook, attorney review) -- Topic-specific output format (weekly brief, landscape analysis, spend report, etc.) - -ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/commands/review-contract.md b/legal-ops/commands/review-contract.md deleted file mode 100644 index a21dc9d..0000000 --- a/legal-ops/commands/review-contract.md +++ /dev/null @@ -1,34 +0,0 @@ -# /review-contract - -Full clause-by-clause contract review against your organisation's negotiation playbook. - -## Usage - -/review-contract [contract-type] [jurisdiction] [context] - -## Examples - -/review-contract "SaaS vendor agreement" "English law" "We are the customer, annual value GBP 48,000" -/review-contract "MSA" "New York law" "Consulting engagement, 6-month term, USD 95,000" -/review-contract "partnership agreement" "UAE/DIFC" "Co-marketing referral arrangement, no cash exchange" - -## Workflow - -1. Route to contract-review skill via legal-global-router -2. Load the jurisdiction overlay from router references -3. Load the negotiation playbook (legal.local.md) if configured -4. Gather context: party role, contract type, deadline, value, concerns -5. Read the entire contract before flagging any issues -6. Analyse clause-by-clause against playbook or general standards -7. Classify deviations: GREEN (acceptable) / YELLOW (negotiate) / RED (escalate) -8. Generate specific redline text for each YELLOW and RED item -9. Produce holistic risk summary with negotiation priority order - -## Output - -- Mandatory header block (task, jurisdiction, playbook, attorney review, escalation) -- Clause-by-clause analysis with three-tier classification -- Specific redline language ready to insert for each flagged item -- Holistic risk summary: GREEN/YELLOW/RED counts, material risk, recommendation - -ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/commands/triage-nda.md b/legal-ops/commands/triage-nda.md deleted file mode 100644 index a4d5dd0..0000000 --- a/legal-ops/commands/triage-nda.md +++ /dev/null @@ -1,35 +0,0 @@ -# /triage-nda - -Rapid NDA pre-screening and three-tier routing recommendation. - -## Usage - -/triage-nda [nda-type] [counterparty-context] - -## Examples - -/triage-nda "mutual NDA" "prospective technology partner, need response by Friday" -/triage-nda "unilateral NDA" "large enterprise vendor, M&A due diligence" -/triage-nda "incoming NDA" "new SaaS vendor, routine evaluation" - -## Workflow - -1. Route to nda-triage skill via legal-global-router -2. Load NDA configuration from playbook (legal.local.md) if available -3. Gather context: mutual/unilateral, purpose, counterparty type, urgency -4. Compare incoming NDA against standard form or general commercial standards -5. Classify deviations and assign tier: - - Tier 1: Standard Approval (no attorney review) -- target 60-70% - - Tier 2: Counsel Review (attorney review, no negotiation expected) -- target 20-30% - - Tier 3: Full Review (attorney review + likely negotiation) -- target 10-15% -6. Check for automatic RED flags (residuals clause, no public info carve-out, etc.) -7. Produce triage report with routing recommendation - -## Output - -- NDA Triage Report with tier classification -- Estimated attorney time: 0 / ~15 min / ~45 min -- Deviation summary: GREEN/YELLOW/RED counts -- Routing recommendation with specific deviations listed - -ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/commands/vendor-check.md b/legal-ops/commands/vendor-check.md deleted file mode 100644 index bb401cc..0000000 --- a/legal-ops/commands/vendor-check.md +++ /dev/null @@ -1,36 +0,0 @@ -# /vendor-check - -Obligation tracking, vendor status check, renewal calendar, and compliance dashboard. - -## Usage - -/vendor-check [scope] [filter] [output-format] - -## Examples - -/vendor-check "Acme Corp" "all obligations" "summary" -/vendor-check scope:"all active contracts" filter:"obligations due within 60 days" -/vendor-check scope:"vendor agreements" filter:"renewal dates in 90 days" output:"compliance calendar" - -## Workflow - -1. Route to compliance-calendar skill via legal-global-router -2. Query connected contract repository (Google Drive / SharePoint MCP) -3. Extract obligation data: deliverables, payments, notices, renewals -4. Apply escalation timeline: - - 60 days: add to dashboard - - 30 days: notify obligation owner - - 14 days: notify owner + manager - - 7 days: notify General Counsel - - 1 day: emergency alert (CFO for financial, GC for legal/regulatory) - - Missed: log compliance incident; initiate remediation -5. Produce compliance calendar dashboard - -## Output - -- Compliance Calendar with RED/YELLOW/GREEN categorisation -- Obligations summary by owner and deadline -- Renewal calendar with notice period deadlines -- Overdue items requiring immediate action - -ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/evals/routing-golden.json b/legal-ops/evals/routing-golden.json index 24ece34..d0961d1 100644 --- a/legal-ops/evals/routing-golden.json +++ b/legal-ops/evals/routing-golden.json @@ -1,6 +1,7 @@ [ { "query": "Review this vendor MSA for our SaaS procurement under English law", + "expected_route": "anthropic:/review-contract", "expected_product_skill": "contract-review", "expected_jurisdiction": "UK", "expected_overlay": "uk-law.md", @@ -9,6 +10,7 @@ }, { "query": "We received an NDA from a prospective technology partner based in Delaware", + "expected_route": "anthropic:/triage-nda", "expected_product_skill": "nda-triage", "expected_jurisdiction": "US", "expected_overlay": "us-law.md", @@ -17,6 +19,7 @@ }, { "query": "Run a patent landscape analysis for AI document extraction technology in the EU", + "expected_route": "skill:ip-protection", "expected_product_skill": "ip-protection", "expected_jurisdiction": "EU", "expected_overlay": "eu-law.md", @@ -25,6 +28,7 @@ }, { "query": "What regulatory changes in data protection affect our UK and EU operations this month?", + "expected_route": "skill:regulatory-monitoring", "expected_product_skill": "regulatory-monitoring", "expected_jurisdiction": "Multi", "expected_overlay": ["uk-law.md", "eu-law.md"], @@ -33,6 +37,7 @@ }, { "query": "We received a DSAR from a former customer under UK GDPR", + "expected_route": "skill:dsar-privacy", "expected_product_skill": "dsar-privacy", "expected_jurisdiction": "UK", "expected_overlay": "uk-law.md", @@ -41,6 +46,7 @@ }, { "query": "Analyse our external legal spend for Q1 2026 and flag billing anomalies", + "expected_route": "skill:legal-spend", "expected_product_skill": "legal-spend", "expected_jurisdiction": "N/A", "expected_overlay": null, @@ -49,6 +55,7 @@ }, { "query": "Show all contract obligations due in the next 60 days", + "expected_route": "skill:compliance-calendar", "expected_product_skill": "compliance-calendar", "expected_jurisdiction": "N/A", "expected_overlay": null, @@ -57,7 +64,8 @@ }, { "query": "New vendor agreement received for intake and routing -- counterparty is a Pakistani software company", - "expected_product_skill": "contract-intake-agent", + "expected_route": "agent:contract-intake", + "expected_product_skill": "contract-intake", "expected_jurisdiction": "Pakistan", "expected_overlay": "pakistan-law.md", "expected_contains": ["metadata", "classification", "Tier", "routing"], @@ -65,6 +73,7 @@ }, { "query": "Review this consulting agreement governed by UAE/DIFC law for our Dubai subsidiary", + "expected_route": "anthropic:/review-contract", "expected_product_skill": "contract-review", "expected_jurisdiction": "UAE", "expected_overlay": "uae-law.md", @@ -73,6 +82,7 @@ }, { "query": "We need trademark monitoring for our brand across EU member states", + "expected_route": "skill:ip-protection", "expected_product_skill": "ip-protection", "expected_jurisdiction": "EU", "expected_overlay": "eu-law.md", @@ -81,6 +91,7 @@ }, { "query": "Triage this incoming NDA from a German company proposing German law as governing law", + "expected_route": "anthropic:/triage-nda", "expected_product_skill": "nda-triage", "expected_jurisdiction": "EU", "expected_overlay": "eu-law.md", @@ -89,6 +100,7 @@ }, { "query": "A California resident has filed a CCPA data deletion request", + "expected_route": "skill:dsar-privacy", "expected_product_skill": "dsar-privacy", "expected_jurisdiction": "US", "expected_overlay": "us-law.md", diff --git a/legal-ops/evals/run-evals.py b/legal-ops/evals/run-evals.py index 1788521..bd1e491 100644 --- a/legal-ops/evals/run-evals.py +++ b/legal-ops/evals/run-evals.py @@ -21,6 +21,7 @@ def validate_routing_golden(path: Path) -> list[str]: errors.append(f"routing-golden.json: expected 10+ cases, got {len(cases)}") required_fields = [ "query", + "expected_route", "expected_product_skill", "expected_jurisdiction", "expected_overlay", @@ -31,7 +32,20 @@ def validate_routing_golden(path: Path) -> list[str]: for f in required_fields: if f not in c: errors.append(f"routing-golden.json case {i}: missing field '{f}'") - # Verify all 8 product skills are covered + # Validate expected_route format + route = c.get("expected_route", "") + if route and ":" not in route: + errors.append( + f"routing-golden.json case {i}: expected_route '{route}' " + f"must have format 'type:name' (anthropic:/cmd, skill:name, agent:name)" + ) + # Verify route coverage: all 3 route types represented + route_types = {c.get("expected_route", "").split(":")[0] for c in cases} + expected_types = {"anthropic", "skill", "agent"} + missing_types = expected_types - route_types + if missing_types: + errors.append(f"routing-golden.json: missing route types: {missing_types}") + # Verify all destination skills/commands are covered skills = {c["expected_product_skill"] for c in cases} expected_skills = { "contract-review", @@ -41,7 +55,7 @@ def validate_routing_golden(path: Path) -> list[str]: "dsar-privacy", "legal-spend", "compliance-calendar", - "contract-intake-agent", + "contract-intake", } missing_skills = expected_skills - skills if missing_skills: diff --git a/legal-ops/exercises/ex01-negotiation-playbook.md b/legal-ops/exercises/ex01-negotiation-playbook.md deleted file mode 100644 index 0450100..0000000 --- a/legal-ops/exercises/ex01-negotiation-playbook.md +++ /dev/null @@ -1,87 +0,0 @@ -# Exercise 1: Build Your Negotiation Playbook - -## Scenario Profile - -| Field | Value | -| ------------------- | ---------------------------------------------------------------------- | -| **Type** | SKILL.md Configuration | -| **Time** | 60-90 minutes | -| **Skills Required** | `contract-review`, `legal-global-router`, `legal.local.md.template` | -| **Prerequisite** | Legal Ops plugin installed; access to 3 recently negotiated agreements | -| **Chapter** | Chapter 22 -- Legal Operations and Compliance | - ---- - -## Overview - -The negotiation playbook is the single most important configuration decision in your -Legal Ops plugin deployment. Without it, every review is generic. With it, every review -reflects your organisation's actual risk tolerance and negotiation history. - ---- - -## Steps - -### Step 1 -- Conduct the Expert Interview (30 minutes) - -Before opening the plugin, conduct a structured interview with your General Counsel -or most senior commercial attorney. Use these questions exactly: - -1. In a typical vendor agreement where you are the customer, what is your standard - position on limitation of liability? What is the absolute minimum you would accept? -2. Which IP clauses are truly non-negotiable -- where you would decline the deal? -3. In the last 12 months, which clause caused the most negotiation difficulty? -4. Which contract types do you personally review? Which delegate to juniors? -5. What looks acceptable on paper but your instinct always flags in practice? - -Record the answers verbatim. - -### Step 2 -- Document Extraction - -For each of your three most recently negotiated vendor agreements: - -- What was the starting position on the three most-negotiated clauses? -- What was the final agreed position? -- Was the compromise one your organisation was comfortable with? - -### Step 3 -- Draft Your Playbook - -Using the `legal.local.md.template`, draft your playbook covering at minimum: -limitation of liability, IP ownership, indemnification, data protection, -termination, and governing law. - -### Step 4 -- Test and Calibrate - -``` -/review-contract -[Upload: one of the three executed contracts from Step 2] - -Context: provide your position, urgency level, and any known issues -``` - -Compare the agent's output against your knowledge of the actual negotiation: - -- Did the agent flag the clauses that actually required negotiation? -- Were any significant issues missed? -- Were the GREEN/YELLOW/RED classifications consistent with your risk tolerance? - -### Step 5 -- Refine and Re-test - -Update your playbook based on the gaps. Re-run the review. Document changes. - ---- - -## Expected Output - -- A validated `legal.local.md` negotiation playbook -- Documentation of calibration changes (what was adjusted and why) -- Comparison showing agent output vs. actual negotiation history - ---- - -## Deliverable - -A validated negotiation playbook ready to deploy as your organisation's -Legal Ops plugin configuration. - -ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/exercises/ex02-contract-review-sprint.md b/legal-ops/exercises/ex02-contract-review-sprint.md deleted file mode 100644 index 3bb3889..0000000 --- a/legal-ops/exercises/ex02-contract-review-sprint.md +++ /dev/null @@ -1,83 +0,0 @@ -# Exercise 2: Contract Review Sprint -- Three Contracts in One Hour - -## Scenario Profile - -| Field | Value | -| ------------------- | --------------------------------------------- | -| **Type** | Applied Practice | -| **Time** | 60 minutes (20 minutes per contract) | -| **Skills Required** | `contract-review`, `legal-global-router` | -| **Plugin Command** | `/review-contract` | -| **Chapter** | Chapter 22 -- Legal Operations and Compliance | - ---- - -## Overview - -You are the Legal Operations Manager at a 150-person technology company. -Three contracts arrived this morning, all requesting review by end of business. - ---- - -## Contract A -- SaaS Vendor Agreement (you are the customer) - -If you do not have a real SaaS agreement, generate a training document: - -``` -/legal-brief topic:"generate a realistic vendor-favourable SaaS MSA for training" - clauses:"limitation of liability (3 months' fees cap), - IP ownership (vendor retains all IP including customisations), - data processing, termination for convenience (60 days vendor; - immediate for cause only for customer), - governing law: vendor's state" -``` - -Then run `/review-contract` against it. - -Context: We are the customer. Cloud-based project management software. -Annual value: GBP 48,000. Vendor evaluation in progress for 3 months. -Business unit wants to sign by Friday. - -**Answer:** - -1. What is the overall risk rating? -2. How many RED items? Are they genuine deal issues? -3. What is the single most important redline given the Friday deadline? -4. Recommend: approve / negotiate / escalate / decline - ---- - -## Contract B -- Consulting Services Agreement (you are the customer) - -Context: Engaging an external consultant for a 6-month product strategy project. -Fixed fee: GBP 95,000. Consultant will access product roadmap and customer data. - -**Answer:** - -1. What IP ownership issues does the agent flag? -2. The agent flags a RED on data protection -- what is the specific issue? -3. The liability cap is GBP 10,000 (~10% of fee). Classification and recommendation? -4. Draft a negotiation strategy email using the top 3 redline suggestions. - ---- - -## Contract C -- Co-Marketing Partnership Agreement - -Context: Co-marketing and referral agreement with a complementary software company. -We refer customers to them; they refer to us. No cash. Term: 2 years. - -**Answer:** - -1. Which clauses are most important for this partnership structure? -2. The contract has a residuals clause. Is this RED? Why? -3. No limitation of liability clause at all. Draft the clause to propose. -4. Write a one-paragraph risk summary for your CFO in plain English. - ---- - -## Sprint Debrief - -Which of the three reviews was most valuable? Which produced the most useful -redlines? Which would have benefited most from additional playbook configuration? - -ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/exercises/ex03-nda-triage-system.md b/legal-ops/exercises/ex03-nda-triage-system.md deleted file mode 100644 index 5c2cae9..0000000 --- a/legal-ops/exercises/ex03-nda-triage-system.md +++ /dev/null @@ -1,75 +0,0 @@ -# Exercise 3: NDA Triage System -- Build, Test, Deploy - -## Scenario Profile - -| Field | Value | -| ------------------- | --------------------------------------------- | -| **Type** | Workflow Configuration | -| **Time** | 45 minutes | -| **Skills Required** | `nda-triage`, `legal-global-router` | -| **Plugin Command** | `/triage-nda` | -| **Chapter** | Chapter 22 -- Legal Operations and Compliance | - ---- - -## Overview - -Your organisation receives approximately 25 NDA requests per month. Currently all -go to the same junior attorney, taking 30-45 minutes each -- approximately 12+ hours -of attorney time per month. Your task: design and test a triage system that reduces -attorney NDA time to 3-4 hours per month. - ---- - -## Steps - -### Step 1 -- Configure Your NDA Triage Playbook - -Add the NDA-specific section to `legal.local.md`. Define your Tier 1/2/3 criteria. - -### Step 2 -- Build a Four-NDA Test Set - -- **NDA A**: Your own standard form, unmodified -- **NDA B**: Your standard form with the counterparty's jurisdiction as governing law -- **NDA C**: Your standard form + residuals clause + 5-year term (vs. standard 3) -- **NDA D**: Unilateral NDA (disclosing only, counterparty is discloser) when mutual - expected; broad confidential information definition; no public-info carve-out; - perpetual survival - -For each: run `/triage-nda`, provide context, record the classification. - -### Step 3 -- Expected Results - -| NDA | Expected Tier | Reason | -| ----- | ------------- | ------------------------------------------------------- | -| NDA A | Tier 1 | Standard form, no deviations | -| NDA B | Tier 2 | Governing law deviation -- counsel confirmation | -| NDA C | Tier 2 or 3 | Residuals clause = automatic RED flag | -| NDA D | Tier 3 | Multiple RED items: unilateral, no carve-out, perpetual | - -### Step 4 -- Calibrate - -If results diverge from expected, update the playbook and re-run. Document why -the initial configuration missed the expected result. - -### Step 5 -- Draft Routing Templates - -- Tier 1 to business unit: approved, here is the execution process -- Tier 2 to reviewing attorney: here are the flagged deviations and deadline -- Tier 3 to General Counsel: here are the RED items, urgency, recommendation - ---- - -## Expected Output - -- Tested NDA triage configuration -- Three routing email templates -- Calculation showing reduction from 12+ to ~3-4 attorney hours/month - ---- - -## Deliverable - -Validated NDA triage configuration + routing templates + documented time savings. - -ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/exercises/ex04-ip-monitoring.md b/legal-ops/exercises/ex04-ip-monitoring.md deleted file mode 100644 index 82fe34f..0000000 --- a/legal-ops/exercises/ex04-ip-monitoring.md +++ /dev/null @@ -1,82 +0,0 @@ -# Exercise 4: IP Monitoring -- Competitor Patent Watch - -## Scenario Profile - -| Field | Value | -| ------------------- | --------------------------------------------- | -| **Type** | Applied Research | -| **Time** | 45 minutes | -| **Skills Required** | `ip-protection`, `legal-global-router` | -| **Plugin Command** | `/legal-brief` | -| **Chapter** | Chapter 22 -- Legal Operations and Compliance | - ---- - -## Overview - -You are in-house counsel for a company that has developed a proprietary AI-based -document analysis system. Your legal team has asked you to establish a patent -monitoring programme for two key competitors and to assess freedom-to-operate -risk before launching your next product feature. - ---- - -## Steps - -### Step 1 -- Landscape Analysis - -``` -/legal-brief topic:"patent landscape analysis" - technology:"AI document analysis, natural language processing, - contract review automation, clause extraction" - key-competitors:"[Competitor 1], [Competitor 2]" - scope:"patents filed or granted 2021-2026" - jurisdictions:"US (USPTO), EU (EPO), UK (UKIPO)" - output:"landscape summary with freedom-to-operate flags" -``` - -Analyse: Who are the most active filers? Are there patents with broad claim -language that may cover your planned feature? What white spaces exist? - -### Step 2 -- Set Up Weekly Competitor Monitoring - -``` -/legal-brief topic:"patent monitoring brief" - monitor-assignees:"[Competitor 1], [Competitor 2]" - technology-keywords:"[list 5-8 relevant technical terms]" - jurisdictions:"US, EU, UK" - output:"weekly summary for IP attorney" -``` - -Draft the monitoring brief template for weekly delivery to your IP attorney. - -### Step 3 -- FTO Preliminary Assessment Brief - -``` -/legal-brief topic:"freedom-to-operate preliminary research" - our-technology:"[describe planned feature in 2-3 sentences]" - potentially-relevant:"[list patents from Step 1]" - jurisdiction:"US" - note:"This is preliminary research for attorney review, - not a freedom-to-operate opinion." -``` - -Write the cover memo to your IP attorney that accurately characterises -what the agent produced and what you need them to confirm or act on. - ---- - -## Governance Reminder - -The output of Step 3 is research scaffolding for your IP attorney -- not an -FTO opinion. The cover memo must make this crystal clear. An FTO opinion is -a privileged legal opinion signed by a qualified IP attorney. - ---- - -## Deliverable - -IP monitoring workflow + weekly competitor brief template + FTO research memo -correctly scoped for attorney review. - -ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/exercises/ex05-contract-intake-agent.md b/legal-ops/exercises/ex05-contract-intake-agent.md deleted file mode 100644 index 6948d9a..0000000 --- a/legal-ops/exercises/ex05-contract-intake-agent.md +++ /dev/null @@ -1,88 +0,0 @@ -# Exercise 5: Build the Legal Ops Agent -- Contract Intake - -## Scenario Profile - -| Field | Value | -| ------------------- | -------------------------------------------------- | -| **Type** | Agent Configuration and Testing | -| **Time** | 90 minutes | -| **Skills Required** | All product skills + `contract-intake-agent` | -| **Plugin Commands** | `/review-contract`, `/triage-nda`, `/vendor-check` | -| **Chapter** | Chapter 22 -- Legal Operations and Compliance | - ---- - -## Overview - -You are building a complete Contract Intake Agent that manages all incoming -contracts from receipt through routing, tracking, and obligation monitoring. - ---- - -## Steps - -### Step 1 -- Map Your Current Process - -Before configuring anything, document precisely: - -- How do contracts currently arrive? -- Who handles first review? How long does it take? -- Where are executed contracts stored? Are they searchable? -- How are renewal dates tracked? -- What falls through the cracks most often? - -This is the process you are replacing. Document it to measure improvement. - -### Step 2 -- Configure the SKILL.md - -Using the contract-intake-agent SKILL.md, customise for your organisation: - -- Add your specific contract types -- Define SLA thresholds with named owners (actual names, not generic roles) -- Write your three communication templates -- Add your escalation triggers - -### Step 3 -- Connect via MCP - -Work with IT to connect: - -- Google Drive or SharePoint (contract storage) -- Gmail or Outlook (legal intake email) -- Google Sheets or Notion (contract tracking log) - -### Step 4 -- Test with Five Historical Contracts - -- One NDA (standard / should be Tier 1) -- One NDA (non-standard / should be Tier 2 or 3) -- One vendor agreement (straightforward) -- One vendor agreement (complex IP, data processing, unusual terms) -- One employment or contractor agreement - -For each: record intake classification, routing decision, communication output. - -### Step 5 -- Calibrate - -For incorrect routing, identify whether the error was in: - -- Playbook threshold -- SKILL.md routing logic -- Document type classification - -Fix and re-test. - -### Step 6 -- Build the Tracking Dashboard - -Using Google Sheets MCP, create a contract tracking dashboard showing: - -- All active contracts by status -- Obligations due in 30/60/90 days -- Average cycle time by tier (baseline vs. agent-assisted) - ---- - -## Deliverable - -A functioning Contract Intake Agent connected to your document management system, -with tested SKILL.md, live tracking dashboard, and documented time savings. - -ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/exercises/ex06-regulatory-monitoring.md b/legal-ops/exercises/ex06-regulatory-monitoring.md deleted file mode 100644 index 8eac6bb..0000000 --- a/legal-ops/exercises/ex06-regulatory-monitoring.md +++ /dev/null @@ -1,72 +0,0 @@ -# Exercise 6: Regulatory Monitoring -- The Weekly Brief - -## Scenario Profile - -| Field | Value | -| ------------------- | ---------------------------------------------- | -| **Type** | Workflow Configuration | -| **Time** | 45 minutes | -| **Skills Required** | `regulatory-monitoring`, `legal-global-router` | -| **Plugin Command** | `/legal-brief` | -| **Chapter** | Chapter 22 -- Legal Operations and Compliance | - ---- - -## Overview - -You are Compliance Officer at a 150-person technology company with UK and EU -operations. Your board has asked for a monthly regulatory briefing covering: -data protection, AI regulation, employment law, and company law. This currently -takes 4-6 hours per month. - ---- - -## Steps - -### Step 1 -- Configure Monitoring Parameters - -``` -/legal-brief type:"regulatory-monitoring-setup" - organisation:"technology company, 150 employees, - UK and EU operations, SaaS product" - primary-areas: - - "Data Protection: UK GDPR, EU GDPR, ICO guidance" - - "AI Regulation: EU AI Act implementation, UK AI framework" - - "Employment: UK employment law, EU Working Time, - remote working developments" - - "Company Law: Companies House requirements, director duties" - jurisdictions:"UK, EU (Germany, France, Netherlands primary)" - output:"weekly monitoring brief + monthly board summary" -``` - -### Step 2 -- Run a Live Test Brief - -Use the current week. Evaluate: - -- Did it identify genuine regulatory developments? -- Are the impact assessments (HIGH/MONITOR/AWARENESS) correctly calibrated? -- Is anything missing that you know should be covered? - -Update configuration based on gaps. Re-run. - -### Step 3 -- Build the Monthly Board Summary Template - -The board summary needs: - -- 3-5 bullet executive summary (most important changes this month) -- RAG traffic-light status for each regulatory area -- Actions required (owner, action, deadline) -- Horizon items (significant changes in next 3-6 months) - -Draft this template. Test by producing a sample monthly summary from -four weeks of monitoring briefs. - ---- - -## Deliverable - -Working regulatory monitoring configuration producing weekly briefs and -a monthly board summary -- reducing preparation time from 4-6 hours to -45-60 minutes of review and sign-off. - -ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/exercises/ex07-dsar-response.md b/legal-ops/exercises/ex07-dsar-response.md deleted file mode 100644 index c1f8149..0000000 --- a/legal-ops/exercises/ex07-dsar-response.md +++ /dev/null @@ -1,104 +0,0 @@ -# Exercise 7: DSAR Response -- The 30-Day Clock - -## Scenario Profile - -| Field | Value | -| ------------------- | --------------------------------------------- | -| **Type** | Process Simulation | -| **Time** | 45 minutes | -| **Skills Required** | `dsar-privacy`, `legal-global-router` | -| **Plugin Command** | `/legal-brief` | -| **Chapter** | Chapter 22 -- Legal Operations and Compliance | - ---- - -## Overview - -At 09:17 this morning, the following email arrived at privacy@yourcompany.com: - -> "Dear Sir/Madam, I am writing to request all personal data that your company -> holds about me under Article 15 of the GDPR. My name is Sarah Johnson. I was -> a customer from March 2021 to June 2023. My email address at that time was -> sarah.johnson.42@gmail.com. Please confirm receipt and advise when I can expect -> a response. Regards, Sarah Johnson." - -You are the Privacy Officer. The 30-day GDPR clock started at 09:17. - ---- - -## Steps - -### Day 1 -- Acknowledge Immediately - -``` -/legal-brief topic:"DSAR-acknowledgement" - requester-name:"Sarah Johnson" - requester-email:"sarah.johnson.42@gmail.com" - request-date:"[today]" - request-type:"Subject Access Request (Article 15 UK GDPR)" - jurisdiction:"UK GDPR" -``` - -Review: does it confirm receipt, state deadline, set out identity verification, -and avoid confirming or denying data held? This letter goes out today. - -### Days 1-10 -- Data Discovery - -``` -/legal-brief topic:"DSAR-data-discovery" - requester:"Sarah Johnson, sarah.johnson.42@gmail.com" - customer-period:"March 2021 to June 2023" - systems:"CRM, billing, email, customer support, - marketing database, HR system" -``` - -The agent drafts internal discovery requests to each system owner (Day 10 deadline). - -### Day 12 -- Data Received (Simulate) - -The following has been identified: - -- CRM: Full customer record, purchase history, support tickets, sales rep notes - (including: "difficult customer -- always pushes for discounts") -- Billing: Invoice history, last 4 digits of payment card, billing address -- Email: 47 support emails -- Marketing: Campaign history, open/click tracking, preference settings -- HR system: No data found -- Legal case management: No data found - -``` -/legal-brief topic:"DSAR-response-preparation" - data-found:[provide summary above] - redaction-required:"third-party personal data in support tickets; - internal staff personal data; commercially sensitive info" - jurisdiction:"UK GDPR" -``` - -### Day 15 -- Response Draft - -Draft the final response letter: categories of data held, how it is processed, -legal basis, retention periods, and information about Sarah's rights. - -Route for attorney review before sending. - ---- - -## Reflection Questions - -1. The sales rep's CRM note calls Sarah a "difficult customer." Is this personal - data she is entitled to see under Article 15? (Answer: YES) - -2. If Sarah had also requested erasure under Article 17, how would the workflow - change? Which step requires immediate escalation? - -3. Your response is ready on Day 28. Then IT discovers a legacy database with - Sarah's data not included in discovery. What do you do? - ---- - -## Deliverable - -Completed DSAR simulation demonstrating the full 30-day workflow, with a validated -DSAR Agent SKILL.md and documented process map. - -ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/exercises/ex08-legal-ops-dashboard.md b/legal-ops/exercises/ex08-legal-ops-dashboard.md deleted file mode 100644 index 270b723..0000000 --- a/legal-ops/exercises/ex08-legal-ops-dashboard.md +++ /dev/null @@ -1,81 +0,0 @@ -# Exercise 8: The Legal Ops Dashboard - -## Scenario Profile - -| Field | Value | -| ------------------- | --------------------------------------------- | -| **Type** | Integration and Measurement | -| **Time** | 60 minutes | -| **Skills Required** | All product skills | -| **Plugin Commands** | `/vendor-check`, `/legal-brief` | -| **Chapter** | Chapter 22 -- Legal Operations and Compliance | - ---- - -## Overview - -You have now built a negotiation playbook, contract review workflow, NDA triage -system, IP monitoring brief, regulatory monitoring workflow, and DSAR agent. -This exercise ties them together into the Legal Operations Dashboard your -General Counsel needs to run the function strategically. - ---- - -## Steps - -### Step 1 -- Define the KPIs - -| Metric | Data Source | Target | -| --------------------------------------- | --------------------- | ----------------------------------------- | -| Contract review cycle time (by tier) | Contract tracking log | Tier 1: <=1 day; Tier 2: <=2; Tier 3: <=5 | -| NDA Tier 1 auto-approval rate | NDA triage log | >60% | -| Open RED items pending attorney review | Contract queue | Zero items >5 days old | -| Contracts with renewal dates in 60 days | Contract repository | 100% visibility | -| Overdue compliance obligations | Compliance calendar | Zero overdue | -| Open DSARs vs. 30-day window | DSAR log | Zero overdue | -| Regulatory alerts actioned | Monitoring log | 100% within 30 days | -| External legal spend vs. budget | AP system | Within 10% of budget | - -### Step 2 -- Build the Dashboard - -``` -/legal-brief topic:"legal-ops-dashboard" - data-sources: - - "contract tracking log [link]" - - "NDA triage log [link]" - - "compliance calendar [link]" - - "DSAR log [link]" - output:"weekly dashboard for General Counsel" - include:"RAG status per category; trend vs. prior week; - items requiring GC personal attention" -``` - -### Step 3 -- Write the Weekly GC Briefing - -Using the dashboard, draft a 1-page briefing for your General Counsel: - -- Takes 5 minutes to read -- Immediate picture of the legal pipeline state -- Items requiring GC personal attention clearly identified -- Emerging risks identified before they become urgent - -### Step 4 -- Measure the Transformation - -| Function | Hours/month before | Hours/month after | Saving | -| ------------------------------ | ------------------ | ----------------- | ------ | -| Contract review | | | | -| NDA triage (attorney time) | | | | -| Regulatory monitoring | | | | -| DSAR processing (per request) | | | | -| Compliance calendar management | | | | -| **Total** | | | | - ---- - -## Deliverable - -A Legal Ops Dashboard specification, a sample weekly GC briefing, and a -documented ROI analysis showing the capacity transformation in your legal -department. - -ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/hooks/hooks.json b/legal-ops/hooks/hooks.json index 249082a..09f34d2 100644 --- a/legal-ops/hooks/hooks.json +++ b/legal-ops/hooks/hooks.json @@ -5,7 +5,7 @@ "hooks": [ { "type": "prompt", - "prompt": "The Legal Operations and Compliance plugin (v1.0.0) is active. Capabilities: 8 product skills (contract review, NDA triage, IP protection, regulatory monitoring, DSAR privacy, legal spend, compliance calendar, contract intake), 5 jurisdiction overlays (UK, EU, US, Pakistan, UAE), 4 domain commands. Commands available: /review-contract (full contract review), /triage-nda (NDA pre-screening), /vendor-check (obligation and compliance tracking), /legal-brief (research, regulatory monitoring, IP analysis). The router auto-activates on any legal operations query. ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY. $ARGUMENTS" + "prompt": "The Legal Operations and Compliance plugin (v3.0.0) is active. Architecture: 2 agents (legal-ops-router, contract-intake) orchestrating 7 skills (legal-global-router, contract-intake-agent, compliance-calendar, dsar-privacy, ip-protection, legal-spend, regulatory-monitoring) with 6 jurisdiction overlays (UK, EU, US, Pakistan, UAE, GCC). Extends Anthropic's Legal Plugin (Layer 1) with jurisdiction-aware routing (Layer 2). The router agent auto-activates on any legal operations query, loads jurisdiction overlays and negotiation playbook context, and routes to the correct Layer 1 command or Layer 2 skill. ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY. $ARGUMENTS" } ] } diff --git a/legal-ops/skills/compliance-calendar/SKILL.md b/legal-ops/skills/compliance-calendar/SKILL.md index 04fe443..93bea3d 100644 --- a/legal-ops/skills/compliance-calendar/SKILL.md +++ b/legal-ops/skills/compliance-calendar/SKILL.md @@ -1,18 +1,15 @@ --- name: compliance-calendar -version: 1.0 description: > - Activate for: contract renewal, renewal deadline, notice period, - renewal reminder, compliance deadline, obligation due, filing deadline, - regulatory deadline, policy review due, audit schedule, certification - renewal, licence renewal, compliance calendar, upcoming deadline, - obligation tracking, contract obligation, missed deadline, overdue, - 60-day calendar, compliance obligations. - NOT for: contract review, NDA triage, IP research, DSAR processing, setting compliance policy (compliance officer required). -plugin-commands: /vendor-check -chapter: 22 -- Legal Operations and Compliance + Obligation tracking, deadline management, and compliance calendar dashboards. + Covers contract obligations, regulatory filings, internal compliance reviews, + and litigation deadline escalation. Produces RAG-status dashboards with + escalation timelines. +user-invocable: false --- +# Compliance Calendar -- Obligation Tracking + ## CALENDAR CATEGORIES ### Category 1: Contract Obligations diff --git a/legal-ops/skills/dsar-privacy/SKILL.md b/legal-ops/skills/dsar-privacy/SKILL.md index 3aa8e77..c698a5b 100644 --- a/legal-ops/skills/dsar-privacy/SKILL.md +++ b/legal-ops/skills/dsar-privacy/SKILL.md @@ -1,18 +1,15 @@ --- name: dsar-privacy -version: 1.0 description: > - Activate for: DSAR, data subject access request, subject access request, - SAR, right of access, Article 15, GDPR request, CCPA request, privacy - request, right to be forgotten, erasure request, Article 17, data - portability, Article 20, data rectification, Article 16, restriction of - processing, Article 18, objection to processing, Article 21, data subject - rights, privacy inquiry, ICO complaint, privacy response. - NOT for: contract review, NDA triage, IP matters, regulatory monitoring, legal advice on data protection interpretation, erasure execution. -plugin-commands: /legal-brief -chapter: 22 -- Legal Operations and Compliance + Data Subject Access Request (DSAR) workflow management. Covers the full + 30-day DSAR lifecycle: receipt, identity verification, data discovery, + compilation and redaction, response drafting, and logging. Multi-jurisdiction + support for UK GDPR, EU GDPR, CCPA, and PIPEDA. +user-invocable: false --- +# DSAR and Privacy -- Data Subject Access Request Workflow + ## JURISDICTION RESPONSE WINDOWS | Jurisdiction | Window | Regulator | Extension | diff --git a/legal-ops/skills/ip-protection/SKILL.md b/legal-ops/skills/ip-protection/SKILL.md index 2486baf..8d1c864 100644 --- a/legal-ops/skills/ip-protection/SKILL.md +++ b/legal-ops/skills/ip-protection/SKILL.md @@ -1,18 +1,15 @@ --- name: ip-protection -version: 1.0 description: > - Activate for: patent, patent search, patent landscape, freedom to operate, - FTO, prior art, trademark, trade mark, brand protection, trademark watch, - trademark monitoring, copyright, DMCA, open source, OSS licence, trade - secret, IP audit, IP protection, IP ownership, IP clause, IP indemnity, - patent infringement, trademark infringement, copyright infringement, - IP portfolio, IP monitoring, competitor patent, patent filing. - NOT for: contract review, NDA triage, regulatory monitoring, DSAR processing, patent filing (attorney required), trademark registration. -plugin-commands: /legal-brief -chapter: 22 -- Legal Operations and Compliance + Intellectual property protection workflows: patent landscape analysis, + freedom-to-operate (FTO) preliminary assessment, trademark monitoring, + copyright and OSS licence compliance, and IP clause review within contracts. + Produces research scaffolding for IP counsel review. +user-invocable: false --- +# IP Protection -- Patent, Trademark, Copyright, and OSS Compliance + ## IP TASK CLASSIFICATION ### Task 1: Patent Landscape Analysis diff --git a/legal-ops/skills/jurisdiction-contract-review/SKILL.md b/legal-ops/skills/jurisdiction-contract-review/SKILL.md deleted file mode 100644 index a44301c..0000000 --- a/legal-ops/skills/jurisdiction-contract-review/SKILL.md +++ /dev/null @@ -1,172 +0,0 @@ ---- -name: jurisdiction-contract-review -version: 1.0 -description: > - Activate for: contract review, clause analysis, redline, vendor agreement, - MSA, master services agreement, SOW, statement of work, SaaS agreement, - software licence, professional services agreement, partnership agreement, - supply agreement, distribution agreement, review contract, full NDA review - (use jurisdiction-nda-triage for quick triage only). - NOT for: NDA-only triage (use jurisdiction-nda-triage), IP research, regulatory monitoring, DSAR processing, general legal advice, litigation strategy. -plugin-commands: /review-contract -chapter: 22 -- Legal Operations and Compliance ---- - -## REVIEW WORKFLOW -- EXECUTE IN ORDER - -### Phase 1: Context Gathering (before reading the contract) - -Ask the user: - -1. Which party are you? (Customer / Vendor / Licensor / Licensee / Partner / Other) -2. What is the contract type? (SaaS / Professional Services / Licence / Partnership / Other) -3. When does this need to be finalised? -4. Approximate contract value? -5. Any specific clauses of concern? -6. Relevant business context (new vs. strategic vs. commodity vendor)? - -### Phase 2: Playbook Loading - -CHECK for playbook in user's local settings (legal.local.md or configured file). - -IF playbook FOUND: - -- Load all clause positions, acceptable ranges, and escalation triggers -- Label output: "Reviewed against [Organisation] Negotiation Playbook v[X]" - -IF playbook NOT FOUND: - -- Inform user: "No playbook configured. Reviewing against general commercial standards." -- Offer to help create a playbook (see legal.local.md.template) -- Label all output: "Reviewed against general commercial standards" - -### Phase 3: Full Contract Read - -READ THE ENTIRE CONTRACT before flagging any issues. -Reason: Clauses interact. An uncapped indemnity may be partially offset by a broad -limitation of liability. Review holistically, not clause-by-clause in isolation. - -Identify: - -- Contract type (confirm or update from context phase) -- User's side (confirm from context) -- Governing law and jurisdiction -- Material clauses present / absent -- Unusual structure or atypical provisions - -### Phase 4: Clause-by-Clause Analysis - -ANALYSE each material clause against playbook (or general standards). - -PRIORITY CLAUSES (always analyse): - -1. Limitation of liability -- cap amount, mutual/asymmetric, carve-outs -2. Intellectual property -- ownership, work product, licence-back -3. Indemnification -- scope, triggers, caps, mutual/one-sided -4. Data protection -- DPA requirement, transfer mechanisms, breach notification -5. Termination -- for convenience, for cause, notice periods, consequences -6. Governing law and jurisdiction -- choice of law, dispute resolution -7. Confidentiality -- scope, duration, carve-outs -8. Payment and pricing -- fixed/variable, invoicing, late payment -9. Warranties and representations -- scope, disclaimers -10. Force majeure -- scope, notification, relief - -SECONDARY CLAUSES (analyse if present): - -- Non-compete / non-solicitation -- Audit rights -- Assignment and change of control -- Insurance requirements -- SLA and service credits -- Auto-renewal provisions - -### Phase 5: Three-Tier Flag Classification - -Classify every deviation from playbook (or general standard): - -GREEN -- ACCEPTABLE -Within standard position or acceptable range. -No action required. Note for completeness. - -YELLOW -- NEGOTIATE -Outside standard position but within acceptable range. -Action: Provide primary redline + fallback position. - -RED -- ESCALATE -Outside acceptable range. Potential material risk. -Action: Flag for attorney review. Do not proceed without legal sign-off. - -### Phase 6: Redline Generation Format - -For each YELLOW and RED item: - -CLAUSE: [Clause name and section number] -STATUS: [YELLOW / RED] -CURRENT: "[Exact current contract text]" -ISSUE: [Specific problem and why it matters] -REDLINE: "[Exact proposed replacement text -- ready to insert]" -FALLBACK: [If YELLOW: fallback position if primary ask is rejected] -RATIONALE: "[Professional rationale suitable for sharing with counterparty's counsel]" -PRIORITY: [Must-have / Nice-to-have] - -### Phase 7: Holistic Risk Summary - -Conclude with: - -- Total: [N] GREEN | [N] YELLOW | [N] RED -- Single most material risk in this contract -- Overall recommendation: Approve / Negotiate / Escalate to counsel / Decline -- Suggested negotiation priority order (most important first) - -## OUTPUT FORMAT - -### Redline Output (per YELLOW / RED clause) - -``` -CLAUSE: [Clause name and section number] -STATUS: [YELLOW / RED] -CURRENT: "[Exact current contract text]" -ISSUE: [Specific problem and why it matters] -REDLINE: "[Exact proposed replacement text -- ready to insert]" -FALLBACK: [If YELLOW: fallback position if primary ask is rejected] -RATIONALE: "[Professional rationale suitable for sharing with counterparty's counsel]" -PRIORITY: [Must-have / Nice-to-have] -``` - -### Holistic Risk Summary Output - -``` -CONTRACT REVIEW SUMMARY -━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ -Contract: [Type -- Counterparty] -Governing Law: [jurisdiction] -Playbook: [Loaded / General standards] -Reviewed by: Legal Ops Agent - -CLAUSE ANALYSIS: [N] GREEN | [N] YELLOW | [N] RED - -MOST MATERIAL RISK: -[description of the single most significant risk] - -RECOMMENDATION: [Approve / Negotiate / Escalate to counsel / Decline] - -NEGOTIATION PRIORITY ORDER: -1. [highest priority item] -2. [next priority] -3. [...] - -━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ -ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY -``` - -## NEVER DO THESE - -- NEVER approve a contract for execution -- route for authorised signatory -- NEVER skip Phase 1 context gathering -- user's position changes the entire analysis -- NEVER flag an issue without a specific proposed remedy -- NEVER read clauses in isolation without considering the full contract -- NEVER send redlines to counterparty -- attorney review required first -- NEVER classify a liability carve-out for death/personal injury from negligence - as GREEN -- void under English law (UCTA s.2(1)); RED regardless of playbook - -## ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/skills/jurisdiction-nda-triage/SKILL.md b/legal-ops/skills/jurisdiction-nda-triage/SKILL.md deleted file mode 100644 index f3ae3af..0000000 --- a/legal-ops/skills/jurisdiction-nda-triage/SKILL.md +++ /dev/null @@ -1,103 +0,0 @@ ---- -name: jurisdiction-nda-triage -version: 1.0 -description: > - Activate for: NDA, non-disclosure agreement, confidentiality agreement, - mutual NDA, unilateral NDA, mutual CA, MCA, CDA, triage NDA, review NDA, - incoming NDA, NDA received, sign NDA, NDA approval, quick NDA check. - NOT for: full contract review (use jurisdiction-contract-review), IP matters, regulatory monitoring, DSAR processing, employment agreements. -plugin-commands: /triage-nda -chapter: 22 -- Legal Operations and Compliance ---- - -## TRIAGE WORKFLOW - -### Phase 1: Context - -Ask before reviewing: - -1. Mutual (both parties disclose) or unilateral (one party discloses)? - If unilateral: which party is the discloser? -2. Purpose: vendor evaluation / partnership / M&A / employment / other? -3. Counterparty type: new vendor / strategic partner / large enterprise / individual? -4. Urgency / deadline? -5. Any known concerns? - -### Phase 2: Standard Form Loading - -CHECK for NDA configuration in legal.local.md. - -IF NDA configuration FOUND: - -- Load standard form reference; Tier 1/2/3 criteria -- Compare incoming NDA against standard form directly - -IF NOT FOUND: - -- Apply general commercial NDA standards -- Label: "Reviewed against general commercial NDA standards" - -### Phase 3: Three-Tier Routing Classification - -TIER 1 -- STANDARD APPROVAL (no attorney review required) -Criteria: NDA substantially identical to standard form, OR deviations -fall within pre-approved acceptable ranges (defined in playbook). -Action: Notify business unit -- proceed to authorised signatory. -Target: 60-70% of incoming NDAs. - -TIER 2 -- COUNSEL REVIEW (attorney review; no negotiation expected) -Criteria: Deviations within acceptable range requiring attorney confirmation. -Action: Route to reviewing attorney with triage summary attached. -Target: 20-30%. - -TIER 3 -- FULL REVIEW (attorney review + likely negotiation) -Criteria: RED deviations present. Unusual structure. High-risk provisions. -Action: Route to senior counsel / GC with full risk summary. -Target: 10-15%. - -### Phase 4: Triage Report Format - -NDA TRIAGE REPORT - ---- - -Counterparty: [Name] -Date: [Date] -Playbook: [Loaded / Not configured] - -TRIAGE TIER: [1 / 2 / 3] -- [Label] -Attorney time: [0 / ~15 min / ~45 min] - -SUMMARY: [N] GREEN | [N] YELLOW | [N] RED -RECOMMENDATION: [Route to / Approve for execution] - -DEVIATIONS FROM STANDARD: -GREEN [Clause]: [deviation] -- [classification and reason] -YELLOW [Clause]: [deviation] -- [flag and proposed position] -RED [Clause]: [deviation] -- [RED reason and escalation note] - ---- - -ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY - -## AUTOMATIC RED FLAGS (always Tier 3 regardless of playbook) - -- Residuals clause: allows use of information "retained in unaided memory" -- No carve-out for publicly available information -- Non-compete provisions of any scope -- Perpetual confidentiality obligations (no sunset clause) -- Governing law: jurisdiction with no established commercial law framework -- No definition of Confidential Information (unacceptably broad) -- Unilateral NDA where mutual expected, without documented business justification -- Injunctive relief provisions asymmetric in favour of counterparty -- Disclosure to affiliates without "need to know" qualification - -## NEVER DO THESE - -- NEVER route a Tier 3 NDA to Tier 1 regardless of business urgency -- NEVER approve execution without an authorised signatory -- NEVER omit the residuals clause check -- most commonly missed high-risk provision -- NEVER classify an NDA as Tier 1 if governing law differs from standard - without attorney confirmation - -## ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/skills/legal-global-router/SKILL.md b/legal-ops/skills/legal-global-router/SKILL.md index f1b8f9e..de9aefc 100644 --- a/legal-ops/skills/legal-global-router/SKILL.md +++ b/legal-ops/skills/legal-global-router/SKILL.md @@ -1,6 +1,6 @@ --- name: legal-global-router -version: 1.0 +version: 3.0 description: > TOP-LEVEL ROUTER. Activate when ANY of these terms appear: contract review, NDA, non-disclosure, confidentiality agreement, @@ -10,25 +10,62 @@ description: > termination, legal hold, discovery, litigation, cease and desist, employment agreement, service agreement, MSA, SOW, partnership agreement, vendor agreement, CLM, contract lifecycle, playbook, clause analysis, - negotiation, legal ops, legal operations, contract triage. + negotiation, legal ops, legal operations, contract triage, contract intake, + incoming contract, new contract, contract routing, legal briefing, + research, topic summary, legal spend, invoice, firm performance, + patent landscape, trademark monitoring, regulatory update, compliance alert. NOT for: direct legal advice, court filings, litigation strategy, attorney-client privileged communications, contract execution. author: Panaversity -- The AI Agent Factory chapter: 22 -- Legal Operations and Compliance --- -## STEP 1 -- IDENTIFY TASK TYPE AND LOAD PRODUCT FILE +## STEP 1 -- IDENTIFY TASK TYPE AND ROUTE -| Query Pattern | Load Product Skill | -| -------------------------------------------------- | -------------------------------------------- | -| Contract review, clause analysis, redlines | skills/jurisdiction-contract-review/SKILL.md | -| NDA, non-disclosure, confidentiality agreement | skills/jurisdiction-nda-triage/SKILL.md | -| Patent, trademark, copyright, trade secret, IP | skills/ip-protection/SKILL.md | -| Regulatory update, compliance monitoring | skills/regulatory-monitoring/SKILL.md | -| DSAR, data subject, GDPR request, privacy request | skills/dsar-privacy/SKILL.md | -| Legal spend, invoice, firm performance | skills/legal-spend/SKILL.md | -| Renewal, obligation, deadline, compliance calendar | skills/compliance-calendar/SKILL.md | -| Contract intake, incoming contract, routing | skills/contract-intake-agent/SKILL.md | -| Legal briefing, research, topic summary | use /legal-brief command directly | +| Query Pattern | Route To | +| -------------------------------------------------- | ----------------------------------------------- | +| Contract intake, incoming contract, routing | contract-intake agent | +| Contract review, clause analysis, redlines | Anthropic `/review-contract` (with overlay) | +| NDA, non-disclosure, confidentiality agreement | Anthropic `/triage-nda` (with pre-checks below) | +| Vendor assessment, vendor due diligence | Anthropic `/vendor-check` (with overlay) | +| Patent, trademark, copyright, trade secret, IP | ip-protection skill | +| Regulatory update, compliance monitoring | regulatory-monitoring skill | +| DSAR, data subject, GDPR request, privacy request | dsar-privacy skill | +| Legal spend, invoice, firm performance | legal-spend skill | +| Renewal, obligation, deadline, compliance calendar | compliance-calendar skill | +| Legal briefing, research, topic summary | Route by topic (see Research Routing below) | +| Compliance check, compliance verification | Anthropic `/compliance-check` | +| Legal risk assessment | Anthropic `/legal-risk-assessment` | +| Meeting preparation, briefing prep | Anthropic `/meeting-briefing` | +| Draft legal response | Anthropic `/legal-response` | +| E-signature, signature request | Anthropic `/signature-request` | + +### Research Routing (replaces former /legal-brief command) + +When the query is a research or briefing request, route by topic: + +| Topic Pattern | Routes To | +| --------------------------------- | --------------------------- | +| Regulatory monitoring, compliance | regulatory-monitoring skill | +| Patent, trademark, IP, copyright | ip-protection skill | +| Legal spend, invoice, billing | legal-spend skill | +| DSAR, privacy, data subject | dsar-privacy skill | +| General research, legal topic | Anthropic `/brief` | + +### Product Skills Reference + +Each product is a standalone skill in `skills//SKILL.md`. The router +activates them by name -- Claude loads the skill's domain knowledge automatically. + +| Skill | Domain | +| ----------------------- | ----------------------------------------------------------- | +| `ip-protection` | Patent landscape, trademark monitoring, FTO, OSS compliance | +| `regulatory-monitoring` | Weekly regulatory briefing, impact classification | +| `dsar-privacy` | DSAR 30-day workflow, jurisdiction response windows | +| `legal-spend` | Spend analytics, anomaly detection, benchmarking | +| `compliance-calendar` | Obligation tracking, escalation sequences, dashboard | + +When the routing table directs you to a product skill, activate that skill +and apply its domain knowledge, output formats, and safety rules. ## STEP 2 -- IDENTIFY JURISDICTION AND LOAD OVERLAY @@ -48,18 +85,58 @@ chapter: 22 -- Legal Operations and Compliance | Multi-jurisdictional | Load ALL relevant overlays + escalate to intl counsel | | Unknown / not stated | Flag; apply most conservative standard | -## STEP 3 -- MANDATORY OUTPUT HEADER FORMAT +## STEP 3 -- LOAD NEGOTIATION PLAYBOOK + +CHECK for playbook in user's local settings (legal.local.md or configured file). + +IF playbook FOUND: + +- Load all clause positions, acceptable ranges, and escalation triggers +- Label output: "Reviewed against [Organisation] Negotiation Playbook v[X]" +- Pass playbook context to the destination skill/command + +IF playbook NOT FOUND: + +- Inform user: "No playbook configured. Reviewing against general commercial standards." +- Offer to help create a playbook (see legal.local.md.template) +- Label all output: "Reviewed against general commercial standards" + +## STEP 4 -- NDA PRE-CHECKS (before handing to Anthropic /triage-nda) + +When routing an NDA to Anthropic's `/triage-nda`, FIRST run these 9 automatic +RED flag checks. If ANY fire, classify as Tier 3 and include the flag in the +handoff context: + +### 9 Automatic RED Flags (always Tier 3 regardless of playbook) + +1. **Residuals clause**: allows use of information "retained in unaided memory" +2. **No carve-out for publicly available information** +3. **Non-compete provisions** of any scope +4. **Perpetual confidentiality obligations** (no sunset clause) +5. **Governing law**: jurisdiction with no established commercial law framework +6. **No definition of Confidential Information** (unacceptably broad) +7. **Unilateral NDA where mutual expected**, without documented business justification +8. **Injunctive relief provisions** asymmetric in favour of counterparty +9. **Disclosure to affiliates** without "need to know" qualification + +When handing off to Anthropic `/triage-nda`: + +- Include which RED flags fired (if any) in the context +- Include the jurisdiction overlay findings +- Include playbook context (if loaded) + +## STEP 5 -- MANDATORY OUTPUT HEADER FORMAT -Every legal output produced by any skill MUST begin with this block: +Every legal output produced by any skill or agent MUST begin with this block: ``` -TASK: [e.g. Contract Review -- Vendor MSA] -JURISDICTION: [e.g. English Law] -PLAYBOOK: [Loaded: legal.local.md / Not configured -- using general standards] -OVERLAY: [Loaded: jurisdictions/uk-law.md / None] -ATTORNEY REVIEW: REQUIRED -- all outputs must be reviewed by a licensed attorney -ESCALATION: [Yes -- reason / No] -DATE: [current date] +TASK: [e.g. Contract Review -- Vendor MSA] +JURISDICTION: [e.g. English Law] +PLAYBOOK: [Loaded: legal.local.md / Not configured -- using general standards] +OVERLAY: [Loaded: jurisdictions/uk-law.md / None] +ATTORNEY REVIEW: REQUIRED -- all outputs must be reviewed by a licensed attorney +ESCALATION: [Yes -- reason / No] +DATE: [current date] ``` Do not produce any substantive legal output without this header. @@ -69,8 +146,10 @@ Do not produce any substantive legal output without this header. - NEVER route a query without identifying both the product type AND the jurisdiction - NEVER skip the playbook check -- if no playbook found, state explicitly - NEVER apply a jurisdiction overlay without confirming the user's jurisdiction -- NEVER provide legal advice directly -- route to the correct product skill which will produce analysis for attorney review -- NEVER route employment disputes to jurisdiction-contract-review -- these require specialist employment law advice +- NEVER provide legal advice directly -- route to the correct product/command which will produce analysis for attorney review +- NEVER route employment disputes to contract review -- these require specialist employment law advice +- NEVER route an NDA to Anthropic `/triage-nda` without running the 9 RED flag pre-checks first +- NEVER duplicate Anthropic's built-in commands -- route to them with enriched context ## UNIVERSAL RULES -- NON-NEGOTIABLE diff --git a/legal-ops/skills/legal-spend/SKILL.md b/legal-ops/skills/legal-spend/SKILL.md index b3a717d..299b94c 100644 --- a/legal-ops/skills/legal-spend/SKILL.md +++ b/legal-ops/skills/legal-spend/SKILL.md @@ -1,17 +1,15 @@ --- name: legal-spend -version: 1.0 description: > - Activate for: legal spend, legal invoice, law firm invoice, legal budget, - matter budget, legal costs, external counsel, billing rates, hourly rates, - legal matter, write-off, billing anomaly, legal efficiency, spend analysis, - legal ROI, panel firms, outside counsel, legal department budget, - matter management, legal benchmarking. - NOT for: contract review, NDA triage, IP research, regulatory monitoring, DSAR processing, budget approval (CFO required). -plugin-commands: /legal-brief -chapter: 22 -- Legal Operations and Compliance + Legal spend analytics, anomaly detection, and benchmarking. Analyses + outside counsel invoices by matter type, law firm, and business unit. + Flags billing anomalies and produces quarterly spend reports with + rate benchmarking against market data. +user-invocable: false --- +# Legal Spend -- Analytics, Anomaly Detection, and Benchmarking + ## DATA SOURCES (connect via MCP) - Accounts payable system (invoice data) diff --git a/legal-ops/skills/regulatory-monitoring/SKILL.md b/legal-ops/skills/regulatory-monitoring/SKILL.md index a187b1b..d7fa101 100644 --- a/legal-ops/skills/regulatory-monitoring/SKILL.md +++ b/legal-ops/skills/regulatory-monitoring/SKILL.md @@ -1,17 +1,15 @@ --- name: regulatory-monitoring -version: 1.0 description: > - Activate for: regulatory update, regulation change, new law, compliance - monitoring, regulatory briefing, regulatory calendar, law change, legal - development, regulatory risk, ICO guidance, FCA update, GDPR update, - EU AI Act, employment law change, company law update, sector regulation, - regulatory horizon, compliance alert, policy review, board briefing. - NOT for: contract review, NDA triage, IP research, DSAR processing, legal advice on regulatory interpretation. -plugin-commands: /legal-brief -chapter: 22 -- Legal Operations and Compliance + Regulatory compliance monitoring, impact assessment, and alerting. Produces + weekly regulatory briefs and monthly board summaries with RAG-status + classification. Covers data protection, AI regulation, employment, + company law, and sector-specific regulatory areas across multiple jurisdictions. +user-invocable: false --- +# Regulatory Monitoring -- Compliance Alerts and Impact Assessment + ## CONFIGURATION PARAMETERS (load from settings or ask user) Required: diff --git a/legal-ops/workflow-recipes/contract-intake-workflow.md b/legal-ops/workflow-recipes/contract-intake-workflow.md deleted file mode 100644 index f19148d..0000000 --- a/legal-ops/workflow-recipes/contract-intake-workflow.md +++ /dev/null @@ -1,128 +0,0 @@ -# Workflow Recipe: Contract Intake -- End-to-End - -## Task Overview - -| Field | Value | -| ------------- | ---------------------------------------------------------------------------------- | -| **Task Name** | Contract Intake: Receipt through Execution and Obligation Monitoring | -| **Frequency** | Continuous (triggered by each incoming contract) | -| **Purpose** | Route incoming contracts through triage, review, approval, execution, and tracking | -| **Owner** | Legal Operations Manager / Legal Intake Coordinator | - ---- - -## Trigger Conditions - -| Trigger | Condition | Action | -| ------------ | ------------------------------------------------------- | ----------------------------------------------- | -| **Email** | Contract received at legal-intake@yourcompany.com | Start intake sequence | -| **Upload** | Document uploaded to designated SharePoint/Drive folder | Start intake sequence | -| **Web form** | Contract submitted via internal portal | Start intake sequence | -| **URGENT** | Business deadline stated < 48 hours | Flag URGENT; notify GC; halve all SLA timelines | - ---- - -## Step-by-Step Execution - -### Step 1: Receive and Log - -``` -Input: Contract document (PDF, DOCX, or via MCP connector) -Actions: - - Assign reference ID: [YYYY-MM-DD-XXXX] - - Record receipt timestamp - - Log in contract tracking system - - Extract: counterparty name, contract type, requesting business unit, - stated urgency, deal value (if stated), governing law (if stated) -``` - -### Step 2: Classify Document Type - -``` -NDA / Mutual CA / CDA -> Run /triage-nda protocol -Vendor Agreement / MSA / SOW -> Run /review-contract protocol -SaaS / Software Licence -> Run /review-contract protocol -Employment / Contractor -> Route to HR Legal queue (no agent triage) -Partnership / JV -> Run /review-contract + notify GC -M&A / Investment -> Route to GC immediately (no agent triage) -Unknown -> Extract key terms; route to GC queue -``` - -### Step 3: Run Triage Protocol - -``` -Execute the appropriate product skill: - - nda-triage: produces Tier 1/2/3 classification - - contract-review: produces GREEN/YELLOW/RED analysis - -Output: Triage tier + deviation summary + routing recommendation -``` - -### Step 4: Route Based on Tier - -``` -Tier 1 (Standard Approval): - -> Send Template A to business unit - -> Route to authorised signatory queue - -> Set follow-up reminder: 3 business days - -Tier 2 (Counsel Review): - -> Send Template B to reviewing attorney - -> Attach triage summary - -> Set SLA reminder: 2 business days - -Tier 3 (Full Review / RED items): - -> Send Template C to General Counsel - -> Attach full review output - -> Schedule review call if value > threshold - -> Set SLA reminder: 5 business days -``` - -### Step 5: Track Progress - -``` -Daily status check. Escalate if SLA breached: - - Tier 1 > 1 business day: notify business unit + attorney - - Tier 2 > 2 business days: notify GC - - Tier 3 > 5 business days: notify GC + CFO (if above threshold) -``` - -### Step 6: Post-Execution - -``` -On confirmed signing: - - Save executed contract to repository - - Update tracking log: status = EXECUTED - - Extract: execution date, effective date, term, renewal date, notice period - - Set calendar reminders: - -> Notice period deadline (last date for non-renewal notice) - -> Contract expiry date - -> Key obligation due dates - - Notify business unit: confirmation + renewal date -``` - ---- - -## Required Skill Files - -| Skill File | Purpose | -| ----------------------- | --------------------------------------- | -| `contract-intake-agent` | Intake sequence, routing, and templates | -| `contract-review` | Full contract review (Tier 2/3) | -| `nda-triage` | NDA triage (Tier 1/2/3) | -| `compliance-calendar` | Post-execution obligation tracking | -| `legal-global-router` | Routing and jurisdiction identification | - ---- - -## Escalation / Review Checkpoints - -| Checkpoint | Condition | Reviewer | -| ------------------- | ------------------------------------------------ | ------------------ | -| **Triage complete** | All metadata extracted, tier assigned | Legal Ops Manager | -| **SLA breach** | Tier 1 > 1 day, Tier 2 > 2 days, Tier 3 > 5 days | GC | -| **RED escalation** | Any RED deviation identified | GC immediately | -| **Execution** | Signed contract confirmed | Legal Ops Manager | -| **Post-execution** | Calendar reminders and obligations logged | Compliance Officer | - -ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/workflow-recipes/dsar-30-day-workflow.md b/legal-ops/workflow-recipes/dsar-30-day-workflow.md deleted file mode 100644 index 04ac006..0000000 --- a/legal-ops/workflow-recipes/dsar-30-day-workflow.md +++ /dev/null @@ -1,149 +0,0 @@ -# Workflow Recipe: DSAR 30-Day Response - -## Task Overview - -| Field | Value | -| ------------- | ------------------------------------------------------------------------------- | -| **Task Name** | DSAR Response: Receipt through Completion within 30-Day Statutory Window | -| **Frequency** | Per request (triggered by each incoming DSAR) | -| **Purpose** | Manage data subject access requests end-to-end within mandatory response window | -| **Owner** | Privacy Officer / Data Protection Officer | - ---- - -## Response Windows by Jurisdiction - -| Jurisdiction | Window | Extension | Regulator | -| ------------ | ------------ | ------------------------------- | ------------ | -| UK GDPR | 30 cal. days | +60 days if complex (w/ notice) | ICO | -| EU GDPR | 30 cal. days | +60 days if complex (w/ notice) | National DPA | -| CCPA | 45 days | +45 days with notice | CA AG | -| PIPEDA | 30 days | Escalate to Privacy Officer | OPC | - ---- - -## Step-by-Step Execution - -### Day 1: Receipt and Acknowledgement - -``` -Input: DSAR received (email, portal, letter) -Actions: - - Log request: requester name, contact, date, request type, jurisdiction - - Start response clock - - Set internal alerts: Day 7, Day 15, Day 21, Day 27 - - Draft and send acknowledgement letter - -Acknowledgement MUST include: - - Confirmation of receipt - - Statutory response deadline - - Identity verification requirements (if needed) - - Contact details for queries - -Acknowledgement MUST NOT include: - - Confirmation or denial of what data is held - - Any substantive response - - Legal advice -``` - -### Days 1-3: Identity Verification - -``` -IF requester identity is in doubt: - - Request reasonable proof of identity - - Do NOT request excessive documentation - - 30-day clock pauses while awaiting verification - - If unverifiable -> consult Privacy Counsel before refusing - -IF identity verified: - - Log verification and proceed -``` - -### Days 1-10: Data Discovery - -``` -Send discovery requests to ALL relevant system owners: - - CRM / customer database - - Email and communications systems - - Billing and financial systems - - Marketing and analytics platforms - - HR system (if individual was ever employee) - - Customer support / ticketing systems - - Legal case management (handle with care -- privilege) - - Legacy or archive systems - -Discovery deadline: Day 10 -IF NOT complete by Day 15: escalate to Privacy Counsel -``` - -### Days 10-20: Compilation and Redaction Assessment - -``` -REDACT (do not disclose): - - Third-party personal data - - Internal staff personal data (beyond standard business capacity) - - Legally privileged material (counsel advice required) - - Commercially sensitive info genuinely unrelated to requester - -DO NOT REDACT: - - Opinions ABOUT the requester (these ARE personal data) - - Internal notes about requester's behaviour - - Automated decision-making logic applied to requester - -COMMON ERROR: CRM notes like "difficult customer" ARE personal data -and MUST be disclosed unless a specific exemption applies. -``` - -### Days 20-27: Response Drafting - -``` -Response letter MUST include: - - Confirmation of personal data held (by category) - - Purposes of processing - - Legal basis for each processing activity - - Recipients or categories of recipients - - Retention periods - - Rights: rectification, erasure, restriction, objection, portability, - lodge complaint with supervisory authority - - Source of data (if not collected from requester) - - Automated decision-making / profiling information - -Route for attorney review by Day 27 at latest. -DO NOT send without attorney sign-off. -``` - -### Day 30: Response and Logging - -``` -Send approved response. Log: - - Date received / Date acknowledged / Date responded - - Data categories disclosed - - Data withheld and legal basis - - Attorney sign-off confirmation - - Store in compliance archive -``` - ---- - -## Escalation Rules - -| Trigger | Action | Deadline | -| ----------------------------- | ------------------------------------- | --------- | -| 7 days before deadline | Alert Privacy Counsel if not complete | Day 23 | -| 1 day before deadline | Emergency alert -- GC involved | Day 29 | -| Erasure/restriction/objection | Privacy Counsel immediately | Day 1 | -| Privileged material involved | Privacy Counsel immediately | Day 10-20 | -| Identity fraud suspected | Privacy Counsel immediately | Day 1-3 | -| Related regulatory inquiry | GC immediately | Any day | - ---- - -## Required Skill Files - -| Skill File | Purpose | -| --------------------- | ----------------------------------------------- | -| `dsar-privacy` | Full DSAR workflow and request type routing | -| `legal-global-router` | Jurisdiction identification and overlay loading | -| UK/EU/US overlays | Jurisdiction-specific response requirements | - -ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/workflow-recipes/nda-triage-workflow.md b/legal-ops/workflow-recipes/nda-triage-workflow.md deleted file mode 100644 index 3a5569f..0000000 --- a/legal-ops/workflow-recipes/nda-triage-workflow.md +++ /dev/null @@ -1,122 +0,0 @@ -# Workflow Recipe: NDA Triage - -## Task Overview - -| Field | Value | -| ------------- | ---------------------------------------------------------------------- | -| **Task Name** | NDA Triage: Three-Tier Routing for Incoming NDAs | -| **Frequency** | Per NDA received (typical: 10-50 per month) | -| **Purpose** | Route NDAs to the correct review level, reducing attorney time by 70%+ | -| **Owner** | Legal Operations Manager / Designated Reviewing Attorney | - ---- - -## Step-by-Step Execution - -### Step 1: Receive NDA - -``` -Input: Incoming NDA (PDF, DOCX, or via MCP connector) -Actions: - - Log receipt: counterparty, date, requesting business unit, stated urgency - - Confirm: mutual or unilateral? - - Confirm: purpose (vendor eval / partnership / M&A / employment / other) -``` - -### Step 2: Load Standard Form - -``` -CHECK for NDA configuration in legal.local.md - -IF FOUND: - - Load standard form reference - - Load Tier 1/2/3 criteria - - Compare incoming NDA against standard form directly - -IF NOT FOUND: - - Apply general commercial NDA standards - - Label: "Reviewed against general commercial NDA standards" -``` - -### Step 3: Classify Tier - -``` -TIER 1 -- STANDARD APPROVAL - Criteria: Substantially identical to standard form, or deviations - within pre-approved ranges. - Target: 60-70% of incoming NDAs. - Attorney time: 0 minutes. - Action: Route to authorised signatory. - -TIER 2 -- COUNSEL REVIEW - Criteria: Deviations within acceptable range but needing confirmation. - Target: 20-30%. - Attorney time: ~15 minutes. - Action: Route to reviewing attorney with triage summary. - -TIER 3 -- FULL REVIEW - Criteria: RED deviations, unusual structure, high-risk provisions. - Target: 10-15%. - Attorney time: ~45 minutes. - Action: Route to senior counsel / GC with full risk summary. -``` - -### Step 4: Check Automatic RED Flags - -``` -These ALWAYS trigger Tier 3 regardless of playbook: - - Residuals clause ("retained in unaided memory") - - No carve-out for publicly available information - - Non-compete provisions of any scope - - Perpetual confidentiality obligations - - Governing law: jurisdiction with no commercial law framework - - No definition of Confidential Information - - Unilateral when mutual expected (without justification) - - Asymmetric injunctive relief - - Disclosure to affiliates without need-to-know -``` - -### Step 5: Produce Triage Report - -``` -Output format: - NDA TRIAGE REPORT - Counterparty: [Name] - Date: [Date] - Playbook: [Loaded / Not configured] - TRIAGE TIER: [1 / 2 / 3] -- [Label] - Attorney time: [0 / ~15 min / ~45 min] - SUMMARY: [N] GREEN | [N] YELLOW | [N] RED - RECOMMENDATION: [Route to / Approve] - DEVIATIONS: [Listed with classification] -``` - -### Step 6: Route - -``` -Tier 1: Send acknowledgement to business unit; route to signatory -Tier 2: Send to reviewing attorney with triage summary; SLA: 2 days -Tier 3: Send to GC with full summary; SLA: 5 days -``` - ---- - -## SLA Targets - -| Tier | Attorney Time | Response SLA | Escalation If Breached | -| ------ | ------------- | --------------- | ------------------------- | -| Tier 1 | 0 min | 1 business day | Notify business unit | -| Tier 2 | ~15 min | 2 business days | Notify GC | -| Tier 3 | ~45 min | 5 business days | Notify GC + business unit | - ---- - -## Required Skill Files - -| Skill File | Purpose | -| --------------------- | --------------------------------------- | -| `nda-triage` | Three-tier classification and RED flags | -| `legal-global-router` | Jurisdiction identification | -| Jurisdiction overlays | Governing law considerations | - -ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY diff --git a/legal-ops/workflow-recipes/regulatory-weekly-brief.md b/legal-ops/workflow-recipes/regulatory-weekly-brief.md deleted file mode 100644 index 4647265..0000000 --- a/legal-ops/workflow-recipes/regulatory-weekly-brief.md +++ /dev/null @@ -1,134 +0,0 @@ -# Workflow Recipe: Regulatory Weekly Brief - -## Task Overview - -| Field | Value | -| ------------- | --------------------------------------------------------------------- | -| **Task Name** | Weekly Regulatory Monitoring Brief and Monthly Board Summary | -| **Frequency** | Weekly (brief) + Monthly (board summary) | -| **Purpose** | Track regulatory changes, assess impact, produce actionable briefings | -| **Owner** | Compliance Officer / General Counsel | - ---- - -## Trigger Conditions - -| Trigger | Condition | Action | -| ------------- | ---------------------------------- | ----------------------------- | -| **Scheduled** | Every Monday 08:00 | Run weekly monitoring cycle | -| **Ad-hoc** | Significant regulatory development | Run immediate alert cycle | -| **Monthly** | Last business day of each month | Compile monthly board summary | - ---- - -## Step-by-Step Execution - -### Step 1: Configure Monitoring Scope - -``` -Required parameters (load from settings or confirm with user): - - Organisation type: [industry, size, structure] - - Primary regulatory areas: - - Data Protection: UK GDPR, EU GDPR, CCPA, ICO guidance - - AI Regulation: EU AI Act phases, UK AI framework - - Employment: Working time, IR35, TUPE, redundancy - - Company Law: Annual return, director duties, PSC register, UKBA - - Sector-specific: [configure for industry] - - Key jurisdictions: [all relevant jurisdictions] - - Escalation contacts: [Compliance Officer, GC, relevant leads] -``` - -### Step 2: Search Regulatory Sources - -``` -Sources (via web search MCP): - - ICO (UK data protection) - - EC / national DPAs (EU data protection) - - FCA / PRA (if financial services) - - SEC / FTC (US) - - Companies House / SECP / equivalent - - Official government legislative databases - - Regulatory body announcement pages - -Search for: new regulations, guidance, enforcement actions, consultations, -effective date changes, court decisions with regulatory impact -``` - -### Step 3: Classify Impact - -``` -HIGH PRIORITY (RED): - Effective within 30 days; OR requires immediate policy change; - OR potential enforcement risk. - -MONITOR (YELLOW): - Effective within 6 months; OR affects contracts on renewal; - OR requires internal process change. - -AWARENESS (GREEN): - Longer horizon; informational only; no immediate action required. -``` - -### Step 4: Produce Weekly Brief - -``` -Output format: - WEEKLY REGULATORY BRIEFING -- [Date] - ======================================================== - - RED -- HIGH PRIORITY -- Action required within 30 days - -------------------------------------------------------- - [Regulation] -- [Jurisdiction] - Effective: [Date] - Summary: [2 sentences] - Internal impact: [Policy/process needing update] - Contract impact: [N contracts with relevant clauses] - Action: [Specific action] by [date] -- Owner: [name] - - YELLOW -- MONITOR - -------------------------------------------------------- - [...] - - GREEN -- AWARENESS - -------------------------------------------------------- - [...] - - ======================================================== - NOTE: Confirm all interpretations with qualified counsel. -``` - -### Step 5: Monthly Board Summary (last business day) - -``` -Structure: - - Executive Summary: 3-5 bullets (most important changes) - - RAG Status: traffic-light per regulatory area - - Actions Required: owner / action / deadline (table) - - Horizon Items: significant changes in next 3-6 months - - Appendix: link to weekly brief archive - -Compile from 4 weekly briefs + any ad-hoc alerts. -``` - ---- - -## Escalation Rules - -| Trigger | Action | -| ---------------------------------- | ----------------------------------------- | -| HIGH PRIORITY item identified | Notify GC and Compliance Officer same day | -| Effective date < 7 days | Emergency escalation to GC | -| Enforcement action in our sector | GC + relevant business unit immediately | -| New obligation affecting contracts | Flag for contract review team | - ---- - -## Required Skill Files - -| Skill File | Purpose | -| ----------------------- | ----------------------------------------------- | -| `regulatory-monitoring` | Monitoring parameters and impact classification | -| `legal-global-router` | Jurisdiction identification and overlay loading | -| Jurisdiction overlays | Jurisdiction-specific regulatory frameworks | - -ALL OUTPUTS REQUIRE REVIEW BY LICENSED ATTORNEY