playbooks

home / skills / zircote / sigint / regulatory-review

regulatory-review skill

/skills/regulatory-review

This skill helps you navigate regulatory landscapes by analyzing frameworks, risks, and trends to inform compliant strategic decisions.

npx playbooks add skill zircote/sigint --skill regulatory-review

Review the files below or copy the command above to add this skill to your agents.

Files (4)
SKILL.md
6.5 KB
---
name: Regulatory Review
description: This skill should be used when the user asks to "analyze regulations", "regulatory landscape", "compliance requirements", "legal considerations", "regulatory risk", "industry regulations", "compliance analysis", "regulatory trends", or needs guidance on understanding regulatory environments, compliance requirements, or legal market factors.
version: 0.1.0
---

# Regulatory Review

## Overview

Regulatory review assesses the legal and compliance landscape affecting markets and products. This skill covers frameworks for understanding regulatory requirements, risks, and trends.

## Regulatory Dimensions

### Direct Regulations
- Industry-specific rules (fintech, healthcare, etc.)
- Product safety requirements
- Licensing and certification
- Operational standards

### Data & Privacy
- Data protection laws (GDPR, CCPA, etc.)
- Cross-border data transfer
- Consent requirements
- Breach notification

### Consumer Protection
- Advertising standards
- Fair trading practices
- Warranty requirements
- Dispute resolution

### Competition/Antitrust
- Market dominance rules
- M&A restrictions
- Pricing practices
- Distribution agreements

## Major Regulatory Frameworks

### Data Privacy

| Framework | Jurisdiction | Key Requirements |
|-----------|--------------|------------------|
| GDPR | EU | Consent, data rights, DPO, breach notification |
| CCPA/CPRA | California | Disclosure, opt-out, deletion rights |
| LGPD | Brazil | Similar to GDPR, local DPO |
| PIPL | China | Consent, localization, cross-border rules |

### Financial Services

| Framework | Jurisdiction | Scope |
|-----------|--------------|-------|
| Dodd-Frank | US | Banking, consumer protection |
| PSD2 | EU | Payment services, open banking |
| MiCA | EU | Crypto assets |
| SOX | US | Public company reporting |

### Healthcare

| Framework | Jurisdiction | Scope |
|-----------|--------------|-------|
| HIPAA | US | Health information privacy |
| FDA 21 CFR | US | Medical devices, pharma |
| MDR | EU | Medical devices |
| HITECH | US | Health IT security |

### AI/Technology

| Framework | Jurisdiction | Scope |
|-----------|--------------|-------|
| EU AI Act | EU | AI risk classification, requirements |
| NYC Local Law 144 | NYC | AI in employment decisions |
| State AI bills | Various US | Emerging requirements |

## Regulatory Risk Assessment

### Risk Categories

**Compliance Risk**
- Failure to meet existing requirements
- Likelihood: Based on current gaps
- Impact: Fines, operational restrictions

**Regulatory Change Risk**
- New or changing regulations
- Likelihood: Based on legislative trends
- Impact: Cost of compliance, market access

**Enforcement Risk**
- Increased regulatory scrutiny
- Likelihood: Based on enforcement patterns
- Impact: Investigations, penalties

**Reputational Risk**
- Public perception of compliance
- Likelihood: Based on sensitivity of issues
- Impact: Customer trust, brand damage

### Risk Matrix

| Risk | Likelihood | Impact | Trend | Mitigation |
|------|------------|--------|-------|------------|
| [Risk] | H/M/L | H/M/L | INC/DEC/CONST | [Action] |

## Regulatory Trend Analysis

### Trend Indicators

**INC (Increasing regulation)**
- New legislation proposed/passed
- Increased enforcement actions
- Growing public/political attention
- International coordination

**DEC (Decreasing regulation)**
- Deregulation initiatives
- Reduced enforcement
- Political shift toward less oversight

**CONST (Stable regulation)**
- Established framework
- Predictable enforcement
- No major changes pending

### Current Global Trends

| Area | Direction | Key Developments |
|------|-----------|------------------|
| Data Privacy | INC | More countries adopting GDPR-style laws |
| AI/ML | INC | EU AI Act, emerging US frameworks |
| Crypto/Fintech | INC | Global frameworks emerging |
| Competition/Big Tech | INC | Antitrust scrutiny increasing |
| ESG/Sustainability | INC | Disclosure requirements expanding |
| Cybersecurity | INC | Mandatory breach reporting |

## Compliance Assessment

### Gap Analysis Framework

| Requirement | Current State | Gap | Priority | Remediation |
|-------------|---------------|-----|----------|-------------|
| [Req 1] | Compliant/Partial/Non | Description | H/M/L | Action needed |

### Compliance Cost Estimation

| Component | One-Time | Ongoing Annual |
|-----------|----------|----------------|
| Technology | $X | $X |
| Personnel | $X | $X |
| Legal/Consulting | $X | $X |
| Training | $X | $X |
| Audit/Certification | $X | $X |
| **Total** | $X | $X |

## Jurisdiction Analysis

### Market Entry Considerations

| Jurisdiction | Key Regulations | Complexity | Barrier Level |
|--------------|-----------------|------------|---------------|
| US | Federal + 50 states | High | Medium |
| EU | GDPR + sector regs | High | High |
| UK | Post-Brexit regime | Medium | Medium |
| APAC | Varies widely | Variable | Variable |

### Cross-Border Considerations

- Data localization requirements
- Licensing reciprocity
- Contractual restrictions
- IP protection differences

## Output Structure

```markdown
## Regulatory Review Summary

### Regulatory Landscape
[Overview of applicable regulations]

### Key Frameworks
| Framework | Applicability | Status |
|-----------|---------------|--------|
| [Name] | Direct/Indirect | Applicable/Monitor |

### Compliance Assessment
| Area | Status | Gap | Priority |
|------|--------|-----|----------|
| Data Privacy | ✓/△/✗ | [Gap] | H/M/L |
| [Other] | ✓/△/✗ | [Gap] | H/M/L |

### Regulatory Risk Matrix
| Risk | Likelihood | Impact | Trend |
|------|------------|--------|-------|
| [Risk] | H/M/L | H/M/L | INC/DEC/CONST |

### Trend Analysis
- Data Privacy: INC/DEC/CONST - [Evidence]
- Industry-Specific: INC/DEC/CONST - [Evidence]
- Enforcement: INC/DEC/CONST - [Evidence]

### Estimated Compliance Costs
[Cost breakdown]

### Recommendations
1. [Immediate action]
2. [Medium-term action]
3. [Monitoring action]

### Monitoring Indicators
- [Regulatory body announcements]
- [Legislative calendars]
- [Enforcement actions]
```

## Best Practices

- Consult legal experts for specific advice
- Monitor regulatory developments continuously
- Consider both current and proposed regulations
- Assess both direct and indirect impacts
- Factor compliance costs into business planning

## Disclaimer

This skill provides research frameworks only. Consult qualified legal counsel for compliance decisions.

## Additional Resources

For detailed frameworks, see:
- `references/privacy-frameworks.md` - Data privacy details
- `references/compliance-checklist.md` - Compliance templates
- `examples/regulatory-analysis.md` - Sample analysis

Overview

This skill helps analyze regulatory environments, compliance requirements, and legal risks affecting products, markets, and business decisions. It synthesizes relevant frameworks, identifies gaps and enforcement trends, and delivers prioritized recommendations for mitigation and monitoring. Use it to transform regulatory research into actionable compliance and market-entry guidance.

How this skill works

The skill inspects applicable regulations across dimensions like data privacy, financial services, healthcare, competition, and AI/technology to build a regulatory landscape. It maps requirements to product or market features, runs a gap analysis, estimates compliance cost drivers, and produces a regulatory risk matrix with trend indicators. Outputs are structured summaries, prioritized remediation actions, and monitoring indicators for ongoing surveillance.

When to use it

  • Preparing market entry or expansion in a new jurisdiction
  • Assessing product changes for new regulatory exposure
  • Evaluating compliance gaps after an audit or incident
  • Estimating cost and timeline for regulatory readiness
  • Tracking legislative and enforcement trends for strategic planning

Best practices

  • Include both existing and proposed regulations when assessing risk
  • Engage qualified legal counsel for jurisdiction-specific interpretation
  • Prioritize remediation by likelihood, impact, and strategic importance
  • Monitor enforcement actions and legislative calendars continuously
  • Document assumptions, data sources, and decision thresholds for audits

Example use cases

  • Gap analysis for data privacy compliance across EU, US states, and China
  • Regulatory landscape report for launching a fintech product in the EU
  • Compliance cost estimate and staffing plan for SOC/ISO certification
  • Risk matrix and mitigation plan after new AI regulation draft in target markets
  • Jurisdiction comparison to decide where to host user data and operations

FAQ

Can this replace legal advice?

No. This skill provides research frameworks and practical analysis; consult qualified legal counsel for binding legal advice and jurisdiction-specific interpretation.

Which regulations are covered?

Core areas include data privacy, financial services, healthcare, competition/antitrust, and emerging AI rules; coverage can be tailored to target jurisdictions and sectors.