What is Regulatory Review?

A structured approach to understand regulatory requirements, risks, and trends affecting markets and products.

How often should I update regulatory risk assessments?

Regularly, especially when expanding to new jurisdictions or when laws change; maintain a living risk register.

Which frameworks should I prioritize first?

Start with data privacy (GDPR/CCPA), consumer protection, and sector-specific frameworks (financial services, healthcare) relevant to your product and region.

Regulatory Review

npx machina-cli add skill zircote/sigint/regulatory-review --openclaw

Files (1)

SKILL.md

6.5 KB

Regulatory Review

Overview

Regulatory review assesses the legal and compliance landscape affecting markets and products. This skill covers frameworks for understanding regulatory requirements, risks, and trends.

Regulatory Dimensions

Direct Regulations

Industry-specific rules (fintech, healthcare, etc.)
Product safety requirements
Licensing and certification
Operational standards

Data & Privacy

Data protection laws (GDPR, CCPA, etc.)
Cross-border data transfer
Consent requirements
Breach notification

Consumer Protection

Advertising standards
Fair trading practices
Warranty requirements
Dispute resolution

Competition/Antitrust

Market dominance rules
M&A restrictions
Pricing practices
Distribution agreements

Major Regulatory Frameworks

Data Privacy

Framework	Jurisdiction	Key Requirements
GDPR	EU	Consent, data rights, DPO, breach notification
CCPA/CPRA	California	Disclosure, opt-out, deletion rights
LGPD	Brazil	Similar to GDPR, local DPO
PIPL	China	Consent, localization, cross-border rules

Financial Services

Framework	Jurisdiction	Scope
Dodd-Frank	US	Banking, consumer protection
PSD2	EU	Payment services, open banking
MiCA	EU	Crypto assets
SOX	US	Public company reporting

Healthcare

Framework	Jurisdiction	Scope
HIPAA	US	Health information privacy
FDA 21 CFR	US	Medical devices, pharma
MDR	EU	Medical devices
HITECH	US	Health IT security

AI/Technology

Framework	Jurisdiction	Scope
EU AI Act	EU	AI risk classification, requirements
NYC Local Law 144	NYC	AI in employment decisions
State AI bills	Various US	Emerging requirements

Regulatory Risk Assessment

Risk Categories

Compliance Risk

Failure to meet existing requirements
Likelihood: Based on current gaps
Impact: Fines, operational restrictions

Regulatory Change Risk

New or changing regulations
Likelihood: Based on legislative trends
Impact: Cost of compliance, market access

Enforcement Risk

Increased regulatory scrutiny
Likelihood: Based on enforcement patterns
Impact: Investigations, penalties

Reputational Risk

Public perception of compliance
Likelihood: Based on sensitivity of issues
Impact: Customer trust, brand damage

Risk Matrix

Risk	Likelihood	Impact	Trend	Mitigation
[Risk]	H/M/L	H/M/L	INC/DEC/CONST	[Action]

Regulatory Trend Analysis

Trend Indicators

INC (Increasing regulation)

New legislation proposed/passed
Increased enforcement actions
Growing public/political attention
International coordination

DEC (Decreasing regulation)

Deregulation initiatives
Reduced enforcement
Political shift toward less oversight

CONST (Stable regulation)

Established framework
Predictable enforcement
No major changes pending

Current Global Trends

Area	Direction	Key Developments
Data Privacy	INC	More countries adopting GDPR-style laws
AI/ML	INC	EU AI Act, emerging US frameworks
Crypto/Fintech	INC	Global frameworks emerging
Competition/Big Tech	INC	Antitrust scrutiny increasing
ESG/Sustainability	INC	Disclosure requirements expanding
Cybersecurity	INC	Mandatory breach reporting

Compliance Assessment

Gap Analysis Framework

Requirement	Current State	Gap	Priority	Remediation
[Req 1]	Compliant/Partial/Non	Description	H/M/L	Action needed

Compliance Cost Estimation

Component	One-Time	Ongoing Annual
Technology	$X	$X
Personnel	$X	$X
Legal/Consulting	$X	$X
Training	$X	$X
Audit/Certification	$X	$X
Total	$X	$X

Jurisdiction Analysis

Market Entry Considerations

Jurisdiction	Key Regulations	Complexity	Barrier Level
US	Federal + 50 states	High	Medium
EU	GDPR + sector regs	High	High
UK	Post-Brexit regime	Medium	Medium
APAC	Varies widely	Variable	Variable

Cross-Border Considerations

Data localization requirements
Licensing reciprocity
Contractual restrictions
IP protection differences

Output Structure

## Regulatory Review Summary

### Regulatory Landscape
[Overview of applicable regulations]

### Key Frameworks
| Framework | Applicability | Status |
|-----------|---------------|--------|
| [Name] | Direct/Indirect | Applicable/Monitor |

### Compliance Assessment
| Area | Status | Gap | Priority |
|------|--------|-----|----------|
| Data Privacy | ✓/△/✗ | [Gap] | H/M/L |
| [Other] | ✓/△/✗ | [Gap] | H/M/L |

### Regulatory Risk Matrix
| Risk | Likelihood | Impact | Trend |
|------|------------|--------|-------|
| [Risk] | H/M/L | H/M/L | INC/DEC/CONST |

### Trend Analysis
- Data Privacy: INC/DEC/CONST - [Evidence]
- Industry-Specific: INC/DEC/CONST - [Evidence]
- Enforcement: INC/DEC/CONST - [Evidence]

### Estimated Compliance Costs
[Cost breakdown]

### Recommendations
1. [Immediate action]
2. [Medium-term action]
3. [Monitoring action]

### Monitoring Indicators
- [Regulatory body announcements]
- [Legislative calendars]
- [Enforcement actions]

Best Practices

Consult legal experts for specific advice
Monitor regulatory developments continuously
Consider both current and proposed regulations
Assess both direct and indirect impacts
Factor compliance costs into business planning

Disclaimer

This skill provides research frameworks only. Consult qualified legal counsel for compliance decisions.

Additional Resources

For detailed frameworks, see:

references/privacy-frameworks.md - Data privacy details
references/compliance-checklist.md - Compliance templates
examples/regulatory-analysis.md - Sample analysis

Source

git clone https://github.com/zircote/sigint/blob/main/skills/regulatory-review/SKILL.mdView on GitHub

Overview

Regulatory Review evaluates the legal and compliance landscape affecting markets and products. It covers frameworks for understanding requirements, risks, and trends, providing practical guidance for regulatory risk management and decision-making.

How This Skill Works

The skill maps regulatory dimensions (Direct Regulations, Data & Privacy, Consumer Protection, Competition/Antitrust) to major frameworks (GDPR, CCPA/CPRA, HIPAA, Dodd-Frank, EU AI Act, etc.). It then applies a risk assessment and trend analysis approach to identify gaps, risks, and actionable mitigations for market access and ongoing compliance.

When to Use It

You need to analyze jurisdiction-specific compliance requirements for a product or service.
You’re assessing regulatory risk when entering a new market or expanding product lines.
You must understand data privacy, cross-border data transfers, and consent obligations.
You need to evaluate licensing, certification, or disclosure requirements and enforcement risk.
You want to track regulatory trends and anticipate changes that could impact operations.

Quick Start

Step 1: Identify target markets and product lines to determine which regulatory frameworks apply (e.g., GDPR, CCPA, HIPAA, Dodd-Frank, PSD2, AI Act).
Step 2: Gather current requirements, deadlines, and enforcement patterns using the Regulatory Dimensions (Direct Regulations, Data & Privacy, Consumer Protection, Competition).
Step 3: Build a risk-and-trend mitigation plan and maintain a living regulatory register with owners and review cadence.

Best Practices

Map applicable frameworks to your product, markets, and data flows (e.g., GDPR, PSD2, HIPAA, Dodd-Frank).
Create a living regulatory register with requirements, deadlines, and owners.
Integrate data privacy, consumer protection, and security requirements into product design and contracts.
Use defined risk categories (Compliance, Change, Enforcement, Reputational) to prioritize actions.
Regularly monitor trend indicators (enforcement actions, new legislation) and refresh mitigations.

Example Use Cases

A fintech launching in the EU maps PSD2, GDPR, and KYC requirements to ensure compliant payments and data handling.
A healthcare SaaS aligns with HIPAA, FDA 21 CFR, and HITECH to protect patient information and device/software safety.
An AI startup assesses EU AI Act and NYC Local Law 144 to govern AI use in employment decisions.
A US firm evaluates Dodd-Frank and SOX implications for financial reporting and governance.
A multinational company coordinates cross-border data transfers under GDPR, LGPD, and PIPL considerations.

Frequently Asked Questions

Add this skill to your agents