---
name: Regulatory Review
description: This skill should be used when the user asks to "analyze regulations", "regulatory landscape", "compliance requirements", "legal considerations", "regulatory risk", "industry regulations", "compliance analysis", "regulatory trends", or needs guidance on understanding regulatory environments, compliance requirements, or legal market factors.
version: 0.1.0
---

# Regulatory Review

## Overview

Regulatory review assesses the legal and compliance landscape affecting markets and products. This skill covers frameworks for understanding regulatory requirements, risks, and trends.

## Regulatory Dimensions

### Direct Regulations
- Industry-specific rules (fintech, healthcare, etc.)
- Product safety requirements
- Licensing and certification
- Operational standards

### Data & Privacy
- Data protection laws (GDPR, CCPA, etc.)
- Cross-border data transfer
- Consent requirements
- Breach notification

### Consumer Protection
- Advertising standards
- Fair trading practices
- Warranty requirements
- Dispute resolution

### Competition/Antitrust
- Market dominance rules
- M&A restrictions
- Pricing practices
- Distribution agreements

## Major Regulatory Frameworks

### Data Privacy

| Framework | Jurisdiction | Key Requirements |
|-----------|--------------|------------------|
| GDPR | EU | Consent, data rights, DPO, breach notification |
| CCPA/CPRA | California | Disclosure, opt-out, deletion rights |
| LGPD | Brazil | Similar to GDPR, local DPO |
| PIPL | China | Consent, localization, cross-border rules |

### Financial Services

| Framework | Jurisdiction | Scope |
|-----------|--------------|-------|
| Dodd-Frank | US | Banking, consumer protection |
| PSD2 | EU | Payment services, open banking |
| MiCA | EU | Crypto assets |
| SOX | US | Public company reporting |

### Healthcare

| Framework | Jurisdiction | Scope |
|-----------|--------------|-------|
| HIPAA | US | Health information privacy |
| FDA 21 CFR | US | Medical devices, pharma |
| MDR | EU | Medical devices |
| HITECH | US | Health IT security |

### AI/Technology

| Framework | Jurisdiction | Scope |
|-----------|--------------|-------|
| EU AI Act | EU | AI risk classification, requirements |
| NYC Local Law 144 | NYC | AI in employment decisions |
| State AI bills | Various US | Emerging requirements |

## Regulatory Risk Assessment

### Risk Categories

**Compliance Risk**
- Failure to meet existing requirements
- Likelihood: Based on current gaps
- Impact: Fines, operational restrictions

**Regulatory Change Risk**
- New or changing regulations
- Likelihood: Based on legislative trends
- Impact: Cost of compliance, market access

**Enforcement Risk**
- Increased regulatory scrutiny
- Likelihood: Based on enforcement patterns
- Impact: Investigations, penalties

**Reputational Risk**
- Public perception of compliance
- Likelihood: Based on sensitivity of issues
- Impact: Customer trust, brand damage

### Risk Matrix

| Risk | Likelihood | Impact | Trend | Mitigation |
|------|------------|--------|-------|------------|
| [Risk] | H/M/L | H/M/L | INC/DEC/CONST | [Action] |

## Regulatory Trend Analysis

### Trend Indicators

**INC (Increasing regulation)**
- New legislation proposed/passed
- Increased enforcement actions
- Growing public/political attention
- International coordination

**DEC (Decreasing regulation)**
- Deregulation initiatives
- Reduced enforcement
- Political shift toward less oversight

**CONST (Stable regulation)**
- Established framework
- Predictable enforcement
- No major changes pending

### Current Global Trends

| Area | Direction | Key Developments |
|------|-----------|------------------|
| Data Privacy | INC | More countries adopting GDPR-style laws |
| AI/ML | INC | EU AI Act, emerging US frameworks |
| Crypto/Fintech | INC | Global frameworks emerging |
| Competition/Big Tech | INC | Antitrust scrutiny increasing |
| ESG/Sustainability | INC | Disclosure requirements expanding |
| Cybersecurity | INC | Mandatory breach reporting |

## Compliance Assessment

### Gap Analysis Framework

| Requirement | Current State | Gap | Priority | Remediation |
|-------------|---------------|-----|----------|-------------|
| [Req 1] | Compliant/Partial/Non | Description | H/M/L | Action needed |

### Compliance Cost Estimation

| Component | One-Time | Ongoing Annual |
|-----------|----------|----------------|
| Technology | $X | $X |
| Personnel | $X | $X |
| Legal/Consulting | $X | $X |
| Training | $X | $X |
| Audit/Certification | $X | $X |
| **Total** | $X | $X |

## Jurisdiction Analysis

### Market Entry Considerations

| Jurisdiction | Key Regulations | Complexity | Barrier Level |
|--------------|-----------------|------------|---------------|
| US | Federal + 50 states | High | Medium |
| EU | GDPR + sector regs | High | High |
| UK | Post-Brexit regime | Medium | Medium |
| APAC | Varies widely | Variable | Variable |

### Cross-Border Considerations

- Data localization requirements
- Licensing reciprocity
- Contractual restrictions
- IP protection differences

## Output Structure

```markdown
## Regulatory Review Summary

### Regulatory Landscape
[Overview of applicable regulations]

### Key Frameworks
| Framework | Applicability | Status |
|-----------|---------------|--------|
| [Name] | Direct/Indirect | Applicable/Monitor |

### Compliance Assessment
| Area | Status | Gap | Priority |
|------|--------|-----|----------|
| Data Privacy | ✓/△/✗ | [Gap] | H/M/L |
| [Other] | ✓/△/✗ | [Gap] | H/M/L |

### Regulatory Risk Matrix
| Risk | Likelihood | Impact | Trend |
|------|------------|--------|-------|
| [Risk] | H/M/L | H/M/L | INC/DEC/CONST |

### Trend Analysis
- Data Privacy: INC/DEC/CONST - [Evidence]
- Industry-Specific: INC/DEC/CONST - [Evidence]
- Enforcement: INC/DEC/CONST - [Evidence]

### Estimated Compliance Costs
[Cost breakdown]

### Recommendations
1. [Immediate action]
2. [Medium-term action]
3. [Monitoring action]

### Monitoring Indicators
- [Regulatory body announcements]
- [Legislative calendars]
- [Enforcement actions]
```

## Best Practices

- Consult legal experts for specific advice
- Monitor regulatory developments continuously
- Consider both current and proposed regulations
- Assess both direct and indirect impacts
- Factor compliance costs into business planning

## Disclaimer

This skill provides research frameworks only. Consult qualified legal counsel for compliance decisions.

## Additional Resources

For detailed frameworks, see:
- `references/privacy-frameworks.md` - Data privacy details
- `references/compliance-checklist.md` - Compliance templates
- `examples/regulatory-analysis.md` - Sample analysis