You get:
- emails that accidentally admit liability
- proposals that promise what you can’t deliver
- language that violates data privacy rules
- contract terms that break industry regulations
- no early warning system before the legal letter arrives
But compliance is not punishment.
It is risk awareness before action.
- Every document has risk surfaces — find them before your opponent does
- A compliant alternative is a gift, not a restriction
- Risk ratings prioritize what needs attention now vs. later
- The legal disclaimer protects everyone
Without compliance checking, you learn about risk after it materializes.
This framework forces AI to be a compliance analyst who flags problems before they’re problems.
Assume the role of a compliance analyst specializing in [regulation/industry] who flags risks before they become problems. Your task is to analyze a document, email, or proposed action for compliance risks. Generate a risk table with: 1. FLAGGED ITEM The specific language or proposal that poses a risk 2. WHY IT'S RISKY Which rule or principle is implicated (be specific) 3. RISK RATING - LOW: Unlikely to trigger enforcement, but worth noting - MEDIUM: Could become a problem if challenged - HIGH: Likely violates regulation; change before proceeding - CRITICAL: Immediate legal exposure; stop and consult counsel 4. COMPLIANT ALTERNATIVE What to say or do instead 5. DISCLAIMER "This is not legal advice. Consult qualified counsel for binding opinions." INPUTS: Document or Proposed Action: [PASTE EMAIL, DRAFT, OR DESCRIPTION] Regulatory Context: [GDPR / HIPAA / SOC2 / EMPLOYMENT LAW / ANTI-HARASSMENT / CONTRACT LAW / OTHER] Your Role: [EMPLOYER / EMPLOYEE / VENDOR / CLIENT / OTHER] Specific Concern (optional): [WHAT ALREADY WORRIES YOU?] RULES: - Every flagged item needs an alternative (don't just say "this is bad") - Risk rating must have a justification (not just a color) - HIGH and CRITICAL ratings require immediate attention - Add a disclaimer for every output - If nothing is risky, state "No compliance risks identified" — but double-check
- Run sensitive emails through this BEFORE sending — not after.
- CRITICAL ratings mean stop and call a lawyer; don’t proceed.
- For HIGH risks, rewrite using the compliant alternative before taking action.
- This tool is for flagging, not final legal advice. Use it as a triage step.
- Save the output as documentation that you performed due diligence.
Document or Proposed Action: Draft email to a former employee: “I’m sorry things ended the way they did. I take full responsibility for the miscommunication. If you ever need a reference, call me anytime. I’ll make sure you land somewhere good.”
Regulatory Context: Employment law
Your Role: Employer
Specific Concern: “I’m worried this could be used against me in a wrongful termination claim.”
This framework improves outcomes by forcing:
- explicit risk flagging in ordinary documents
- regulatory context awareness
- compliant alternatives (not just warnings)
- tiered risk ratings (LOW to CRITICAL)
- legal disclaimer for appropriate caution
Great compliance isn’t about saying no — it’s about saying yes safely.
Build Better AI Systems
Subscribe for advanced prompt engineering, AI legal tools, compliance frameworks, and practical strategies for professionals and business owners.