notque/legal

Legal Workflows

Analysis support for in-house legal teams. Contract review, compliance checks, NDA triage, risk assessment, legal writing, and response generation.

Disclaimer: Analysis support, not legal advice. Review by qualified counsel required.

---

Mode Detection

Classify the request into one mode before proceeding. If the request spans modes, choose the primary and note the secondary.

| Mode | Signal Phrases | Core Output | |------|---------------|-------------| | CONTRACT | review contract, clause analysis, redline, playbook, negotiate | Clause-by-clause analysis with GREEN/YELLOW/RED flags and redline suggestions | | COMPLIANCE | compliance check, GDPR, HIPAA, CCPA, SOX, regulation, data protection, DSGVO, GoBD, TDDDG, eIDAS, AI Act, NIS2, KRITIS, Grundschutz, TISAX, DORA | Applicable regulations, requirements checklist, risk areas, approvals needed | | NDA | NDA, triage NDA, non-disclosure, confidentiality agreement | GREEN/YELLOW/RED classification with screening checklist | | RISK | legal risk, risk assessment, exposure, severity, escalation | Severity x Likelihood matrix score with escalation path | | WRITING | legal brief, memo, legal response, draft response, template | Structured legal document in appropriate format | | VENDOR | vendor check, vendor status, agreement status, what's signed | Agreement inventory, gap analysis, upcoming deadlines |

---

Reference Loading Table

Load only the references required by the detected mode.

| Mode | References to Load | |------|-------------------| | CONTRACT | references/contract-review.md | | COMPLIANCE | references/compliance-frameworks.md, references/german-business-compliance.md | | NDA | references/nda-triage.md | | RISK | references/risk-assessment.md | | WRITING | references/legal-writing.md | | VENDOR | references/contract-review.md (for gap analysis context) |

Always load references/llm-legal-failure-modes.md for every mode. LLM failure awareness is non-negotiable in legal work.

---

Mode: CONTRACT

Framework: INTAKE -> ANALYZE -> FLAG -> REDLINE -> STRATEGIZE

Phase 1: INTAKE -- Accept the contract and gather context.

• Accept contract as file, pasted text, or URL reference
• Determine: which side the user is on (vendor/customer/licensor/licensee/partner), deadline, focus areas, deal context (size, strategic importance, existing relationship)
• If user provides partial context, proceed and note assumptions

Phase 2: ANALYZE -- Clause-by-clause review.

Load references/contract-review.md for the full clause analysis methodology.

1. Identify contract type (SaaS, services, license, procurement, partnership)
2. Read entire contract before flagging -- clauses interact (uncapped indemnity may be mitigated by broad LOL)
3. Analyze each material clause against playbook or market-standard positions
4. Cover at minimum: LOL, indemnification, IP, data protection, confidentiality, reps/warranties, term/termination, governing law, insurance, assignment, force majeure, payment

Gate: Every material clause analyzed. No clause reviewed in isolation.

Phase 3: FLAG -- Classify deviations.

| Flag | Meaning | Action | |------|---------|--------| | GREEN | At or better than standard. Minor commercially reasonable variation. | Note for awareness. No negotiation. | | YELLOW | Outside standard but within negotiable range. Common in market. | Generate redline + fallback + business impact. | | RED | Outside acceptable range. Material risk. Escalation trigger. | Explain risk. Provide market-standard alternative. Recommend escalation. |

Phase 4: REDLINE -- Generate specific alternative language for YELLOW and RED items.

Each redline includes: current language (exact quote), proposed language, rationale (suitable for counterparty), priority (must-have / should-have / nice-to-have), fallback position.

Phase 5: STRATEGIZE -- Negotiation strategy.

• Tier 1 (deal breakers): uncapped liability, missing DPA for regulated data, IP jeopardizing core assets, regulatory conflicts
• Tier 2 (strong preferences): LOL adjustments, indemnification scope, termination flexibility, audit rights
• Tier 3 (concession candidates): preferred governing law, notice periods, minor definitions, insurance certificates

Lead with Tier 1. Trade Tier 3 to secure Tier 2. Escalate before making any Tier 1 concession.

Gate: Top 3 issues identified. Negotiation priority established. Concession candidates named.

Output format:

## Contract Review Summary
**Document**: [name] | **Parties**: [names] | **Side**: [role] | **Basis**: [Playbook/Generic]

## Key Findings
[Top 3-5 issues with severity flags]

## Clause-by-Clause Analysis
### [Clause] -- [GREEN/YELLOW/RED]
**Contract says**: ... | **Standard**: ... | **Deviation**: ... | **Impact**: ... | **Redline**: ...

## Negotiation Strategy
[Priorities, concessions, approach]

---

Mode: COMPLIANCE

Framework: SCOPE -> MAP -> ASSESS -> RECOMMEND

Phase 1: SCOPE -- Understand the proposed action.

• What is being done (feature launch, data processing, marketing campaign, new vendor)
• What data is involved (personal data categories, sensitive data, regulated data)
• Which geographies (determines applicable regulations)
• Who is affected (customers, employees, partners, public)

Phase 2: MAP -- Identify applicable regulations.

Load references/compliance-frameworks.md for regulation-specific requirements.

Map all potentially applicable frameworks. Check for overlapping or conflicting requirements across jurisdictions.

Phase 3: ASSESS -- Check each requirement.

| Requirement | Status | Action Needed | |-------------|--------|---------------| | [Requirement] | Met / Not Met / Unknown | [Specific action] |

For each risk area, assess severity and mitigation path.

Phase 4: RECOMMEND -- Prioritized action list with approvals needed.

Gate: All applicable regulations identified. Requirements checked. Approvals mapped.

Output: Quick assessment (Proceed / Proceed with conditions / Requires further review), applicable regulations table, requirements checklist, risk areas, recommended actions, approvals needed.

---

Mode: NDA

Framework: ACCEPT -> SCREEN -> CLASSIFY -> REPORT

Load references/nda-triage.md for the full screening checklist and common deviations catalog.

Phase 1: ACCEPT -- Accept NDA in any format.

Phase 2: SCREEN -- Systematic evaluation against 10 screening criteria.

Agreement structure, definition scope, receiving party obligations, standard carveouts (public knowledge, prior possession, independent development, third-party receipt, legal compulsion), permitted disclosures, term/duration, return/destruction, remedies, problematic provisions (non-solicit, non-compete, exclusivity, standstill, residuals, IP assignment).

Phase 3: CLASSIFY

| Classification | Criteria | Routing | |----------------|----------|---------| | GREEN | All criteria pass. Standard mutual, all carveouts, reasonable term, no prohibited provisions. | Standard delegation. Same-day approval. | | YELLOW | Minor deviations: broader definition, longer term, missing one carveout, narrow residuals, non-preferred jurisdiction. | Counsel review. 1-2 business days. | | RED | Wrong type, missing critical carveouts, non-solicit/non-compete, perpetual term, broad residuals, hidden IP assignment, liquidated damages. | Full legal review. Do not sign. 3-5 business days. |

Phase 4: REPORT -- Structured triage report with specific issues, risks, and suggested fixes.

Gate: Every screening criterion evaluated. Classification justified.

---

Mode: RISK

Framework: IDENTIFY -> SCORE -> CLASSIFY -> DOCUMENT

Load references/risk-assessment.md for the full severity/likelihood matrix and documentation standards.

Phase 1: IDENTIFY -- Define the risk clearly with background and context.

Phase 2: SCORE -- Apply Severity (1-5) x Likelihood (1-5) matrix.

• Severity: Negligible (1) through Critical (5), calibrated to financial exposure as % of deal/contract value
• Likelihood: Remote (1) through Almost Certain (5), calibrated to precedent and triggering events
• Risk Score = Severity x Likelihood

Phase 3: CLASSIFY

| Score | Level | Color | Escalation | |-------|-------|-------|------------| | 1-4 | Low | GREEN | Accept. Monitor quarterly. | | 5-9 | Medium | YELLOW | Mitigate. Assign owner. Monthly review. | | 10-15 | High | ORANGE | Senior counsel. Outside counsel if needed. Weekly review. | | 16-25 | Critical | RED | GC/C-suite/Board. Outside counsel. Litigation hold if applicable. Daily review. |

Phase 4: DOCUMENT -- Risk memo with contributing factors, mitigating factors, mitigation options, recommended approach, residual risk, monitoring plan.

Gate: Both severity and likelihood ratings justified with specific rationale. Score calculated. Escalation path defined.

---

Mode: WRITING

Framework: CLASSIFY -> DRAFT -> REVIEW

Load references/legal-writing.md for format templates and escalation triggers.

Phase 1: CLASSIFY -- Determine document type.

| Type | Use Case | |------|----------| | Legal memo | Internal analysis of a legal question | | Legal brief | Summary of issue, law, and recommendation | | Legal response | Templated response to common inquiries (DSR, litigation hold, vendor question, NDA request, subpoena) | | Meeting brief | Pre-meeting context, talking points, action items | | Incident brief | Rapid brief for developing situations (breach, litigation threat, regulatory inquiry) |

Phase 2: DRAFT -- Generate document in the appropriate format.

For legal responses: check escalation triggers before generating. If any trigger fires (regulatory inquiry, potential litigation, criminal exposure, media attention, multiple jurisdictions), stop and recommend escalation instead of a templated response.

Phase 3: REVIEW -- Present draft for user review. Note any assumptions, gaps, or areas needing counsel input.

Gate: Document type correctly identified. Escalation triggers checked. All required elements present.

---

Mode: VENDOR

Framework: IDENTIFY -> INVENTORY -> GAP ANALYSIS -> REPORT

Phase 1: IDENTIFY -- Accept vendor name. Handle variations (legal name vs. trade name, abbreviations, parent/subsidiary).

Phase 2: INVENTORY -- Search for all agreements with the vendor. For each agreement found, capture: type (NDA/MSA/SOW/DPA/SLA), status (active/expired/in-negotiation), effective date, expiration date, auto-renewal details, key terms.

Phase 3: GAP ANALYSIS -- Identify what exists vs. what should exist.

Required agreements by relationship type:

• Data processor: NDA + MSA + DPA + SOW minimum
• SaaS vendor: NDA + MSA/SaaS Agreement + DPA (if personal data) + SLA
• Professional services: NDA + MSA + SOW(s)
• Hardware/commodity: NDA + Purchase Agreement

Flag: agreements expired but with surviving obligations, approaching expirations (90-day window), DPA gaps when vendor handles personal data.

Phase 4: REPORT -- Consolidated status report with gap analysis and upcoming actions.

Gate: All available sources checked. Gaps identified. Approaching deadlines flagged.

---

LLM Failure Mode Awareness

Legal analysis is a high-risk domain for LLM failures. Load references/llm-legal-failure-modes.md and apply these guards on every mode:

| Failure Mode | Guard | |-------------|-------| | Fabricated case law or citations | Verify all citations with user before including. State "verify this citation" when referencing specific law. | | Invented regulatory requirements | Distinguish between "this regulation requires X" (high confidence, well-known) and "check whether this applies in your jurisdiction" (lower confidence). | | Jurisdiction confusion | Always ask which jurisdiction applies. Ask which jurisdiction applies. State which jurisdiction the analysis covers. | | Overconfident analysis | Use calibrated language: "likely," "typically," "in most jurisdictions" rather than absolutes. | | Missing clause interactions | Read entire contract before analyzing individual clauses. Clauses interact. | | Stale legal knowledge | Training data has a cutoff. Recommend counsel verify current regulatory state, especially for recently enacted or amended laws. |

---

Error Handling

| Error | Cause | Solution | |-------|-------|----------| | No contract provided | User asks for review without document | Prompt for document in any format | | Ambiguous jurisdiction | Multi-jurisdiction deal | Ask user to specify primary jurisdiction. Note differences. | | No playbook configured | First use, no organizational standards | Proceed with market-standard positions. Note clearly. | | Contract too long (50+ pages) | Large agreement | Offer to focus on most material sections first, then complete review | | Conflicting regulations | Cross-border requirements clash | Flag conflicts explicitly. Do not pick a winner. Recommend counsel. | | Template needed for unknown type | No template for the inquiry type | Help user create a template following the creation guide in references |