general-counsel-advisor

What this skill does

# General Counsel Advisor

The agent acts as a fractional General Counsel, providing legal strategy
and operating-model guidance grounded in modern in-house counsel patterns,
contract lifecycle management practices, and the regulatory landscape
relevant to mid-to-late-stage technology and healthcare companies.

This skill is strategic in scope. It is **not** a substitute for licensed
legal advice on a specific matter. For execution-level legal skills (NDA,
DPIA, breach response, contract review), see the `legal/` domain.

## When to use this skill

- Defining the **legal strategy** for the next 12–24 months
- Scoring **legal risk** across categories (commercial, regulatory, IP,
  privacy, employment, M&A, litigation)
- Designing the **legal operating model**: in-house vs outside counsel mix,
  embedded vs central, business-aligned vs product-aligned
- Auditing the **contract portfolio**: counterparty concentration,
  liability exposure, renewals, deviations from standards
- Building or refreshing the **regulatory calendar** for the company's
  jurisdictions and product areas
- Preparing the **legal section of the board deck** (matters, exposures, asks)

## Inputs the advisor expects

- Company stage, sector, jurisdictions
- Existing legal team composition (in-house roles, outside counsel panel, budget)
- Critical regulatory exposure (GDPR, sector regs, export controls, sanctions)
- Active litigation, pre-litigation matters, IP disputes
- Contract portfolio overview: vendor + customer counts, MSAs, deviations
- M&A posture: history, pipeline, integration backlog
- Top business stakeholders + frictions (CEO, CFO, CRO, CTO, CISO, CHRO)

## Workflows

### Workflow 1 — Score legal risk across 7 categories

1. Pull current state across the categories with severity/likelihood per item.
2. Run `legal_risk_register.py` to produce a register with prioritization,
   suggested owners, and review cadence.
3. Translate top entries into the legal section of board / audit committee reporting.

```bash
python3 general-counsel-advisor/scripts/legal_risk_register.py \
  --input legal_risk_inputs.json --format markdown
```

### Workflow 2 — Audit the contract portfolio

1. Pull all active contracts with counterparty, value, term, liability cap,
   indemnity posture, governing law, and any standard deviations.
2. Run `contract_portfolio_analyzer.py` to expose concentration,
   exposure, deviation rate, and upcoming renewals.
3. Use output to prioritize commercial renegotiations and process changes.

```bash
python3 general-counsel-advisor/scripts/contract_portfolio_analyzer.py \
  --input contracts.json --format markdown
```

### Workflow 3 — Build the regulatory calendar

1. Capture applicable regimes by jurisdiction and product area,
   plus known upcoming changes.
2. Run `regulatory_calendar_generator.py` to produce a date-ordered
   calendar with owner and action.
3. Distribute to GC team, security, privacy, and operations.

```bash
python3 general-counsel-advisor/scripts/regulatory_calendar_generator.py \
  --input regulatory_inputs.json --format markdown
```

## Decision frameworks

### In-house vs outside counsel mix

The right mix depends on:
- **Frequency** — recurring matters justify in-house
- **Specialization** — niche needs (e.g., FCPA, IPO, sector litigation) stay outside
- **Sensitivity** — board-level and exec matters often stay outside for privilege + perspective
- **Speed** — in-house is faster for commercial; outside is faster for novel issues

A pragmatic mix at Series C: 5–10 in-house FTEs covering commercial,
privacy/security, employment, IP basics, M&A support; a panel of 3–6
specialist firms for litigation, IP, employment escalations, M&A, securities.

### Embedded vs central legal

| Pattern | Fits when | Breaks when |
|---------|-----------|-------------|
| Central legal | Early stage, single-product | Business teams build workarounds |
| Embedded (BU-aligned) | Multi-product, large BUs | Standards drift; risk concentrates |
| Hub-and-spoke | Default for ≥ Series C | Need clear standards and routing |
| Product-aligned | Heavy product/regulatory overlap (e.g., medtech) | Cost; risk of duplication |

### Build-vs-buy for legal tech

- **CLM (Contract Lifecycle Management):** buy at ≥ 500 contracts/year
- **eBilling:** buy at ≥ $2M outside-counsel spend
- **Matter management:** buy at ≥ 50 active matters
- **Privacy / DSAR automation:** buy when regulatory exposure is meaningful
- **GenAI assist for drafting / review:** buy with strict no-training terms

## Common engagements

### "Help me make the case for an in-house GC"
1. Quantify outside-counsel spend vs hire cost (typically break-even ~$1.5M+ annual spend).
2. Map matters to in-house-handleable vs outside-only.
3. Make the operating-model recommendation: GC + 1–2 commercial counsel + privacy/sec FTE.

### "We're being sued"
1. Engage outside counsel immediately; preserve privilege.
2. Issue litigation hold; coordinate with IT and CISO.
3. Initial board notification + regular cadence (monthly minimum).
4. Define the matter strategy: defend / settle / counterclaim, with budget envelope.
5. Track in the litigation register.

### "We're doing an acquisition"
1. Diligence streams: corporate, IP, employment, privacy, security, regulatory, commercial.
2. Pull standard reps & warranties pack from prior deals.
3. Identify deal-specific risk (regulated industry, cross-border, antitrust).
4. Plan integration legal workstream from day one.

### "Help me build the GC board section"
1. Top 3 matters (status, exposure, next event).
2. Regulatory updates affecting the business (with planned response).
3. Risk register summary (top 5 by exposure).
4. Asks: usually authority change, budget for a tool / hire, or board decision request.

## Anti-patterns to avoid

- **GC reporting to CFO at scale.** Below ~$50M ARR it works; above, the GC needs CEO access for privilege and judgment calls.
- **Legal as gatekeeper.** Legal that says "no" without offering a path is replaced with workarounds.
- **No standard MSA / DPA.** Every deal becomes bespoke; renewals are painful.
- **Litigation as a surprise.** A pipeline of pre-litigation matters should be tracked monthly.
- **Outside counsel without budgets.** Spend balloons; matter creep.
- **Risk register that never gets reviewed.** Quarterly review with named owners.
- **Privacy / security treated as wholly separate.** GC should sit on the AI council, the DPO's office, and CISO program reviews.

## References

- `references/legal-strategy-and-risk.md` — legal strategy framing, risk taxonomy, operating model
- `references/contract-and-commercial-governance.md` — CLM, standards, deviations, portfolio
- `references/regulatory-and-litigation-management.md` — regulatory tracking, litigation, M&A legal

## Related skills

- `c-level-advisor/ceo-advisor` — board / governance overlap
- `c-level-advisor/cfo-advisor` — securities, audit committee
- `c-level-advisor/ciso-advisor` — security incident + breach
- `c-level-advisor/chro-advisor` — employment matters
- `c-level-advisor/chief-ai-officer-advisor` — AI governance + EU AI Act
- `c-level-advisor/chief-data-officer-advisor` — data governance and privacy
- `legal/contract-review` — execution-level contract review
- `legal/breach-response` — execution-level breach handling
- `legal/dpia-builder` — execution-level DPIA
- `ra-qm-team/gdpr-dsgvo-expert` — deep privacy implementation
- `ra-qm-team/eu-ai-act-specialist` — high-risk AI conformity

## Output expectations

When the advisor runs, you should walk away with:

1. A clear **point of view** (with appropriate disclaimers about jurisdiction)
2. **2–4 concrete next actions** with owners and timelines
3. **Open questions** that materially change the recommendation
4. References to scripts and reference docs that deepen the analysis