What is per-vertical compliance overlay — and what is the per-vertical-overlay-registry-times-per-vertical-authoritative-source-times-per-vertical-update-cadence-times-per-vertical-staleness-detection problem distinctive to this skill?

A multi-vertical operator (multi-unit franchise + multi-location retail + DTC ecommerce + multi-vertical regulated) ships compliance overlays across 30-50 verticals (healthcare + financial-services + education + children + credit + telecom + email + pharma + DEA-controlled + alcohol + + tobacco + Section 230 + GDPR EU + LGPD Brazil + DPDP India + APPI Japan + PIPL China + 18-state US privacy + SOX + FINRA + SEC + ABA + per-state-bar + per-state-medical + per-state-pharmacy + per-state-real-estate + per-state-insurance + per-state-mortgage). Each vertical ships its own authoritative source + update cadence + per-section severity. The four-skill bundle on the per-vertical-compliance-overlay agent — Author, Compose, Refresh, Audit — sits above the policy-engine + per-vertical-regulator + authoritative-source substrate (TypeScript + JSON Schema + Apache Avro + Protobuf + Confluent Schema Registry + Apicurio + OPA Rego + Cedar + AWS Verified Permissions + Casbin) and writes a per-vertical per-tenant canonical overlay record. The operationally distinctive anchor: per-vertical compliance overlay registry (HIPAA Healthcare 45 CFR Part 160/162/164 + state mini-HIPAA + GLBA Financial 16 CFR Part 313 + Safeguards Rule 16 CFR Part 314 + FERPA Education 34 CFR Part 99 + COPPA Children 16 CFR Part 312 + FCRA Credit 15 USC 1681 + TCPA Telecom 47 USC 227 + CAN-SPAM Email 15 USC 7701 + FDA Pharma 21 CFR Part 200/314 + DEA Controlled Substances 21 CFR Part 1300-1321 + alcohol TTB 27 CFR + state ABC + 38- state-board + tobacco state-board + Section 230 CDA + DMCA Section 512 + GDPR EU 2016/679 + LGPD Brazil + DPDP India 2023 + APPI Japan + PIPL China + 18-state US privacy (CCPA + CPRA + VCDPA + CPA + CTDPA + UCPA + ICDPA + INDPA + TIPA + TDPSA + MCDPA + OCPA + DPDPA + FDBR + NHDPA + NJDPA + KCDPA + MODPA) + per-state biometric (BIPA + CUBI + Washington biometric + Maryland HB1093) + SOX 302/404/906 + FINRA Rule 2210/3110/4511 + SEC Regulation FD + Investment Advisers Act 1940 + Reg D + Reg S + ABA Model Rule 7.1-7.5/1.18/5.4/7.3 + per-state-bar 50-state matrix + per-state-medical 50-state + per-state-pharmacy 50-state + per-state-real-estate + per-state-insurance + per-state-mortgage NMLS + RESPA + Fair Housing Act + ELVIS Act 2024 + per-state right-of-publicity + FDD Item 12 + Item 19 + 15-state franchise) + per-vertical overlay-composition algebra (∩ intersection + ∪ union + ∁ complement + ⊕ symmetric difference) + per-vertical authoritative-source (CFR + USC + EUR-Lex + state regulation + state professional licensing board + state attorney general) + per-vertical update-cadence (per-CFR quarterly + per-USC annual + per-FDA monthly + per-EU Official Journal weekly + per-state biannual + per-emergency hotfix) + per-vertical staleness-detection (per-overlay last-known-good + per-overlay regression-test + per-overlay sunset-clause + per-overlay enforcement-incident retrospective).

How does Author + Compose work?

Author runs per-vertical overlay definition: per-vertical TypeScript discriminated-union schema + JSON Schema Draft 2020-12 + Apache Avro + Protobuf + Confluent Schema Registry registration. Per-vertical authoritative-source linking (CFR section + USC section + EUR-Lex reference + state-regulation citation + state-professional-licensing-board citation + state-attorney-general citation). Per-vertical overlay rule (per-vertical IF condition + THEN action + per-vertical exception + per-vertical safe-harbor + per-vertical waiver). Per-vertical severity classification (P0 immediate + P1 72-hour + P2 7-day + P3 30-day + P4 docs-only). Per-vertical sunset-clause + per-vertical regression-test. Compose runs per-vertical overlay-composition algebra: ∩ intersection (apply overlay only when ALL applicable verticals require) + ∪ union (apply overlay when ANY applicable vertical requires) + ∁ complement (apply overlay when NO applicable vertical allows exception) + ⊕ symmetric difference (flag overlay where applicable in some but not all). Per-tenant per-vertical applicability resolution. Per-vertical conflict-resolution when overlay-overlap (HIPAA vs FERPA when EdTech + healthcare; GLBA vs HIPAA when financial-wellness; FCRA vs TCPA when credit-call) via per-source authority hierarchy + per-tenant policy override.

What does Refresh + Audit do?

Refresh runs per-vertical authoritative-source polling + per-vertical update-cadence enforcement: per-CFR quarterly absorption + per-USC annual absorption + per-FDA monthly absorption + per-EU Official Journal weekly absorption + per-state biannual absorption + per-emergency hotfix immediate. Per-vertical staleness-detection: per-overlay last-known-good + per-overlay regression-test + per-overlay sunset-clause + per-overlay enforcement-incident retrospective. Per-vertical severity classification: P0 enforcement-incident hotfix (immediate block + alert + rollback) + P1 authoritative-source update 72-hour + P2 sunset-clause expiration 7-day + P3 regression-test fail 30-day + P4 docs-only. Gate runs 5 anchors per-vertical per-tenant before any overlay commits to runtime policy engine. (1) Per-vertical compliance overlay registry (HIPAA + GLBA + FERPA + COPPA + FCRA + TCPA + CAN-SPAM + FDA + DEA + alcohol//tobacco + Section 230 + GDPR + LGPD + DPDP + APPI + PIPL + 18-state US privacy + SOX + FINRA + SEC + ABA + per-state-bar + per-state-medical + per-state-pharmacy + per-state-real-estate + per-state-insurance + per-state-mortgage + RESPA + Fair Housing + ELVIS + FDD Item 12/19) + per-vertical overlay-composition algebra (∩/∪/∁/⊕) + per-vertical authoritative-source + per-vertical update-cadence + per-vertical staleness-detection. (2) FTC Section 5 + Pfizer 1972 + CFPB UDAAP + Lanham + USPTO + Robinson-Patman + per-state UDTPA. (3) Per-vertical professional-licensing-board (per-state-bar + per-state-medical + per-state-pharmacy + per-state-real-estate + per-state-insurance + per-state-CPA + per-state-PE + per-state-architect + per-state-veterinarian). (4) EU AI Act Article 50 transparency when AI-ML overlay routing + Article 13/14/15 + Annex III when AI-ML overlay composition routes publish-block + Article 6/27 FRIA + DSA + DMA + GDPR Article 6/7/22/28/30 + LGPD + DPDP + PIPEDA + Quebec Law 25 + CCPA + CPRA + 18-state. (5) WCAG 2.2 AA + ARIA + EAA + ADA Title III + Section 508 + SOX 302/404/906 + COSO + Exchange Act 13(b)(2) + SEC Reg S-K. Audit writes a per-vertical per-tenant WORM overlay record: per-vertical authoritative-source + per-vertical update-cadence + per-vertical staleness check + per-vertical conflict-resolution + per-anchor gate-pass + AI-ML provenance + EU AI Act FRIA. Storage: AWS S3 Object Lock + Azure Blob immutable + GCS + Wasabi WORM. Retention: 7-year FTC + 7-year IRS + 7-year HIPAA + 7-year GLBA + 7-year state bar + 6-year SEC + 3-year FINRA + 7-year SOX + GDPR Article 30 + EU AI Act Article 12 + SOC 2 CC7/CC8.

What does this skill connect to on the per-vertical-compliance-overlay agent and across the swarm?

On the per-vertical-compliance-overlay agent: per-vertical overlay registry + per-vertical authoritative-source + per-vertical update-cadence + per-vertical staleness-detection + per-vertical conflict-resolution. Across the swarm: per-state-overlay-composer (#599 same overlay-composition algebra + complementary jurisdiction-axis: per-state vs per-vertical) + per-vertical pre-built compliance overlay templates (sibling) + per-vertical schema validation with maintained rule libraries (sibling) + per-vertical catalog schema validation (#597 DOWNSTREAM consumer of per-vertical overlay) + per-location compliant social drafting (#598 DOWNSTREAM consumer of per-vertical overlay) + per-location visitor-intent enrichment for franchise lead routing (#602 DOWNSTREAM consumer of per-vertical FCRA/TCPA/ABA overlay) + PE-sponsor LP letter drafting (#613 DOWNSTREAM consumer of SEC + Investment Advisers Act + FINRA overlay) + integration-drift-monitor agent (#562 + #569 + #570 same per-schema-drift substrate). Commercial-pillar parent: /per-vertical-compliance-overlays. Cross-skill foundational: this skill is the upstream canonical for every downstream skill that requires per-vertical overlay coverage.

What does the 6-workstream pre-engagement-baseline reporting cycle look like for this skill?

Every two weeks during the Tier 3 Fractional CMO with AI Swarm engagement, six workstreams report against the pre-engagement baseline. Workstream 1: per-portfolio per-vertical per-tenant overlay-coverage — verticals covered + tenants assigned + authoritative-sources absorbed + update-cadences enforced. Workstream 2: Author per-vertical overlay definition flow — per-vertical schema + authoritative-source linking + overlay rule + severity classification + sunset-clause + regression-test absorbed. Workstream 3: Compose per-vertical overlay-composition flow — ∩/∪/∁/⊕ algebra + per-tenant per-vertical applicability resolution + per-vertical conflict-resolution (overlay-overlap) + per-source authority hierarchy + per-tenant policy override. Workstream 4: Refresh per-vertical authoritative-source polling + update-cadence flow — per-CFR quarterly + per-USC annual + per-FDA monthly + per-EU Official Journal weekly + per-state biannual + per-emergency hotfix + per-vertical staleness-detection. Workstream 5: Regulatory-defense audit coverage — per-vertical compliance overlay registry (HIPAA + GLBA + FERPA + COPPA + FCRA + TCPA + CAN-SPAM + FDA + DEA + alcohol//tobacco + Section 230 + GDPR + LGPD + DPDP + APPI + PIPL + 18-state) + per-vertical authoritative-source + update-cadence + staleness + EU AI Act Article 50 + SOX. Workstream 6: FBC feedback-loop pattern-learning — per-vertical realized-vs-predicted overlay applicability + per-vertical authoritative-source update retrospective + per-vertical enforcement-incident retrospective.

Build pillar · per-vertical-compliance-overlay agent

How to build per-vertical compliance overlay

TypeScript discriminated-union per-vertical overlay schema + JSON Schema Draft 2020-12 + OpenAPI 3.1.0 + Apache Avro + Protobuf + Confluent Schema Registry + Apicurio per- vertical overlay registry + Open Policy Agent (OPA) + Rego policy + Cedar policy + AWS Verified Permissions + Casbin RBAC/ABAC + per-vertical authoritative-source registry (CFR Code of Federal Regulations + USC US Code + HIPAA 45 CFR + GLBA 16 CFR + FERPA 34 CFR + COPPA 16 CFR + FCRA 12 CFR + TCPA 47 CFR + CAN-SPAM 16 CFR + FDA 21 CFR + DEA 21 CFR + TTB 27 CFR + state regulation + state professional licensing board + EUR-Lex Official Journal + national gazette) substrate. The Author + Compose + Refresh + Audit skill bundle on the per- vertical-compliance-overlay agent sits above the policy- engine + per-vertical-regulator + authoritative-source substrate and writes a per-vertical per-tenant canonical overlay record with named regulatory anchors covering per-vertical compliance overlay registry (HIPAA + GLBA + FERPA + COPPA + FCRA + TCPA + CAN-SPAM + FDA + DEA + alcohol TTB + 38-state + tobacco state + Section 230 CDA + DMCA + GDPR EU + LGPD Brazil + DPDP India + APPI Japan + PIPL China + 18-state US privacy + per-state biometric + SOX 302/404/906 + FINRA + SEC + ABA Model Rule + per-state-bar/medical/pharmacy/real-estate/ insurance/mortgage + ELVIS Act 2024 + FDD Item 12/19) + per-vertical overlay-composition algebra (∩ ∪ &complement; ⊕) + per-vertical authoritative-source + per-vertical update-cadence (CFR quarterly + USC annual + FDA monthly + EUR-Lex weekly + state biannual + emergency hotfix) + per-vertical staleness-detection + EU AI Act Article 50.

Published January 14, 2027 · 3,200 words

The 4-skill bundle on the per-vertical-compliance-overlay agent

One agent. Four coordinated skills. The Author + Compose + Refresh + Audit bundle runs above the policy-engine + per-vertical-regulator + authoritative-source substrate and writes one canonical per-vertical per-tenant overlay record.

Author

Per-vertical overlay definition: TypeScript discriminated-union schema + JSON Schema + Apache Avro + Protobuf + Confluent Schema Registry. Per-vertical authoritative-source linking (CFR + USC + EUR-Lex + state-regulation + state-professional-licensing-board + state-attorney-general). Per-vertical overlay rule (IF condition + THEN action + exception + safe-harbor + waiver). Per-vertical severity (P0-P4). Per-vertical sunset-clause + regression-test.

Compose

Per-vertical overlay-composition algebra: ∩ intersection + ∪ union + &complement; complement + ⊕ symmetric difference. Per-tenant per- vertical applicability resolution. Per-vertical conflict-resolution (HIPAA vs FERPA when EdTech + healthcare; GLBA vs HIPAA when financial-wellness; FCRA vs TCPA when credit-call) via per-source authority hierarchy + per-tenant policy override.

Refresh

Per-vertical authoritative-source polling + per- vertical update-cadence enforcement: CFR quarterly + USC annual + FDA monthly + EU Official Journal weekly + state biannual + emergency hotfix immediate. Per- vertical staleness-detection: per-overlay last-known- good + regression-test + sunset-clause + enforcement- incident retrospective. Per-vertical severity P0-P4.

Audit

Per-vertical per-tenant WORM overlay record: per- vertical authoritative-source + per-vertical update- cadence + per-vertical staleness check + per-vertical conflict-resolution + per-anchor gate-pass + AI-ML provenance + EU AI Act FRIA. Retention: 7-year FTC + 7-year IRS + 7-year HIPAA + 7-year GLBA + 7-year state bar + 6-year SEC + 3-year FINRA + 7-year SOX + GDPR Article 30 + EU AI Act Article 12 + SOC 2 CC7/CC8.

The real ecosystem this sits above

Author + Compose + Refresh + Audit does not replace policy engines or per-vertical regulator authorities. It sits above them and writes one canonical per-vertical per-tenant overlay record.

Per-vertical overlay registry + schema

TypeScript discriminated-union per-vertical schema
JSON Schema Draft 2020-12 + OpenAPI 3.1.0
Apache Avro + Protobuf per-vertical overlay registry
Confluent Schema Registry + Apicurio
Per-vertical policy DSL + per-vertical compliance engine

Policy engine + per-vertical regulator

Open Policy Agent (OPA) + Rego policy engine
Cedar policy + AWS Verified Permissions
Casbin RBAC/ABAC + per-vertical policy DSL
HIPAA + GLBA + FERPA + COPPA + FCRA + TCPA + CAN-SPAM
FDA + DEA + alcohol TTB + 38-state + tobacco

Authoritative-source + update-cadence

CFR Code of Federal Regulations + USC US Code
EUR-Lex Official Journal + EU OJ + national gazette
State regulation + state professional licensing board
State attorney general + state insurance commissioner
Per-CFR quarterly + USC annual + FDA monthly + EUR-Lex weekly

Compliance overlay

Five anchors run per-vertical per-tenant before any overlay commits to runtime policy engine. The first anchor is operationally distinctive: per-vertical compliance overlay registry + per-vertical authoritative-source + per-vertical update-cadence + per-vertical staleness- detection + per-vertical overlay-composition algebra converge on every per-vertical overlay composition.

Anchor 1: Per-vertical compliance overlay registry + per-vertical authoritative-source + per-vertical update-cadence + per-vertical staleness-detection + per-vertical overlay-composition algebra (operationally distinctive)

Per-vertical compliance overlay registry: HIPAA Healthcare 45 CFR Part 160/162/164 + state mini-HIPAA + GLBA Financial 16 CFR Part 313 + Safeguards Rule 16 CFR Part 314 + state mini-GLBA + FERPA Education 34 CFR Part 99 + COPPA Children 16 CFR Part 312 + FCRA Credit 15 USC 1681 + 12 CFR + TCPA Telecom 47 USC 227 + 47 CFR Part 64 + CAN-SPAM Email 15 USC 7701 + 16 CFR Part 316 + FDA Pharma 21 CFR Part 200/314 + OPDP + FTC Health Products + DEA Controlled Substances 21 CFR Part 1300-1321 + alcohol TTB 27 CFR + state ABC alcohol board + 38- state- board + tobacco state-board + Section 230 CDA + DMCA Section 512 + GDPR EU 2016/679 + LGPD Brazil + DPDP India 2023 + APPI Japan + PIPL China + 18-state US privacy (CCPA + CPRA + VCDPA + CPA + CTDPA + UCPA + ICDPA + INDPA + TIPA + TDPSA + MCDPA + OCPA + DPDPA + FDBR + NHDPA + NJDPA + KCDPA + MODPA) + per-state biometric (BIPA + CUBI + Washington biometric + Maryland HB1093) + Sarbanes-Oxley 302/404/906 + COSO + Exchange Act 13(b)(2) + FINRA Rule 2210/3110/4511 + SEC Regulation FD + Investment Advisers Act 1940 + Reg D + Reg S + ABA Model Rule 7.1-7.5/1.18/5.4/7.3 + per-state-bar 50-state + per-state-medical 50-state + per-state-pharmacy 50-state + per-state-real-estate + per-state-insurance + per-state-mortgage NMLS + RESPA + Fair Housing Act + ELVIS Act 2024 + per-state right-of-publicity + FDD Item 12 + Item 19 + 15-state franchise. Per-vertical overlay-composition algebra (∩ intersection + ∪ union + &complement; complement + ⊕ symmetric difference). Per- vertical authoritative-source (CFR + USC + EUR-Lex + state regulation + state professional licensing board). Per-vertical update-cadence (per-CFR quarterly + per-USC annual + per-FDA monthly + per-EU Official Journal weekly + per-state biannual + per-emergency hotfix). Per-vertical staleness-detection (per- overlay last-known-good + regression-test + sunset- clause + enforcement-incident retrospective). Per- vertical conflict-resolution + per-vertical severity P0-P4.

Anchor 2: FTC + Lanham

FTC Section 5 + Pfizer 1972 + CFPB UDAAP + Lanham + USPTO + Robinson-Patman + per-state UDTPA.

Anchor 3: Per-vertical professional-licensing-board

Per-vertical professional-licensing-board (per-state- bar + per-state-medical + per-state-pharmacy + per- state-real-estate + per-state-insurance + per-state- CPA + per-state-PE + per-state-architect + per-state- veterinarian).

Anchor 4: EU AI Act + AI-ML overlay routing

EU AI Act Article 50 transparency when AI-ML overlay routing + Article 13/14/15 + Annex III when AI-ML overlay composition routes publish-block + Article 6/27 FRIA + DSA + DMA. GDPR Article 6/7/22/28/30 + LGPD + DPDP + PIPEDA + Quebec Law 25 + CCPA + CPRA + 18-state.

Anchor 5: Accessibility + SOX + WORM retention

WCAG 2.2 AA + ARIA + EAA + ADA Title III + Section 508. SOX 302/404/906 + COSO + Exchange Act 13(b)(2) + SEC Reg S-K. NIST AI RMF + ISO 42001 + ISO 27001 + SOC 2 Type II. Per-vendor LLM zero-retention + per-source DPA + per-API rate-limit. Storage: AWS S3 Object Lock + Azure Blob immutable + GCS + Wasabi WORM. Retention: 7-year FTC + 7-year IRS + 7-year HIPAA + 7-year GLBA + 7-year state bar + 6-year SEC + 3-year FINRA + 7- year SOX + GDPR Article 30 + EU AI Act Article 12 + SOC 2 CC7/CC8.

6-workstream reporting cycle

Every two weeks during a Tier 3 Fractional CMO engagement, six workstreams report against the pre-engagement baseline. No compliance coverage claims. Process commitments only.

1. Per-portfolio per-vertical per-tenant overlay- coverage. Verticals covered + tenants assigned + authoritative-sources absorbed + update-cadences enforced.
2. Author per-vertical overlay definition flow. Per-vertical schema + authoritative- source linking + overlay rule + severity classification + sunset-clause + regression-test absorbed.
3. Compose per-vertical overlay-composition flow. ∩/∪/&complement;/⊕ algebra + per-tenant per-vertical applicability + per-vertical conflict-resolution + per-source authority hierarchy + per-tenant policy override.
4. Refresh per-vertical authoritative-source polling + update-cadence flow. Per-CFR quarterly + per-USC annual + per-FDA monthly + per-EU Official Journal weekly + per-state biannual + per- emergency hotfix + per-vertical staleness-detection.
5. Regulatory-defense audit coverage. Per-vertical compliance overlay (HIPAA + GLBA + FERPA + COPPA + FCRA + TCPA + CAN-SPAM + FDA + DEA + alcohol/ /tobacco + Section 230 + GDPR + LGPD + DPDP + APPI + PIPL + 18-state) + per-vertical authoritative- source + update-cadence + staleness + EU AI Act Article 50 + SOX.
6. FBC feedback-loop pattern-learning. Per-vertical realized-vs-predicted overlay applicability + per-vertical authoritative-source update retrospective + per-vertical enforcement-incident retrospective.

FAQ

What is per-vertical compliance overlay — and what is the per-vertical-overlay-registry-times-per-vertical-authoritative-source-times-per-vertical-update-cadence-times-per-vertical-staleness-detection problem distinctive to this skill?: A multi-vertical operator (multi-unit franchise + multi-location retail + DTC ecommerce + multi-vertical regulated) ships compliance overlays across 30-50 verticals (healthcare + financial-services + education + children + credit + telecom + email + pharma + DEA-controlled + alcohol + + tobacco + Section 230 + GDPR EU + LGPD Brazil + DPDP India + APPI Japan + PIPL China + 18-state US privacy + SOX + FINRA + SEC + ABA + per-state-bar + per-state-medical + per-state-pharmacy + per-state-real-estate + per-state-insurance + per-state-mortgage). Each vertical ships its own authoritative source + update cadence + per-section severity. The four-skill bundle on the per-vertical-compliance-overlay agent — Author, Compose, Refresh, Audit — sits above the policy-engine + per-vertical-regulator + authoritative-source substrate (TypeScript + JSON Schema + Apache Avro + Protobuf + Confluent Schema Registry + Apicurio + OPA Rego + Cedar + AWS Verified Permissions + Casbin) and writes a per-vertical per-tenant canonical overlay record. The operationally distinctive anchor: per-vertical compliance overlay registry (HIPAA Healthcare 45 CFR Part 160/162/164 + state mini-HIPAA + GLBA Financial 16 CFR Part 313 + Safeguards Rule 16 CFR Part 314 + FERPA Education 34 CFR Part 99 + COPPA Children 16 CFR Part 312 + FCRA Credit 15 USC 1681 + TCPA Telecom 47 USC 227 + CAN-SPAM Email 15 USC 7701 + FDA Pharma 21 CFR Part 200/314 + DEA Controlled Substances 21 CFR Part 1300-1321 + alcohol TTB 27 CFR + state ABC + 38- state-board + tobacco state-board + Section 230 CDA + DMCA Section 512 + GDPR EU 2016/679 + LGPD Brazil + DPDP India 2023 + APPI Japan + PIPL China + 18-state US privacy (CCPA + CPRA + VCDPA + CPA + CTDPA + UCPA + ICDPA + INDPA + TIPA + TDPSA + MCDPA + OCPA + DPDPA + FDBR + NHDPA + NJDPA + KCDPA + MODPA) + per-state biometric (BIPA + CUBI + Washington biometric + Maryland HB1093) + SOX 302/404/906 + FINRA Rule 2210/3110/4511 + SEC Regulation FD + Investment Advisers Act 1940 + Reg D + Reg S + ABA Model Rule 7.1-7.5/1.18/5.4/7.3 + per-state-bar 50-state matrix + per-state-medical 50-state + per-state-pharmacy 50-state + per-state-real-estate + per-state-insurance + per-state-mortgage NMLS + RESPA + Fair Housing Act + ELVIS Act 2024 + per-state right-of-publicity + FDD Item 12 + Item 19 + 15-state franchise) + per-vertical overlay-composition algebra (∩ intersection + ∪ union + ∁ complement + ⊕ symmetric difference) + per-vertical authoritative-source (CFR + USC + EUR-Lex + state regulation + state professional licensing board + state attorney general) + per-vertical update-cadence (per-CFR quarterly + per-USC annual + per-FDA monthly + per-EU Official Journal weekly + per-state biannual + per-emergency hotfix) + per-vertical staleness-detection (per-overlay last-known-good + per-overlay regression-test + per-overlay sunset-clause + per-overlay enforcement-incident retrospective).
Why do OPA Rego + Cedar + Casbin + AWS Verified Permissions break at multi-vertical-30-50-vertical-multi-tenant scale?: Each policy-engine vendor ships per-rule flat policy primitive at single-jurisdiction level. None coordinates per-vertical per-tenant overlay registry against 30-50 named verticals + per-vertical authoritative-source + per-vertical update-cadence + per-vertical staleness-detection + per-vertical overlay-composition algebra (∩/∪/∁/⊕). None handles per-vertical authoritative-source absorption (CFR quarterly + USC annual + FDA monthly + EU Official Journal weekly + state biannual + emergency hotfix) + per-vertical staleness-detection (per-overlay last-known-good + regression-test + sunset-clause + enforcement-incident retrospective). None gates against per-vertical conflict-resolution when overlay-overlap (HIPAA vs FERPA when EdTech + healthcare overlap; GLBA vs HIPAA when financial-wellness overlap; FCRA vs TCPA when credit-call). None enforces SOX 302/404/906 when public-company multi-vertical material. None writes a per-vertical per-tenant WORM overlay audit trail with regulatory-defense retention. The four-skill bundle Author + Compose + Refresh + Audit sits above the policy-engine + per-vertical-regulator + authoritative-source substrate — it does not replace it.
How does Author + Compose work?: Author runs per-vertical overlay definition: per-vertical TypeScript discriminated-union schema + JSON Schema Draft 2020-12 + Apache Avro + Protobuf + Confluent Schema Registry registration. Per-vertical authoritative-source linking (CFR section + USC section + EUR-Lex reference + state-regulation citation + state-professional-licensing-board citation + state-attorney-general citation). Per-vertical overlay rule (per-vertical IF condition + THEN action + per-vertical exception + per-vertical safe-harbor + per-vertical waiver). Per-vertical severity classification (P0 immediate + P1 72-hour + P2 7-day + P3 30-day + P4 docs-only). Per-vertical sunset-clause + per-vertical regression-test. Compose runs per-vertical overlay-composition algebra: ∩ intersection (apply overlay only when ALL applicable verticals require) + ∪ union (apply overlay when ANY applicable vertical requires) + ∁ complement (apply overlay when NO applicable vertical allows exception) + ⊕ symmetric difference (flag overlay where applicable in some but not all). Per-tenant per-vertical applicability resolution. Per-vertical conflict-resolution when overlay-overlap (HIPAA vs FERPA when EdTech + healthcare; GLBA vs HIPAA when financial-wellness; FCRA vs TCPA when credit-call) via per-source authority hierarchy + per-tenant policy override.
What does Refresh + Audit do?: Refresh runs per-vertical authoritative-source polling + per-vertical update-cadence enforcement: per-CFR quarterly absorption + per-USC annual absorption + per-FDA monthly absorption + per-EU Official Journal weekly absorption + per-state biannual absorption + per-emergency hotfix immediate. Per-vertical staleness-detection: per-overlay last-known-good + per-overlay regression-test + per-overlay sunset-clause + per-overlay enforcement-incident retrospective. Per-vertical severity classification: P0 enforcement-incident hotfix (immediate block + alert + rollback) + P1 authoritative-source update 72-hour + P2 sunset-clause expiration 7-day + P3 regression-test fail 30-day + P4 docs-only. Gate runs 5 anchors per-vertical per-tenant before any overlay commits to runtime policy engine. (1) Per-vertical compliance overlay registry (HIPAA + GLBA + FERPA + COPPA + FCRA + TCPA + CAN-SPAM + FDA + DEA + alcohol//tobacco + Section 230 + GDPR + LGPD + DPDP + APPI + PIPL + 18-state US privacy + SOX + FINRA + SEC + ABA + per-state-bar + per-state-medical + per-state-pharmacy + per-state-real-estate + per-state-insurance + per-state-mortgage + RESPA + Fair Housing + ELVIS + FDD Item 12/19) + per-vertical overlay-composition algebra (∩/∪/∁/⊕) + per-vertical authoritative-source + per-vertical update-cadence + per-vertical staleness-detection. (2) FTC Section 5 + Pfizer 1972 + CFPB UDAAP + Lanham + USPTO + Robinson-Patman + per-state UDTPA. (3) Per-vertical professional-licensing-board (per-state-bar + per-state-medical + per-state-pharmacy + per-state-real-estate + per-state-insurance + per-state-CPA + per-state-PE + per-state-architect + per-state-veterinarian). (4) EU AI Act Article 50 transparency when AI-ML overlay routing + Article 13/14/15 + Annex III when AI-ML overlay composition routes publish-block + Article 6/27 FRIA + DSA + DMA + GDPR Article 6/7/22/28/30 + LGPD + DPDP + PIPEDA + Quebec Law 25 + CCPA + CPRA + 18-state. (5) WCAG 2.2 AA + ARIA + EAA + ADA Title III + Section 508 + SOX 302/404/906 + COSO + Exchange Act 13(b)(2) + SEC Reg S-K. Audit writes a per-vertical per-tenant WORM overlay record: per-vertical authoritative-source + per-vertical update-cadence + per-vertical staleness check + per-vertical conflict-resolution + per-anchor gate-pass + AI-ML provenance + EU AI Act FRIA. Storage: AWS S3 Object Lock + Azure Blob immutable + GCS + Wasabi WORM. Retention: 7-year FTC + 7-year IRS + 7-year HIPAA + 7-year GLBA + 7-year state bar + 6-year SEC + 3-year FINRA + 7-year SOX + GDPR Article 30 + EU AI Act Article 12 + SOC 2 CC7/CC8.
What does this skill connect to on the per-vertical-compliance-overlay agent and across the swarm?: On the per-vertical-compliance-overlay agent: per-vertical overlay registry + per-vertical authoritative-source + per-vertical update-cadence + per-vertical staleness-detection + per-vertical conflict-resolution. Across the swarm: per-state-overlay-composer (#599 same overlay-composition algebra + complementary jurisdiction-axis: per-state vs per-vertical) + per-vertical pre-built compliance overlay templates (sibling) + per-vertical schema validation with maintained rule libraries (sibling) + per-vertical catalog schema validation (#597 DOWNSTREAM consumer of per-vertical overlay) + per-location compliant social drafting (#598 DOWNSTREAM consumer of per-vertical overlay) + per-location visitor-intent enrichment for franchise lead routing (#602 DOWNSTREAM consumer of per-vertical FCRA/TCPA/ABA overlay) + PE-sponsor LP letter drafting (#613 DOWNSTREAM consumer of SEC + Investment Advisers Act + FINRA overlay) + integration-drift-monitor agent (#562 + #569 + #570 same per-schema-drift substrate). Commercial-pillar parent: /per-vertical-compliance-overlays. Cross-skill foundational: this skill is the upstream canonical for every downstream skill that requires per-vertical overlay coverage.
What does the 6-workstream pre-engagement-baseline reporting cycle look like for this skill?: Every two weeks during the Tier 3 Fractional CMO with AI Swarm engagement, six workstreams report against the pre-engagement baseline. Workstream 1: per-portfolio per-vertical per-tenant overlay-coverage — verticals covered + tenants assigned + authoritative-sources absorbed + update-cadences enforced. Workstream 2: Author per-vertical overlay definition flow — per-vertical schema + authoritative-source linking + overlay rule + severity classification + sunset-clause + regression-test absorbed. Workstream 3: Compose per-vertical overlay-composition flow — ∩/∪/∁/⊕ algebra + per-tenant per-vertical applicability resolution + per-vertical conflict-resolution (overlay-overlap) + per-source authority hierarchy + per-tenant policy override. Workstream 4: Refresh per-vertical authoritative-source polling + update-cadence flow — per-CFR quarterly + per-USC annual + per-FDA monthly + per-EU Official Journal weekly + per-state biannual + per-emergency hotfix + per-vertical staleness-detection. Workstream 5: Regulatory-defense audit coverage — per-vertical compliance overlay registry (HIPAA + GLBA + FERPA + COPPA + FCRA + TCPA + CAN-SPAM + FDA + DEA + alcohol//tobacco + Section 230 + GDPR + LGPD + DPDP + APPI + PIPL + 18-state) + per-vertical authoritative-source + update-cadence + staleness + EU AI Act Article 50 + SOX. Workstream 6: FBC feedback-loop pattern-learning — per-vertical realized-vs-predicted overlay applicability + per-vertical authoritative-source update retrospective + per-vertical enforcement-incident retrospective.

Engage Completions

Two ways to engage. The Tier 1 AI Readiness Assessment maps the policy-engine + per-vertical-regulator + authoritative-source substrate + per-vertical compliance overlay registry + per-vertical authoritative-source + per-vertical update-cadence + per-vertical staleness- detection surface against the Author + Compose + Refresh + Audit bundle. The Tier 3 Fractional CMO with AI Swarm embeds 1-2 days per week for 6+ months and runs the bundle end-to-end against the per-vertical-compliance- overlay agent across the swarm.

Tier 1 AI Readiness Assessment Tier 3 Fractional CMO with AI Swarm Not sure which tier? Take the 3-question quiz