Multi-state compliance · Runtime overlay · DTC + franchise

Your per-campaign 50-state legal review is taking 3-6 weeks. You ship monthly when you want to ship weekly. Move compliance from queue to runtime.

You operate across 50 states. Every meaningful campaign triggers a 3-6 week per-state legal review. The review is necessary — per-state rules differ for advertising content, pricing, consent, disclosures, your vertical overlay, and your license status. The review is also the rate-limiter on growth. A runtime per-jurisdiction overlay encodes the per-state rules as data your marketing agents consume at decision time. SAVE15 generates as SAVE15 in 47 states, SAVE10 in 2, and prohibited in 1 — automatically — with the rule-citation captured in the audit trail for legal’s post-hoc review.

Audit your compliance review surface (Tier 1)Explore Fractional CMO operation

Published May 30, 2026

Why pre-hoc legal review caps your campaign velocity

Each new campaign goes to legal for the 50-state review. The legal team holds the rules in a spreadsheet — what is allowed in which state, which disclaimers are required, which states are prohibited for your vertical, which channels are restricted. The review is a multi-week back-and-forth between marketing creative, legal, and the cross-functional team that knows the vertical specifics. Three to six weeks per campaign is typical.

The rules in the spreadsheet do not change much campaign-to-campaign. The work is recomputing the same per-state classification against a slightly different offer or channel mix. Most of the review time is repetition. Encoding the rules as data the marketing agents consume at decision time removes the repetition and makes legal a post-hoc audit reviewer rather than a pre-hoc campaign gate.

The gap is not the GRC system of record. The gap is the runtime overlay your marketing agents call before consequential actions.

We’ve built runtime overlays for multi-state operators. Here’s what we know.

You probably already use a GRC system of record — OneTrust, Drata, Vanta, LogicGate, ServiceNow GRC, RegEd. Each is good at the policy + evidence + audit trail primitive. The gap is the eligibility-evaluation API your marketing agents call inline at decision time. We bring the per-vertical rule encoding patterns, the effective-date versioning model, and the policy-change-diff playbook so regulatory updates produce a reviewable surface rather than a fire drill.

We have built this for DTC operators and franchise networks across regulated verticals. We know which concern areas dominate per vertical (cannabis: advertising + pricing-floor; alcohol: pricing-floor + happy-hour; financial-services: APR + disclosure; health-wellness: claim restrictions). We bring the per-vertical concern- area starter so the first 30 days of encoding has a ready baseline.

How we get from per-campaign legal review to runtime overlay

Step 1 — Tier 1 AI Readiness Assessment ($10k, 2-3 weeks). We audit your current per-jurisdiction policy coverage, identify which concern areas are encoded versus held in spreadsheets, and produce the overlay-config specification: the per-state per-vertical rule encoding schema, the eligibility-evaluation API surface, the versioned-policy-diff workflow.

Step 2 — Tier 2 AI Swarm Setup Sprint ($25-50k, 4-8 weeks). We build the overlay end-to-end: per-state per-vertical rule encoding, per-action per-channel per-cohort policy classification, eligibility-evaluation API, agent-stack integration, policy-conflict alerting, versioned-diff workflow on regulatory change. Your engineering team receives the running system, all source code, all credentials.

Step 3 — Tier 3 Fractional CMO with AI Swarm ($15-25k/month, 6-month minimum, 1-2 days/wk). We operate the overlay in production. Extend per-state coverage as new states or new verticals expand. Ingest regulatory change as it arrives. Coordinate per-rule operator reviews with your general counsel. Roll up a monthly per-state action-trend report.

What changes for you

You stop waiting on the multi-week legal review per campaign. The overlay handles the per-state classification at decision time; legal reviews the audit trail at their own cadence.

You stop reasoning about which spreadsheet has the current rule for which state. The overlay is the canonical source; spreadsheets get retired or become data-entry surfaces against the overlay.

You can answer the question your general counsel asks every quarterly review: are we shipping any campaigns that would not have passed pre-hoc legal review under the current rule set. The audit trail rolls up per state per rule-citation.

You can launch in a new state in 2-4 days rather than 4-8 weeks. The per-vertical concern-area starter applies; the new-state rule encoding extends the existing overlay rather than replacing it.

Frequently asked

What does a per-jurisdiction overlay actually do at runtime?

The overlay is a data layer your marketing agents consume at decision time. Given an intended action (offer + channel + cohort + jurisdiction), the eligibility-evaluation API returns one of three results: allowed (action proceeds as proposed), restricted-with-modification-required (action proceeds after applying the required modification, such as inserting a per-state disclosure block or rewriting a non-compliant claim), or prohibited (action skipped with a typed event marking the rule-citation that produced the prohibition). The agent stack calls the API before every consequential action — every promotional email send, every paid-ad creative submission, every offer eligibility check. The overlay constrains the agent decision space with operator-readable rule-citations the audit trail captures. Legal counsel reviews the audit trail post-hoc; the overlay enforces pre-hoc.

Why do OneTrust, Drata, Vanta, LogicGate, ServiceNow GRC, and RegEd not solve this?

Those platforms ship the governance-risk-and-compliance system of record — policies, evidence, audit trails, attestations. OneTrust focuses on privacy and consent. Drata + Vanta focus on continuous-control monitoring for SOC2 + ISO 27001. LogicGate + ServiceNow GRC ship enterprise GRC workflow. RegEd serves financial-services compliance. Each is good at the GRC primitive. None ships the per-jurisdiction runtime overlay your marketing agents consume at decision time. The overlay layer requires: per-state per-vertical regulatory-rule encoding, per-action per-channel per-cohort policy classification, an eligibility-evaluation API the agent stack consumes inline, alerting on policy conflict, and operator-readable versioned diff when regulations change. Building this is operator-side wiring on top of the GRC system of record.

What concern areas does the overlay cover and how is each encoded?

Six recur across multi-state operators. Advertising-content restriction (per-state rules on what claims can be made, what disclaimers are required, what channels are permitted). Pricing and discount rules (per-state pricing-floor laws, happy-hour or time-of-day restrictions, minimum-advertised-price requirements). Consent and disclosure (per-state CCPA / CPRA / VCDPA / CPA / CTDPA / UCPA / FDBR requirements; telemarketing-consent and SMS-opt-in requirements). Vertical-specific overlays (cannabis advertising; alcohol marketing; pharmaceutical claims; financial-services APR + disclosure; gambling and sweepstakes legality). Data residency (in-state-processing requirements per data class). License-status gating (the operator holds an active per-state license; license-expired states are auto-prohibited). Each area is encoded as per-state per-vertical rules with effective-date metadata. The overlay applies them at agent decision time.

How does the overlay handle regulatory change without breaking running campaigns?

Each rule has an effective-date. When a new rule version goes effective, the eligibility-evaluation API begins returning the new classification for actions evaluated under the new effective-date. Running campaigns evaluated under the prior policy version continue per their prior classification until the next evaluation cycle. The operator team sees a versioned diff when policy changes — for example: 17 active offers reclassified under a new Texas rule, 3 active offers reclassified under an amended California rule, 1 active offer newly prohibited under a new federal ruling. The team reviews and adjusts the affected actions. Regulatory change becomes manageable per-state-per-rule rather than per-campaign-per-50-states.

What does Completions commit to on Tier 3 if we run the overlay in production?

Tier 3 process commitments include: eligibility-evaluation at sub-second p95 latency for every agent decision; per-jurisdiction overlay updated within 5 business days of new per-state rule going effective; versioned-policy diff routed to your operations + legal leadership on every rule change with the list of affected actions; weekly per-state action-trend report; quarterly review of the per-vertical rule corpus with your general counsel. We commit to the operating discipline. Per-channel + per-state enforcement precision is tuned per stack and recorded as engagement KPIs.

Who owns the rule corpus, the policy decisions, and the agent stack credentials post-engagement?

Your team owns the per-state per-vertical regulatory-rule corpus, the per-action policy classifications, the final per-rule policy decisions (allowed vs restricted vs prohibited), the agent stack credentials, and the audit trail. Completions owns the orchestration knowledge: the rule-encoding runbook, the versioned-policy-update playbook, the per-vertical compliance-classification tuning history. At engagement end we transition operational ownership back to your team over 30-60 days with documented handover.

Start with the audit

Tier 1 AI Readiness Assessment ($10k, 2-3 weeks): we audit your per-jurisdiction policy coverage, identify which concern areas are encoded versus held in spreadsheets, and produce the overlay-config specification. If you decide to build, Tier 2 ships the runtime overlay. If you decide to operate it with us, Tier 3 runs it in production. You choose the next step at each gate.