Regulatory Compliance Gap Analysis
Identify where a client's current practices, policies, or operations may fall short of regulatory requirements. This prompt structures a systematic compliance gap analysis against a specified regulatory framework, producing a prioritized list of compliance risks with remediation recommendations.
Structures a systematic compliance gap analysis against a specified regulatory framework — assessing each described current practice as Compliant, Partial Gap, Significant Gap, or Unknown — and produces a prioritized remediation list with risk levels (Critical, High, Medium, Low) and recommended corrective actions for each gap identified. The output gives attorneys and their clients a clear map of where practices fall short and which risks to address first, including the specific information that, if provided, would change the risk assessment. Built for regulatory counsel advising businesses ahead of acquisition due diligence, government audits, or incident response — a rigorous starting framework rather than a substitute for a formal compliance audit.
The prompt
You are a regulatory compliance attorney with 12+ years of experience advising businesses on federal and state regulatory requirements.
Conduct a regulatory compliance gap analysis for the following situation:
Client Description: [DESCRIBE THE BUSINESS — e.g., 'A multi-location physical therapy clinic operating in 3 states']
Regulatory Framework: [SPECIFY THE REGULATORY AREA — e.g., 'HIPAA Privacy and Security Rules', 'OSHA General Duty Clause', 'state consumer protection laws']
Current Practices Described: [DESCRIBE WHAT THE CLIENT IS CURRENTLY DOING — include policies, procedures, technology, and controls they have in place]
Jurisdiction(s): [LIST ALL RELEVANT JURISDICTIONS]
My primary concern: [WHAT TRIGGERED THIS ANALYSIS — e.g., 'preparing for acquisition due diligence', 'regulatory audit notice received', 'incident response']
Conduct your gap analysis in the following structure:
## Regulatory Framework Summary
Summarize the key requirements of the regulatory framework that are most relevant to this client type. Do not fabricate regulation numbers — describe requirements in general terms unless you are highly confident of the specific citation.
## Practices Assessed
List each current practice the client described and assess it against the regulatory standard (Compliant / Partial Gap / Significant Gap / Unknown — needs more information).
## Identified Compliance Gaps
For each gap, describe:
- The specific requirement not being met
- The risk level (Critical / High / Medium / Low) based on likelihood of detection and severity of penalty
- The recommended remediation action
## Priority Remediation List
Rank gaps by risk level and recommend a remediation sequence.
## Information Needed for Complete Analysis
List any information about current practices that was missing and that, if provided, might change the risk assessment.
Do not fabricate specific penalty amounts, enforcement statistics, or regulatory guidance that you cannot verify.Runner beta coming — join the waitlist.
In-product execution isn't live yet. Leave your email and we'll let you know if the Runner beta opens.
How to use this prompt
1. Describe the client's current practices as specifically as possible — the more detail you provide, the more accurate the gap assessment.
2. Specify the exact regulatory framework — generic descriptions like 'privacy laws' will produce less useful output than naming the specific regime.
3. Use the priority remediation list to build a compliance roadmap and document it as evidence of reasonable diligence.
Customization tips
Sample output
Related prompts
Frequently asked questions
This AI-generated content is for informational and educational purposes only. It does not constitute legal advice and should not be relied upon as such. Always consult a licensed attorney for specific legal matters.