Legal & Compliance — Free AI Prompts for M365 Copilot

Summarise this AUP into a one-page guide: what you CAN do, what you CANNOT do, grey areas, monitoring notice, consequences, how to report. Understandable in 3 minutes.

Create a compliance checklist for [REGULATION — GDPR / SOC2 / ISO 27001 / HIPAA / PCI-DSS / Essential Eight]. Include: (1) Requirement description, (2) Evidence needed, (3) Current status (compliant, partial, gap), (4) Owner, (5) Remediation steps for gaps, (6) Review frequency. Focus on requirements relevant to [ORGANISATION TYPE]. Pre-populate status as Not Assessed.

Review this contract and provide: (1) Summary of key terms (parties, scope, duration, value), (2) Obligations for each party, (3) Termination conditions, (4) Liability and indemnification clauses, (5) Payment terms, (6) Renewal or auto-renewal provisions, (7) Red flags or unusual clauses, (8) Missing clauses that should be included. Note: this is for initial review — legal counsel should approve.

Review this DPA: (1) Data processed, (2) Purposes, (3) Controller vs processor duties, (4) Sub-processors, (5) Cross-border transfers, (6) Breach notification timeframes, (7) Audit rights, (8) Data return on termination. Flag deviations from standard clauses.

Review this DPA: data processed, purposes, controller vs processor, sub-processors, cross-border transfers, breach notification, audit rights, data return. Flag deviations.

Review this agreement for IP provisions: (1) Who owns work product, (2) Background IP treatment, (3) Licence grants, (4) Assignment of rights, (5) Third-party IP usage, (6) Open source obligations, (7) Moral rights waiver, (8) IP warranties. Flag any provisions that limit our ownership of deliverables.

Review IP provisions: who owns work product, background IP, licence grants, assignment rights, third-party IP, open source, moral rights, warranties. Flag ownership limitations.

Prepare a legal brief for [INCIDENT TYPE — data breach / unauthorized access / compliance violation]. Include: (1) Factual summary of what occurred, (2) Data types and individuals affected, (3) Applicable regulations and notification requirements, (4) Timeline of required actions (notification deadlines), (5) Potential legal exposure, (6) Recommended immediate legal steps. This is for internal counsel preparation.

Summarise this NDA highlighting: (1) What is considered confidential, (2) What is excluded, (3) Duration of confidentiality obligations, (4) Permitted disclosures, (5) Return or destruction of information requirements, (6) Which party has more restrictive obligations, (7) Governing law. Flag anything unusual or one-sided. Note: for awareness only — consult legal for binding advice.

Compare these two versions of [POLICY NAME] and provide: (1) Summary of all changes (additions, removals, modifications), (2) Impact assessment of each change on [STAKEHOLDERS], (3) Changes that increase obligations or restrictions, (4) Changes that relax requirements, (5) Recommended questions to ask the policy owner. Present as a change log table.

Draft a privacy notice for [PRODUCT/SERVICE/WEBSITE]. Cover: (1) What data we collect, (2) How we use it, (3) Legal basis for processing, (4) Data sharing and third parties, (5) Data retention periods, (6) User rights (access, deletion, portability), (7) Cookie usage, (8) Contact details for privacy queries. Comply with: [REGULATION — GDPR / Privacy Act / CCPA]. Use plain language.

Summarise the ToS for [TOOL/SERVICE] focusing on: (1) Data ownership, (2) How they use our data, (3) Liability limits, (4) Termination and data portability, (5) Acceptable use, (6) SLA commitments, (7) Price change provisions, (8) Red flags for enterprise use. Keep under one page.

Summarise the terms of service for [TOOL/SERVICE] focusing on: (1) Data ownership and intellectual property, (2) How they use our data, (3) Liability limitations, (4) Termination and data portability, (5) Acceptable use restrictions, (6) SLA and uptime commitments, (7) Price change provisions, (8) Red flags for enterprise use. Keep it under one page.

Conduct a vendor risk assessment for [VENDOR NAME] providing [SERVICE]. Evaluate: (1) Data they will access or process, (2) Security certifications (SOC2, ISO 27001), (3) Data processing agreement status, (4) Sub-processor disclosure, (5) Incident notification obligations, (6) Insurance coverage, (7) Geographic data residency, (8) Exit strategy and data return. Rate overall risk as Low/Medium/High.