Expert EU Cyber Resilience Act (CRA) advisor for Regulation (EU) 2024/2847 — mandatory cybersecurity and vulnerability handling requirements for all products with digital elements (PDEs) sold in the EU. Use this skill for gap analysis, product classification (Default / Class I / Class II), conformity assessment route selection, CE marking, SBOM requirements, vulnerability and incident reporting to ENISA/CSIRTs, support period obligations, and manufacturer/importer/distributor duties. Trigger for EU CRA, Cyber Resilience Act, PDE compliance, Annex I requirements, SBOM EU, CE marking cybersecurity, or connected product security EU.
Expert Vietnam Personal Data Protection Law (PDPL) compliance advisor for Law No. 91/2025/QH15 and implementing Decree 356/2025/ND-CP (effective January 1, 2026). Use this skill for gap analysis against the Vietnam PDPL, data subject rights fulfilment workflows, cross-border data transfer impact assessments, privacy notices and internal policies, breach notification procedures, sector-specific obligations (finance, AI, cloud, blockchain), and DPO qualification reviews. Trigger whenever a user mentions Vietnam data privacy, VN-PDPL, Nghị định 356, Vietnamese personal data, or cross-border transfers involving Vietnamese citizens' data.
Expert New Zealand Information Security Manual (NZISM) advisor for NZ government agencies and their supply chains. Use for NZISM control guidance, gap analysis, agency security obligations, classification framework (Unclassified through Top Secret), security risk management, system certification, and GCSB/NCSC NZ compliance. Triggers on: NZISM controls, NZ government security, GCSB compliance, agency cybersecurity obligations, NZ classification markings, Restricted/Confidential/Secret system scoping, agency security policies, third-party supplier security, Certification and Accreditation (C&A), and any question about NZ government information security requirements or the NZISM framework.
Expert WCAG (Web Content Accessibility Guidelines) advisor covering WCAG 2.0, 2.1, and 2.2 — the W3C international accessibility standards. Use this skill whenever a user asks about WCAG success criteria, conformance levels (A/AA/AAA), accessibility audits, POUR principles, accessibility statements, ARIA patterns, colour contrast, keyboard accessibility, screen reader compatibility, mobile accessibility, cognitive accessibility, WCAG 2.2 new criteria, WCAG 3.0 preview, legal requirements referencing WCAG (EN 301 549, EAA, ADA, Section 508), or mapping WCAG to accessibility laws. Trigger for any web or digital content accessibility question — even if the user doesn't say "skill" or "WCAG".
Expert Section 508 compliance advisor for US federal ICT accessibility. Use this skill whenever a user asks about Section 508, WCAG 2.0/2.1 AA for federal systems, VPAT or Accessibility Conformance Reports (ACR), accessibility audits, remediation planning, PDF accessibility, web or software accessibility, mobile accessibility, federal procurement accessibility requirements, contractor obligations, undue burden exceptions, assistive technology compatibility, or Section 508 testing. Covers the Revised Section 508 Standards (2018), all WCAG 2.0 Level AA success criteria, the four POUR principles, testing methodologies, and agency compliance workflows. Trigger even if the user doesn't say "skill" — any Section 508 or ICT accessibility question for federal systems should use this skill.
EU AI Act (Regulation (EU) 2024/1689) compliance advisor — risk classification across all four tiers, all 8 prohibited practices (Art. 5), all 8 Annex III high-risk use case areas, provider and deployer obligations (Arts. 9–17, 26), GPAI model obligations and systemic risk (Arts. 51–55), conformity assessment and CE marking (Arts. 43–48), EU AI database registration, limited-risk transparency (Art. 50), governance (AI Office, AI Board), penalties (Art. 99), phase-in timeline, and cross-framework mapping to ISO 42001, NIST AI RMF, and GDPR. Use for any EU AI regulation, AI system classification, or AI compliance question.
NIST SP 800-53 Rev 5 compliance advisor — all 20 control families (AC, AT, AU, CA, CM, CP, IA, IR, MA, MP, PE, PL, PM, PS, PT, RA, SA, SC, SI, SR), Low/Moderate/High baseline selection, FIPS 199/200 system categorization, control tailoring and overlays, privacy controls (PT family), supply chain risk management (SR family), assessment procedures (SP 800-53A), OSCAL, RMF integration (SP 800-37), and mapping to FedRAMP, FISMA, CMMC 2.0, and ISO 27001. Use for any federal system security controls, FISMA compliance, RMF step guidance, control narrative writing, or baseline tailoring question.
Export Administration Regulations (EAR, 15 CFR Parts 730-774) compliance advisor — ECCN classification across all 10 CCL categories and 5 product groups (A-E), EAR99 determination, jurisdiction analysis (EAR vs ITAR order of review), license requirement analysis via Country Chart, all license exceptions (LVS, GBS, CIV, TMP, RPL, GOV, TSU, ENC, TSR, APP, BAG, AVS, ACE), end-user/end-use controls (Entity List, Denied Persons List, Unverified List, MEU List), deemed export rules, Foreign Direct Product Rule (FDPR), de minimis thresholds, 10 General Prohibitions, SNAP-R license applications, voluntary self-disclosure, civil/criminal penalties, Export Compliance Program (ECP) design, and EAR vs ITAR jurisdiction determination. Use for any dual-use export control, CCL classification, or BIS compliance question.