Compliance Training Agent
One auditable pipeline for mandatory-training assignment, completion tracking and affirmative-defense evidence - built so that the Title VII Faragher-Ellerth defence, the state harassment-training mandates, the UK Bribery Act adequate-procedures defence, EU AI Act AI literacy and the DOJ compliance-program test are all evidenced as a by-product, not reconstructed under audit.
Mandatory training assignment and tracking: Title VII Faragher-Ellerth affirmative defence, CA AB 1825/NY Stop Sexual Harassment Act, UK Bribery Act Section 7 and EU AI Act Article 4 AI literacy.
Analyse your processA selection from over 5,000 projects in 25 years of software development
One auditable pipeline for mandatory-training assignment, completion tracking and affirmative-defense evidence
The Agent breaks the mandatory-training process into 15 documented decision steps, each with a defined decider - rules engine, AI agent or human - and a per-framework regulatory-mandate flag that replaces spreadsheet-based tracking. Training assignment runs deterministically through a versioned curriculum, role-based gap analysis, auto-enrolment, tiered reminders, completion verification and retention measurement, against the US anti-harassment, whistleblower, FCPA, AML and OSHA regimes, the UK Bribery and Modern Slavery Acts and the SM&CR, and the EU GDPR, Whistleblower Directive, AI Act AI literacy, NIS2 and CSDDD. The Faragher-Ellerth affirmative-defense evidence is assembled from the anti-harassment policy distribution, the complaint-procedure communication, the supervisor training and the reasonable-care documentation. AI literacy compliance runs through a role-tailored Article 4 curriculum, and the UK Bribery Act adequate-procedures training is tracked principle by principle against the MoJ Guidance.
Outcome: For a group of 5,000 employees across the UK, EU and US handling 30 to 60 mandatory-training categories and 8,000 to 12,000 individual training obligations a year, the Agent produces audit-ready evidence instead of a spreadsheet flown blind. The completion gap shrinks from the industry-typical 22% to under 2% through auto-enrolment, tiered reminders and access-suspension. Faragher-Ellerth readiness moves from sample-based assurance to learner-level coverage, and the auditor finding rate on training compliance drops from a typical 6-12% to under 1%.
The fifteen deterministic steps span every applicable regime - and precisely because each one is fixed by statute, regulation or standard, the pipeline is machine-reproducible and audit-defensible:
Missing training records destroy the Faragher-Ellerth affirmative defence, EU AI Act AI literacy took effect on 2 February 2025, and the DOJ now tests whether training actually works. One auditable training pipeline answers all three.
International mandatory training does not run on one regulatory standard - it runs on twelve overlapping regimes at once across the UK, EU and US. Anti-harassment, anti-bribery, AML, AI-literacy, cybersecurity, whistleblower and modern-slavery training intersect with the US Title VII Faragher-Ellerth defence and the state harassment-training mandates, the SOX, Dodd-Frank, FCPA and DOJ compliance-program regimes and OSHA, the UK Bribery and Modern Slavery Acts and the SM&CR, and the EU GDPR, Whistleblower Directive, AI Act AI literacy, NIS2 and ISO 37301 - and every one of them imposes recordkeeping, retention and completion-evidence obligations.
A US-headquartered group of 5,000 employees across the UK, EU and US faces exposure on several axes at once. Without documented anti-harassment training, an employer forfeits the Faragher-Ellerth affirmative defence against vicarious liability for supervisor harassment, exposing it to compensatory and punitive damages, uncapped Section 1981 race claims and class-action exposure. A California AB 1825 breach triggers Civil Rights Department enforcement and loss of state contracting eligibility. Without adequate-procedures training, the UK Bribery Act Section 7 strict-liability defence falls away, exposing the organisation to uncapped tribunal awards and imprisonment for individuals. An EU AI Act AI-literacy breach reaches EUR 35 million or 7% of turnover, and a NIS2 cybersecurity breach reaches EUR 10 million or 2% for an essential entity.
One auditable mandatory-training pipeline
This Agent follows the Decision Layer principle: each decision is rule-based, AI-assisted or explicitly assigned to a human, with a per-framework regulatory-mandate flag replacing spreadsheet-based tracking. The obvious challenge is familiar: at 5,000 employees across the UK, EU and US, an organisation falls at once under the federal Title VII floor, six state harassment-training statutes, the UK Bribery Act, GDPR, the EU AI Act, NIS2, at least one collective agreement and 30 to 60 internal policies. Each framework changes independently. Even at 1,500 employees across three sites, this matrix easily generates 8,000 to 12,000 individual training obligations a year - each with its own due date, target group and documentation requirement.
Why cross-jurisdictional training needs fifteen steps, not a sample
A single-jurisdiction periodic training samples at a point in time; continuous cross-jurisdictional training needs fifteen deterministic steps, because the regimes overlap. The pipeline runs requirement identification by jurisdiction, role and threshold, curriculum translation, employee master-data integration, gap analysis, auto-enrolment, tiered reminders, completion verification, the Faragher-Ellerth affirmative-defense package, AI-literacy validation, UK Bribery Act adequate-procedures tracking, the state-specific harassment-training matrix, regulatory-content monitoring, pattern detection, non-completion remediation and completeness reporting - end to end.
A concrete cross-border example: a US-headquartered S&P 500 manufacturer with 5,000 employees - 3,200 across 14 US states (concentrated in the six harassment-training states), 1,200 in the UK and 600 in the EU - with 30 to 60 mandatory-training categories and 8,000 to 12,000 individual obligations a year, driven by new hires, role changes, location changes, regulatory amendments and M&A integration. That produces completion-tracking Decision Records, Faragher-Ellerth evidence packages per supervisor and location, the EEOC EEO-1 and state-agency reports, the UK Modern Slavery statement, the CSRD training disclosure, the EU AI Act deployer evidence, the GDPR records of processing, the EU Whistleblower Directive annual report and the NIS2 attestation.
In the Decision Layer, eight of the fifteen steps are rule-engine decisions - requirement identification, gap analysis, the tiered reminder schedule, completion verification, UK Bribery Act tracking, the state harassment-training matrix and the regulatory-mandate flag among them. Five are AI-augmented: employee master-data integration, auto-enrolment and delivery, the Faragher-Ellerth package, AI-literacy validation, the regulatory-content refresh, pattern detection and completeness reporting. Two require human Compliance, L&D and Legal validation - curriculum version control and non-completion remediation with disciplinary input. Every step carries a timestamp, decider type, rationale and challenge mechanism.
What sets compliance training apart from compliance monitoring
Six dimensions distinguish this Agent from compliance monitoring. First, a role-based curriculum with a version-controlled catalogue and auto-enrolment through the LMS API. Second, a tiered reminder schedule with deterministic escalation and access-suspension for safety-critical training. Third, the Faragher-Ellerth affirmative-defense evidence package per supervisor, location and reporting period. Fourth, UK Bribery Act adequate-procedures tracking mapped principle by principle to the MoJ Guidance. Fifth, EU AI Act AI-literacy validation with a role-tailored curriculum and persons-affected mapping. Sixth, the state-specific harassment-training matrix, with each state’s cadence, content and delivery requirements.
The architecture satisfies cross-jurisdictional disclosure by construction, not retrofit. The EEOC EEO-1 and state-agency reports, the UK Modern Slavery statement, the CSRD training disclosure, the EU AI Act deployer evidence, the GDPR records of processing, the EU Whistleblower Directive annual report and the NIS2 attestation are all produced as outputs of the standard pipeline, not as separate compliance reporting. The Audit Trail that training generates as a by-product - when a course was assigned, when reminders went out, when completion was verified, what the assessment score was and when the retention quiz was passed - is exactly the documentation that EEOC charges, state-agency examinations, DOJ compliance-program evaluations, FCA SM&CR reviews and EU AI Office investigations expect as evidence. Audit preparation shrinks from weeks to hours because the evidence already exists.
Where Accountability Stays - Why the Agent is Not High-Risk
The Agent assigns training. It tracks completion. It escalates non-completion. It documents Faragher-Ellerth evidence. It generates completeness reports. What it does not do: decide who gets disciplined. Whether non-completion leads to a formal warning, whether a supervisor’s training gap leads to performance management, whether contract renewal is blocked - those are human decisions. Accountability for the root cause lies with the line manager or responsible department, not with the individual learner.
This separation is not just a governance choice. It is the reason the system is not high-risk under EU AI Act Annex III point 4. Training administration and completion tracking, without decisions that affect the employment relationship, is the architecture that lets the system deploy without a conformity assessment holding up the rollout. If the access-suspension or disciplinary-input automation expanded to autonomous performance evaluation or termination recommendation, it would become high-risk under the Act’s deployer obligations and fundamental-rights impact assessment. Works-council co-determination under the UK and EU consultation rules and the German and French frameworks applies to the introduction of training-tracking systems, with a documented training purpose, data, retention and access.
Cross-system integration
The Agent integrates with the full global learning, compliance-content, security-awareness and immersive-VR stack: Workday Learning, SAP SuccessFactors Learning and Oracle Learning Cloud for HCM-embedded learning; Cornerstone OnDemand, Litmos, Docebo, Absorb, TalentLMS, Bridge LMS and Saba Cloud for dedicated LMS; Skillsoft Percipio, NAVEX EthicsPoint Training, GAN Integrity, EVERFI Workplace Training and Veritas Compliance Training for compliance-content libraries; KnowBe4 Security Awareness, Compliance Plus and KMSAT for security awareness, phishing simulation and NIS2 cybersecurity; Mursion VR Training and EVERFI for immersive harassment and de-escalation training; and Coursera for Business, LinkedIn Learning Hub and Pluralsight for large-scale curated content. The Compliance Training Agent acts as the upstream regulatory-mandate, role-based-curriculum, completion-tracking, Faragher-Ellerth affirmative-defense, AI-literacy-validation, state-specific-harassment-training and access-suspension layer feeding the downstream HR, compliance, risk and audit workflow, or as the orchestration layer running parallel deployments where different business units use different LMS systems after an acquisition.
Micro-Decision Table
Who decides in this agent?
15 decision steps, split by decider
Identify the mandatory-training requirements for each entity and role For each entity, location, role, headcount threshold and regulatory framework, what is the full training catalogue, with role-based assignment, deadlines, refresher intervals, language requirements and completion-evidence standards? The framework is whichever applies - US Title VII anti-harassment training and the state harassment-training laws (California AB 1825, the New York and Illinois Acts and others), SOX, BSA/AML, FCPA and OSHA training; UK Bribery Act, Modern Slavery, GDPR and SM&CR training; EU GDPR, Whistleblower Directive, AI Act AI-literacy and NIS2 training; and ISO 37301, 37001, 27001 and 45001. Rules Engine Auditor
A deterministic rule-engine derives the training catalogue from the regulatory framework, the jurisdiction, the role and the headcount threshold, mapping each requirement back to its source - the EEOC Enforcement Guidance and Faragher-Ellerth doctrine, the state harassment-training statutes, the DOJ compliance-program training factor, the FCA Training and Competence sourcebook, the EDPB guidelines, the EU AI Office, ENISA and ISO 37301. It replaces a Compliance department's experiential mapping with a regulatory-traceable rule chain.
Decision Record
Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.
Challengeable by: Auditor
Translate the mandates into a version-controlled, role-based curriculum How is each framework (Title VII anti-harassment, the state harassment laws, FCPA and UK Bribery Act, the EU AI Act AI-literacy duty, GDPR, the Whistleblower Directive, NIS2, OSHA) translated into a role-based curriculum, each carrying a content version, validity period, regulator citation, delivery format, assessment, passing threshold and refresher interval? For example, California AB 1825 supervisor training becomes a two-hour interactive course covering quid pro quo, hostile work environment, retaliation, bystander intervention and the complaint procedure, with an 80% passing threshold and a biennial refresher - with the version history tracked per framework and state amendment. Human Auditor
A collaboration between Compliance, Legal, HR and L&D maintains the version-controlled curriculum, because curriculum definitions require domain expertise, legal interpretation, content review, an accessibility review and translation. Works-council co-determination applies under the UK and EU consultation rules to the scope and content of training where the headcount threshold is met.
Decision Record
Challengeable: Yes - via manager, works council, or formal objection process.
Challengeable by: Auditor
Pull employee master data and prior completion records from HR and the LMS Which sources are connected? The HRIS (Workday, SAP SuccessFactors, Oracle HCM, ADP, BambooHR, Hibob, Personio) for employee identity, role, department, location, contract type, start date, tenure, manager hierarchy and any lawfully captured protected-class indicators; and the LMS (Workday Learning, SAP SuccessFactors Learning, Cornerstone, Litmos, Docebo, Skillsoft Percipio, KnowBe4) for prior completion records, extracting each certification's expiry, assessment score, completion timestamp, delivery method and content version. AI Agent Auditor
AI-driven data integration with deterministic data-quality validation. The AI handles connector configuration, schema mapping, identity resolution, duplicate detection and the data-quality assessment; a deterministic check then gates data-source approval under Compliance and Legal governance, the GDPR security requirement and ISO 27001 access control. The agent reads only - it never writes to a source system.
Decision Record
Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.
Challengeable by: Auditor
Calculate each employee's training gap by role and jurisdiction Applying the role-based curriculum to each employee, what is the gap? Initial training due (on a new hire, role or location change, headcount-threshold crossing or new regulation); refresher training due (annual, biennial, triennial or event-triggered); supplemental training due (role-specific or on a regulatory amendment); and any overdue training - producing a per-employee plan with deadlines, prerequisites, delivery format, language and accessibility. For example, a California supervisor hired on 1 March 2026 needs AB 1825 training within six months, plus annual anti-harassment training if also in New York, quarterly FCPA training in a customer-facing role, and NIS2 training if part of an essential entity. Rules Engine Auditor
Gap analysis is deterministic against the pre-configured curriculum and role assignment, and consistent across employees, jurisdictions and regulatory frameworks. It is auditable under the DOJ compliance-program training factor, the EEOC Enforcement Guidance, the state harassment-training statutes, PCAOB AS 2201, the ICAEW guidance, the AICPA SOC 2 criteria and the relevant ISO standards.
Decision Record
Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.
Challengeable by: Auditor
Auto-enrol employees via the LMS API in their language and format How is enrolment triggered? An LMS API call per employee, training, deadline, format, language and accessibility profile - integrating with Workday Learning, SAP SuccessFactors Learning, Cornerstone, Litmos, Docebo, Skillsoft Percipio and KnowBe4. Content is delivered in the employee's preferred language with ADA and Section 508 accessibility (closed captions, screen-reader compatibility, keyboard navigation, colour contrast), via e-learning, virtual classroom, VR simulation, mobile or instructor-led depending on the regulatory requirement and the learner's profile. AI Agent Auditor
AI-augmented enrolment with a deterministic LMS API call. The AI handles language detection, the accessibility profile, the delivery-format selection and the deadline calculation; the deterministic API call then records the enrolment timestamp, assignment ID, learner ID and content version. Each enrolment is captured in an immutable Decision Log, satisfying the DOJ compliance-program guidance, the EEOC, the FCA TC sourcebook and the EU AI Act record-keeping requirement.
Decision Record
Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.
Challengeable by: Auditor
Send the tiered reminder schedule, escalating as the deadline nears What is the reminder schedule per training, deadline and criticality? An initial assignment notification with the deadline, access link and expected duration; a T-30 reminder by email, push and calendar invite; a T-14 reminder with a second-line escalation flag if the manager has overdue reports; a T-7 urgent reminder with manager notification; a T-1 final reminder requiring manager intervention; and, on a deadline breach, immediate escalation to the line manager, HR business partner and Compliance Officer, with an access-suspension flag for safety-critical training (OSHA, AML, AI literacy for AI deployers) - the content adapting to the learner's language, role and history. Rules Engine Auditor
The escalating reminder schedule is deterministic against the pre-configured criticality and deadline-proximity matrix, and consistent across employees, training types and jurisdictions. It is auditable under the DOJ compliance-program test of whether training is delivered effectively and measured for retention, and each reminder is captured in an immutable Decision Log under the ISO 37301 awareness and communication clauses.
Decision Record
Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.
Challengeable by: Auditor
Verify completion, assessment score, engagement and retention What does the LMS completion event capture? The timestamp, learner ID, content version and delivery format; the assessment score, passing threshold, attempt count and question-level analysis where available; the interactive engagement (video watch percentage, simulation or VR outcome, discussion participation); retention via post-training quizzes at 30, 90 and 180 days; the Faragher-Ellerth affirmative-defence documentation (content review, delivery confirmation, learner attestation, complaint-procedure acknowledgement); and the DOJ effectiveness indicators (tailoring to risks, delivery effectiveness, retention measurement, translation appropriateness). Rules Engine Auditor
Completion verification is deterministic against the LMS event and the assessment-engine output, and consistent across employees, training types and jurisdictions. It is auditable under the DOJ compliance-program guidance, the EEOC Faragher-Ellerth doctrine, the FCA TC sourcebook, PCAOB AS 2201, the AICPA SOC 2 criteria and the ISO 37301 performance-evaluation clause.
Decision Record
Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.
Challengeable by: Auditor
Generate the Faragher-Ellerth affirmative-defence evidence package What does the Faragher-Ellerth package, per supervisor, location and period, document to show the employer's reasonable care to prevent and promptly correct harassment? The anti-harassment policy distribution and acknowledgement; the complaint-procedure communication and accessibility; the anti-harassment training delivery (Title VII and the state laws) with content, method, language, duration, assessment, timestamp and learner attestation; the supervisor-specific training and reporting obligations; the complaint-investigation evidence (timeliness, impartiality, remediation); and the retaliation-prohibition documentation - in a package usable for an EEOC or state-agency charge response, tribunal evidence and class-action defence. AI Agent Auditor
AI-augmented evidence-package generation with deterministic content selection and formatting. The AI consolidates across employees, locations and periods and drafts the narrative, while a deterministic data layer keeps the package evidentiary-accurate. Records are kept for the longest applicable period - four years for California and federal Title VII, six for New York - and the package is distributed under attorney-client privilege through General Counsel governance.
Decision Record
Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.
Challengeable by: Auditor
Validate AI-literacy training under the EU AI Act How is AI-literacy training verified under the EU AI Act Article 4 for everyone working with AI systems? A basic curriculum for general staff (AI system types, capabilities, limitations, appropriate use, prohibited practices, reporting concerns); an intermediate one for AI users (input-data quality, output interpretation, error patterns, human oversight, incident reporting); an advanced one for high-risk AI deployers (the fundamental-rights impact assessment, log retention, monitoring, serious-incident reporting, worker information and consultation); and a role-tailored level that accounts for the person's technical knowledge, experience and context - with completion, retention and effectiveness tracked to the EU AI Office and EDPB guidance. AI Agent Auditor
AI-driven AI-literacy compliance validation with deterministic curriculum-tier assignment. The AI analyses the role context, selects the curriculum tier and maps the persons affected; a deterministic check then gates compliance approval under the EU AI Office rules, where an Article 26 deployer-obligation breach carries fines of up to EUR 35 million or 7% of global turnover.
Decision Record
Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.
Challengeable by: Auditor
Track UK Bribery Act adequate-procedures training for the strict-liability defence How is the UK Bribery Act Section 7 adequate-procedures training tracked as part of the strict-liability defence, mapped to the six MoJ Guidance principles? Proportionate-procedures training tailored to the risk, role and business model; top-level commitment evidenced through executive participation and board oversight; risk-assessment training covering geographic, sectoral, customer, transaction and partner risk; due-diligence training covering third parties, customers, suppliers, joint ventures and M&A; the communication and training principle, with content, method, language, completion verification and refresher cycle; and monitoring-and-review training covering escalation, investigation and remediation - tied to the FCPA, the OECD Anti-Bribery Convention and the DOJ FCPA Resource Guide. Rules Engine Auditor
Adequate-procedures training tracking is deterministic, mapped principle by principle to the UK MoJ Guidance, and consistent across employees and jurisdictions. It is auditable under the UK SFO's deferred-prosecution-agreement evaluation, the DOJ FCPA Resource Guide effectiveness assessment, the ISO 37001 awareness-and-training clause and the AICPA SOC 2 criteria.
Decision Record
Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.
Challengeable by: Auditor
Operate the multi-state harassment-training matrix How does the multi-state harassment-training matrix run? California AB 1825 - two hours for supervisors and one for non-supervisors every two years at employers with 5+ staff, enforced by the Civil Rights Department; the New York Stop Sexual Harassment Act and NYC Local Law 96 - annual interactive training for all employees with the state-specified topics; the Illinois Workplace Transparency Act - annual training for all employees plus a restaurant-industry supplement; the Connecticut Time's Up Act - two hours for all employees within six months of hire; Delaware HB 360 - interactive training within a year of hire with a biennial refresher; and Maine's statute - training within 300 days of hire. Per-state completion, content adequacy, delivery method, language and retention are all tracked. Rules Engine Auditor
A deterministic multi-state matrix applies each state-specific statute by role, tenure and completion threshold, consistently across employees and locations. It is auditable by the California, New York, NYC, Illinois, Connecticut, Delaware and Maine enforcement bodies, with each training event captured in an immutable Decision Log.
Decision Record
Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.
Challengeable by: Auditor
Monitor regulatory updates and auto-trigger a curriculum refresh Monitoring the regulatory and standard-setter sources continuously - the EEOC Enforcement Guidance and the state harassment-training amendments, the DOJ compliance-program guidance, the FCPA Resource Guide, FFIEC and FinCEN updates and OSHA standards; the UK FCA SYSC, PRA Rulebook, EHRC and ICO guidance and the MoJ Bribery Act Guidance; the EDPB guidelines, EU AI Office Article 4 guidance, ENISA NIS2 guidance and CSDDD transpositions; and the ISO 37301, 37001, 27001 and 45001 revisions - which material changes need L&D, Compliance and Legal approval, a curriculum update and a retraining trigger? AI Agent Auditor
AI-driven regulatory-change detection and impact analysis feed a deterministic update of the curriculum and retraining triggers. The AI extracts changes from the Federal Register, state legislatures, enforcement bulletins, EFRAG, the EU Official Journal and ISO updates, surfacing material ones for L&D and Compliance governance to approve; only then are the parameters updated. Consolidating across jurisdictions prevents update-lag where one regulatory theme touches several Member State implementations at once.
Decision Record
Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.
Challengeable by: Auditor
Detect non-completion patterns and class-action red flags Which patterns are flagged for review? Systematic non-completion by department, location or manager hierarchy, pointing to an organisational pattern; a post-complaint training-deferral pattern, pointing to retaliation under Title VII and the state harassment statutes; a supervisor-specific completion gap, pointing to a Faragher-Ellerth defence vulnerability; a language or accessibility gap, pointing to disparate-impact exposure; an M&A acquisition gap, pointing to successor liability; and a high-risk-role gap (FCPA-facing roles, AI deployers, DPO-supervised roles, NIS2 essential-entity staff), pointing to a regulatory-mandate breach - each routed to Compliance, Legal, the DPO and the AI Officer with a severity classification. AI Agent Auditor
AI-driven pattern detection with a deterministic severity classification. The AI analyses across employees, locations, departments and periods with statistical-significance testing; a deterministic severity threshold then gates the escalation, to the EEOC, state-agency, DOJ compliance-program, EU AI Office, EDPB and FCA SM&CR audit-readiness standard.
Decision Record
Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.
Challengeable by: Auditor
Enforce remediation, access-suspension and board reporting by severity How is non-completion remediation enforced by severity? Information (a single isolated overdue) - logged, no notification; Warning (repeated overdue or supervisor non-completion) - the line manager and HR business partner within five business days; Critical (a high-risk-role gap or regulatory-mandate breach) - the Compliance Officer, HR Director and DPO within 24 hours, with an access-suspension flag for safety-critical training (OSHA, AML, AI literacy for AI deployers); and Reportable (systemic non-completion or a litigation trigger) - the executive, board, general counsel and regulator per the jurisdictional requirements (a SOX material weakness and 8-K, an EEOC or state-agency charge response, the FCA SM&CR, EHRC or SFO, or an EU AI Act serious incident). Each case is tracked by ID with the remediation plan, deadline and closure evidence, and tied to disciplinary input and contract renewal where the role requires it. Human Auditor
Compliance, HR and Legal review the non-completion remediation, the access-suspension, the disciplinary input and the board reporting together. The AI severity classification is an input, not a decision; final remediation rests with a Compliance Officer, HR Director and General Counsel sign-off under ISO 37301, the IIA Standards, the DOJ compliance-program guidance and the EEOC Faragher-Ellerth reasonable-care standard. Works-council co-determination applies to the disciplinary input.
Decision Record
Challengeable: Yes - via manager, works council, or formal objection process.
Challengeable by: Auditor
Generate the completeness reports, regulator filings and audit packages Which stakeholder-specific completeness reports are generated? A line-manager dashboard with team completion, overdue items and a deadline calendar; an HR business-partner report with department completion, state-specific harassment training and retention; a Compliance Officer report with framework completion, the DOJ effectiveness indicators and material findings; a CHRO, DPO, AI Officer and General Counsel report with cross-functional, cross-jurisdictional completeness and audit readiness; a Board and Audit Committee report to the IIA Standards, DOJ guidance and PCAOB AS 2201; and the per-jurisdiction regulator filings (EEO-1 and state-agency reports, the SEC forms, the UK gender pay gap and Modern Slavery statement, the CSRD ESRS S1-13 training disclosure, the EU AI Act deployer evidence, the GDPR records of processing, the Whistleblower Directive annual report and the NIS2 attestation) - with retention set to the longest applicable jurisdiction. AI Agent Auditor
Reports are generated automatically in each stakeholder's and regulator's required format. The AI handles cross-jurisdictional consolidation, methodology harmonisation and template population, while a deterministic data layer keeps the figures accurate. Records are kept for the longest applicable period - four years for California and federal Title VII, five for OSHA, seven for SOX, ten under the EU AI Act - with assurance under ISAE 3000, the EU Audit Directive, PCAOB AS 2201 and the AICPA SOC 2 criteria.
Decision Record
Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.
Challengeable by: Auditor
Decision Record and Right to Challenge
Every decision this agent makes or prepares is documented in a complete decision record. Affected employees can review, understand, and challenge every individual decision.
Does this agent fit your process?
We analyse your specific HR process and show how this agent fits into your system landscape. 30 minutes, no preparation needed.
Analyse your processGovernance Notes
Assessment
Prerequisites
- Defined training requirements matrix per role plus location plus regulatory framework with version-controlled curriculum including US Title VII anti-harassment plus state-specific (California AB 1825 plus NY plus IL plus CT plus DE plus ME) plus SOX 806 plus FCPA plus AML plus OSHA plus UK Bribery Act 2010 Section 7 plus Modern Slavery plus SM&CR plus EU GDPR Article 39 plus EU AI Act Article 4 plus NIS2 plus EU Whistleblower Directive plus ISO 37301
- Read-only access to HR systems plus LMS being integrated: Workday HCM plus Workday Learning plus SAP SuccessFactors plus SAP SuccessFactors Learning plus Oracle HCM Cloud plus Oracle Learning Cloud plus Cornerstone OnDemand plus Litmos plus Docebo plus Absorb plus TalentLMS plus Bridge LMS plus Saba Cloud plus Skillsoft Percipio plus KnowBe4 plus NAVEX EthicsPoint Training plus Coursera for Business plus LinkedIn Learning Hub
- Compliance Officer plus HR Director plus L&D Director plus DPO plus AI Officer plus General Counsel assignment per domain plus jurisdiction with escalation chain documentation plus access-suspension authorisation matrix
- Faragher-Ellerth affirmative-defense documentation framework including anti-harassment policy plus complaint procedure plus supervisor expectations plus reasonable-care documentation plus retaliation prohibition plus per-state harassment training compliance (California CRD plus New York DHR plus NYC CCHR plus Illinois IDHR plus Connecticut CHRO plus Delaware DOL plus Maine DOL)
- Content authoring plus accessibility validation: SCORM plus xAPI plus AICC content plus ADA Section 508 accessibility (closed captions plus screen reader compatibility plus keyboard navigation plus color contrast) plus multi-language delivery plus VR simulation (Mursion plus EVERFI) plus interactive assessment plus retention measurement
- Reporting templates for regulatory plus audit purposes: EEOC EEO-1 Component 1 plus OFCCP AAP plus state agency annual reports plus SEC Form 8-K plus 10-Q plus 10-K plus DEF 14A plus UK Gender Pay Gap plus UK Modern Slavery statement plus EU CSRD ESRS S1-13 Training and skills development plus EU AI Act Article 4 plus Article 26 deployer evidence plus GDPR Article 30 RAT plus EU Whistleblower Directive annual report plus NIS2 compliance attestation
- Works council or worker representative agreement on automated training assignment plus completion tracking plus access-suspension scope per UK Information and Consultation of Employees Regulations 2004 plus EU Information and Consultation Directive 2002/14/EC plus German BetrVG plus French CSE plus Italian Statuto dei Lavoratori plus Netherlands COR with documented training purpose plus data plus retention plus access
- Decision logging infrastructure per EU AI Act Article 12 record-keeping plus GDPR Article 5(2) accountability plus ISO 27001 Annex A.5.36 plus SOC 2 Common Criteria CC1.5 plus US OFCCP 2-3 year retention plus EEOC 1-3 year retention plus California 4 year plus New York 6 year plus OSHA 5 year plus SOX 7 year plus EU Whistleblower Directive transposition retention plus EU AI Act Article 12 10 year retention
- Continuous regulatory-change monitoring subscription covering Federal Register plus state legislatures plus enforcement bulletins plus EFRAG plus EU Official Journal plus EDPB plus EU AI Office plus ENISA plus EHRC plus FCA plus ICO plus PRA plus DOJ plus SEC plus FFIEC plus OSHA plus IIA plus AICPA plus ISO standard updates
Infrastructure Contribution
What this assessment contains: 9 slides for your leadership team
Personalised with your numbers. Generated in 2 minutes directly in your browser. No upload, no login.
- 1
Title slide - Process name, decision points, automation potential
- 2
Executive summary - FTE freed, cost per transaction before/after, break-even date, cost of waiting
- 3
Current state - Transaction volume, error costs, growth scenario with FTE comparison
- 4
Solution architecture - Human - rules engine - AI agent with specific decision points
- 5
Governance - EU AI Act, works council, audit trail - with traffic light status
- 6
Risk analysis - 5 risks with likelihood, impact and mitigation
- 7
Roadmap - 3-phase plan with concrete calendar dates and Go/No-Go
- 8
Business case - 3-scenario comparison (do nothing/hire/automate) plus 3×3 sensitivity matrix
- 9
Discussion proposal - Concrete next steps with timeline and responsibilities
Includes: 3-scenario comparison
Do nothing vs. new hire vs. automation - with your salary level, your error rate and your growth plan. The one slide your CFO wants to see first.
Show calculation methodology
Hourly rate: Annual salary (your input) × 1.3 employer burden ÷ 1,720 annual work hours
Savings: Transactions × 12 × automation rate × minutes/transaction × hourly rate × economic factor
Quality ROI: Error reduction × transactions × 12 × EUR 260/error (APQC Open Standards Benchmarking)
FTE: Saved hours ÷ 1,720 annual work hours
Break-Even: Benchmark investment ÷ monthly combined savings (efficiency + quality)
New hire: Annual salary × 1.3 + EUR 12,000 recruiting per FTE
All data stays in your browser. Nothing is transmitted to any server.
Compliance Training Agent
Initial assessment for your leadership team
A thorough initial assessment in 2 minutes - with your numbers, your risk profile and industry benchmarks. No vendor logo, no sales pitch.
All data stays in your browser. Nothing is transmitted.
Related Pages
Related Agents
Equipment Provisioning Agent
Gets new hires a working, compliant workstation on day one - deriving the equipment profile, ordering it, configuring devices with a cybersecurity baseline, and meeting the ergonomic and accessibility duties under OSHA, the UK DSE Regulations and the ADA.
Onboarding Workflow Agent
From signed contract to productive employee - 50+ tasks, zero dropped balls.
Probation Management Agent
Probation deadline monitoring as a compliance obligation - structured tracking from day one to confirmation, so the retention decision is never made under last-minute pressure across the US, UK and EU.
Frequently Asked Questions
How does the Agent operationalise the US Title VII Faragher-Ellerth affirmative defence and the state harassment-training laws across multi-state operations?
How does the Agent operationalise EU AI Act Regulation 2024/1689 Article 4 AI literacy obligation effective 2 February 2025 plus Article 26 deployer training?
How does the Agent operationalise UK Bribery Act 2010 Section 7 adequate procedures including training as constituent of strict-liability defence?
How does the Agent process US Sarbanes-Oxley Section 806 Whistleblower training plus Dodd-Frank Section 922 SEC Whistleblower Program plus EU Whistleblower Protection Directive 2019/1937 training?
How does the Agent handle US OSHA safety training across the General Industry and Construction standards and the state-plan jurisdictions?
How does the Agent operationalise EU NIS2 Directive 2022/2555 cybersecurity training plus EU CSDDD due diligence training plus EU CSRD ESRS S1-13 Training and skills development disclosure?
How does the Agent integrate with Workday Learning, SAP SuccessFactors Learning, Oracle Learning Cloud, Cornerstone OnDemand, Litmos, Docebo, Absorb, TalentLMS, Skillsoft Percipio, KnowBe4, NAVEX EthicsPoint Training, Coursera for Business, LinkedIn Learning Hub, Mursion VR, and EVERFI?
What Happens Next?
30 minutes
Initial call
We analyse your process and identify the optimal starting point.
1 week
Discover
Mapping your decision logic. Rule sets documented, Decision Layer designed.
3-4 weeks
Build
Production agent in your infrastructure. Governance, audit trail, cert-ready from day 1.
12-18 months
Self-sufficient
Full access to source code, prompts and rule versions. No vendor lock-in.
Implement This Agent?
We assess your process landscape and show how this agent fits into your infrastructure.