Compliance Training Agent - Faragher-Ellerth, UK Bribery Act, EU AI Act | Gosign

US harassment training is operationally complex because Title VII Civil Rights Act 1964 plus EEOC Enforcement Guidance plus Faragher v City of Boca Raton 524 US 775 (1998) plus Burlington Industries v Ellerth 524 US 742 (1998) plus Vance v Ball State 570 US 421 (2013) create the federal floor while state statutes impose stricter cadence plus content plus delivery requirements. The Agent operationalises in five integrated phases. Phase 1 (Federal Floor): document Faragher-Ellerth affirmative-defense elements including (a) reasonable care to prevent and promptly correct harassment via documented anti-harassment policy plus complaint procedure plus supervisor training plus retaliation prohibition plus (b) employee unreasonably failed to take advantage of preventive opportunities; integrate with NAVEX EthicsPoint plus OneTrust whistleblower channel. Phase 2 (State Cadence Matrix): operate state-specific cadence including California AB 1825 - 2-hour supervisor plus 1-hour non-supervisor every 2 years for 5-plus employees enforced by California CRD; New York Stop Sexual Harassment Act 2018 plus NYC Local Law 96 - annual interactive training all employees; Illinois Workplace Transparency Act 2019 - annual all employees plus restaurant supplemental; Connecticut Time's Up Act 2019 - 2-hour all supervisors plus non-supervisors within 6 months; Delaware HB 360 - interactive within 1 year plus biennial refresher; Maine 26 MRS Section 807 - within 300 days. Phase 3 (Content Tailoring): tailor curriculum per state-required topics including quid pro quo plus hostile work environment plus retaliation plus bystander intervention plus complaint procedure; integrate with Skillsoft Percipio plus Cornerstone Compliance plus Mursion VR Training plus EVERFI Workplace Training. Phase 4 (Effectiveness Measurement): measure DOJ Compliance Program Evaluation factor 2(b) effectiveness indicators including tailoring plus delivery plus retention via post-training quiz at 30 plus 90 plus 180 days plus translation appropriateness; integrate with Workday Learning plus SAP SuccessFactors Learning plus Cornerstone Skills Graph. Phase 5 (Affirmative-Defense Package): generate per-supervisor plus per-location affirmative-defense evidence package compatible with EEOC charge response plus state agency response (California CRD plus NY DHR plus NYC CCHR plus Illinois IDHR plus Connecticut CHRO) plus tribunal evidence plus class-action defence under attorney-client privilege; record retention California 4 years plus New York 6 years plus federal Title VII 4 years.

EU AI Act Article 4 AI literacy compliance is operationally complex because Regulation 2024/1689 Article 4 (effective 2 February 2025) requires providers and deployers of AI systems to take measures to ensure to their best extent a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf, taking into account technical knowledge plus experience plus education plus training plus context plus persons or groups affected; Article 26 deployer obligations require human oversight by natural persons with necessary competence plus training plus authority plus support; Article 99 administrative fines reach EUR 35M or 7 percent global turnover for Article 26 deployer-obligation breach. The Agent operationalises in five integrated phases. Phase 1 (Persons-Affected Mapping): map all staff plus contractors plus third parties dealing with AI system operation including general staff plus AI users plus high-risk AI deployers plus human oversight personnel plus AI providers. Phase 2 (Curriculum Tier Assignment): assign basic AI literacy curriculum (general staff) covering AI system types plus capabilities plus limitations plus appropriate use plus prohibited practices plus reporting concerns; intermediate AI literacy (AI users) covering input data quality plus output interpretation plus error patterns plus human oversight plus incident reporting; advanced AI literacy (high-risk AI deployers per Article 26) covering FRIA per Article 27 plus log retention plus monitoring plus serious incident reporting plus worker information plus consultation. Phase 3 (Role-Tailored Delivery): tailor curriculum considering technical knowledge plus experience plus education plus training plus context plus persons-affected; integrate with Coursera for Business plus LinkedIn Learning Hub plus Pluralsight plus Skillsoft Percipio plus Cornerstone OnDemand. Phase 4 (Effectiveness Measurement): measure retention via post-training quiz at 30 plus 90 plus 180 days plus role-context performance indicators; integrate with Workday Skills Cloud plus Cornerstone Skills Graph plus SAP SuccessFactors. Phase 5 (Documentation and Audit-Readiness): document per Article 12 record-keeping plus EU AI Office implementing acts plus EDPB Guidelines plus Member State guidance; maintain audit-ready evidence for EU AI Office investigation plus Member State market surveillance authority plus Article 73 serious incident response.

UK Bribery Act 2010 compliance is operationally complex because Section 7 imposes strict liability on commercial organisations for failure to prevent bribery committed by associated persons unless the organisation can prove it had adequate procedures designed to prevent bribery; the UK Ministry of Justice Guidance principles 1-6 establish the framework: (1) proportionate procedures, (2) top-level commitment, (3) risk assessment, (4) due diligence, (5) communication including training, (6) monitoring and review; loss of training evidence forfeits the strict-liability defence under Section 7. The Agent operationalises in five integrated phases. Phase 1 (Proportionate Procedures Training): train per business-model risk profile plus jurisdiction plus customer-type plus transaction-type with curriculum tailored to role plus seniority plus customer-facing exposure; integrate with NAVEX EthicsPoint Training plus Skillsoft Percipio plus Cornerstone Compliance. Phase 2 (Top-Level Commitment Evidence): document executive participation plus board oversight plus management certification plus tone-from-the-top messaging plus consequence management. Phase 3 (Risk Assessment Training): train customer-facing staff plus procurement plus M&A plus joint venture plus government-relations roles on geographic plus sectoral plus customer-type plus transaction-type plus partner-type risk indicators including red flags. Phase 4 (Due Diligence Training): train procurement plus legal plus M&A plus joint venture personnel on third-party intermediaries plus customers plus suppliers plus joint ventures plus M&A due diligence including beneficial ownership plus prior incidents plus reputational checks. Phase 5 (Communication-Including-Training and Monitoring-Review): communicate policy plus procedure plus reporting channel plus retaliation prohibition; conduct refresher cycle plus event-driven retraining plus M&A integration training plus regulatory-amendment retraining; monitor effectiveness plus completion plus retention; integrate with FCPA cross-border training plus OECD Anti-Bribery Convention plus DOJ FCPA Resource Guide plus UK SFO Deferred Prosecution Agreement evaluation; civil penalties unlimited plus criminal penalties up to 10 years imprisonment plus unlimited fines.

Whistleblower training is operationally complex because US SOX Section 806 plus Section 1107 retaliation criminal liability plus Dodd-Frank Section 922 SEC Whistleblower Program plus EU Whistleblower Protection Directive 2019/1937 (transposition deadline 17 December 2021) plus Member State implementation (German HinSchG plus French Loi Sapin II plus Spanish Ley 2/2023 plus Polish whistleblower amendment) plus UK PIDA create overlapping training obligations for managers plus designated reporting recipients plus all employees. The Agent operationalises in five integrated phases. Phase 1 (Manager and Designated Recipient Training): train managers plus HR Business Partners plus Compliance Officers plus Internal Audit plus designated reporting recipients on whistleblower-rights plus anti-retaliation plus reporting procedures plus confidentiality plus EU Directive Article 9 7-day acknowledgment plus 3-month feedback. Phase 2 (All-Employee Awareness): train all employees on whistleblower channels plus protected disclosures plus retaliation prohibition plus anonymous reporting; integrate with NAVEX EthicsPoint Training plus OneTrust plus EQS Group plus Whistlelink plus Speakup. Phase 3 (Member State Specifics): tailor training to Member State implementation specifics including German HinSchG dual internal-external channel plus French Loi Sapin II two-tier reporting plus Spanish Ley 2/2023 internal information channel plus Polish whistleblower amendment retaliation prohibition. Phase 4 (US Federal Specifics): tailor training to US SOX Section 806 anti-retaliation civil remedy plus Section 1107 felony retaliation plus Dodd-Frank Section 922 SEC awards 10-30 percent over USD 1M plus DOJ Voluntary Self-Disclosure plus FCPA Corporate Enforcement Policy. Phase 5 (Effectiveness Measurement and Documentation): measure retention plus channel-awareness plus reporting-confidence via survey plus post-training quiz; document per EU Directive Article 7 plus SOX Section 806 plus PIDA tribunal-defence; civil penalties up to 4 percent global turnover or EUR 20M for EU Whistleblower transposition breach plus criminal penalties up to 10 years imprisonment for US SOX Section 1107 retaliation.

US OSHA training is operationally complex because Occupational Safety and Health Act 1970 plus 29 CFR 1910 General Industry plus 29 CFR 1926 Construction plus topic-specific standards (Hazard Communication 1910.1200 plus Lockout/Tagout 1910.147 plus PPE 1910.132 plus Respiratory Protection 1910.134 plus Bloodborne Pathogens 1910.1030 plus Confined Spaces 1910.146) plus 28 state-plan jurisdictions create overlapping training obligations with substantial penalty exposure. The Agent operationalises in five integrated phases. Phase 1 (Pre-Assignment Training): document mandatory training prior to job assignment per topic-specific standard including Hazard Communication GHS-aligned chemical hazard training plus Lockout/Tagout energy-isolation procedures plus PPE selection plus use plus maintenance plus Respiratory Protection fit-testing plus medical-evaluation plus Bloodborne Pathogens exposure-control plus universal-precautions plus Confined Spaces entry-permit plus rescue procedures; integrate with EVERFI Workplace Training plus Skillsoft Percipio plus Cornerstone OnDemand. Phase 2 (Annual Refresher and Hazard-Specific Training): operate annual refresher cycle plus hazard-specific training on equipment changes plus process changes plus near-miss incidents plus exposure incidents; integrate with VR simulation training (Mursion plus EVERFI) for high-hazard scenarios. Phase 3 (Language and Accessibility): deliver training in employee preferred language per OSHA Field Operations Manual plus ADA plus Section 508 accessibility; integrate with multi-language LMS (Workday Learning plus SAP SuccessFactors Learning plus Litmos). Phase 4 (State-Plan Specifics): tailor training to state-plan jurisdictions including California Cal/OSHA Heat Illness Prevention plus Workplace Violence Prevention SB 553 plus Michigan MIOSHA Process Safety Management plus Oregon OR-OSHA Wildfire Smoke plus Washington L&I Outdoor Heat plus Indiana Department of Labor; track per-jurisdiction completion plus content adequacy plus delivery method plus language plus retention. Phase 5 (Documentation and Recordkeeping): document per 29 CFR 1904 Recordkeeping plus 1910.1200(h)(3) Hazard Communication plus topic-specific recordkeeping plus state-plan recordkeeping; record retention 5 years per OSHA plus state-plan-specific; willful violations exceed USD 156,259 per instance plus serious violations USD 15,625 per instance plus criminal penalties up to 6 months imprisonment for willful violations causing death.

EU cybersecurity plus due diligence plus sustainability training is operationally complex because NIS2 Directive 2022/2555 (transposition deadline 17 October 2024) Article 21 cybersecurity risk-management measures plus Article 23 incident reporting plus Article 32 enforcement plus EU CSDDD Corporate Sustainability Due Diligence Directive 2024/1760 from 2027 plus EU CSRD Corporate Sustainability Reporting Directive 2022/2464 plus European Sustainability Reporting Standards (ESRS) S1-13 Training and skills development plus EFRAG Implementation Guidance create overlapping training plus disclosure obligations. The Agent operationalises in five integrated phases. Phase 1 (NIS2 Cybersecurity Training): train management body members plus all employees per NIS2 Article 21(2)(g) basic cyber hygiene practices plus cybersecurity training including phishing simulation plus social engineering plus password hygiene plus device security plus incident reporting plus EU Cyber Resilience Act 2024 plus ENISA Threat Landscape; integrate with KnowBe4 Security Awareness plus PhishER plus PhishRIP plus Cornerstone Compliance plus Skillsoft Percipio. Phase 2 (Essential Entity vs Important Entity): tailor training to entity classification including essential entities (energy plus transport plus banking plus financial market infrastructure plus health plus drinking water plus waste water plus digital infrastructure plus ICT service management plus public administration plus space) with stricter training requirements plus important entities (postal plus waste management plus chemicals plus food plus manufacturing plus digital providers plus research) with proportionate training; civil penalties up to EUR 10M or 2 percent global turnover for essential plus EUR 7M or 1.4 percent for important. Phase 3 (CSDDD Due Diligence Training): train procurement plus M&A plus operations on EU CSDDD due diligence including human-rights plus environmental impact identification plus prevention plus mitigation plus accountability; phased rollout 2027 (5,000-plus employees) plus 2028 (3,000-plus) plus 2029 (1,000-plus); integrate with NAVEX EthicsPoint Training plus OneTrust ESG plus GAN Integrity Training. Phase 4 (CSRD ESRS S1-13 Disclosure): generate annual disclosure per ESRS S1-13 Training and skills development including average hours of training per employee plus percentage of employees participating in training plus performance reviews plus skills development; integrate with EFRAG Implementation Guidance plus IFRS IAS 19 training cost recognition plus AICPA SOC 2 Common Criteria CC1.5 attestation. Phase 5 (Cross-Framework Coordination): coordinate NIS2 plus CSDDD plus CSRD plus EU AI Act Article 4 plus EU Whistleblower Directive plus GDPR Article 39 training to avoid learner fatigue plus optimise delivery plus retention; integrate with Workday Learning plus SAP SuccessFactors Learning plus Cornerstone OnDemand.

The mandatory-training landscape spans the HCM-embedded learning layer plus the dedicated LMS layer plus the compliance-content-library layer plus the security-awareness layer plus the immersive-VR layer - and the Agent operates as the integration point across all five with regulatory-mandate gating. HCM-embedded learning: Workday Learning plus Workday Skills Cloud plus Workday HCM provides cloud-native learning embedded in Workday HCM with role-based assignment plus completion tracking plus skills-based development; SAP SuccessFactors Learning plus SAP Learning Hub plus SAP S/4HANA HCM provides enterprise learning with 80-plus country localisation tightly integrated with SAP HCM; Oracle Learning Cloud plus Oracle HCM Cloud plus Oracle Talent Management Cloud provides enterprise learning integrated with Oracle Fusion Cloud HCM. Dedicated LMS: Cornerstone OnDemand plus Cornerstone Compliance plus Cornerstone Learning plus Cornerstone Skills Graph plus SumTotal cover compliance training library plus mobile learning plus virtual classroom plus assessments plus certifications plus regulatory reporting; Litmos LMS plus Docebo plus Absorb plus TalentLMS plus iSpring Learn plus 360Learning plus Bridge LMS cover mid-market plus enterprise cloud LMS with mandatory compliance delivery plus role-based assignment plus completion tracking. Compliance-content-library: Skillsoft Percipio plus Skillsoft Compliance plus NAVEX EthicsPoint Training plus NAVEX RiskRate plus GAN Integrity Training plus Convercent (Mitratech) Training plus EVERFI Workplace Training plus Veritas Compliance Training cover EEOC anti-harassment plus state-specific harassment plus FCPA plus UK Bribery Act 2010 plus AML plus GDPR plus EU AI Act plus NIS2 plus Modern Slavery plus DOJ Compliance Program Evaluation effectiveness measurement. Security-awareness: KnowBe4 Security Awareness plus KnowBe4 Compliance Plus plus KnowBe4 KMSAT plus PhishER plus PhishRIP cover NIS2 cybersecurity training plus phishing simulation plus social engineering plus GDPR plus US privacy plus HIPAA plus PCI-DSS plus FERPA plus FFIEC training. Immersive-VR: Mursion VR Training plus EVERFI Workplace Training cover immersive interactive harassment training plus de-escalation plus diversity plus inclusion plus bystander intervention plus customer service. Large-scale-curated: Coursera for Business plus LinkedIn Learning Hub plus Pluralsight plus MindTickle plus Saba Cloud cover leadership plus technology plus data science plus AI literacy plus cybersecurity plus compliance training. The Agent operates as the upstream regulatory-mandate plus role-based-curriculum plus completion-tracking plus Faragher-Ellerth affirmative-defense plus access-suspension layer feeding the downstream HR plus compliance plus risk plus audit workflow, or the orchestration layer running parallel deployments where different business units use different LMS systems post-acquisition.