Compliance Training That Changes Behaviour
Interactive scenarios where your people make real decisions — as HR directors, compliance analysts, CTOs, and team leads. Not slide decks. Not quizzes. Decisions with consequences.
Browse CoursesHow It Works
Try a free demo
Every course has a free playable scenario. Experience the quality before you buy.
Buy and download
Choose your licence tier, check out online, and download SCORM packages instantly.
Deploy to your LMS
Upload to Moodle, TalentLMS, Cornerstone, or any SCORM-compatible LMS. Your team can start today.
Our Courses
Interactive scenario-based training for compliance and decision-making
Every course is reviewed and signed off by qualified counsel in its jurisdiction — UK employment, EU data protection, US labour, AU corporate, NZ workplace safety, and Ecuadorian labour law. Statutes, citations, and decision logic verified against primary legal sources before ship.
Anti-Bribery & Corruption: AU Criminal Code Div 70
Post-Sept-2024 facilitation defence abolition
The Australian variant of Meridian Engineering's bribery saga. Adjudicated under the Criminal Code Act 1995 (Cth) Division 70 — including the s.70.5A 'failure to prevent foreign bribery' offence in force from 8 September 2024. The facilitation-payment defence is gone. Every payment is in scope.
- › Four scenarios under the post-September-2024 regime — AFL Grand Final hospitality, port-stuck shipment with the facilitation defence gone, PID Act whistleblower, 15% middleman with Ministry connection
- › Covers Division 141 + Division 70 + new s.70.5A 'failure to prevent foreign bribery' offence
- › AFP / NACC compulsory powers response
- › UK Bribery Act and US FCPA variants also available
Anti-Bribery & Corruption: UK Bribery Act 2010
Hospitality. Grease. Tender. Middleman.
Four cinematic scenarios inside Meridian Engineering — a mid-size UK company expanding internationally. You play Alexa Reeves, Compliance Manager. Each module is three branching decisions grounded in the Bribery Act 2010 and the MoJ's six adequate-procedures principles. Drawn from real SFO enforcement cases.
- › Four scenarios drawn from real SFO enforcement cases — Wimbledon hospitality, a port-stuck shipment with a $2,000 customs ask, a procurement whistleblower, a 15% middleman commission
- › Covers Bribery Act s.1 / s.2 / s.6 / s.7 + the MoJ adequate-procedures defence
- › US FCPA and Australian variants also available — same scenario depth, different statute
- › 75% mastery threshold for compliance certificate
Anti-Bribery & Corruption: US FCPA
Same scenario. FCPA layer.
The US FCPA variant of Meridian Engineering's bribery saga. Same four scenarios — corporate hospitality, facilitation payment, supplier gifts, third-party intermediary — adjudicated under the Foreign Corrupt Practices Act 1977, the DOJ/SEC FCPA Resource Guide, and the DOJ Evaluation of Corporate Compliance Programs (2024).
- › Four scenarios drawn from real DOJ and SEC FCPA enforcement — Masters Tournament hospitality, port-stuck shipment, Dodd-Frank whistleblower, 15% middleman commission
- › Covers 15 USC §§78dd-1, 78dd-2, 78dd-3 + DOJ Evaluation of Corporate Compliance Programs (2024)
- › Includes a DOJ grand-jury subpoena response simulation
- › UK Bribery Act and Australian variants also available
Anti-Bribery for Sales: NSW s.249B + AS ISO 37001
Hospitality. Tender.
The Australian variant of the Sales role-cut. You play Cooper Banks, Senior Account Director at Meridian Australia. Two branching scenarios: a Sydney CBD customer dinner three days before an AUD $4.2M renewal, and an AUD $2.8M tender where the procurement lead has hinted at a 'gesture'. Decisions grounded in the NSW Crimes Act s.249B (Corrupt Commissions and Rewards), state-by-state commercial bribery equivalents, and AS ISO 37001.
- › Two scenarios written for the salesperson's POV, AU-localised cast and currency
- › State of Origin tickets, NRL Grand Final hospitality, AFP / NSW DPP referral risk
- › Flags that AU has no statutory failure-to-prevent offence for private-sector commercial bribery
- › UK Bribery Act and US FCPA variants also available
Anti-Bribery for Sales: UK Bribery Act 2010
Hospitality. Tender.
A 25-minute role-cut for sales teams. You play Sam Holt, Senior Account Director at Meridian Engineering. Two branching scenarios: a customer dinner three days before a £4.2M renewal and a £2.8M tender where the procurement lead has hinted at a 'gesture'. Decisions grounded in the UK Bribery Act 2010 s.1, s.2, and s.6.
- › Two scenarios written for the salesperson's POV, not the compliance officer's
- › Pre-clear hospitality spend in two clicks before the dinner, not justify it after
- › Push back on internal pressure to send a procurement gift without losing credibility with the bid team
- › US FCPA and Australian variants also available
Anti-Bribery for Sales: US Travel Act + FCPA
Hospitality. Tender.
The US variant of the Sales role-cut. You play Mike Reilly, Senior Account Director at Meridian Industrial. Two branching scenarios: a Manhattan customer dinner three days before a $4.2M renewal, and a $2.8M tender where the procurement lead has hinted at a 'gesture'. Decisions grounded in the Travel Act (18 USC §1952), the FCPA (15 USC §78dd-1), and state commercial bribery laws.
- › Two scenarios written for the salesperson's POV, US-localised cast and currency
- › Travel Act and state commercial bribery exposure on a domestic procurement deal
- › Gift register entries that read cleanly to the customer if leaked
- › UK Bribery Act and Australian variants also available
Australia Modern Slavery Act 2018 (Cth)
Tier 2 to the ABF Register — five scenarios
The Australian variant of the Tier-2 supply-chain saga. Five scenarios across 18 months under the Modern Slavery Act 2018 (Cth), state procurement obligations, and emerging international frameworks. From a journalist's call to an integrated cross-framework due-diligence system that survives the post-McMillan Review reforms.
- › Five scenarios across 18 months — Tier-2 crisis, ABF Register statement, remediation, audit, upstream
- › Covers all seven mandatory criteria of MSA s.16 + post-McMillan Review reforms
- › ILO Employer Pays Principle remediation framework built in
- › UK and Canada variants also available
Awaab's Law for Social Landlords
The Call
Friday 21:47. Megan Doyle calls the out-of-hours line. Her four-year-old son Caleb has asthma. The GP has already written. You are the new Damp & Mould Response Officer at Calder Reach Housing — a 22,000-home Greater Manchester housing association — and the §10A statutory clock starts tonight. Take one Cat 1 case end-to-end through hazard classification, written communication, remediation, and a regulator-reviewable outcome. Three decisions, three activities, three possible endings under the Social Housing Regulation Act 2023.
- › 14 working days / 7 working days / 42 working days — the three §10A statutory windows trained end-to-end on one live case
- › HHSRS Hazard Classifier with asymmetric scoring — under-classifying a Cat 1 hazard costs more than over-classifying a Defect, because the regulator-relevant failure mode is tenant safety not budget
- › Cold-open cinematic, voiced narration, six voicemail clips, six on-site finding photographs, four character portraits — full ops-center production
- › Built for Damp & Mould Response Officers, ALMOs, local authority housing departments, and housing officer CPD
- › Reviewed and signed off by qualified UK housing counsel
California Pay Transparency (SB 1162)
Aisha invoked SB 1162. The CRD opened a review.
Aisha invoked SB 1162. The Civil Rights Department opened a review. Your pay bands are 18 months stale and you have one day. A single-scenario California compliance course covering SB 1162 (pay scale on request, posting ranges, pay data report), the California Equal Pay Act, and the salary-history ban.
- › Natalie Ward, VP of People at Ridgeline Financial — one day to respond to a CRD review
- › Covers SB 1162, Equal Pay Act, Pay Data Report, and salary-history ban (Labor Code 432.3)
- › Sold standalone or as a 5-pack with WA, CO, IL, NY
- › Includes the criteria-classifier and policy-redline activities
California Transparency in Supply Chains Act (SB 657)
SB 657 + AB 1817 — Garment Worker Protection
The California variant of the Tier-2 supply-chain saga. Five scenarios across 18 months under the California Transparency in Supply Chains Act (SB 657 / Civ. Code §1714.43), the Garment Worker Protection Act (AB 1817), the UK MSA, and the EU CSDDD. From a journalist's call to a multi-framework due-diligence system the California Attorney General can read in one sitting.
- › Five scenarios across 18 months — Tier-2 crisis, public disclosure, remediation, audit, upstream
- › Covers all five SB 657 disclosures + AB 1817 garment-worker joint liability
- › California AG injunctive-relief exposure and CCPA cross-cuts addressed
- › UK, AU, and Canada variants also available
Canada Forced Labour Act (Bill S-211)
S-211 + Customs Tariff §136(1) import ban
The Canadian variant of the Tier-2 supply-chain saga. Five scenarios across 18 months under Canada Bill S-211 (Fighting Against Forced Labour and Child Labour in Supply Chains Act), Customs Tariff §136(1) import prohibitions, the UK MSA, and the EU CSDDD. From a journalist's call to an integrated due-diligence system that protects against $250K fines and CBSA shipment detention.
- › Five scenarios across 18 months — Tier-2 crisis, S-211 report, remediation, audit, upstream
- › All seven items of S-211 §11(3) plus director personal liability
- › Customs Tariff §136(1) import-prohibition risk and CBSA detention scenarios
- › UK, AU, and California variants also available
CCPA / CPRA: California Privacy in Practice
One DSAR. One pixel. One audit memo.
Three protagonists inside Cresta & Co., a California wellness brand: Priya the Privacy Operations Lead, Marcus the VP Digital Marketing, and Sarah the Director of Privacy Program. Each module is a different California privacy crisis — a stacked DSAR, an AdTech sharing scandal, an annual cybersecurity audit with a hidden breach — and the cure period is gone. Decisions cite CCPA / CPRA statute and CPPA regulations verbatim.
- › Three protagonists, one shared world: Priya runs the privacy intake, Marcus owns the AdTech budget, Sarah signs the audit memo. Decisions in M1 carry forward to M2 and M3
- › Drawn from the Honda Motor decision (March 2025) plus CPPA's first enforcement priorities: stacked DSARs, pixel sharing without consent, breach disclosure under § 1798.150
- › Composer activities scored against the Honda admissibility test — clean, technically defective, or concealment-grade
- › Conditional CPPA hot-seat in Module 3 only fires for concealment-grade audit memos
CER Directive: A Five-Day Investigation
Critical Entities Resilience
Five connected scenarios across the EU Critical Entities Resilience Directive. You play Sara Lindgren, the new Resilience Officer at a designated water utility, with the Article 12 nine-month clock running. From the first SCADA anomaly through a contractor vetting decision, a Tuesday-morning cyber-physical incident, and a regulator-led audit. Decisions chain: every choice in M1 to M4 lands on the table in front of the auditor in M5.
- › Five chained scenarios end-to-end — every M1 to M4 decision is read back in the M5 audit hot-seat
- › Three deterministic endings driven by carry-forward state, not score thresholds
- › Cyber-physical pattern recognition: SCADA anomalies, dual-pump cascade, vendor-vetting under deadline
- › Regulator-facing audit composer: ground selection, ruling drafting, posture decision
Colorado AI Act (SB 24-205)
Building the affirmative defense
Three decision-based scenarios that put you in the chair of Caldera Mountain Mutual leaders navigating Colorado SB 24-205 — the first comprehensive U.S. state law on AI in consequential decisions. Hire a commercial underwriter your AI tool just rejected, defend a school principal's mortgage refinance against the Colorado AG, and surface a 2.3× rural-vs-urban adverse-impact ratio in your auto-insurance pricing tool. Each module is calibrated to the four affirmative-defense elements at C.R.S. § 6-1-1706(3).
- › Three Caldera Mountain Mutual leaders facing a Colorado AG inquiry — hire, decline, audit
- › Effective 30 June 2026 — train before the 90-day discovery clock starts
- › Builds the four-element § 6-1-1706(3) affirmative defense: NIST AI RMF + ISO/IEC 42001 alignment + discovery-and-cure
- › Civil penalty up to $20,000 per violation under the Colorado Consumer Protection Act
Colorado Equal Pay for Equal Work (SB 23-105)
A CDLE notice. A senior role filled internally.
A CDLE notice cites missing posting ranges. A senior role was filled internally without notifying other employees of the opportunity — the unique Colorado promotional-opportunity rule no other state has. A single-scenario Colorado compliance course covering SB 23-105, the Equal Pay for Equal Work Act, and the salary-history ban.
- › Marcus Vega, VP of People at Summit Mountain Co-op — ten business days to respond to CDLE
- › Covers SB 23-105 postings + the unique CO promotional-opportunity notice (C.R.S. 8-5-203)
- › Sold standalone or as a 5-pack with CA, WA, IL, NY
- › Includes the criteria-classifier and policy-redline activities
Cyber Resilience Act UE (Español)
Cumplimiento práctico para fabricantes IoT
Localización al español del curso CRA — cuatro escenarios tipo centro de operaciones sobre la notificación de 24 horas a ENISA, secure-by-default, documentación técnica (Anexo VII), diligencia debida en la cadena de suministro e inspecciones de vigilancia de mercado.
- › Localización completa al español del curso CRA en inglés
- › TTS, interfaz y casos de uso en español
- › También disponible en inglés, alemán y francés
Cyber Resilience Act UE (Français)
Conformité pratique pour fabricants IoT
Localisation française du cours CRA — quatre scénarios de centre opérationnel sur la notification ENISA à 24 heures, le secure-by-default, la documentation technique (Annexe VII), la diligence raisonnable sur la chaîne d'approvisionnement et les inspections de surveillance du marché.
- › Localisation complète en français du cours CRA en anglais
- › TTS, interface et cas d'usage en français
- › Également disponible en anglais, allemand et espagnol
Directiva UE de protección de denunciantes (Español)
La audiencia del BfJ
Localización al español del curso EU Whistleblower — cinco módulos de una investigación transfronteriza bajo la Directiva 2019/1937 y la HinSchG. En el día 186, la BfJ formula seis preguntas, y tus decisiones desembocan en uno de seis veredictos posibles.
- › Actividades: Compositor de entrevista de 3 preguntas, tablero de pruebas con animación de chinchetas, rúbrica de carta de devolución, calibración por slider, hot-seat ante la BfJ
- › 6 finales deterministas — Win / Pyrrhic / Cost / Departure / Silence / Aftermath
- › Multi-POV en 5 módulos: responsable directa → denunciante → investigador → consejo
- › También disponible en inglés, alemán y francés
Directive UE sur les lanceurs d'alerte (Français)
L'audition du BfJ
Localisation française du cours EU Whistleblower — cinq modules d'une enquête transfrontalière sous la Directive 2019/1937 et la HinSchG. Au jour 186, la BfJ pose six questions, et vos décisions débouchent sur l'un des six verdicts possibles.
- › Activités : compositeur d'entretien à 3 questions, tableau de preuves avec animation d'épingles, rubrique de lettre de retour, calibration par curseur, hot-seat devant la BfJ
- › 6 fins déterministes — Win / Pyrrhic / Cost / Departure / Silence / Aftermath
- › Multi-POV sur 5 modules : manager direct → lanceuse d'alerte → enquêteur → conseil
- › Également disponible en anglais, allemand et espagnol
DORA — IT-Resilienz (Deutsch)
Der Ausfall, das Register, die Prüfung
Fünf entscheidungsbasierte Szenarien über den vollständigen DORA-Lebenszyklus — vom Tier-1-Ausfall mit 4-Stunden-Frühwarnfenster über das Informationsregister und das bedrohungsorientierte Penetrationstesten (TLPT) bis zur BaFin-Prüfung. Spielen Sie CISO, Head of Risk, CTO und CEO. Jedes Modul testet die schwierigen Urteile, die DORA tatsächlich verlangt.
- › Fünf Szenarien über den DORA-Lebenszyklus — vom Tier-1-Ausfall bis zur BaFin-Prüfung
- › Bereits seit Januar 2025 in Kraft — die 4-Stunden-IKT-Meldefrist läuft
- › Persönliche Haftung des Leitungsorgans nach Artikel 5
- › Auch auf Englisch verfügbar
DORA ICT Resilience
Month-End
Five scenarios covering the full DORA lifecycle — from a month-end outage to an ESA examination. Incident classification, vendor dependencies, red team exercises, exit strategies, and a CEO who must prove resilience to a regulator with the register on the table.
- › Five different chairs across the DORA lifecycle — CISO, Head of Risk, CTO, CEO, and the regulator's examiner
- › In force since January 2025 — the four-hour ICT notification clock is already running
- › Live system-status board degrades in real time while you decide
- › German translation in progress — register interest below
Employment Rights Act 2025: Manager Essentials
Three difficulty modes. One SCORM package.
Five noir scenarios across the Employment Rights Act 2025 — SSP from day one, paternity as a day-one right, fire-and-rehire restrictions, the 9-month initial period, and flexible working as a day-one entitlement. Switch between Guided, Base, and Expert difficulty modes per module — same scenario, three rigour levels — so you deploy ONE SCORM package to junior managers, senior HR directors, and refresher cohorts and each cohort gets the right depth.
- › Three difficulty modes — Guided, Base, Expert — selectable per module. One package, three audiences.
- › Practice the new statutory clocks: SSP from day one, paternity notice timing, fire-and-rehire risk, flexible-working consultation
- › Day-one rights: paternity (s.15), flexible working (s.12), unfair dismissal protection (s.103A)
- › Includes the collective-consultation thresholds + Form HR1 notification triggers
EU AI Act Compliance (English)
Shortlisted
Five interactive scenarios covering Articles 4-50 of the EU AI Act. Your people make decisions as HR directors, marketing leads, risk officers, CX directors, and CTOs — across the shortlist algorithm, the AI-disclosure deadline, the credit-line redline, the customer chatbot complaint, and the August 2026 audit.
- › Five real-world scenarios — HR's hiring algorithm, marketing's chatbot, risk's credit decision, CX's complaint, IT's August audit
- › Every choice cites a specific Article — 4, 6, 14, 26, 50
- › Regulatory deadline: 2 August 2026 — train before enforcement begins
- › Available in English, German, French, and Spanish — same scenarios, fully localised
EU AI Act for Managers
Two Decisions Every Line Manager Faces
A 25-minute role-cut for line managers who deploy AI tools day-to-day. Two decision-based scenarios: the recruiting manager whose shortlist tool just rejected a candidate by proxy, and the marketing manager whose chatbot misquoted fees on the record. No legal lecture, just the two moments where the manager's call matters.
- › Two scenarios designed for line managers, not compliance officers
- › Article 14 human oversight when the shortlist tool screens by proxy
- › Article 50 transparency when the chatbot misquoted fees to a journalist
- › Covers Article 26 deployer obligations under live commercial pressure
EU AI Act for Managers (Deutsch)
Zwei Entscheidungen für jede Führungskraft
Deutsche Lokalisierung der EU-KI-Verordnung Manager-Variante — zwei entscheidungsbasierte Szenarien für Führungskräfte, die KI-Tools im Alltag einsetzen. Die Recruiterin, deren Shortlist-Tool durch Proxy diskriminiert, und die Marketingleitung, deren Chatbot Preise falsch zitiert.
- › Deutsche Lokalisierung der Manager-Variante
- › Artikel 14 menschliche Aufsicht und Artikel 50 Transparenzpflichten
- › Geplant für Q3 2026
EU AI Act for Managers (Español)
Dos decisiones para cada mánager
Localización al español de la variante para mánagers de la Ley de IA de la UE — dos escenarios de decisión para responsables de equipo que usan herramientas de IA en su día a día. La responsable de selección cuya herramienta filtra por proxy, y la responsable de marketing cuyo chatbot citó precios erróneos.
- › Localización al español de la variante para mánagers
- › Artículo 14 supervisión humana y Artículo 50 obligaciones de transparencia
- › Previsto para Q3 2026
EU AI Act for Managers (Français)
Deux décisions pour chaque manager
Localisation française de la variante manager du Règlement IA de l'UE — deux scénarios décisionnels pour les managers qui utilisent des outils d'IA au quotidien. La responsable du recrutement dont l'outil de présélection filtre par proxy, et la responsable marketing dont le chatbot a cité des tarifs erronés.
- › Localisation française de la variante manager
- › Article 14 supervision humaine et Article 50 obligations de transparence
- › Prévu pour Q3 2026
EU Cyber Resilience Act
Zero Day
A critical vulnerability in your connected product is being actively exploited. You have 24 hours to notify ENISA, 72 hours to notify users, and your DevOps lead is pushing to patch silently. Navigate the CRA's mandatory reporting obligations before the deadline hits.
- › Race the 24-hour ENISA notification clock with an actively-exploited vulnerability
- › Conformity assessment and CE marking decisions
- › Supply chain vulnerability disclosure
- › Demo playable now — no login required
EU Pay Transparency
22%
Five scenarios spanning 18 months — from a candidate's salary question to a tribunal where the burden of proof is reversed. Build the methodology, produce the report, negotiate with the Works Council, and defend it all in court.
- › Five roles across eighteen months — HR Director, Total Rewards, People Analytics, CEO, and General Counsel each face a different test
- › From a candidate's salary question to a tribunal where the burden of proof is reversed
- › Transposition deadline: 7 June 2026 — only 9% of EU employers have a strategy
- › Includes the joint pay assessment template (the 5% gap that triggers it)
EU Whistleblower Protection (English)
The Regulator's Verdict
Every module is a flashback narrated FROM the BfJ hearing room. Five modules of cross-border investigation under the EU Whistleblower Directive 2019/1937 + German HinSchG + French Loi Sapin II — and on Day 186, the regulator asks six questions. Your decisions across the report, the manager response, the reporter's POV, the investigation, and the boardroom route to one of six verdicts: Win, Pyrrhic, Cost, Departure, Silence, or Aftermath. The ending is the regulator's read on you.
- › Six different verdicts — Win, Pyrrhic, Cost, Departure, Silence, or Aftermath — depending on the choices you actually made
- › Play four roles in turn — line manager, the reporter herself, investigator, board
- › Covers EU Directive 2019/1937 + German HinSchG + French Loi Sapin II cross-border
- › Also available in German
EU-Cyberresilienzgesetz (Deutsch)
Praktische Compliance für IoT-Hersteller
Deutsche Lokalisierung der CRA-Schulung — vier Ops-Center-Szenarien zu 24-Stunden-ENISA-Meldepflicht, secure-by-default, technischer Dokumentation (Anhang VII), Lieferketten-Sorgfaltspflicht und Marktüberwachungs-Inspektionen.
- › Vollständige deutsche Lokalisierung der CRA-Englisch-Version
- › TTS, UI und Fallbeispiele auf Deutsch
- › Geplant für Q3 2026
EU-Hinweisgeberschutz (Deutsch)
Das Urteil der BfJ
Deutsche Lokalisierung des EU-Hinweisgeberschutz-Kurses — fünf Module einer grenzüberschreitenden Untersuchung unter der Hinweisgeberschutz-Richtlinie 2019/1937 und HinSchG. Am Tag 186 stellt die BfJ sechs Fragen, und Ihre Entscheidungen führen zu einem von sechs Urteilen.
- › Übungen: 3-Fragen-Interview-Composer, Beweistafel mit Pin-Animation, Feedback-Brief-Rubrik, Slider-Zonenkalibrierung, BfJ-Hot-Seat
- › 6 deterministische Endings — Win / Pyrrhic / Cost / Departure / Silence / Aftermath
- › Multi-POV über 5 Module: Linienmanager → Hinweisgeberin → Ermittler → Vorstand
- › Auch auf Englisch verfügbar
EU-KI-Verordnung — Compliance (Deutsch)
Die Auswahlliste
Fünf interaktive Szenarien zur EU-KI-Verordnung, vollständig auf Deutsch — vom Recruiting-Algorithmus bis zum 1.-August-2026-Audit. Ihre Mitarbeitenden treffen Entscheidungen als HR-Leitung, Marketing-Verantwortliche, Risikomanager:innen und CTOs.
- › Fünf reale Szenarien — Recruiting-Algorithmus, Marketing-Chatbot, Kreditentscheidung, Kundenbeschwerde, August-Audit
- › Jede Entscheidung zitiert einen konkreten Artikel — 4, 6, 14, 26, 50
- › Regulatorischer Stichtag: 2. August 2026
- › Vollständig auf Deutsch — Stimmen, Bildschirme und Beispiele lokalisiert, nicht nur Untertitel
Failure to Prevent Fraud (ECCTA)
Standard Reconciliation
A routine reconciliation flags a rounding error. By Friday, you'll discover it's a £180k fraud — and a junior employee was manipulated into enabling it. Navigate the ECCTA 2023 Failure to Prevent Fraud offence and the reasonable procedures defence.
- › A routine reconciliation hides a £180k fraud — investigate the email trail, sequence the priorities, build the reasonable-procedures defence
- › In force September 2025 — no revenue threshold
- › Reasonable procedures defence framework
- › Third-party facilitation liability
FCA Non-Financial Misconduct
The Reference — 3 endings
Priya filed a harassment complaint six months ago — and then withdrew it. Now a reference request arrives for the senior trader she named. You must decide what goes in the reference: protect the firm, the regulator, or the truth. Three different futures — Reconstruction, Letter, or Compromise — depending on which you prioritise.
- › Watch a video testimony, replay the same scene from two perspectives, then defend yourself in the FCA hot seat
- › Three different endings — Reconstruction, Letter, or Compromise — depending on whether you protect the firm, the regulator, or the truth
- › FCA PS25/5 in force May 2025 — duty to disclose in regulatory references
- › Fitness and propriety assessments
GDPR — A Year in the Chair (EU)
Six crises, twelve months, one DPO
Not a policy-read. A year in the chair of a real DPO. Six escalating crises over twelve months — a SAR on Article 9 health data, a 16:10 Friday breach with a 72-hour clock, a pre-launch DPIA, a Schrems-II transfer decision, a cookie-banner consent trap, and an Irish DPC examination where every prior decision becomes evidence.
- › A year in the chair of a real DPO — six escalating crises across twelve months
- › Eighteen voiced characters and four visual styles — the most cinematic compliance training your team has seen
- › Includes the methodology the Irish DPC actually uses to calculate your fine
- › For DPOs, Heads of Compliance, and CISOs at 250-2,500 employee firms
GDPR / UK Data Protection — A Year in the Chair
ICO edition
The UK variant of A Year in the Chair — same six escalating crises, but adjudicated under the UK GDPR, DPA 2018, and the Data (Use and Access) Act 2025. The capstone is an ICO Notice of Intent hearing. Every decision Aisha made over 12 months returns as evidence.
- › A year in the chair of a real DPO — adjudicated under UK GDPR + DPA 2018 + DUAA 2025
- › Eighteen voiced characters and four visual styles — the most cinematic compliance training your team has seen
- › Includes the Article 83(2) methodology the ICO uses to calculate your fine — calibrate yours before they do
- › EU variant also available — same DPO, different jurisdiction
Harassment Complaint Handling: AI Simulation
The Report
AI-powered sandbox training for HR teams. Handle live harassment complaints by typing your own responses — AI evaluates every message against the legal framework you choose. 3 scenarios, 3 jurisdictions, real-time coaching, and team analytics.
- › Your team types real responses — AI evaluates each message against the legal framework you choose
- › Three jurisdictions, three scenarios — handle the same case under UK, US, and EU rules
- › Upload your company grievance procedure — AI calibrates to YOUR policy, not a generic rubric
- › Free demo: one scenario, all three jurisdictions — try it before you buy
Igualdad Salarial 40H
MDT-2025-006 Compliance (Ecuador)
40 hours of mandatory training under Ecuador's MDT-2025-006. Interactive scenarios covering salary equality, harassment prevention, and labour rights. Includes LMS + compliance certificates.
- › 40 horas de capacitación obligatoria — la única forma de cumplir con MDT-2025-006
- › Módulo 4 con pistas separadas para líderes y empleados — mismo incidente, distintas responsabilidades
- › Plazo: 30 de noviembre de 2026
- › Desde $28/empleado/año (incluye LMS) — revisado por abogada laboralista ecuatoriana
Illinois Equal Pay Registration Certificate (HB 3129)
IDOL denied your EPRC renewal. 14-day clock.
IDOL just denied your Equal Pay Registration Certificate renewal. Fourteen postings are missing pay scales under HB 3129 and the 14-day internal-posting clock is ticking. A single-scenario Illinois compliance course covering HB 3129 (820 ILCS 112/10), the Equal Pay Registration Certificate, the Illinois Equal Pay Act, and the salary-history ban.
- › Priya Sharma, VP of People at Lakeshore Diagnostics — ten business days to respond to IDOL
- › Covers HB 3129 postings, the Equal Pay Registration Certificate, and the 14-day internal-posting rule
- › Sold standalone or as a 5-pack with CA, WA, CO, NY
- › Includes the criteria-classifier and policy-redline activities
ISO 27001: The Inheritance
One surveillance audit. One inherited ISMS.
Four interlocking modules following one ISO/IEC 27001:2022 surveillance audit at an Amsterdam-headquartered managed-cloud firm selling into European pharma. You play Iris Hartnell, the new ISMS Manager, eight weeks into a role you inherited from a predecessor who walked out without a handover. Stage 1 + Stage 2 were eighteen months ago. The first surveillance lands in week 8. Your largest customer has a cert-lapse termination clause.
- › Inherit a half-built ISMS and carry it through one full surveillance cycle
- › Inherited-Control Classifier — separate documented controls from operating ones
- › Major-vs-minor nonconformity closure window mechanics
- › Four endings unlocked by combination logic, not score threshold
Martyn's Law (Protect Duty)
The Alert
A suspicious bag appears near the south entrance during a sold-out event. You have 90 seconds. Navigate the Terrorism (Protection of Premises) Act 2025 as a venue security manager — triage, escalate, and protect 2,000 people.
- › A suspicious bag, 90 seconds, 2,000 lives — your team's decisions under live ops pressure
- › Enforcement begins April 2027
- › 3 tracks: all staff, managers, annual refresher
- › 16 modules across 8 visual styles
Maryland Pay Transparency: Wage Range Plus Benefits
MD DOL review. Wage range plus benefits required.
The Maryland Department of Labor opens an Equal Pay Act compliance review. Fourteen postings are missing BOTH the wage range AND the general benefits description required by the amendments (effective 2024-10-01). Civil penalties up to $300 per occurrence plus injunctive relief. The Department refers the matter to the Maryland Commission on Civil Rights, which administers the broader Wage Discrimination Act exposure: full back pay plus liquidated damages, three-year lookback (six years for willful).
- › Madison Chen, VP of People at Chesapeake Logistics (Baltimore) — applies to ALL employers, no minimum size
- › Maryland uses the broader 'comparable work' standard, not federal 'equal work'
- › Wage Discrimination Act: full back pay plus liquidated damages plus attorneys' fees
- › Equal Pay Discussion Protection: employees protected for inquiring about pay practices
Massachusetts Pay Transparency: The Public Wage Register
MA AGO review. Public EEO-1 wage register.
The Massachusetts Attorney General opens a Frances Perkins Workplace Equity Act review (effective 2025-07-31). Fourteen postings are missing pay ranges. Civil penalties: $500 first / $1,000 second / $25,000 third. Plus the annual EEO-1 wage data report is due in 34 days — Massachusetts is the first US state to publish aggregate wage data on a public Pay Equity Register. Whatever pay-band evidence surfaces will appear in the public record.
- › Priya Donovan, VP of People at Beacon Hill Capital (Boston) — first US state to publish wage data publicly
- › Annual EEO-1 wage data report due Feb 1, published on the Massachusetts Pay Equity Register
- › MA Equal Pay Act affirmative defence: privileged self-evaluation in past 3 years can avoid liability
- › Deadline collision: AGO 10-day response + EEO-1 statutory filing deadline
Minnesota Pay Transparency: The State Contract Audit
MN DLI review. Equal Pay Certificate gated.
The Minnesota Department of Labor and Industry opens a posting-violation review. Fourteen postings are missing pay ranges and the unique benefits-and-other-compensation description required under HF 4444 (effective 2025-01-01). Civil penalties up to $5,000 per violation. Worse: the Department referred the matter to MDHR, which audits the company's Equal Pay Certificate of Compliance — required to bid on state contracts above $500,000.
- › Anika Wahlberg, VP of People at Bay Lake Software (Minneapolis) — first Midwest pay-transparency law
- › Unique angle: posting must include benefits and other compensation, not just the wage range
- › Equal Pay Certificate of Compliance audit blocks state contract eligibility
- › MN Whistleblower Act (Statutes 181.932) overlay protects employees who request HF 4444 ranges
Modern Slavery: Supply Chain
The Tier-2 Problem
Your Tier-1 supplier passed the audit. Your Tier-2 didn't. A letter arrives from a migrant worker advocacy group citing passport confiscation and debt bondage at a factory two levels down. Navigate the Modern Slavery Act 2015 and your Section 54 obligations.
- › Your Tier-1 passed the audit. Your Tier-2 didn't. Now what?
- › Spot the warning words in the migrant-worker letter — then decide between remediation and disengagement
- › Covers Section 54 Transparency Statement obligations + Tier-2/3 due diligence
- › Free demo — no login required
New Jersey Pay Transparency: The Internal Promotion Catch
NJDOL review. Internal promotions covered.
An NJDOL Wage and Hour Compliance review opens. Fourteen postings AND thirteen internal promotion notices are missing pay ranges under S-2310 (effective 2025-06-01). Civil penalties up to $300 first violation, $600 each subsequent. Plus Diane B. Allen Equal Pay Act exposure (treble damages, six-year lookback). The unique angle: NJ S-2310 covers internal promotions, not just external postings.
- › Devon Marciano, VP of People at Liberty Park Media (Jersey City) — ten business days to respond
- › Unique angle: S-2310 covers internal promotion notices on the same terms as external postings
- › Diane B. Allen Equal Pay Act treble damages + six-year lookback as the larger exposure
- › Sold standalone or as part of the 10-state pack
New York Pay Transparency (LL 194-b + NYC LL 32)
Joint DOL + NYCCHR review. $250K stacked.
The NYS DOL and NYC Commission on Human Rights jointly opened a review. Fourteen postings are missing salary ranges. State penalties up to $3K, city penalties up to $250K, stacked. A single-scenario New York compliance course covering NY Labor Law 194-b, NYC Local Law 32, the NY Equal Pay Law, and the salary-history ban.
- › Jonah Kessler, VP of People at Hudson Park Media — ten business days to respond to a joint state-city review
- › Covers state-wide pay range postings + NYC enforcement up to $250K per violation
- › Sold standalone or as a 5-pack with CA, WA, CO, IL
- › Includes the criteria-classifier and policy-redline activities
NIS2 Cybersecurity (English)
The Breach
Five scenarios across one ransomware crisis — from the CISO's server room to the board chair's audit. Personal liability, 24-hour deadlines, supply chain compromise, and a regulatory examination where everything you signed is on the table.
- › Three different chairs — your CISO, DPO, and board chair each face the regulator with different liability
- › Already in force — board members are personally liable under Article 20
- › Sanctions up to €10M or 2% of annual turnover
- › Also available in German
NIS2-Compliance (Deutsch)
Der Einbruch, Die Uhr, Die Abrechnung
Drei zusammenhängende Szenarien, die einen Cyberangriff vom ersten Alarm bis zur behördlichen Prüfung begleiten. Spielen Sie den CISO während der Erkennung und Reaktion, den DSB im 72-Stunden-Meldefenster und den Board Chair während einer Vor-Ort-Prüfung. Unter der persönlichen Haftung nach NIS2 ist Vorbereitung die einzige Verteidigung.
- › Drei Rollen vor der Aufsichtsbehörde — CISO, DSB und Vorstandsvorsitz mit unterschiedlicher Haftung
- › Bereits in Kraft — persönliche Haftung des Leitungsorgans nach Artikel 20
- › Sanktionen bis zu 10 Mio. EUR oder 2 % des Jahresumsatzes
- › Auch auf Englisch verfügbar
NYC Local Law 144 (AEDT)
Screened Out
An HR Business Partner at Meridian Group discovers their AI hiring tool has never been audited — and candidates weren't notified. Navigate NYC Local Law 144, bias audit requirements, and DCWP enforcement across four high-stakes decisions, including a live watch-and-flag of an AEDT interview clip in real time.
- › Watch a real AEDT interview clip and flag the moments where age-bias creeps in
- › Includes the four-fifths rule math the DCWP will check at audit
- › In force since July 2023 — bias audit mandatory for NYC roles
- › Title VII / NYCHRL disparate impact liability covered
OSHA HazCom / GHS Revision 7
The Inspection
OSHA arrives unannounced. Two containers of unlabelled solvent are sitting next to the loading dock, and your SDS library hasn't been updated since GHS Revision 6. Navigate OSHA 29 CFR 1910.1200 and the new Revision 7 requirements before the citation is issued.
- › Follow EHS Manager Jordan Ellis through six months — promoted to Director by Module 5
- › Includes a 15-second timed spill response under live OSHA scrutiny
- › GHS Revision 7 deadline: July 2026
- › Built around real CFR 1910.1200 inspection scenarios
Pay Equity: US Multi-State
CO · CA · NYC
Three states, three different laws, one company trying to get it right. Navigate Colorado posting violations, California pay scale requests, and a 16.6% gap that 'market rate' can't explain. Built for multi-state US employers.
- › Five roles across Colorado, California, and NYC — VP People, Total Rewards, Analytics, CEO, and General Counsel
- › Includes a 14-state clause-builder for your job postings
- › 'Market rate' is not a defence in California — the scenario shows why
- › Class-action signal triage built around real social-media patterns
Psychosocial Safety (Australia)
The Weight
A team lead at a Melbourne architecture firm. One impossible deadline, a bullying disclosure, and a team member heading for burnout. Navigate Australia's WHS Regulations 2011 — and your own judgement — across three critical decisions.
- › Practice three crucial conversations — the bullying disclosure, the burnout signal, the impossible deadline
- › Covers Reg 55A-55D psychosocial hazards
- › Branching story with 3 decisions + 4 activities
- › NZ edition also available
Psychosocial Safety (New Zealand)
Dead Weight
The New Zealand edition of Psychosocial Safety. A team lead at an Auckland firm navigates the Health and Safety at Work Act 2015, WorkSafe NZ guidelines, and a bullying disclosure that tests every assumption about duty of care. Same scenario depth as the Australian original — fully recalibrated to NZ statute and WorkSafe practice.
- › Practice three crucial conversations — the bullying disclosure, the burnout signal, the impossible deadline
- › Maps to WorkSafe NZ Good Practice Guidelines
- › HSW (General Risk and Workplace Management) Regulations 2016
- › Australian edition also available
Reglamento de IA de la UE — Cumplimiento (Español)
La Lista Corta
Cinco escenarios interactivos sobre el Reglamento de IA de la UE, íntegramente en español — desde el algoritmo de preselección hasta la auditoría del 1 de agosto de 2026. Su equipo toma decisiones como responsables de RR. HH., marketing, riesgos y CTOs.
- › Cinco escenarios reales — algoritmo de selección, chatbot de marketing, decisión de crédito, reclamación de cliente, auditoría de agosto
- › Cada decisión cita un Artículo concreto — 4, 6, 14, 26, 50
- › Fecha límite regulatoria: 2 de agosto de 2026
- › Íntegramente en español — voces, pantallas y ejemplos localizados, no solo subtítulos
Règlement IA de l'UE — Conformité (Français)
La Liste Restreinte
Cinq scénarios interactifs sur le Règlement IA de l'UE, entièrement en français — de l'algorithme de présélection à l'audit du 1er août 2026. Vos collaborateurs prennent des décisions en tant que DRH, responsables marketing, risk managers, et CTO.
- › Cinq scénarios réels — algorithme de recrutement, chatbot marketing, décision de crédit, réclamation client, audit d'août
- › Chaque choix cite un Article précis — 4, 6, 14, 26, 50
- › Échéance réglementaire : 2 août 2026
- › Entièrement en français — voix, écrans et exemples localisés, pas juste sous-titrés
Renters' Rights Act 2025
Five seats. One family. Six endings.
A single Sheffield possession case told from five seats at the same table. Play the letting agent, the landlord, the tenant, the council enforcement officer, and the tribunal judge. Your choices in each seat reshape the case the next seat has to adjudicate. Nine months of story. Six possible tribunal endings — Possession Granted, Possession Refused on Retaliation, Rent Repayment Order, Banning Order, Settlement, or Aftermath. One braided narrative across all five modules.
- › Six different tribunal endings — your decisions across all five modules pick which one
- › Play five roles in turn — agent, landlord, tenant, council officer, tribunal judge
- › Five voiced characters and full ambient-audio production — including the moments where you hear what the tenant is really thinking
- › Covers Awaab's Law statutory windows + Rent Repayment Order + Banning Order grounds
- › Built around 14 Beaufort Close — a single Sheffield case across nine months
Section 8 Possession Notices
Eight days after Section 21 died. One landlord, one ground, one notice that has to land.
Friday 8 May 2026. Eight days into the post-RRA regime. A long-standing landlord walks into your branch and wants her Hammersmith flat back so her son can move in. The tenants have paid every month for four years. Section 21 is gone. Pick the right Section 8 ground, draft a Form 6A notice that survives a First-tier Tribunal review, and assemble an evidence bundle that holds up against a housing-aid solicitor. The load-bearing teach is Ground 1 versus Ground 1A — both four-month notice, both same tenancy floor, completely different evidential demands. Mis-citation is the most common Section 8 error in the first weeks of the new regime.
- › The Ground 1 vs Ground 1A trap — same four-month notice, same twelve-month tenancy floor, completely different evidential demands and a £40,000 no-relet criminal restriction on the wrong one
- › Three reused activity mechanics — Section 8 Ground Selector, Form 6A Notice Composer, Tribunal Evidence Bundle — with asymmetric scoring that penalises missing critical service-proof more than wrong-bundle misfiling
- › Five voiced characters and full corporate-thriller production — letting-agency office, the doorway moment, the First-tier Tribunal Property Chamber
- › Built for letting agency chains, property management franchises, build-to-rent operators, and in-house paralegals
- › Reviewed and signed off by qualified UK housing counsel
SOC 2: The Window
Twelve weeks. One audit. One opinion.
Four interlocking modules following one SOC 2 Type II audit at a Series B SaaS. You play Mira Vasquez, a security engineer four months into the SOC 2 lead role, owning the audit end-to-end as a $7.2M enterprise deal hinges on the opinion. Twelve weeks. One disabled CloudWatch alert. One mid-audit breach. One auditor who will not bluff.
- › Four pivots — technical scoping, evidence week, the gap, the readout
- › Inherited-Control Classifier with false-positive penalty for over-declaring 'Real'
- › Mid-audit breach + subsequent-event disclosure under SSAE 18 AT-C 205.61
- › Four endings unlocked by combination logic, not score threshold
SOC 2: The Window (Deutsch)
Zwölf Wochen. Ein Audit. Ein Urteil.
Deutsche Lokalisierung des SOC-2-Type-II-Kurses — vier ineinandergreifende Module rund um einen einzigen Audit-Zyklus. Du spielst Mira Vasquez, vier Monate in der SOC-2-Lead-Rolle, während ein 7,2 Mio. USD-Enterprise-Deal an dem Audit hängt.
- › Deutsche Lokalisierung der englischen SOC-2-Originalversion
- › Vier Module: Scoping, Evidence Week, The Gap, The Opinion
- › Geplant für Q3 2026
SOC 2: The Window (Español)
Doce semanas. Una auditoría. Un dictamen.
Localización al español del curso SOC 2 Tipo II — cuatro módulos entrelazados en torno a un único ciclo de auditoría. Encarnas a Mira Vasquez, cuatro meses en el puesto de SOC 2 Lead, mientras una operación enterprise de 7,2 M USD depende del dictamen.
- › Localización al español del curso SOC 2 original en inglés
- › Cuatro módulos: alcance, evidencia, brecha, dictamen
- › Previsto para Q3 2026
SOC 2: The Window (Français)
Douze semaines. Un audit. Un avis.
Localisation française du cours SOC 2 Type II — quatre modules imbriqués autour d'un seul cycle d'audit. Vous incarnez Mira Vasquez, quatre mois dans le rôle de SOC 2 Lead, alors qu'un deal entreprise de 7,2 M USD dépend de l'avis.
- › Localisation française du cours SOC 2 original en anglais
- › Quatre modules : cadrage, semaine de preuves, l'écart, l'avis
- › Prévu pour Q3 2026
UK Fire Safety: The Brackley Hotel
The Alarm
Three days after a fire at a faded grand seaside hotel, you're across the desk from Watch Manager Davies. The course rewinds to the two hours before the alarm, and asks: which decisions were yours, which were the building's, and which were the cover-up six months earlier? A 45-minute decision-based scenario on the Regulatory Reform (Fire Safety) Order 2005.
- › Friday 21:47, Zone 4 just went red — is this the Tuesday test or a real fire?
- › Article 14 graduated evacuation under live alarm-activation pressure
- › PEEP execution for a known mobility-impaired guest in Room 312
- › Three modules: live alarm, FRA audit, night-shift convergence
UK Safeguarding Children
After the Bell
A Year 9 student stays behind after registration. What she says will test everything you thought you knew about safeguarding. Navigate the correct response under Keeping Children Safe in Education 2025.
- › A 135-decision tree teaches what to say in the hardest five minutes a teacher will ever have
- › 24,000 schools, annual renewal obligation
- › Covers KCSiE 2025 Part 1 — all staff
- › Module 1 playable demo available now
Washington DC Pay Transparency: The Treble Damages Trap
DC OAG review. Treble-damages private right of action.
The DC Office of the Attorney General opens a Wage Transparency Omnibus Amendment Act review (effective 2024-06-30). Fourteen postings are missing the pay range AND the unique healthcare benefits description required by the Act. Civil penalties: $1,000 first / $5,000 second / $20,000 each subsequent. Worse: the Wage Theft Prevention Amendment Act creates a private right of action for any candidate offered comp outside the posted range — treble damages plus attorneys' fees.
- › Theo Reyes, VP of People at Capital Avenue Strategies (Washington DC) — applies to ALL employers
- › Unique angle: posting must include a general description of healthcare benefits
- › Wage Theft Prevention private right of action: treble damages plus attorneys' fees
- › Federal-employee-rich market — DC procurement panels reference compliance status
Washington Equal Pay & Opportunities Act (RCW 49.58)
L&I complaint + a discipline for discussing pay.
A candidate filed an L&I complaint. A current warehouse lead was disciplined for discussing pay. Two RCW 49.58 violations on the same day. A single-scenario Washington compliance course covering the Equal Pay and Opportunities Act (RCW 49.58.110), equal pay (RCW 49.58.020), the salary-history ban, and the anti-retaliation pay-discussion protection.
- › Diana Reyes, VP of People at Cascade Logistics — ten business days to respond to L&I
- › Covers RCW 49.58.110 postings + RCW 49.58.030 pay-discussion protection
- › Sold standalone or as a 5-pack with CA, CO, IL, NY
- › Includes the criteria-classifier and policy-redline activities
Worker Protection Act 2023: Reasonable Steps Defence
Eighteen months. Twenty exhibits. One tribunal.
Six decision-based scenarios across 18 months in the life of a single UK employer, building a reasonable-steps defence file under s.40A of the Equality Act 2010. From a banter line at the Christmas party to tribunal cross-examination, every choice becomes an exhibit. The capstone reads aggregate decisions across all five preceding modules to score the tribunal hearing.
- › Eighteen months in the life of one employer — every decision becomes an exhibit at the tribunal
- › Reads decisions across all 5 modules into the capstone tribunal hearing
- › Covers EHRC 7-step technical guidance + Lidl GB 2025 failure pattern
- › Includes third-party harassment under the ERA 2025 forward horizon
Workplace Violence Prevention
Code Red
A recently terminated employee has returned to the building. Security has him on CCTV. Your Workplace Violence Prevention Plan was written 18 months ago and no one's been trained. Navigate CA SB 553 and the NY Retail Worker Safety Act before this escalates.
- › California SB 553 and NY Retail Worker Safety Act — both in one course
- › Twelve months at Korvus Retail — incident, policy, operations, technology, audit
- › Includes panic-button procedure simulation under live threat conditions
- › Active-threat decision tree built around bystander timing
No courses found. Try a different filter or search term.
Not sure which regulations apply to you?
Answer 3 questions and get a personalised compliance deadline tracker — free, no login.
Need a Course on a Different Topic?
We build custom scenario-based training for any compliance or decision-making challenge.
Talk to Us