30 days to modern
tech law.
One short lesson per day for 30 days. The free orientation to SaaS contracts, AI governance, GDPR, and the modern tech-law practice. The runway before you commit to a full certification.
One lesson per day. Thirty foundational topics.
Why tech law is the practice now
What changed and why every contracts attorney is being pulled into AI questions.
The modern SaaS contract stack
MSA, Order Form, DPA, AI Addendum, Sub-processor list: and how they fit together.
What procurement actually scores
The new enterprise procurement checklist and how it shapes deal terms.
Reading an MSA like a tech-law attorney
Where to look first, what to skip, and the three clauses that matter most.
The AI Use Policy
What a defensible AI policy looks like: scope, approval workflow, sign-off.
ISO/IEC 42001 and NIST AI RMF
The frameworks procurement is mapping to. What you need to know to speak the language.
Colorado AI Act in plain English
What changed, who's affected, and what your contracts need to say about it.
EU AI Act spillover
Why a US-only vendor still cares about EU obligations, and how it shows up in DPAs.
GDPR Article 28 essentials
Sub-processor obligations, the operational backbone of the modern DPA.
Anatomy of a real DPA
We walk through a redacted DPA clause-by-clause and call out the gotchas.
Cross-border transfers after Schrems II
SCCs, the UK addendum, and the transfer impact assessment discipline.
CCPA, CPRA, and the US state map
California, Virginia, Colorado, Connecticut, Utah, Texas, and what to do about it.
BAAs and healthcare data
Where HIPAA layers on top of GDPR and how to draft a covered-entity BAA.
IP ownership in SaaS contracts
License scope, derivative works, and the training-data clauses that just appeared.
Halftime · the practice shape
What the modern tech-law practice actually looks like across firms and in-house.
Indemnification basics
Mutual vs. unilateral, IP indemnity, and what 'indemnify, defend, and hold harmless' actually means.
AI-specific indemnities
The new carve-outs and super-caps for AI-output and training-data risk.
Limitation of liability architecture
LoL caps, super-caps, exclusions: the full anatomy of a defensible LoL.
The procurement risk score
What an enterprise buyer's risk scoring actually looks like in 2026.
Negotiating the AI-policy checkbox
How to answer the procurement question without giving up the deal.
Reading a security questionnaire
The 50-question security RFP and how to answer it credibly without overpromising.
Vendor risk reviews
How to evaluate AI vendors as a buyer and how to be evaluated as a seller.
Sub-processor list discipline
Running a real sub-processor list and what regulators actually look for.
Breach response basics
72-hour notification, regulator engagement, and the IR playbook every team needs.
Building a tech-law practice
Niche selection, positioning, and the first 12 months of a tech-law book of business.
Career paths in modern tech law
Big-firm, boutique, in-house, fractional GC: what each looks like in practice.
Negotiating with procurement
How procurement teams think and how to land deals on terms that hold.
Enterprise readiness package
The contract package an enterprise buyer expects, and how to assemble it.
What good looks like
End-to-end: a clean modern SaaS contract package and what's inside it.
What's next
Where to go from here: CSLA, the Navigating Privacy primer, or the corporate training program.
Free. Email-delivered.
One lesson hits your inbox each morning for 30 days. Designed to read in under 10 minutes. No upsells inside the lessons themselves.
- 30 daily lessons · email-delivered
- Foundational coverage of SaaS, AI, privacy
- Practical, plain-English explainers
- Curated reading list per lesson
- Optional Slack community for cohort
- Direct path to CSLA at completion
Already know the basics?
Skip the orientation. Go straight to CSLA: or look at how the corporate training program scales the curriculum for in-house teams.