Guide · Method

Reg-to-Skills: turning regulation into capability

A new EU regulation lands as a wall of legal text. The people who actually have to comply — a recruiter, an HR manager, a credit analyst, a procurement officer — are left with no clear idea what they, in their role, must now do differently. Reg-to-Skills closes that gap: it turns the law into the role-by-role capability your workforce actually needs.

The gap nobody owns

Compliance teams read the law. The people whose daily work the law actually governs rarely see anything beyond an awareness email and a slide. So the organisation becomes paper-compliant while its real behaviour hasn't changed — which is exactly the gap an auditor, a client's procurement team or a regulator will find first.

Reg-to-Skills treats a regulation not as a legal problem to be filed, but as a blueprint for what your people need to be able to do. Compliance stops being a cost centre and starts being a more capable, more confident, audit-ready workforce.

What it produces

Not a summary of the law. Not a generic course.

A usable instrument — built to be adopted, evidenced and audited, not read once and forgotten.

Matrix

Regulation-to-role map

A clear matrix of which roles the law touches and what each must be able to do to keep the organisation compliant.

Proficiency

Defined target levels

Proficiency tiers per role — pitched at apply or above, never bare awareness — so "competent" means something measurable.

Gap

Training-needs analysis

An honest read of your current workforce against the target — where you already stand, and where the real exposure is.

Roadmap

Role-tiered learning paths

Only job-relevant content, sequenced by priority, with the evidence trail an audit will ask for.

The method

Four moves, seven steps.

At a glance it's four moves — Map → Co-design → Upskill → Sustain. Underneath sit seven concrete steps, each with a deliverable you can point to.

  1. 01 Deconstruct the regulationBreak the law into specific, plain-language obligations — each tagged to its Article or Annex. → A validated obligation list.
  2. 02 Match obligations to functionsAssign each obligation to the part of the business that must own it, and surface the orphans nobody holds. → A responsibility map.
  3. 03 Identify roles & skillsName the affected roles and their competencies using ESCO, the EU’s shared skills taxonomy. → A role and skills shortlist.
  4. 04 Enrich & localiseTranslate the standard framework into your own roles, language and workflows, with the people who live in them. → A bespoke competency matrix.
  5. 05 Map & weightScore how critical each skill is to each role, so effort and budget follow the real risk. → A weighted heat-map.
  6. 06 Gap-analyse & co-ownMeasure current capability against the target — with the people themselves. Ownership transfers here. → A gap report and risk log.
  7. 07 Action plan & trackTurn gaps into role-tiered learning paths, working artefacts and a tracked roadmap with evidence for audit. → Deployed, measurable capability.
Anchored on ESCO

The bridge from law to people is ESCO — the European Commission's multilingual classification of occupations and skills, a shared vocabulary for the whole EU labour market. Building on it means your competency framework is portable and audit-comparable across teams, sectors and Member States — not a one-off spreadsheet only its author understands.

Where a role doesn't exist in ESCO yet — an AI governance lead, an AI auditor — we map it by its skills and tasks, not its title, and keep your in-house label alongside the standard one.

Run with agentic AI

AI does the heavy lifting. You keep the judgement.

The method has always paired machine speed with human judgement. What's changed is how much of the machine work is now hands-off.

Then — chatbot

One prompt at a time

You pasted the regulation into a chatbot, copied the answer into a document, pasted it into the next prompt, and looked up ESCO codes by hand — one screen, one step, a lot of transcription.

Now — agentic

The analysis runs itself

An AI agent runs the analytical spine end to end: it deconstructs the regulation, queries the ESCO database directly, resolves the right occupation codes, drafts the role-by-role matrix and flags what it isn't sure about. Hours of copy-paste become a structured draft your team reviews.

The line that doesn't move: AI accelerates; people decide. Legal, compliance and HR validate every interpretation, and the workshops where skills are weighted and gaps are owned — steps four, six and seven — stay firmly human. Agents change the speed of the analysis, never who is accountable for it.

A worked example

The AI Act, inside a recruitment team.

Take an organisation using a high-risk AI tool to screen candidates — a deployer under Annex III of the AI Act. Three obligations become three owners, three ESCO roles and three learning paths.

Art. 26(1)

Use it as instructed

Operate the system strictly as the provider instructs. Owner: the recruitment function. ESCO role: human resources manager.

Art. 26(5) · 73

Monitor & report

Watch the system in use and report serious incidents. Owner: risk & IT governance. ESCO role: risk manager.

Art. 27

Assess the rights impact

Run and document a fundamental-rights impact assessment before go-live. Owner: compliance with the DPO — mapped by skills (GDPR, data protection), as "DPO" isn't a standalone ESCO occupation.

Each role then gets a learning path pitched at apply, not awareness — the HR manager can turn the provider's instructions into a working recruitment procedure and recognise when a result must go to a human. The output isn't a memo about the AI Act. It's a bias-testing procedure on the shared drive, a quarterly check for HR business partners, and a documented trail that holds up when someone asks. And notice what didn't happen: nobody had to find one impossible hire who is jurist, data scientist and HR lead at once — Reg-to-Skills distributes the duties across the roles that already own them.

Built for more than one law

The same method runs on any EU regulation that reshapes how people work. The regulation changes; the four moves don't.

EU AI Act GDPR DORA NIS2 CSRD Digital Services Act

Bring a regulation you're trying to operationalise.

Reg-to-Skills is the method behind every Kramer Consulting engagement, from a two-hour clinic to a multi-year programme.

Book a discovery call See the services
Keep reading

Related guides

EU AI Act

The EU AI Act, explained

Heard of it, hazy on the detail? Grasp it through two laws you may already know — GDPR and product-safety regulation.

Read the guide HR & Talent

AI for HR, talent & L&D

From easy wins to the hiring decisions the AI Act treats as high-risk — and the trap of using a chatbot as a judge.

Read the guide

All guides