diff --git a/docs/workflow/implementing/risk-mitigation/legal-sign-off/legal-sign-off.mdx b/docs/workflow/implementing/risk-mitigation/legal-sign-off/legal-sign-off.mdx index 8b18d591b..5f92202e4 100644 --- a/docs/workflow/implementing/risk-mitigation/legal-sign-off/legal-sign-off.mdx +++ b/docs/workflow/implementing/risk-mitigation/legal-sign-off/legal-sign-off.mdx @@ -6,11 +6,13 @@ sidebar_position: 3 If Legal Review shows as Required, the answer to one of the Risk questions determined legal review will help mitigate a risk. Please write legal-product@mozilla.com and explain what you want to do, to how many people (% of population and channel), and the potential outcomes. In your conversation with Legal, you may determine a [Legal Bug](https://bugzilla.mozilla.org/enter_bug.cgi?product=Legal&component=Product%20-%20data) is needed. -Legal review is common anytime an experiment: -1. Involves a partner in any way - including promoting their content (like an add-on), involving a 3rd party back-end service (even if not exposed to the user directly). -2. could impact a partner, an outside company, or substantively impact partner revenue. Note: some partnerships and new negotiations are not widely disclosed inside MoCo, so there may be partnerships that you are not aware of. -3. Collects or uses Category 3 or 4 data. Determine which category of data you are collecting using [data collection categories](https://wiki.mozilla.org/Firefox/Data_Collection#Data_Collection_Categories). -4. if your content delivers encryption or VPN. Encryption is subject to export control laws. VPN may also be subject to export control. Releasing to other countries could put our users at risk of criminal punishment and result in the country sanctioning our browser use. Even code shipped preffed off, if it could manually be activated - consult legal. +Legal review is advised anytime an experiment: +1. Involves AI in any way. +2. Involves adding advertising to any new areas/uses. +3. Involves a partner in any way - including promoting their content (like an add-on), involving a 3rd party back-end service (even if not exposed to the user directly). +4. could impact a partner, an outside company, or substantively impact partner revenue. Note: some partnerships and new negotiations are not widely disclosed inside MoCo, so there may be partnerships that you are not aware of. +5. Collects or uses Category 3 or 4 data. Determine which category of data you are collecting using [data collection categories](https://wiki.mozilla.org/Firefox/Data_Collection#Data_Collection_Categories). +6. if your content delivers encryption or VPN. Encryption is subject to export control laws. VPN may also be subject to export control. Releasing to other countries could put our users at risk of criminal punishment and result in the country sanctioning our browser use. Even code shipped preffed off, if it could manually be activated - consult legal.