This guide provides a strategic overview of HR compliance in 2026, covering fundamental principles, critical safeguards, best practices, and future trends to help organizations build a robust compliance framework.

Understanding HR Compliance Fundamentals

What Is HR Compliance? Defining the Scope and Purpose

HR compliance encompasses two critical components that HR teams must master:

• Creating policies that align with current employment laws
• Actively ensuring organization-wide adherence to these standards.

Why HR Compliance Matters

Effective compliance does two things at once: it protects your business from legal risks and ensures your employees are treated fairly.

The Cost of Overlooking Compliance

When organizations fail to prioritize these standards, they face serious consequences that can impact the bottom line and company culture, including:

• Heavy financial penalties and legal action.
• Loss of employee trust and lower morale.
• Long-term damage to your brand’s reputation.

Managing a Complex Landscape

Compliance is about more than just following a few rules. It requires a comprehensive strategy to protect interests across several key areas:

• Safety: Maintaining a secure workplace.
• Fairness: Anti-discrimination and wage requirements.
• Privacy: Protecting sensitive data.

For businesses operating in multiple locations, this becomes even more difficult as you must navigate a shifting web of federal, state, and local laws all at once.

Compliance as a Competitive Advantage

HR compliance shouldn't just be a defensive tactic. When done right, it proves to your team that you are committed to ethical, transparent business practices.

WorkBright’s smart I-9 compliance software simplifies this process. It transforms employment verification from a complex liability into a streamlined, automated system that protects your business and your people.

The Pillars of Modern HR Compliance

To master compliance, you have to look beyond a simple checklist of laws. Understanding these pillars allows you to prioritize your risks effectively.

Statutory vs. Regulatory: Understanding the Lawmakers

While often used interchangeably, these are the two primary "rules of the road." Statutory compliance refers to formal laws passed by legislative bodies (like the FLSA or FMLA). Regulatory compliance is about the specific rules set by agencies like the EEOC or OSHA to enforce those laws. You must satisfy both the "what" (the law) and the "how" (the agency regulation).

The Relationship Between HR Compliance and Broader Employment Law

HR compliance and employment law operate as two sides of the same coin. While employment law establishes the legal framework governing workplace relationships, HR compliance focuses on implementing systems that ensure adherence to these laws. This relationship becomes particularly complex when HR teams navigate multiple regulatory layers simultaneously.

Federal statutes like the Fair Labor Standards Act (FLSA) and Title VII of the Civil Rights Act form the foundation, while state-specific requirements add layers of complexity. Your compliance framework must address discrimination prevention, wage requirements, workers' compensation, and union relations—moving beyond basic legal adherence to comprehensive protection.

HR compliance serves as the practical application of employment law principles. Organizations must create documented policies, implement targeted training programs, and establish reporting mechanisms that demonstrate commitment to legal standards. This systematic approach helps you meet legal obligations while creating transparent, fair workplaces that minimize exposure to regulatory risks.

Contractual and Union Obligations

If your workforce is unionized, your compliance burden includes Collective Bargaining Agreements (CBAs). Violating a union contract can be just as legally damaging as violating a federal law. Furthermore, Contractual Compliance ensures that your third-party vendor agreements and independent contractor contracts don't inadvertently create "joint-employer" liabilities.

Key Stakeholders and Their Responsibilities in Compliance Management

Effective HR compliance requires clear ownership across multiple stakeholders. While HR teams hold primary responsibility for developing compliant policies and monitoring adherence to employment laws, compliance management works best as a collective effort involving dedicated risk management specialists.

Managers play a critical role by applying policies consistently, particularly in performance reviews, employee disputes, and disciplinary actions. They need regular training on anti-discrimination laws, anti-harassment policies, and diversity practices to effectively mitigate risks. Employees also share responsibility through active participation in compliance training and adherence to workplace policies.

This collaborative approach creates transparent, fair workplaces while demonstrating organizational commitment to ethical business practices. To support these stakeholders, organizations should implement compliance management software that enables document tracking, policy distribution, and monitoring of compliance-related tasks. The system should include centralized storage of employee records, automated alerts for certification renewals, and robust reporting capabilities to demonstrate regulatory adherence.

The Real Costs of Non-Compliance: Legal Penalties, Reputation Damage, and Operational Disruption

Non-compliance with HR regulations carries substantial financial and operational consequences. Direct monetary penalties include costly fines, lawsuits, and retroactive payments for benefits or tax liabilities when organizations misclassify employees. Beyond immediate financial impacts, reputation damage often follows compliance failures—research shows 41% of consumers would stop purchasing from organizations known to mistreat workers.

Operational disruptions manifest through multiple channels: legal disputes that drain resources, employee lawsuits that damage morale, and regulatory investigations that impede normal business functions. Non-compliance can trigger data privacy violations resulting in hefty fines under laws like GDPR, while immigration violations may lead to bans on employing foreign workers.

The ripple effects extend to employee satisfaction and retention. When organizations fail to follow local regulations for wages, benefits, and working conditions, they risk increased turnover and disengagement. To avoid these consequences, you need comprehensive compliance frameworks that address labor laws, tax regulations, and employee rights across all operating jurisdictions.

Essential HR Compliance Areas in 2026

Federal Employment Laws: Recent Updates and Enforcement Priorities

The EEOC's 2024-2028 Strategic Enforcement Plan (SEP) outlines several key priorities that HR teams must prepare for immediately. The plan emphasizes protecting workers from discrimination involving artificial intelligence, addressing pregnancy-related discrimination, and combating bias against individuals with Long COVID.

A major focus is tackling discriminatory recruitment and hiring practices related to employer use of AI and machine learning systems that may exclude protected groups based on color, sex, race, or other protected characteristics. The SEP also prioritizes preventing systemic harassment, promoting equal pay initiatives, and addressing retaliation in the workplace.

The plan's development involved extensive stakeholder input through three listening sessions featuring civil rights organizations, employer representatives, and employment law attorneys, along with public comments solicited through the Federal Register. Notably, the SEP takes a collaborative approach with employers by encouraging proactive identification and elimination of barriers to equal employment opportunity while fostering inclusive workplaces and diverse talent pools.

State and Local Regulations: Navigating the Patchwork of Requirements

State and local employment regulations have grown increasingly complex in 2025, with several key areas requiring careful navigation. Pay transparency laws have expanded significantly, with nine states and multiple cities now mandating salary disclosure in job postings. Hawaii's law took effect January 2024, while Illinois' requirements begin in 2025, creating a complex patchwork of requirements for multi-state employers.

Minimum wage regulations have also evolved substantially, with over 20 states increasing their rates in 2025 alone. Eight states have now adopted minimum wages of $15 per hour or higher, including California, Connecticut, Maryland, Massachusetts, New Jersey, New York, Washington State, and DC, with more states scheduled to reach this threshold by 2026.

Paid sick leave requirements have emerged as another critical compliance area, with nearly one-third of states and numerous municipalities enacting their own distinct regulations. These laws vary significantly in terms of leave accrual methods, permissible uses, and carryover policies, creating particular challenges for employers with distributed workforces.

The trend toward expanded worker protections continues with several states passing CROWN Act legislation to prohibit discrimination based on hair textures and styles historically associated with race, while others have enacted laws restricting employer use of captive audience meetings for religious or political discussions.

Industry-Specific Compliance Requirements and Standards

Different industries face unique HR compliance requirements based on their regulatory environments and operational risks. Healthcare organizations must navigate complex HIPAA regulations while implementing robust cybersecurity measures to protect sensitive employee and patient data.

Data Privacy and Protection Regulations Affecting HR Operations

Data privacy regulations have become increasingly complex for HR operations in 2025. Organizations must navigate a patchwork of requirements, from GDPR's strict standards requiring employee data be processed lawfully, fairly, and transparently, to state-specific regulations like California's CCPA which mandates businesses enter contracts with service providers handling employee personal information.

Key areas requiring protection include employee Social Security numbers, health records, performance evaluations, and payroll information—with federal penalties reaching $1.5 million for violations. HR teams face particular challenges around data minimization and retention, as they must balance maintaining necessary records with strict storage limitations. The GDPR, for instance, requires organizations to keep data only as long as necessary for stated purposes.

Organizations operating across multiple jurisdictions must align their policies with the strictest applicable standards while implementing technical safeguards like encryption and access controls. Modern privacy frameworks demand organizations establish clear breach response protocols, conduct regular security assessments, and notify authorities within mandated timeframes—typically 72 hours—of any data compromise.

Beyond immediate financial impacts, reputation damage often follows compliance failures, with research showing 41% of consumers would stop purchasing from organizations known to mishandle sensitive information.

The New Frontier: AI, Pay Transparency, and the 2025 Tax Act

The legal landscape is shifting faster than ever. To stay ahead of the curve, you must account for these three emerging trends.

AI in the Hiring Loop

New laws (like NYC Local Law 144) now require employers to conduct "bias audits" on any automated employment decision tools (AEDTs). If you use AI to screen resumes, you may be legally required to prove that your algorithm isn't discriminating against protected groups.

Pay Transparency: From Perk to Law

The "patchwork" of state laws is becoming a blanket. States like California, Colorado, New York, and Washington now require salary ranges in every job posting. Even if you aren't in those states, the "remote work" factor means you likely hire people who live there—making pay transparency a de facto national requirement for most growing companies.

Adapting to the 2025 Tax Act

With significant changes to tax laws on the horizon, payroll compliance is reaching a fever pitch. Changes to standard deductions and fringe benefit taxability mean your HR and Finance teams must be in lockstep to ensure that "take-home pay" remains compliant with new withholding requirements.

Beyond the Checklist: Navigating Audits and "Red Flags"

An audit shouldn't be a surprise—it should be a scheduled event that you control. However, the Department of Labor (DOL) often shows up because of specific "triggers."

What Triggers a DOL Audit?

Most audits are "complaint-driven." Common red flags include:

• Offsite Work Discrepancies: Employees working remotely without a clear way to track "off-the-clock" hours.
• Inconsistent Overtime: Errors in calculating the "regular rate of pay" (which must include non-discretionary bonuses and commissions).
• Industry Sweeps: Sometimes, the DOL targets specific industries (like hospitality or construction) for a "compliance sweep" regardless of individual company performance.

The "Safe Harbor" Strategy: Using Legal Privilege

When performing a deep-dive internal audit, consider involving outside counsel. Why? Because audits conducted under the direction of an attorney can often be protected by Attorney-Client Privilege. This prevents your own internal audit findings from being used against you as evidence of "willful" non-compliance in a future lawsuit.

Developing a Comprehensive HR Compliance Strategy

Conducting an Effective HR Compliance Audit: Methodology and Tools

An effective HR compliance audit requires a systematic approach across multiple phases. Start by defining clear audit objectives and assembling key stakeholders, including HR team members who will need to provide documentation and participate in interviews. The audit should examine both compliance with legal requirements and effectiveness of current HR practices through questionnaires and document reviews.

Create a comprehensive audit checklist covering critical areas like Forms I-9, hiring practices, performance management systems, and disciplinary procedures. When conducting the review, focus on high-risk areas where most lawsuits originate: hiring processes, performance management, discipline, and termination protocols.

Document findings meticulously and prioritize identified gaps based on risk level (high, medium, low) to create actionable timelines for remediation. For maximum legal protection, consider having outside counsel conduct the audit—this can help safeguard audit results through legal privileges against disclosure.

Regular mini-audits every six months can supplement annual comprehensive reviews, allowing for course corrections while maintaining consistent oversight of HR practices.

Creating and Maintaining Compliant HR Documentation Systems

Effective HR documentation systems require careful attention to both security and accessibility. Organizations should establish consistent protocols for receiving, storing, and sharing sensitive employee information like job applications, tax forms, bank details, and health records, with robust security measures preventing unauthorized access.

Digital files should be password-protected and shared only with authorized personnel, while physical documents must be stored securely away from unauthorized staff. Modern HR management software can facilitate streamlined document processing while maintaining security through features like centralized storage and automated alerts for certification renewals.

Technology Solutions for Streamlining Compliance Management

Modern HR compliance software streamlines regulatory adherence through automation and centralized management. Leading platforms integrate essential features like document storage, policy distribution, and automated alerts for certification renewals.

Key capabilities include regulatory compliance monitoring that tracks labor laws across jurisdictions, robust document management for organizing employee records, and seamless integration with payroll and benefits systems. The most effective solutions provide real-time updates on changing regulations while automating time-intensive compliance tasks like ACA filings and COBRA administration.

Advanced platforms now include AI-powered tools that can flag potential federal, state, and local regulation infractions before they become costly issues—with research showing the average employment case resulting in defense and settlement costs around $160,000.

Building a Culture of Compliance Throughout Your Organization

Building a culture of compliance requires systematic engagement across all organizational levels. Start by establishing clear ownership through dedicated compliance managers and risk specialists who can drive initiatives forward. Develop comprehensive training programs that educate managers on critical areas like anti-discrimination laws, anti-harassment policies, and diversity practices while ensuring employees understand their role in maintaining compliance.

Create accessible reporting systems that allow staff to raise concerns without fear of retaliation, including anonymous channels and clear escalation procedures. Foster accountability by implementing regular compliance audits and maintaining detailed documentation of training completion, policy acknowledgments, and incident responses.

The most effective compliance cultures emerge when organizations move beyond basic regulatory adherence to embrace ethical business practices that protect both employer and employee interests. This requires consistent communication about compliance expectations, regular policy reviews, and visible leadership commitment to maintaining fair and transparent workplaces.

The Invisible Guardrail: Whistleblower and Grievance Policies

A compliant organization must provide a "safe" way for employees to report unethical behavior. If an employee feels their only path for justice is through a government agency (like the EEOC), you’ve already lost. Robust internal grievance procedures and clear anti-retaliation policies are your best defense against external litigation.

The 2026 Handbook Essentials

Your employee handbook is your "contract of culture." In 2026, your handbook must move beyond the basics to include:

• Social Media & Digital Conduct: Guidelines on what employees can and cannot say about the company online (staying within NLRB "protected concerted activity" bounds).
• Remote Work Ethics: Clear expectations for security, confidentiality, and time-tracking in a distributed environment.
• AI Usage Policies: Rules on how employees can (and cannot) use generative AI with sensitive company data.

2026 Best Practices for Key Compliance Areas

Recruitment and Hiring: Eliminating Bias and Meeting Legal Requirements

Modern recruitment requires careful attention to both technological tools and legal requirements. AI-enhanced hiring systems, now used by 70% of organizations, must be carefully monitored to prevent algorithmic bias that could discriminate based on gender, ethnicity, or other protected characteristics.

Organizations should implement explainable AI (XAI) to identify key factors influencing candidate rankings and ensure compliance with anti-discrimination laws. Interview processes require heightened vigilance around personal conversations, as seemingly innocent small talk about family health history or other personal matters could expose organizations to discrimination claims under laws like the Genetic Information Nondiscrimination Act.

Job listings must comply with an increasingly complex web of state and local regulations—for instance, positions that could be performed in New York, even remotely, must include salary ranges in their postings. Drug testing policies are also evolving, with California's AB 2188 now prohibiting employers from disqualifying candidates based on marijuana test results during pre-employment screening.

Wage and Hour Compliance: Overtime, Classification, and Pay Transparency

Major changes to wage and hour compliance took effect in 2024, starting with the Department of Labor's new overtime rule on July 1. The standard salary threshold increased from $684 to $844 per week ($43,888 annually) for executive, administrative, and professional employees, with a further increase to $1,128 weekly ($58,656 annually) scheduled for January 1, 2025.

For highly compensated employees, the threshold rose to $132,964 annually, with another increase to $151,164 planned for 2025. The DOL also implemented automatic threshold updates every three years starting July 2027.

Independent contractor classification saw significant reform through a new DOL rule effective March 11, 2024, which restored the multi-factor economic realities test without predetermined weight given to any factor. This change may result in more workers being classified as employees rather than contractors, particularly affecting gig economy workers.

Pay transparency requirements expanded significantly across jurisdictions, with nine states now mandating salary disclosure in job postings. States continue pushing minimum wage increases, with over 20 states raising rates in 2024 alone—eight states have now adopted minimum wages of $15 per hour or higher, including California, Connecticut, Maryland, Massachusetts, New Jersey, New York, Washington State, and DC.

Workplace Safety and Health Regulations: OSHA Updates and COVID-19 Considerations

OSHA compliance requirements have evolved to address both traditional workplace safety and emerging health challenges. Organizations must now implement comprehensive safety protocols while maintaining detailed documentation of workplace injuries, illnesses, and potential hazards.

Recent updates emphasize creating workplace environments where employees feel protected and supported, requiring ongoing employee training and certification tracking to stay compliant with current regulations. For COVID-19 specifically, updated guidance from January 2024 has moved away from standard five-day isolation periods, instead focusing on clinical symptoms to determine isolation duration.

Organizations must ensure returning COVID-19 cases use face coverings until 10 days have passed from symptom onset or first positive test for asymptomatic cases. Several states are implementing new safety regulations, including Nevada's heat illness prevention regulation taking effect April 2025, and Virginia's law requiring reporting of workplace violence in hospitals.

Employee Benefits and Leave Management: Statutory Requirements and Best Practices

Employee benefits and leave management requires careful attention to both statutory requirements and evolving best practices. Organizations must conduct regular dependent eligibility audits to verify all enrolled dependents meet qualification criteria, including collecting documentation like birth certificates, marriage licenses, and adoption papers.

Fringe benefit policies need annual reviews to ensure compliance with tax regulations while meeting workforce needs—this includes 401(k) plans, wellness programs, company stock options, and supplemental insurance offerings. For leave management, HR teams must navigate an increasingly complex web of federal and state regulations.

Organizations should implement clear protocols for receiving, storing, and sharing sensitive employee information like health records and benefits documentation, with robust security measures preventing unauthorized access. Modern HR management software can help streamline benefits administration while maintaining security through features like centralized storage and automated alerts for certification renewals.

Organizations operating across jurisdictions face particular challenges, as they must align their benefits and leave policies with the strictest applicable standards while implementing technical safeguards like encryption and access controls. Beyond immediate compliance concerns, effective benefits and leave management serves as a crucial tool for employee retention—research shows proper administration of these programs directly impacts workforce satisfaction and engagement.

Managing HR Compliance Across Different Workforce Models

Remote and Hybrid Work Compliance Challenges and Solutions

Remote and hybrid work models introduce complex compliance challenges across multiple domains. Organizations must navigate state-specific labor laws when employees work across jurisdictions, as a company with one physical location can suddenly become subject to employment regulations in multiple states.

Tax compliance presents significant hurdles, particularly when employees work across state or national borders, requiring careful determination of tax liabilities based on worker locations. Data security emerges as a critical concern, with 80% of organizations having personally identifiable information stored on employees' devices that requires special handling, while international remote workers add GDPR compliance requirements.

Wage and hour tracking has grown more complex in hybrid environments, demanding systems to accurately monitor work hours and overtime across distributed teams. Organizations must also carefully manage multi-state compliance issues including state income tax, unemployment insurance, pay transparency laws, worker's compensation, mandated employee benefits, and privacy regulations.

To mitigate these challenges, organizations should implement secure systems, clear data handling policies, comprehensive employee training, and maintain accurate location tracking of remote workers. Many organizations partner with Employer of Record (EOR) services to handle payroll, tax, and compliance requirements in foreign jurisdictions while establishing monitoring tools to prevent fraudulent remote work practices like task outsourcing.

Contractor and Gig Worker Classification: Navigating Evolving Standards

The Department of Labor's guidance on contractor and gig worker classification focuses on whether workers are economically dependent on the employer for work or are truly in business for themselves. Under the economic reality test, workers who are economically dependent on an employer are employees, while those who are in business for themselves are independent contractors.

The test examines multiple factors to determine economic dependence, with no single factor being determinative. Key considerations include whether the worker exercises managerial skill affecting their economic success, makes capital investments in their business, has a permanent working relationship with the employer, and is subject to the employer's control.

The rule emphasizes that economic dependence is not about the amount of income earned or whether the worker has other income sources—it focuses on whether the worker depends on the employer for obtaining work opportunities. For gig workers specifically, factors like scheduling flexibility and the ability to work through multiple platforms do not automatically indicate independent contractor status if workers remain economically dependent on the platforms for work.

The rule aims to prevent misclassification while recognizing legitimate independent contractor relationships across industries. Employers must carefully evaluate their relationships with gig workers under this framework to maintain compliance and avoid costly legal challenges.

Multi-State and International Employment Compliance Considerations

Managing multi-state and international employment requires careful navigation of complex regulatory frameworks. Organizations must track employee locations diligently, as each jurisdiction where remote work occurs triggers specific compliance obligations around state income tax, unemployment insurance, pay transparency, worker's compensation, and privacy laws.

For international operations, organizations must ensure adherence to local, national, and international labor regulations while managing cultural expectations that can impact employee retention. Common compliance risks include non-compliance with local labor laws, employee misclassification issues, and payroll tax complications across jurisdictions.

Data privacy presents particular challenges, especially under regulations like GDPR in the European Union, where mishandling employee information can result in substantial fines. Organizations should implement robust location tracking systems, maintain accurate employee records, and consider utilizing Employer of Record (EOR) services for jurisdictions with fewer than 3-5 full-time employees.

States with 'convenience of the employer' rules, including Connecticut, Delaware, Nebraska, New Jersey, New York, and Pennsylvania, require special attention as they may tax remote employees based on the employer's location rather than the worker's physical location.

Merger and Acquisition Compliance Due Diligence

Effective M&A due diligence requires thorough assessment of human capital risks that could disrupt successful integration. The process involves evaluating employment contracts, policies, compensation structures, and benefits programs while utilizing checklists and technology to ensure smooth transitions.

Key areas requiring scrutiny include retirement benefits, healthcare costs, workers' compensation liabilities, and potential legal issues like EEOC charges or NLRB claims. HR teams must carefully review systemic problems created by policy gaps or enforcement failures, particularly around wage/hour compliance, leave management, immigration procedures, and affirmative action plans.

Due diligence should examine both organizations' HR systems and capabilities to make informed decisions about technology integration and outsourcing. The process demands meticulous documentation review to prevent surprises that could jeopardize the deal, with parties deciding upfront how much information to share while maintaining confidentiality through properly executed NDAs.

Organizations should expect the due diligence phase to take longer than anticipated and prepare multiple copies of required documentation to avoid delays.

Future-Proofing Your HR Compliance Approach

Anticipated Regulatory Changes for 2026 and Beyond

Major shifts in HR compliance are expected through 2026 and beyond, driven by a realignment of federal enforcement, state-level legislative surges, and the maturation of AI governance. While 2025 focused on initial transparency, 2026 will be defined by "regulatory fragmentation," where employers must navigate starkly different rules across state lines.

1. Federal Enforcement & Wage Realignment

The federal landscape for 2026 is marked by a significant shift in agency priorities.

• Agency Restructuring: Following budget realignments in 2025, many enforcement duties—particularly regarding affirmative action and contract compliance—have migrated to the EEOC. This is expected to lead to more complex, multi-layered audits by 2026 as agencies consolidate resources.
• The Overtime Impasse: While federal salary thresholds for overtime remained in legal flux through 2024, states have stepped in to fill the void. By 2026, many jurisdictions are implementing their own aggressive escalations. For example, the weekly threshold is projected to reach approximately $1,541 in Washington and $1,275 in parts of New York, necessitating widespread reclassification of "exempt" status.
• Labor Reform: Congress is debating substantial labor reform packages that could reshape union representation processes and collective bargaining frameworks, signaling a move toward modernizing decades-old federal labor rules.

2. The Maturation of AI & Digital Governance

AI regulation is moving from "general concern" to "enforced accountability."

• State-Specific AI Acts: 2026 marks the "go-live" date for several landmark laws, including the Colorado AI Act and the Texas Responsible AI Governance Act. These require employers to maintain rigorous risk management programs and perform annual bias audits if AI is used in hiring, promotions, or terminations.
• Automated Decision Systems (ADS): Beyond recruitment, 2026 will see increased scrutiny on AI used for performance tracking and "algorithmic management." California and Illinois are leading the charge in requiring transparency regarding how AI-driven data influences an employee’s career trajectory.
• Digital Rights: New laws (such as Illinois HB 1278) will protect employees' rights to use personal or employer-issued devices to document workplace incidents, creating a new intersection between privacy and safety.

3. Expansion of Employee "Well-Being" Mandates

Compliance is increasingly focused on the holistic life of the employee.

• Paid Leave Implementation: 2026 is a milestone year for state-mandated benefits. Minnesota and Delaware are scheduled to launch their full paid family and medical leave programs, joining over a dozen other jurisdictions. This requires HR to manage complex payroll deductions and job-protection tracking.
• Pay Transparency 2.0: Moving beyond just "listing a range," 2026 regulations (like California’s SB 642) require "good faith" estimates that include all compensation types, such as bonuses and equity. Multi-state employers are increasingly moving toward "national standardization" to avoid the administrative burden of state-specific job postings.

4. Summary of Key Compliance Dates (2026)