Materials Legal Review Process

Follow this process to obtain legal review of materials for internal and external use

Process fundamentals

What follows is a brief overview of key requirements. Review the complete process for full details and instructions.

Legal review is mandatory for, amongst other things, materials related to new product offerings, SKU changes, statements by E-Group members, financial data, and M&A activities.
All materials, whether or not review is mandatory, must comply with the SAFE Framework and Third-party IP Guidelines.
Materials containing MNPI or other internally-confidential information require special handling in restricted-access issues and documents.
Use the self-serve compliance resources to streamline the review process, and review common examples of legal feedback to improve your materials before submission.

Self-serve materials compliance resources

When creating materials:

for external use, refer to the SAFE Framework, the Guidelines for Use of Third-party IP in External Materials, and as a quick-reference guide, the External Materials Compliance Tips.
for internal use, always refer to the SAFE Framework.

The External Materials Compliance Tips page provides examples of common legal review feedback to help creators address compliance issues before submission.

When to use this process

For materials listed under Mandatory Review, a review is always required.

For everything else a review is not required provided the materials comply with:

the SAFE Framework; and
for external materials, the Guidelines for Use of Third-party IP in External Materials.

The DRI is responsible for ensuring materials are compliant. If you’re unsure whether certain materials need to be reviewed, or have a question about compliance with the SAFE Framework, the IP Guidelines, or the Checklist, reach out in the #safe Slack channel for SAFE-related questions and in the #legal Slack channel for IP-related questions.

Mandatory review

Review is always required for:

External materials related to the experiment, beta, or general availability announcement or release of significant new product offerings or significant changes to existing product offerings, including:
- Any product or services launched through the New Product Introduction Process
- New SKU
  - E.g.: Materials announcing the general availability of a new SKU
  - E.g.: Materials announcing the forthcoming private beta of what will become a new SKU
- Changes to an existing SKU (e.g., price, removal or addition of a named offering)
  - E.g.: Materials announcing new pricing for an existing SKU
- Deprecation of an existing SKU
  - E.g.: Materials announcing the phasing out of an existing SKU
- Repackaging of features or product sets
  - E.g.: Materials announcing features from an existing product are now available at no additional cost at a lower tier.
Internal and external materials requiring review as determined by the SAFE Framework Flowchart;
External materials which quote, or are written in the name of, any member of the GitLab Executive Group; VP, Investor Relations; or a member of the GitLab Board of Directors;
Quarterly and year-end earnings reports, and materials which include financial data that has not been publicly disclosed, or a variation previously disclosed financial data;
Materials relating to:
- Mergers and acquisitions, including spin outs, investments, or acqui-hires; or
- Executive or other material organizational or management changes
Social media posts that cover or reference subjects that would normally require review (e.g. earnings reports, mergers and acquisitions, etc.) non-public financial data, or a variation of previously disclosed financial data, or those disclosing information related to anything in this list or any other material nonpublic information.

Excluded from review

This process should never be used for:

NDAs, contracts, or other commercial agreements which should instead be routed through the Commercial Legal Team.
AMAs streamed or published publicly to GitLab Unfiltered. However, these recordings should not be streamed or published if they contain material non-public information, confidential information, or are required to be kept SAFE;
External or internal handbook updates;
GitLab issues or merge requests (remember that MRs are usually public, so drafting and review for sensitive items should be handled outside of MRs until finalized); nor
Internal or external communications prepared in relation to a contentious issue that undermines a critical attribute of our company’s brand and challenges its reputation or impacts, or has the potential to impact the safety or well-being of our team-members which should instead follow the GitLab Incident Communications Plan.

The Legal & Corporate Affairs Team will not review materials sent in Slack because Slack should not be used for obtaining approval; follow this Materials Legal Review Process instead.

MNPI and internally-confidential information

Follow this process for review of materials containing material non-public information (MNPI) or information with restricted internal access.

For standalone materials not related to an ongoing initiative:

a. Create an issue following Track 1 or Track 2 below.

b. Create a Google Doc shared only with the relevant team members who need to know the MNPI or restricted information, and link it from the issue.

c. Ensure all comments and discussions take place in the Google Doc and not the issue.
For materials related to an ongoing MNPI or internally-confidential initiative:

a. Create an issue within the internally-confidential GitLab Project for the initiative if one exists. If no such GitLab Project for the initiative exists, follow the process above for standalone materials.

b. Complete the Track 1 issue comment template in that issue to request review.

External vs Internal use

External use means materials made available to any company or individual who is not a GitLab team member, including media, marketing audiences, prospects, customers, partners, vendors, community members, and conference attendees. Materials published with public visibility on the GitLab Unfiltered YouTube channel or on any GitLab social media channel are external.

Internal use means materials made available solely to GitLab team members, that is, anyone who has a gitlab.com email address.

Sometimes, legal review entails two separate reviews:

Materials for external use are reviewed (i) against the SAFE Framework, and (ii) against the Guidelines for Use of Third-party IP in External Materials for compliance with third-party intellectual property (IP) rights; and
Materials for internal use are reviewed solely against the SAFE Framework; an IP review is not required unless it is contemplated that such materials will be used externally.

Turnaround time

The Legal & Corporate Affairs Team aims to complete single material reviews within two business days of submission (note: business days used here and elsewhere in the Materials Legal Review Process means United States business days). The time to complete a review is subject to (i) the submission being complete (i.e., no missing materials and all other approvals are in place before legal review), and (ii) the volume of the material submitted for review. The turnaround time for multiple materials reviews will depend on the volume of material submitted for review.

Two-track process

This process is divided into two tracks - follow the track which applies to your situation:

To obtain legal review of a single piece of material, follow Track 1: Single material legal review process.
To obtain legal review of multiple pieces of material, follow Track 2: Multiple materials legal review process.

Track 1 Single material legal review process

Follow this process to obtain legal review of a single piece of material. A slide deck, blog, brief, press release, script, and video for one presentation are considered a single piece of material.

If a confidential working issue for the material already exists, make a comment in that issue using the following template. The template is written in markdown - paste it into a new comment and fill in the blanks.

<!-- Does the material contain material non-public information (MNPI) or information with restricted internal access?  If Yes, do not proceed and instead refer to the `MNPI and internally-confidential information` section in the Materials Legal Review Process. Materials containing MNPI must not be shared or discussed in this project which is accessible to all GitLab team members. -->

## MNPI and internally-confidential information
<!-- Delete as appropriate. If Yes, refer to the `MNPI and internally-confidential information` section in the Materials Legal Review Process before you proceed. Materials containing MNPI must not be shared or discussed in any GitLab project that is accessible to all GitLab team members. Instead, use a linked, restricted access Google Doc or create an issue in a restricted access GitLab Project. -->

Yes/No

## Materials to be reviewed
<!-- Link (for Google Docs) or upload (for other file types) the material for review here. -->

## Is this material for internal or external use?
<!-- Delete as appropriate, and refer to the definitions of `external use` and `internal use` in the Materials Legal Review Process. If there are plans to use the material, or any part of it, externally in the future, chose `external`. -->
- external @sfriss @LeeFalc
- internal @sfriss

## Will the materials be made available on GitLab Unfiltered, Edcast, or anywhere else?
<!-- Delete as appropriate to state whether some or all of the materials being submitted for review will be made available anywhere. If they will, give details of the visibility the materials will have. -->
- yes <!-- if yes, give details -->
- no

## Is the material subject to mandatory review?
<!-- Delete as appropriate and refer to the definition of mandatory review: https://handbook.gitlab.com/handbook/legal/materials-legal-review-process/#mandatory-review -->
- yes <!-- if yes, identify the type of material from the list of materials subject to mandatory review -->
- no

## Does the material comply with the [SAFE Framework](/handbook/legal/safe-framework/) and the [Guidelines for Use of Third-party IP in External Materials](/handbook/legal/ip-public-materials-guidelines/)?
<!-- Delete as appropriate -->
- yes
- no
- I'm not sure

## If the material is not subject to mandatory review and complies with the SAFE Framework and IP Guidelines, legal review is not mandatory. However, if you have specific questions regarding the material, set those out here, identifying the aspect(s) of the material to which the questions relate.
<!-- if the materials are subject to mandatory review, or do not comply with the SAFE Framework or IP Guidelines, skip to the next question -->

## Due date for review
<!-- State the due date for review, noting that the Legal & Corporate Affairs Team requires at least two business days to complete a review. See note above under Turnaround Time regarding the two business day review cycle. -->

Note for materials creators

When creating materials:
for internal use, follow the [SAFE Framework](/handbook/legal/safe-framework/);
and
for external use, follow the [SAFE Framework](/handbook/legal/safe-framework/) and the [Guidelines for Use of Third-party IP in External Materials](/handbook/legal/ip-public-materials-guidelines/).

Definitions of external use and internal use are set out in the [Materials Legal Review Process](/handbook/legal/materials-legal-review-process/#external-vs-internal-use)

/confidential

If no working issue already exists, complete the single material legal review issue template, following the instructions in the template.
Note that:
- To obtain the review appropriate to your proposed use, you must tag the correct Legal & Corporate Affairs Team members in the issue description (@sfriss for internal materials, and @sfriss and @LeeFalc for external materials). IP review is not required for materials created for internal use, only SAFE review is required. Internal use and external use are defined here.
- The Legal & Corporate Affairs Team aims to review materials within two business days of submission; clearly state the due date when creating the issue as the template requires. The time to complete a review is subject to (i) the submission being complete (i.e., no missing materials and all other approvals are in place before legal review), and (ii) the volume of the material submitted for review.
Put a link in the material being reviewed to the legal review issue or comment you created:
- Google Docs: add the link at the top of the first page of the doc.
- Google Slides: add the link to the first slide.
- PDFs: no link required.
- Ensure materials shared for review are only accessible to GitLab. If shared with third parties, make a GitLab internal-only copy for the review request.
If the review request is subject to mandatory review for a video not yet produced, review is required in respect of both (i) the slide deck, storyboard, and script (as appropriate, and in final form) before recording, and (ii) the final cut. Request review at each stage as set out in this process.
The Legal & Corporate Affairs Team will review the material, making comments and requests for changes in the document, or an issue comment thread, and provide context for any requested changes in accordance with the say why, not just what operating principle.
Once legal review is complete, each Legal & Corporate Affairs Team member who reviewed the material will tag the issue creator and comment, review complete, or no further comments. Review is complete only once each Legal team member who reviewed the material has confirmed that their review is complete.
If any substantive changes are made to the material after legal review, another legal review is required. Tag the appropriate reviewers (@sfriss for internal materials, and @sfriss and @LeeFalc for external materials) in the issue, or issue comment, created in step 1, requesting review of the amended material. As repeat reviews are inefficient, ensure materials are finalized before submitting for legal review.
Once legal review of the amended material is complete, each Legal & Corporate Affairs Team member who reviewed the amended material will once again tag the issue creator and comment Review complete or no further comments.

Track 2 Multiple materials legal review process

Follow this process to obtain legal review of multiple pieces of material with a related purpose, like several slide decks being prepared for one event.

Complete the multiple materials review issue template, following the instructions in the template. Note that:
- IP review is not required for materials created for internal use, only SAFE review is required;
- For a given related purpose (like an event), only one multiple materials review issue needs to be created;
- For multiple materials legal review requests involving five or fewer pieces of material, legal aims to complete the review within 5 business days of submission; as noted above, the time to complete a review is subject to (i) the submission being complete (i.e., no missing materials and all other approvals are in place before legal review), and (ii) the volume of the material submitted for review; and
- For multiple materials legal review requests involving more than five pieces of material, the DRI must, no less than 5 business days before the materials will be ready for review, (i) notify the Legal & Corporate Affairs Team in #legal of the upcoming event, and (ii) arrange a sync with the Team to agree a timeline for the completion of the review.
As each of piece of material is ready for review, make a comment in the issue which:
- Tags the appropriate reviewers (@sfriss for internal materials, and @sfriss and @LeeFalc requesting review);
- Links (for Google Docs) or uploads (for other files) the material to the comment for review; and
- States the due date for the review.
Put a link to the comment thread you created in the material being reviewed as follows:
- Google Docs: add the link at the top of the doc.
- Google Slides: add the link to the first slide.
- PDFs: no link required.
- Ensure materials shared for review are only accessible to GitLab. If shared with third parties, make a GitLab internal-only copy for the review request.
The Legal & Corporate Affairs team will review the material, making comments and requests for changes in the document, or the applicable comment thread in the issue, and provide context for any requested changes in accordance with the say why, not just what operating principle. Ensure that all discussion relating to a given piece of material takes place in replies to the relevant comment thread; do not create a new comment thread each time you comment.
Once legal review is complete, each member of the Legal & Corporate Affairs Team member who reviewed the materials will tag the creator of the comment thread and comment review complete or no further comments in the relevant comment thread. Legal review is complete only once each Legal team member who reviewed the material has confirmed that their review is complete.
If any substantive changes are made to the material after legal review, another legal review is required. Tag the appropriate reviewers (@sfriss for internal materials, and @sfriss and @LeeFalc for external materials) in the issue comment created in step 2, requesting review of the amended material. As repeat reviews are inefficient, ensure materials are finalized before submitting for legal review.
Once legal review of the amended material is complete, each Legal & Corporate Affairs Team member who reviewed the material will once again tag the issue creator and comment review complete or no further comments in the relevant comment thread.
If the review request is subject to mandatory review for a video not yet produced, review is required in respect of both the slide deck, storyboard and script (as appropriate) prior to recording and the final cut. Request review at each stage as set out in this process.

Last modified May 15, 2025: Remove group conversations (1e0654f2)

View page source - Edit this page - please contribute.