Legal&Regulatory Counsel

We're hiring the owner of legal judgement for Apliteni - the person whose call is final on "what the law requires and whether the company's action is legally permissible." This is a role with real authority: you develop the company's legal positions and carry them yourself.

You own this domain end-to-end and you sign off on it yourself - no second signature, no routing through someone else. Here, the strongest legal mind in the room also holds the authority to match.

What you'll own (with final say)

• Final decision on legal correctness — whether an action, document, or scenario is compliant. Your decision doesn't require anyone's visa.
• LEA requests — handle them independently from receipt to response; sign and send (by volikiri). You keep stakeholders informed and make the call yourself.
• Regulator correspondence — AKI, EMTA, Estonian Police, foreign LEAs: you sign and send without intermediate sign-off.
• Nexus testing — independently determine whether a given law applies to Apliteni; your test is the input the rest of the company builds on.
• Due diligence — final KYC/AML conclusion (OFAC, EU Consolidated List, PEP): admit/deny/admit-with-conditions. No second signature.
• Sanctions screening — final decision on a client or counterparty.
• Enforcement intelligence — own real knowledge of how regulators actually apply the law (EDPB, CJEU, AKI decisions), and advise the team on where the real risk sits.
  

What success looks like

• Legal opinion turnaround — ≤ 1 working day.
• LEA response SLA — 100% in time.
• Due diligence coverage — 100% of new counterparties cleared before work starts.
• External counsel deflection — 100% of cases closed in-house, without outside lawyers and without losing context between requests.
  

What we're looking for

• Real, hands-on legal expertise in a software/tech company under EU sanctions & data protection regimes — you've done the work yourself.
• EU/Estonian legal grounding — your base is EU regulations and directives, which are then transposed into Estonian law.
• Depth in at least two of: GDPR/data protection, sanctions (OFAC/EU), AML/KYC, responding to law-enforcement requests.
• Enforcement reality — you've actually dealt with regulators and answered their requests.
• Comfort owning the final call and signing it — judgement under genuine legal conflict (where every option breaks something) is the core of the job.
• Fluent English.
  

A strong plus: experience with AKI/EMTA/Estonian Police; background in iGaming, crypto/fintech, payments, or adtech; you already use AI in your legal work (or you're genuinely curious to).

A plus: Estonian (for direct dealings with local regulators).

How we work

• Apliteni runs AI-native and flat — no managers, no titles, no grades. We organize around areas of responsibility: you own an area, you hold its quality, you carry the decision and the consequences.
• You'll work inside the Compliance area of responsibility, alongside Compliance Engineering — this is a role within a team. AI takes the routine; you hold the meaning, the boundaries, and the final judgement.
• We work async by default and keep teams small on purpose. This is a role with real authority and real accountability — it will not suit someone who wants cover.
  

What we offer

• Long-term, remote-first work from anywhere — no relocation, and you're free to travel.
• A flexible schedule — deliver on time and stay online for at least 4 hours within GMT+0 standard working hours, so the team can sync when needed.
• Unlimited paid time off — sick, recovering, caring for a kid or a pet, or taking a holiday, you take the time you need.
• Up to €2,500 per year in reimbursable benefits — you choose how to spend it across the categories we support.
  

If this fits

If this is the level of ownership you've been looking for, we'd be glad to talk. Tell us where you've held the final legal call and how you handled a case where every option carried a cost.