[AnthonyMouse]

> The requirements for small companies are less stringent.

Conditioning various minor requirements on entity size is no help if they don't actually reduce the complexity. Otherwise the cost of determining what they have to comply with is as expensive as the cost of determining what they have to do to comply.

What smaller entities need is an entirely separate framework with fewer, simpler, narrower rules that don't have to be as robust against a huge team of lawyers finding loopholes because smaller entities don't have a huge team of lawyers finding loopholes.

Then you can have an entirely different set of robust arbitrarily complex rules that all only apply to companies with more than 1000 employees because they can afford to handle the complexity.