That's the thing -- oftentimes your Boss thinks that X is a "legal requirement". When really it's "so-and-so is bugging me to cram this down your throats saying something about 'legal' and I'm too busy to even bother googling to find out whether it's really so. Plus even if I did some basic research I might have to actually think about it for a minute or two - and you know how much I hate that. So to save myself time, I think I'll just cram it down your throats."
My favorite X in this category: drug testing. (Contrary to popular belief, it's almost never an actual legal requirement - even if your company is getting state or federal funds.)
This is technically true, but as a solo founder, you're even less equipped than a large company with a legal and compliance team to determine what's actually a legal requirement and what's not - and what legal requirements are imposed by industry groups like PCI instead of the government but are no less binding in practice if you want to run a certain sort of business, and what sorts of things are in the grey area of "the law only speaks about this broadly, but nobody chooses a specific implementation other than X in practice, so in theory you could innovate but you're on your own," and what sorts of things aren't legal requirements on their own but do save you if you get into legal trouble for other reasons, and so forth.
Remember that solo founders are widely encouraged to incorporate in Delaware just because it's the least legal risk. One state! Out of fifty, and several non-state entities! There's no legal requirement, and you can absolutely incorporate in your home state or many other places, but the advice is that if you want to focus on what your business does best, don't spend time thinking about any states' corporate law other than Delaware's, which is well-explored. If that's the bar, basically all other forms of compliance are well above it.
I get that good hackers have an instinct to ask "Why?" or "Really?" at every step and to understand the whole system, and I have it too, but one thing I've learned with experience is you need to train yourself to put a stopping point on "Why?" if you want to get anything done at your current level of descent. You absolutely can go arbitrarily deep, nobody is goin to stop you, and there are all sorts of fences that have no reason for existing, but you have a limited amount of time to do whatever work you want to do and show results. Do you want to build the next great social network, or the next great form of corporate structure? You can absolutely do either - you can't do both.
(One caveat: there are a few things that are legal requirements or near enough thereto that only apply when you have more than a few employees. If you're a solo founder, you presumably can't create a hostile work environment for yourself, for instance. However, if you're a solo founder pursuing B2B deals and having meetings with companies, it might be worth being aware of what sorts of things your target companies consider hostile work environments and would cause them to not invite you back for the sake of their legal risk - and that's even more about the standard corporate view of the law than the law itself. So, you may not be able to get away ignoring these conventions even as a solo founder, after all.)
That's the thing -- oftentimes your Boss thinks that X is a "legal requirement". When really it's "so-and-so is bugging me to cram this down your throats saying something about 'legal' and I'm too busy to even bother googling to find out whether it's really so. Plus even if I did some basic research I might have to actually think about it for a minute or two - and you know how much I hate that. So to save myself time, I think I'll just cram it down your throats."
My favorite X in this category: drug testing. (Contrary to popular belief, it's almost never an actual legal requirement - even if your company is getting state or federal funds.)