Let’s keep the user experience train rolling.
Design for users first. Amend for laywers later. (And only when necessary.)
An example of the opposite approach is most (all?) of the cookie banners you now see post-GDPR and CCPA. These are clearly designed to satisfy the (hazy, at best) legal requirements while either disregarding the user experience or actively working to confound and confuse the user. Don’t do this. (Also see: dark patterns)
This thought was spurred by seeing company policies that seemed written with the expectation that employees would try to take advantage of them instead of treating people like adults and trusting that the powers-that-be had hired well for the “company culture”. Don’t assume people will behave badly, but adapt if/when they do.