@ansvar/eu-regulations-mcp 0.1.0 → 0.2.0

package/data/seed/applicability/data-act.json

@@ -0,0 +1,71 @@
+[
+  {
+    "regulation": "DATA_ACT",
+    "sector": "manufacturing",
+    "subsector": "iot_devices",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "3",
+    "notes": "Manufacturers of connected products must enable user access to generated data"
+  },
+  {
+    "regulation": "DATA_ACT",
+    "sector": "manufacturing",
+    "subsector": "consumer_electronics",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "3",
+    "notes": "Smart devices must make data accessible to users and third parties they designate"
+  },
+  {
+    "regulation": "DATA_ACT",
+    "sector": "digital_infrastructure",
+    "subsector": "cloud_provider",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "23",
+    "notes": "Cloud providers must enable switching and ensure interoperability; no switching charges after transition period"
+  },
+  {
+    "regulation": "DATA_ACT",
+    "sector": "digital_infrastructure",
+    "subsector": "software_vendor",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "23",
+    "notes": "Data processing services must comply with switching and portability requirements"
+  },
+  {
+    "regulation": "DATA_ACT",
+    "sector": "transport",
+    "subsector": "automotive_oem",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "3",
+    "notes": "Connected vehicles generate data that must be accessible to users; aftermarket repair data access"
+  },
+  {
+    "regulation": "DATA_ACT",
+    "sector": "energy",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "3",
+    "notes": "Smart meters and energy management devices must provide data access"
+  },
+  {
+    "regulation": "DATA_ACT",
+    "sector": "healthcare",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "3",
+    "notes": "Connected medical devices and health wearables must enable data portability"
+  },
+  {
+    "regulation": "DATA_ACT",
+    "sector": "public_administration",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "14",
+    "notes": "Public sector bodies can request access to private sector data in exceptional circumstances"
+  }
+]

package/data/seed/applicability/dga.json

@@ -0,0 +1,74 @@
+[
+  {
+    "regulation": "DGA",
+    "sector": "public_administration",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "DGA establishes framework for re-use of public sector data"
+  },
+  {
+    "regulation": "DGA",
+    "sector": "digital_infrastructure",
+    "subsector": "data_intermediaries",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "10",
+    "notes": "Data intermediation services must be notified"
+  },
+  {
+    "regulation": "DGA",
+    "sector": "healthcare",
+    "subsector": null,
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "1",
+    "notes": "Healthcare data sharing organizations may be covered"
+  },
+  {
+    "regulation": "DGA",
+    "sector": "financial",
+    "subsector": null,
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "1",
+    "notes": "Financial data sharing organizations may be covered"
+  },
+  {
+    "regulation": "DGA",
+    "sector": "other",
+    "subsector": "data_altruism",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "16",
+    "notes": "Data altruism organizations can register for EU recognition"
+  },
+  {
+    "regulation": "DGA",
+    "sector": "manufacturing",
+    "subsector": null,
+    "applies": false,
+    "confidence": "likely",
+    "basis_article": "1",
+    "notes": "Manufacturing not directly in scope unless operating data services"
+  },
+  {
+    "regulation": "DGA",
+    "sector": "energy",
+    "subsector": null,
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "1",
+    "notes": "Energy data sharing may fall under DGA"
+  },
+  {
+    "regulation": "DGA",
+    "sector": "transport",
+    "subsector": null,
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "1",
+    "notes": "Transport data sharing may fall under DGA"
+  }
+]

package/data/seed/applicability/dma.json

@@ -0,0 +1,77 @@
+[
+  {
+    "regulation": "DMA",
+    "sector": "digital_infrastructure",
+    "subsector": "vlop",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "3",
+    "notes": "Large online platforms meeting gatekeeper thresholds (€7.5B revenue or €75B market cap, 45M EU users) are designated gatekeepers"
+  },
+  {
+    "regulation": "DMA",
+    "sector": "digital_infrastructure",
+    "subsector": "search_engine",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "Online search engines are core platform services; designated gatekeepers must allow switching"
+  },
+  {
+    "regulation": "DMA",
+    "sector": "digital_infrastructure",
+    "subsector": "app_store",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "App stores are core platform services; gatekeepers must allow alternative app stores and sideloading"
+  },
+  {
+    "regulation": "DMA",
+    "sector": "digital_infrastructure",
+    "subsector": "cloud_provider",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "2",
+    "notes": "Cloud computing services are core platform services; large providers may be designated gatekeepers"
+  },
+  {
+    "regulation": "DMA",
+    "sector": "digital_infrastructure",
+    "subsector": "messaging",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "Number-independent interpersonal communications (messaging) are core platform services; interoperability required"
+  },
+  {
+    "regulation": "DMA",
+    "sector": "digital_infrastructure",
+    "subsector": "advertising",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "Online advertising services are core platform services; transparency and data access requirements"
+  },
+  {
+    "regulation": "DMA",
+    "sector": "financial",
+    "applies": false,
+    "confidence": "definite",
+    "notes": "DMA applies to core platform services, not financial services directly"
+  },
+  {
+    "regulation": "DMA",
+    "sector": "manufacturing",
+    "applies": false,
+    "confidence": "definite",
+    "notes": "DMA applies to digital gatekeepers, not product manufacturers"
+  },
+  {
+    "regulation": "DMA",
+    "sector": "other",
+    "applies": false,
+    "confidence": "likely",
+    "notes": "Only designated gatekeepers (currently ~7 companies) subject to DMA obligations"
+  }
+]

package/data/seed/applicability/dsa.json

@@ -0,0 +1,71 @@
+[
+  {
+    "regulation": "DSA",
+    "sector": "digital_infrastructure",
+    "subsector": "vlop",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "33",
+    "notes": "Very Large Online Platforms (45M+ EU users) have enhanced obligations including risk assessments and audits"
+  },
+  {
+    "regulation": "DSA",
+    "sector": "digital_infrastructure",
+    "subsector": "hosting_provider",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "6",
+    "notes": "Hosting services must implement notice-and-action, designate points of contact, report to authorities"
+  },
+  {
+    "regulation": "DSA",
+    "sector": "digital_infrastructure",
+    "subsector": "cloud_provider",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "6",
+    "notes": "Cloud services are hosting services under DSA; liability exemptions require no actual knowledge"
+  },
+  {
+    "regulation": "DSA",
+    "sector": "digital_infrastructure",
+    "subsector": "cdn_provider",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "5",
+    "notes": "CDN and caching services are intermediary services with conduit/caching liability rules"
+  },
+  {
+    "regulation": "DSA",
+    "sector": "digital_infrastructure",
+    "subsector": "isp",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "4",
+    "notes": "Internet access providers are mere conduit services with basic obligations"
+  },
+  {
+    "regulation": "DSA",
+    "sector": "other",
+    "subsector": "online_marketplace",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "30",
+    "notes": "Online marketplaces must verify traders (KYBC), display product safety info, random compliance checks"
+  },
+  {
+    "regulation": "DSA",
+    "sector": "financial",
+    "applies": false,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "Financial services themselves not in scope; but platforms offering financial products may be"
+  },
+  {
+    "regulation": "DSA",
+    "sector": "manufacturing",
+    "applies": false,
+    "confidence": "definite",
+    "notes": "DSA applies to intermediary services, not product manufacturers directly"
+  }
+]

package/data/seed/applicability/eecc.json

@@ -0,0 +1,74 @@
+[
+  {
+    "regulation": "EECC",
+    "sector": "digital_infrastructure",
+    "subsector": "telecoms",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "EECC establishes framework for electronic communications networks and services"
+  },
+  {
+    "regulation": "EECC",
+    "sector": "digital_infrastructure",
+    "subsector": "internet_services",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Internet access services and interpersonal communications services covered"
+  },
+  {
+    "regulation": "EECC",
+    "sector": "digital_infrastructure",
+    "subsector": "messaging_apps",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "Number-independent interpersonal communications services (OTT) are in scope"
+  },
+  {
+    "regulation": "EECC",
+    "sector": "public_administration",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "National regulatory authorities enforce EECC"
+  },
+  {
+    "regulation": "EECC",
+    "sector": "financial",
+    "subsector": null,
+    "applies": false,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Financial sector not directly regulated, but uses regulated services"
+  },
+  {
+    "regulation": "EECC",
+    "sector": "healthcare",
+    "subsector": null,
+    "applies": false,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Healthcare sector not directly regulated, but uses regulated services"
+  },
+  {
+    "regulation": "EECC",
+    "sector": "manufacturing",
+    "subsector": "terminal_equipment",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Terminal equipment manufacturers have certain obligations"
+  },
+  {
+    "regulation": "EECC",
+    "sector": "other",
+    "subsector": null,
+    "applies": false,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "EECC primarily applies to electronic communications sector"
+  }
+]

package/data/seed/applicability/ehds.json

@@ -0,0 +1,74 @@
+[
+  {
+    "regulation": "EHDS",
+    "sector": "healthcare",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "EHDS establishes the European Health Data Space for primary and secondary use of health data"
+  },
+  {
+    "regulation": "EHDS",
+    "sector": "healthcare",
+    "subsector": "hospitals",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "Healthcare providers must make health data accessible via EHR systems"
+  },
+  {
+    "regulation": "EHDS",
+    "sector": "healthcare",
+    "subsector": "pharmaceuticals",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Applies to entities developing products for healthcare sector"
+  },
+  {
+    "regulation": "EHDS",
+    "sector": "digital_infrastructure",
+    "subsector": "health_tech",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "EHR system manufacturers and wellness app developers are covered"
+  },
+  {
+    "regulation": "EHDS",
+    "sector": "financial",
+    "subsector": "insurance",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "2",
+    "notes": "Health insurers may be health data holders for reimbursement purposes"
+  },
+  {
+    "regulation": "EHDS",
+    "sector": "public_administration",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Public health authorities are key participants in EHDS infrastructure"
+  },
+  {
+    "regulation": "EHDS",
+    "sector": "manufacturing",
+    "subsector": null,
+    "applies": false,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "General manufacturing not in scope unless producing medical/health products"
+  },
+  {
+    "regulation": "EHDS",
+    "sector": "other",
+    "subsector": "research",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Research organizations can access health data for secondary use under EHDS"
+  }
+]

package/data/seed/applicability/eidas2.json

@@ -0,0 +1,86 @@
+[
+  {
+    "regulation": "EIDAS2",
+    "sector": "public_administration",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "Public sector bodies must accept EU Digital Identity Wallets and notified eID schemes for cross-border authentication"
+  },
+  {
+    "regulation": "EIDAS2",
+    "sector": "financial",
+    "subsector": "bank",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "12b",
+    "notes": "Banks required to accept EUDI Wallets for customer authentication under AML requirements by late 2027"
+  },
+  {
+    "regulation": "EIDAS2",
+    "sector": "financial",
+    "subsector": "insurance",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "12b",
+    "notes": "Insurance companies required to accept EUDI Wallets for customer identification under AML requirements"
+  },
+  {
+    "regulation": "EIDAS2",
+    "sector": "healthcare",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "12b",
+    "notes": "Healthcare providers may be required to accept EUDI Wallets; health credentials (vaccination, prescriptions) can be stored in wallets"
+  },
+  {
+    "regulation": "EIDAS2",
+    "sector": "transport",
+    "subsector": "aviation",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "12b",
+    "notes": "Airlines and airports may accept EUDI Wallets for passenger identification and travel documents"
+  },
+  {
+    "regulation": "EIDAS2",
+    "sector": "digital_infrastructure",
+    "subsector": "vlop",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "12b",
+    "notes": "Very Large Online Platforms (as defined in DSA) must offer EUDI Wallet login option by late 2027"
+  },
+  {
+    "regulation": "EIDAS2",
+    "sector": "digital_infrastructure",
+    "subsector": "trust_services",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "13",
+    "notes": "Qualified trust service providers (QTSPs) directly regulated; must meet security and liability requirements"
+  },
+  {
+    "regulation": "EIDAS2",
+    "sector": "digital_infrastructure",
+    "subsector": "identity_provider",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "6a",
+    "notes": "EUDI Wallet providers and identity verification services must comply with wallet issuance requirements"
+  },
+  {
+    "regulation": "EIDAS2",
+    "sector": "manufacturing",
+    "applies": false,
+    "confidence": "likely",
+    "notes": "Manufacturing not directly in scope unless providing trust services or requiring strong customer authentication"
+  },
+  {
+    "regulation": "EIDAS2",
+    "sector": "energy",
+    "applies": false,
+    "confidence": "likely",
+    "notes": "Energy sector not directly in scope; may use EUDI Wallets for customer onboarding but not mandated"
+  }
+]

package/data/seed/applicability/eprivacy.json

@@ -0,0 +1,74 @@
+[
+  {
+    "regulation": "EPRIVACY",
+    "sector": "digital_infrastructure",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "ePrivacy Directive applies to electronic communications sector"
+  },
+  {
+    "regulation": "EPRIVACY",
+    "sector": "digital_infrastructure",
+    "subsector": "telecoms",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Telecom providers must ensure confidentiality of communications"
+  },
+  {
+    "regulation": "EPRIVACY",
+    "sector": "digital_infrastructure",
+    "subsector": "internet_services",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Internet service providers and OTT services are covered"
+  },
+  {
+    "regulation": "EPRIVACY",
+    "sector": "financial",
+    "subsector": null,
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "5",
+    "notes": "Financial services using electronic communications must comply (cookies, direct marketing)"
+  },
+  {
+    "regulation": "EPRIVACY",
+    "sector": "healthcare",
+    "subsector": null,
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "5",
+    "notes": "Healthcare entities using electronic communications must comply"
+  },
+  {
+    "regulation": "EPRIVACY",
+    "sector": "manufacturing",
+    "subsector": null,
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "5",
+    "notes": "Any entity using cookies or electronic direct marketing must comply"
+  },
+  {
+    "regulation": "EPRIVACY",
+    "sector": "public_administration",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Public sector websites must comply with cookie and tracking rules"
+  },
+  {
+    "regulation": "EPRIVACY",
+    "sector": "other",
+    "subsector": null,
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "5",
+    "notes": "Any organization with a website or electronic marketing is likely subject to ePrivacy"
+  }
+]

package/data/seed/applicability/eu_taxonomy.json

@@ -0,0 +1,74 @@
+[
+  {
+    "regulation": "EU_TAXONOMY",
+    "sector": "financial",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "EU Taxonomy applies to financial market participants for sustainability disclosures"
+  },
+  {
+    "regulation": "EU_TAXONOMY",
+    "sector": "financial",
+    "subsector": "asset_managers",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "5",
+    "notes": "Financial products must disclose Taxonomy alignment"
+  },
+  {
+    "regulation": "EU_TAXONOMY",
+    "sector": "manufacturing",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "8",
+    "notes": "Large undertakings must disclose Taxonomy-eligible activities under CSRD"
+  },
+  {
+    "regulation": "EU_TAXONOMY",
+    "sector": "energy",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "8",
+    "notes": "Energy companies must disclose Taxonomy alignment for climate activities"
+  },
+  {
+    "regulation": "EU_TAXONOMY",
+    "sector": "transport",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "8",
+    "notes": "Transport companies must disclose Taxonomy-eligible activities"
+  },
+  {
+    "regulation": "EU_TAXONOMY",
+    "sector": "digital_infrastructure",
+    "subsector": null,
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "8",
+    "notes": "Large digital companies subject to CSRD must report Taxonomy alignment"
+  },
+  {
+    "regulation": "EU_TAXONOMY",
+    "sector": "healthcare",
+    "subsector": null,
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "8",
+    "notes": "Large healthcare companies subject to CSRD must report Taxonomy alignment"
+  },
+  {
+    "regulation": "EU_TAXONOMY",
+    "sector": "public_administration",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "4",
+    "notes": "Member States must use Taxonomy for public measures and green bonds"
+  }
+]