npm - @ansvar/eu-regulations-mcp - Versions diffs - 0.1.0 → 0.2.1 - Mend

@ansvar/eu-regulations-mcp 0.1.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (156) hide show

package/LICENSE +190 -21
package/README.md +159 -26
package/data/seed/aifmd.json +432 -0
package/data/seed/applicability/ai-act.json +87 -0
package/data/seed/applicability/aifmd.json +74 -0
package/data/seed/applicability/cbam.json +74 -0
package/data/seed/applicability/cer.json +74 -0
package/data/seed/applicability/cra.json +77 -0
package/data/seed/applicability/csddd.json +74 -0
package/data/seed/applicability/csrd.json +74 -0
package/data/seed/applicability/cyber_solidarity.json +74 -0
package/data/seed/applicability/cybersecurity-act.json +69 -0
package/data/seed/applicability/data-act.json +71 -0
package/data/seed/applicability/dga.json +74 -0
package/data/seed/applicability/dma.json +77 -0
package/data/seed/applicability/dsa.json +71 -0
package/data/seed/applicability/eecc.json +74 -0
package/data/seed/applicability/ehds.json +74 -0
package/data/seed/applicability/eidas2.json +86 -0
package/data/seed/applicability/eprivacy.json +74 -0
package/data/seed/applicability/eu_taxonomy.json +74 -0
package/data/seed/applicability/eucc.json +74 -0
package/data/seed/applicability/eudr.json +74 -0
package/data/seed/applicability/gpsr.json +74 -0
package/data/seed/applicability/ivdr.json +74 -0
package/data/seed/applicability/led.json +74 -0
package/data/seed/applicability/machinery.json +74 -0
package/data/seed/applicability/mdr.json +74 -0
package/data/seed/applicability/mica.json +74 -0
package/data/seed/applicability/mifid2.json +74 -0
package/data/seed/applicability/mifir.json +74 -0
package/data/seed/applicability/pld.json +74 -0
package/data/seed/applicability/psd2.json +74 -0
package/data/seed/applicability/red.json +74 -0
package/data/seed/applicability/sfdr.json +74 -0
package/data/seed/applicability/un-r155.json +68 -0
package/data/seed/applicability/un-r156.json +68 -0
package/data/seed/cbam.json +397 -0
package/data/seed/cer.json +233 -0
package/data/seed/csddd.json +205 -0
package/data/seed/csrd.json +50 -0
package/data/seed/cyber_solidarity.json +252 -0
package/data/seed/data-act.json +517 -0
package/data/seed/dga.json +342 -0
package/data/seed/dma.json +499 -0
package/data/seed/dsa.json +686 -0
package/data/seed/eecc.json +981 -0
package/data/seed/ehds.json +638 -0
package/data/seed/eidas2.json +590 -0
package/data/seed/eprivacy.json +115 -0
package/data/seed/eu_taxonomy.json +285 -0
package/data/seed/eucc.json +386 -0
package/data/seed/eudr.json +401 -0
package/data/seed/gpsr.json +462 -0
package/data/seed/ivdr.json +1036 -0
package/data/seed/led.json +480 -0
package/data/seed/machinery.json +513 -0
package/data/seed/mappings/iso27001-ai-act.json +114 -0
package/data/seed/mappings/iso27001-aifmd.json +50 -0
package/data/seed/mappings/iso27001-cbam.json +26 -0
package/data/seed/mappings/iso27001-cer.json +74 -0
package/data/seed/mappings/iso27001-cra.json +130 -0
package/data/seed/mappings/iso27001-csddd.json +50 -0
package/data/seed/mappings/iso27001-csrd.json +26 -0
package/data/seed/mappings/iso27001-cyber_solidarity.json +82 -0
package/data/seed/mappings/iso27001-cybersecurity-act.json +90 -0
package/data/seed/mappings/iso27001-data-act.json +66 -0
package/data/seed/mappings/iso27001-dga.json +50 -0
package/data/seed/mappings/iso27001-dma.json +50 -0
package/data/seed/mappings/iso27001-dsa.json +58 -0
package/data/seed/mappings/iso27001-eecc.json +74 -0
package/data/seed/mappings/iso27001-ehds.json +90 -0
package/data/seed/mappings/iso27001-eidas2.json +106 -0
package/data/seed/mappings/iso27001-eprivacy.json +66 -0
package/data/seed/mappings/iso27001-eu_taxonomy.json +34 -0
package/data/seed/mappings/iso27001-eucc.json +66 -0
package/data/seed/mappings/iso27001-eudr.json +34 -0
package/data/seed/mappings/iso27001-gpsr.json +42 -0
package/data/seed/mappings/iso27001-ivdr.json +66 -0
package/data/seed/mappings/iso27001-led.json +74 -0
package/data/seed/mappings/iso27001-machinery.json +50 -0
package/data/seed/mappings/iso27001-mdr.json +82 -0
package/data/seed/mappings/iso27001-mica.json +66 -0
package/data/seed/mappings/iso27001-mifid2.json +66 -0
package/data/seed/mappings/iso27001-mifir.json +42 -0
package/data/seed/mappings/iso27001-pld.json +26 -0
package/data/seed/mappings/iso27001-psd2.json +82 -0
package/data/seed/mappings/iso27001-red.json +42 -0
package/data/seed/mappings/iso27001-sfdr.json +50 -0
package/data/seed/mappings/iso27001-un-r155.json +130 -0
package/data/seed/mappings/iso27001-un-r156.json +106 -0
package/data/seed/mappings/nist-csf-ai-act.json +138 -0
package/data/seed/mappings/nist-csf-aifmd.json +58 -0
package/data/seed/mappings/nist-csf-cbam.json +42 -0
package/data/seed/mappings/nist-csf-cer.json +90 -0
package/data/seed/mappings/nist-csf-cra.json +130 -0
package/data/seed/mappings/nist-csf-csddd.json +50 -0
package/data/seed/mappings/nist-csf-csrd.json +34 -0
package/data/seed/mappings/nist-csf-cyber_solidarity.json +90 -0
package/data/seed/mappings/nist-csf-cybersecurity-act.json +90 -0
package/data/seed/mappings/nist-csf-data-act.json +50 -0
package/data/seed/mappings/nist-csf-dga.json +58 -0
package/data/seed/mappings/nist-csf-dma.json +42 -0
package/data/seed/mappings/nist-csf-dora.json +210 -0
package/data/seed/mappings/nist-csf-dsa.json +82 -0
package/data/seed/mappings/nist-csf-eecc.json +90 -0
package/data/seed/mappings/nist-csf-ehds.json +98 -0
package/data/seed/mappings/nist-csf-eidas2.json +114 -0
package/data/seed/mappings/nist-csf-eprivacy.json +58 -0
package/data/seed/mappings/nist-csf-eu_taxonomy.json +34 -0
package/data/seed/mappings/nist-csf-eucc.json +66 -0
package/data/seed/mappings/nist-csf-eudr.json +58 -0
package/data/seed/mappings/nist-csf-gdpr.json +178 -0
package/data/seed/mappings/nist-csf-gpsr.json +58 -0
package/data/seed/mappings/nist-csf-ivdr.json +66 -0
package/data/seed/mappings/nist-csf-led.json +74 -0
package/data/seed/mappings/nist-csf-machinery.json +58 -0
package/data/seed/mappings/nist-csf-mdr.json +66 -0
package/data/seed/mappings/nist-csf-mica.json +98 -0
package/data/seed/mappings/nist-csf-mifid2.json +74 -0
package/data/seed/mappings/nist-csf-mifir.json +50 -0
package/data/seed/mappings/nist-csf-nis2.json +194 -0
package/data/seed/mappings/nist-csf-pld.json +34 -0
package/data/seed/mappings/nist-csf-psd2.json +98 -0
package/data/seed/mappings/nist-csf-red.json +58 -0
package/data/seed/mappings/nist-csf-sfdr.json +42 -0
package/data/seed/mappings/nist-csf-un-r155.json +130 -0
package/data/seed/mappings/nist-csf-un-r156.json +98 -0
package/data/seed/mdr.json +1066 -0
package/data/seed/mica.json +1003 -0
package/data/seed/mifid2.json +906 -0
package/data/seed/mifir.json +512 -0
package/data/seed/pld.json +244 -0
package/data/seed/psd2.json +827 -0
package/data/seed/red.json +452 -0
package/data/seed/sfdr.json +228 -0
package/data/seed/un-r155.json +166 -0
package/data/seed/un-r156.json +150 -0
package/dist/http-server.d.ts +9 -0
package/dist/http-server.d.ts.map +1 -0
package/dist/http-server.js +342 -0
package/dist/http-server.js.map +1 -0
package/dist/index.js +4 -4
package/dist/index.js.map +1 -1
package/dist/tools/map.d.ts +1 -1
package/dist/tools/map.d.ts.map +1 -1
package/dist/tools/map.js +3 -3
package/dist/tools/map.js.map +1 -1
package/package.json +8 -3
package/scripts/build-db.ts +20 -8
package/scripts/check-updates.ts +141 -39
package/scripts/ingest-eurlex.ts +9 -1
package/scripts/ingest-unece.ts +368 -0
package/src/http-server.ts +380 -0
package/src/index.ts +4 -4
package/src/tools/map.ts +4 -4

package/data/seed/applicability/ai-act.json ADDED Viewed

@@ -0,0 +1,87 @@
+[
+  {
+    "regulation": "AI_ACT",
+    "sector": "financial",
+    "subsector": "bank",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "6",
+    "notes": "AI systems for creditworthiness assessment and credit scoring are high-risk (Annex III)"
+  },
+  {
+    "regulation": "AI_ACT",
+    "sector": "financial",
+    "subsector": "insurance",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "6",
+    "notes": "AI systems for risk assessment and pricing in life/health insurance are high-risk (Annex III)"
+  },
+  {
+    "regulation": "AI_ACT",
+    "sector": "healthcare",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "6",
+    "notes": "AI medical devices and diagnostic systems are high-risk (Annex III); AI in healthcare management covered"
+  },
+  {
+    "regulation": "AI_ACT",
+    "sector": "public_administration",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "6",
+    "notes": "AI for access to public services, benefits, emergency services is high-risk (Annex III)"
+  },
+  {
+    "regulation": "AI_ACT",
+    "sector": "transport",
+    "subsector": "automotive_oem",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "6",
+    "notes": "AI safety components in vehicles are high-risk as per product safety legislation (Annex I)"
+  },
+  {
+    "regulation": "AI_ACT",
+    "sector": "transport",
+    "subsector": "aviation",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "6",
+    "notes": "AI in aviation safety management is high-risk (Annex I references aviation regulations)"
+  },
+  {
+    "regulation": "AI_ACT",
+    "sector": "digital_infrastructure",
+    "subsector": "vlop",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "6",
+    "notes": "AI recommender systems on VLOPs have transparency requirements; high-risk if used for content moderation"
+  },
+  {
+    "regulation": "AI_ACT",
+    "sector": "energy",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "6",
+    "notes": "AI in critical infrastructure management may be high-risk; grid management AI covered"
+  },
+  {
+    "regulation": "AI_ACT",
+    "sector": "manufacturing",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "6",
+    "notes": "AI safety components in machinery are high-risk (Annex I); general manufacturing AI may be limited risk"
+  },
+  {
+    "regulation": "AI_ACT",
+    "sector": "other",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "50",
+    "notes": "All AI systems interacting with humans have transparency obligations (Art 50); emotion recognition and biometric categorization restricted"
+  }
+]

package/data/seed/applicability/aifmd.json ADDED Viewed

@@ -0,0 +1,74 @@
+[
+  {
+    "regulation": "AIFMD",
+    "sector": "financial",
+    "subsector": "fund_managers",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "AIFMD regulates managers of alternative investment funds"
+  },
+  {
+    "regulation": "AIFMD",
+    "sector": "financial",
+    "subsector": "hedge_funds",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Hedge fund managers are within scope"
+  },
+  {
+    "regulation": "AIFMD",
+    "sector": "financial",
+    "subsector": "private_equity",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Private equity fund managers are within scope"
+  },
+  {
+    "regulation": "AIFMD",
+    "sector": "financial",
+    "subsector": "real_estate_funds",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Real estate fund managers are within scope"
+  },
+  {
+    "regulation": "AIFMD",
+    "sector": "financial",
+    "subsector": "depositaries",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "21",
+    "notes": "Depositaries of AIFs have specific obligations"
+  },
+  {
+    "regulation": "AIFMD",
+    "sector": "healthcare",
+    "subsector": null,
+    "applies": false,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Healthcare sector not in scope"
+  },
+  {
+    "regulation": "AIFMD",
+    "sector": "energy",
+    "subsector": null,
+    "applies": false,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Energy sector not in scope"
+  },
+  {
+    "regulation": "AIFMD",
+    "sector": "other",
+    "subsector": null,
+    "applies": false,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "AIFMD specifically targets alternative investment fund managers"
+  }
+]

package/data/seed/applicability/cbam.json ADDED Viewed

@@ -0,0 +1,74 @@
+[
+  {
+    "regulation": "CBAM",
+    "sector": "manufacturing",
+    "subsector": "steel",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Steel importers must comply with CBAM reporting and certificates"
+  },
+  {
+    "regulation": "CBAM",
+    "sector": "manufacturing",
+    "subsector": "aluminium",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Aluminium importers must comply with CBAM"
+  },
+  {
+    "regulation": "CBAM",
+    "sector": "manufacturing",
+    "subsector": "cement",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Cement importers must comply with CBAM"
+  },
+  {
+    "regulation": "CBAM",
+    "sector": "manufacturing",
+    "subsector": "fertilizers",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Fertilizer importers must comply with CBAM"
+  },
+  {
+    "regulation": "CBAM",
+    "sector": "energy",
+    "subsector": "electricity",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Electricity importers must comply with CBAM"
+  },
+  {
+    "regulation": "CBAM",
+    "sector": "energy",
+    "subsector": "hydrogen",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Hydrogen importers must comply with CBAM"
+  },
+  {
+    "regulation": "CBAM",
+    "sector": "financial",
+    "subsector": null,
+    "applies": false,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Financial sector not in scope"
+  },
+  {
+    "regulation": "CBAM",
+    "sector": "other",
+    "subsector": "customs_declarants",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "4",
+    "notes": "Customs declarants of CBAM goods must register"
+  }
+]

package/data/seed/applicability/cer.json ADDED Viewed

@@ -0,0 +1,74 @@
+[
+  {
+    "regulation": "CER",
+    "sector": "energy",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "CER applies to critical entities in energy sector"
+  },
+  {
+    "regulation": "CER",
+    "sector": "transport",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "CER applies to critical entities in transport sector"
+  },
+  {
+    "regulation": "CER",
+    "sector": "financial",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "CER applies to critical entities in banking and financial market infrastructure"
+  },
+  {
+    "regulation": "CER",
+    "sector": "healthcare",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "CER applies to critical entities in health sector"
+  },
+  {
+    "regulation": "CER",
+    "sector": "digital_infrastructure",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "CER applies to critical digital infrastructure operators"
+  },
+  {
+    "regulation": "CER",
+    "sector": "public_administration",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Central government public administration entities may be in scope"
+  },
+  {
+    "regulation": "CER",
+    "sector": "manufacturing",
+    "subsector": "food",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Food production, processing and distribution entities may be critical"
+  },
+  {
+    "regulation": "CER",
+    "sector": "other",
+    "subsector": "space",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Space sector operators may be designated as critical entities"
+  }
+]

package/data/seed/applicability/cra.json ADDED Viewed

@@ -0,0 +1,77 @@
+[
+  {
+    "regulation": "CRA",
+    "sector": "manufacturing",
+    "subsector": "iot_devices",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "IoT devices with network connectivity are products with digital elements; must meet essential cybersecurity requirements"
+  },
+  {
+    "regulation": "CRA",
+    "sector": "manufacturing",
+    "subsector": "consumer_electronics",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "Smart home devices, wearables, connected appliances are in scope"
+  },
+  {
+    "regulation": "CRA",
+    "sector": "manufacturing",
+    "subsector": "industrial_equipment",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "Industrial control systems, PLCs with digital elements are in scope; may be Important Products Class I/II"
+  },
+  {
+    "regulation": "CRA",
+    "sector": "digital_infrastructure",
+    "subsector": "software_vendor",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "Commercial software products are in scope; open-source non-commercial may be exempt (Art 2(8))"
+  },
+  {
+    "regulation": "CRA",
+    "sector": "transport",
+    "subsector": "automotive_supplier",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "2",
+    "notes": "Aftermarket ECUs and connected vehicle components in scope; OEM components may be covered by R155/R156"
+  },
+  {
+    "regulation": "CRA",
+    "sector": "healthcare",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "2",
+    "notes": "Connected medical devices in scope unless covered by MDR; health IoT devices covered"
+  },
+  {
+    "regulation": "CRA",
+    "sector": "energy",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "2",
+    "notes": "Smart meters, grid equipment with digital elements in scope; may be Important Products"
+  },
+  {
+    "regulation": "CRA",
+    "sector": "financial",
+    "applies": false,
+    "confidence": "likely",
+    "notes": "Financial services themselves not in scope; but connected devices/software used by financial sector covered"
+  },
+  {
+    "regulation": "CRA",
+    "sector": "public_administration",
+    "applies": false,
+    "confidence": "likely",
+    "notes": "CRA applies to product manufacturers/importers, not end-users; public sector is a user, not producer"
+  }
+]

package/data/seed/applicability/csddd.json ADDED Viewed

@@ -0,0 +1,74 @@
+[
+  {
+    "regulation": "CSDDD",
+    "sector": "manufacturing",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "Large manufacturing companies must conduct human rights and environmental due diligence"
+  },
+  {
+    "regulation": "CSDDD",
+    "sector": "financial",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "Large financial undertakings are in scope"
+  },
+  {
+    "regulation": "CSDDD",
+    "sector": "energy",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "Large energy companies must conduct value chain due diligence"
+  },
+  {
+    "regulation": "CSDDD",
+    "sector": "transport",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "Large transport companies must conduct value chain due diligence"
+  },
+  {
+    "regulation": "CSDDD",
+    "sector": "healthcare",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "Large healthcare companies must conduct value chain due diligence"
+  },
+  {
+    "regulation": "CSDDD",
+    "sector": "digital_infrastructure",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "Large digital companies must conduct value chain due diligence"
+  },
+  {
+    "regulation": "CSDDD",
+    "sector": "other",
+    "subsector": "third_country_companies",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "Third-country companies with significant EU turnover are in scope"
+  },
+  {
+    "regulation": "CSDDD",
+    "sector": "public_administration",
+    "subsector": null,
+    "applies": false,
+    "confidence": "definite",
+    "basis_article": "2",
+    "notes": "Public bodies not in scope"
+  }
+]

package/data/seed/applicability/csrd.json ADDED Viewed

@@ -0,0 +1,74 @@
+[
+  {
+    "regulation": "CSRD",
+    "sector": "financial",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Large financial undertakings must report under CSRD"
+  },
+  {
+    "regulation": "CSRD",
+    "sector": "manufacturing",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Large manufacturing companies must provide sustainability reports"
+  },
+  {
+    "regulation": "CSRD",
+    "sector": "energy",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Large energy companies must provide sustainability reports"
+  },
+  {
+    "regulation": "CSRD",
+    "sector": "transport",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Large transport companies must provide sustainability reports"
+  },
+  {
+    "regulation": "CSRD",
+    "sector": "healthcare",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Large healthcare companies must provide sustainability reports"
+  },
+  {
+    "regulation": "CSRD",
+    "sector": "digital_infrastructure",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Large digital companies must provide sustainability reports"
+  },
+  {
+    "regulation": "CSRD",
+    "sector": "public_administration",
+    "subsector": null,
+    "applies": false,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Public bodies generally not in scope"
+  },
+  {
+    "regulation": "CSRD",
+    "sector": "other",
+    "subsector": "listed_smes",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Listed SMEs (except micro) must report with simplified standards"
+  }
+]

package/data/seed/applicability/cyber_solidarity.json ADDED Viewed

@@ -0,0 +1,74 @@
+[
+  {
+    "regulation": "CYBER_SOLIDARITY",
+    "sector": "digital_infrastructure",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "1",
+    "notes": "Cyber Solidarity Act strengthens EU cyber threat detection and incident response"
+  },
+  {
+    "regulation": "CYBER_SOLIDARITY",
+    "sector": "public_administration",
+    "subsector": null,
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "3",
+    "notes": "National Cyber Hubs and competent authorities are central to the Act"
+  },
+  {
+    "regulation": "CYBER_SOLIDARITY",
+    "sector": "financial",
+    "subsector": null,
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "1",
+    "notes": "Critical sectors including finance benefit from EU Cybersecurity Reserve"
+  },
+  {
+    "regulation": "CYBER_SOLIDARITY",
+    "sector": "healthcare",
+    "subsector": null,
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "1",
+    "notes": "Healthcare is a critical sector covered by cyber solidarity measures"
+  },
+  {
+    "regulation": "CYBER_SOLIDARITY",
+    "sector": "energy",
+    "subsector": null,
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "1",
+    "notes": "Energy is a critical sector covered by cyber solidarity measures"
+  },
+  {
+    "regulation": "CYBER_SOLIDARITY",
+    "sector": "transport",
+    "subsector": null,
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "1",
+    "notes": "Transport is a critical sector covered by cyber solidarity measures"
+  },
+  {
+    "regulation": "CYBER_SOLIDARITY",
+    "sector": "manufacturing",
+    "subsector": null,
+    "applies": false,
+    "confidence": "likely",
+    "basis_article": "1",
+    "notes": "General manufacturing not directly targeted, but may benefit from incident response"
+  },
+  {
+    "regulation": "CYBER_SOLIDARITY",
+    "sector": "other",
+    "subsector": "cybersecurity_providers",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "12",
+    "notes": "Managed security service providers can join EU Cybersecurity Reserve"
+  }
+]

package/data/seed/applicability/cybersecurity-act.json ADDED Viewed

@@ -0,0 +1,69 @@
+[
+  {
+    "regulation": "CYBERSECURITY_ACT",
+    "sector": "digital_infrastructure",
+    "subsector": "cloud_provider",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "46",
+    "notes": "Cloud services eligible for EU cybersecurity certification under EUCS scheme (in development)"
+  },
+  {
+    "regulation": "CYBERSECURITY_ACT",
+    "sector": "digital_infrastructure",
+    "subsector": "software_vendor",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "46",
+    "notes": "ICT products and services can obtain EU cybersecurity certification; schemes cover various product categories"
+  },
+  {
+    "regulation": "CYBERSECURITY_ACT",
+    "sector": "manufacturing",
+    "subsector": "iot_devices",
+    "applies": true,
+    "confidence": "definite",
+    "basis_article": "46",
+    "notes": "IoT devices eligible for certification under EUCC (Common Criteria based) or future schemes"
+  },
+  {
+    "regulation": "CYBERSECURITY_ACT",
+    "sector": "public_administration",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "48",
+    "notes": "Public sector may require certified products/services; Art 48 allows Member States to mandate certification"
+  },
+  {
+    "regulation": "CYBERSECURITY_ACT",
+    "sector": "financial",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "46",
+    "notes": "Financial entities may use certified products to demonstrate compliance with DORA requirements"
+  },
+  {
+    "regulation": "CYBERSECURITY_ACT",
+    "sector": "energy",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "46",
+    "notes": "Critical infrastructure operators may require certified products under NIS2 implementation"
+  },
+  {
+    "regulation": "CYBERSECURITY_ACT",
+    "sector": "healthcare",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "46",
+    "notes": "Healthcare IT products can be certified; may align with MDR cybersecurity requirements"
+  },
+  {
+    "regulation": "CYBERSECURITY_ACT",
+    "sector": "transport",
+    "applies": true,
+    "confidence": "likely",
+    "basis_article": "46",
+    "notes": "Transport sector IT systems eligible for certification; may support UN R155 compliance"
+  }
+]