npm - @ansvar/eu-regulations-mcp - Versions diffs - 0.2.3 → 0.3.1 - Mend

@ansvar/eu-regulations-mcp 0.2.3 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/README.md +101 -7
package/data/regulations.db +0 -0
package/data/seed/gdpr.json +699 -1
package/dist/index.js +32 -0
package/dist/index.js.map +1 -1
package/dist/tools/recital.d.ts +13 -0
package/dist/tools/recital.d.ts.map +1 -0
package/dist/tools/recital.js +23 -0
package/dist/tools/recital.js.map +1 -0
package/dist/tools/search.d.ts +1 -0
package/dist/tools/search.d.ts.map +1 -1
package/dist/tools/search.js +55 -18
package/dist/tools/search.js.map +1 -1
package/package.json +1 -1
package/scripts/build-db.ts +62 -0
package/scripts/ingest-eurlex.ts +87 -0
package/scripts/reingest-all-with-recitals.sh +81 -0
package/src/index.ts +33 -0
package/src/tools/recital.ts +48 -0
package/src/tools/search.ts +69 -21

package/README.md CHANGED Viewed

@@ -1,8 +1,15 @@
 # EU Regulations MCP Server
-**The first open-source MCP server for European cybersecurity regulations.**
+**The EUR-Lex alternative for the AI age.**
-Query **37 EU regulations** including DORA, NIS2, GDPR, AI Act, MiFID II, EHDS, and more — directly from Claude, Cursor, or any MCP-compatible client.
+[![npm version](https://badge.fury.io/js/@ansvar%2Feu-regulations-mcp.svg)](https://www.npmjs.com/package/@ansvar/eu-regulations-mcp)
+[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+[![GitHub stars](https://img.shields.io/github/stars/Ansvar-Systems/EU_compliance_MCP?style=social)](https://github.com/Ansvar-Systems/EU_compliance_MCP)
+[![Daily EUR-Lex Check](https://github.com/Ansvar-Systems/EU_compliance_MCP/actions/workflows/check-updates.yml/badge.svg)](https://github.com/Ansvar-Systems/EU_compliance_MCP/actions/workflows/check-updates.yml)
+Query **37 EU regulations** — from GDPR and AI Act to DORA, MiFID II, eIDAS, Medical Device Regulation, and more — directly from Claude, Cursor, or any MCP-compatible client.
+If you're building digital products, financial services, healthcare tech, or connected devices for the European market, this is your compliance reference.
 Built by [Ansvar Systems](https://ansvar.ai) — Stockholm, Sweden
@@ -10,9 +17,15 @@ Built by [Ansvar Systems](https://ansvar.ai) — Stockholm, Sweden
 ## Why This Exists
-European cybersecurity compliance is fragmented across dozens of PDFs, EUR-Lex pages, and regulatory documents. We built this for our own threat modeling work and figured others might find it useful.
+EU compliance is scattered across EUR-Lex PDFs, official journals, and regulatory sites. Whether you're:
+- A **developer** implementing GDPR data rights or NIS2 incident reporting
+- A **product team** navigating AI Act risk assessments or Medical Device conformity
+- A **compliance officer** mapping ISO 27001 to DORA requirements
+- A **legal researcher** comparing PSD2 authentication vs. eIDAS trust services
-No more tab-switching. No more "wait, what article was that?" Just ask.
+...you shouldn't need a law degree and 47 browser tabs. Ask Claude. Get the exact article. With context.
+This MCP server makes EU regulations **searchable, cross-referenceable, and AI-readable**.
 ---
@@ -91,6 +104,43 @@ Plus:
 ---
+## Who This Is For
+This isn't just for security teams. If you're building **anything** that touches the EU market, you need these regulations:
+**🏦 Fintech & Banking**
+- Payment processors → PSD2, DORA, MiFID II
+- Crypto platforms → MiCA, DORA
+- Trading systems → MiFIR, DORA
+- Fund management → AIFMD, SFDR
+**🏥 Healthcare & MedTech**
+- Health apps → GDPR, EHDS, MDR
+- Medical devices → MDR, IVDR, CRA
+- Clinical systems → NIS2, GDPR, EHDS
+**🤖 AI & Machine Learning**
+- Any AI system → EU AI Act (high-risk classification)
+- HR tech, recruitment → AI Act + GDPR
+- Content moderation → DSA, AI Act
+**🏭 IoT & Connected Products**
+- Smart devices → CRA, RED, GDPR
+- Industrial IoT → Machinery, NIS2, CRA
+- Automotive → UN R155/R156, CRA
+**☁️ SaaS & Digital Platforms**
+- Cloud services → Data Act, GDPR, NIS2
+- Marketplaces → DSA, DMA, Consumer Rights
+- B2B platforms → Data Act, DGA
+**📱 Consumer Tech**
+- Mobile apps → GDPR, DSA, ePrivacy, CRA
+- E-commerce → GDPR, Consumer Rights, DSA
+- Social platforms → DSA, DMA, GDPR
+---
 ## Quick Start
 ### Claude Desktop
@@ -145,6 +195,16 @@ npm start
 ---
+## Testing & Coverage
+**Want to try it out?**
+- [TEST_QUERIES.md](./TEST_QUERIES.md) - 60+ example queries organized by category
+- [COVERAGE_GAPS.md](./COVERAGE_GAPS.md) - Known limitations and roadmap
+**TL;DR:** Base regulations work perfectly. Recitals available for GDPR (173); other regulations blocked by EUR-Lex WAF protection (2026-01-27). Delegated acts and national transpositions are roadmap items.
+---
 ## Available Tools
 ### `search_regulations`
@@ -163,12 +223,21 @@ Retrieve a specific article with full text and context.
 → Returns ICT-related incident management process requirements
 ```
+### `get_recital`
+Retrieve legislative intent and interpretation guidance from regulation preambles.
+```
+"Get GDPR Recital 83"
+→ Returns: Context for "appropriate technical measures"
+  (encryption, pseudonymization, resilience testing)
+```
 ### `list_regulations`
 List available regulations or show detailed structure.
 ```
 "List all regulations"
-→ Returns overview of all 9 regulations with article counts
+→ Returns overview of all 37 regulations with article counts
 ```
 ### `get_definitions`
@@ -234,6 +303,28 @@ Once connected, just ask naturally:
 ---
+## Why Not Just Use EUR-Lex?
+EUR-Lex is authoritative. It's also **designed for lawyers, not developers**.
+| EUR-Lex | This MCP Server |
+|---------|-----------------|
+| Search by CELEX number | Search by plain English: *"incident reporting timeline"* |
+| Navigate 100+ page PDFs | Get the exact article with context |
+| Manual cross-referencing | `compare_requirements` tool does it instantly |
+| "Which regulations apply to me?" → research for days | `check_applicability` tool → answer in seconds |
+| Copy-paste article text | Article + definitions + related requirements |
+| Check 37 sites for updates | Daily automated freshness checks |
+| No API, no integration | MCP protocol → AI-native |
+**Example:**
+- EUR-Lex: Download DORA PDF → Ctrl+F "incident" → Read Article 17 → Google "What's a major incident?" → Cross-reference NIS2 → Repeat for 5 regulations
+- This MCP: *"Compare incident reporting requirements across DORA, NIS2, and CRA"* → Done.
+This isn't replacing EUR-Lex. It's making it **usable in 2026**.
+---
 ## Data Sources
 All content is sourced from official public sources:
@@ -312,9 +403,11 @@ Always verify against official sources for compliance decisions.
 ## About Ansvar Systems
-We build AI-accelerated threat modeling tools for automotive and financial services. This MCP server powers our internal compliance workflows — we're sharing it because navigating EU regulations shouldn't require a law degree.
+We build AI-accelerated threat modeling and compliance tools for automotive, financial services, and healthcare. This MCP server started as our internal reference tool — turns out everyone building for EU markets has the same EUR-Lex frustrations.
+So we're open-sourcing it. Navigating 37 regulations shouldn't require a legal team.
-**[ansvar.ai](https://ansvar.ai)** — Threat modeling in days, not weeks.
+**[ansvar.ai](https://ansvar.ai)** — Stockholm, Sweden
 ---
@@ -373,3 +466,4 @@ See [CONTRIBUTING.md](./CONTRIBUTING.md) for guidelines.
 <p align="center">
   <sub>Built with care in Stockholm, Sweden</sub>
 </p>

package/data/regulations.db CHANGED Viewed

Binary file