@tantainnovative/ndpr-toolkit 5.2.0 → 5.3.0

package/CHANGELOG.md

@@ -2,6 +2,18 @@
 
 All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
 
+## [5.3.0](https://github.com/mr-tanta/ndpr-toolkit/compare/v5.2.0...v5.3.0) (2026-05-30)
+
+
+### Features
+
+* **breach:** add NDPA S.40 / GAID 2025 Article 33 notification completeness checker ([2a6bdf2](https://github.com/mr-tanta/ndpr-toolkit/commit/2a6bdf25af11431c6b4603c0892d3db44f0bf348))
+
+
+### Documentation
+
+* document the breach notification completeness checker ([c05ee84](https://github.com/mr-tanta/ndpr-toolkit/commit/c05ee848afd899ae916b40fa55023886380392ae))
+
 ## [5.2.0](https://github.com/mr-tanta/ndpr-toolkit/compare/v5.1.4...v5.2.0) (2026-05-30)
 
 

package/README.md

@@ -506,6 +506,34 @@ Both ship as memoised hooks for React UIs — `useDCPMI(input, options?)` and `u
 
 ---
 
+## Breach Notification Completeness
+
+`assessBreachNotification()` checks a `BreachReport` against the **NDPA 2023 Section 40** breach-notification duty as detailed by **NDPC GAID 2025 Article 33** — the mandated content of the notification to the Commission, the 72-hour deadline from discovery, and the data-subject communication owed when the risk is high.
+
+```ts
+import { assessBreachNotification } from '@tantainnovative/ndpr-toolkit/core';
+
+const result = assessBreachNotification(breachReport, {
+  asOf: Date.now(),
+  assessment: riskAssessment, // optional — high risk triggers the S.40(3) data-subject duty
+});
+
+result.complete;             // false until every mandated item is present
+result.completeness;         // 0–100 across applicable items
+result.missing;              // ["Steps taken to reduce the risk of harm", ...]
+result.timing.deadline;      // discoveredAt + 72h
+result.timing.hoursRemaining;// time left to notify the NDPC (negative once overdue)
+result.timing.overdue;       // true once the 72-hour window has passed
+result.dataSubjectCommunicationRequired; // true on high risk (S.40(3))
+result.recommendations;      // actionable, each citing its provision
+```
+
+The content checklist (`notificationToCommission`) maps each item to its source — **GAID 2025 Art. 33(5)(a)–(h)** for the description, timing, data involved, risk-of-harm, numbers at risk, mitigation, notification steps, and contact point; **NDPA S. 40(2)** for the data-subject categories and record count. Late filings are flagged with `requiresDelayJustification` (the NDPC permits phased reporting where full details aren't yet available). Also available as the memoised `useBreachNotificationAssessment(report, options?)` hook from `/hooks`.
+
+> A documentation-completeness aid, not legal advice — verify against current NDPC guidance.
+
+---
+
 ## Backend Integration
 
 ### CLI scaffolder

package/dist/chunk-GYLUTVKB.js

@@ -0,0 +1 @@
+'use strict';var chunkOXFULQTE_js=require('./chunk-OXFULQTE.js'),chunk7TTXS7JX_js=require('./chunk-7TTXS7JX.js'),react=require('react');function u(t,e){return react.useMemo(()=>chunkOXFULQTE_js.a(t,e),[t,e])}function M({input:t}){let e=JSON.stringify(t);return react.useMemo(()=>chunk7TTXS7JX_js.a(t),[e])}function D(t,e){return react.useMemo(()=>chunkOXFULQTE_js.d(t,e),[t.dataSubjectsInSixMonths,t.isDesignated,e])}function P(t,e){return react.useMemo(()=>chunkOXFULQTE_js.e(t,e),[t.commencementDate,t.asOf,t.tier,e])}exports.a=u;exports.b=M;exports.c=D;exports.d=P;

package/dist/chunk-KOHFQIV4.mjs

@@ -0,0 +1 @@
+import {a}from'./chunk-ZJYULEER.mjs';var d=e=>typeof e=="string"&&e.trim().length>0,R=e=>typeof e=="number"&&Number.isFinite(e)&&e>=0,x=e=>Array.isArray(e)&&e.length>0,H=e=>!!e&&d(e.name)&&d(e.email);function G(e,n={}){var C,A,I,N,O;let i=(C=n.asOf)!=null?C:Date.now(),r=(A=n.deadlineHours)!=null?A:72,s=e.discoveredAt+r*36e5,o=n.notification,t=!!o,c=o==null?void 0:o.sentAt,a=(t?c:i)>s,h={deadline:s,hoursSinceDiscovery:Math.round((i-e.discoveredAt)/36e5),notified:t,notifiedAt:c,withinDeadline:!a,hoursRemaining:Math.round((s-i)/36e5),overdue:a,requiresDelayJustification:a},f=[{id:"circumstances",label:"Description of the circumstances of the breach",section:"GAID 2025 Art. 33(5)(a)",satisfied:d(e.description)},{id:"occurrence",label:"Date or time period of the breach",section:"GAID 2025 Art. 33(5)(b)",satisfied:R(e.occurredAt)},{id:"personalInfo",label:"Description of the personal data involved",section:"GAID 2025 Art. 33(5)(c)",satisfied:x(e.dataTypes)},{id:"riskOfHarm",label:"Assessment of the risk of harm to data subjects",section:"GAID 2025 Art. 33(5)(d)",satisfied:d(e.likelyConsequences)},{id:"numberAtRisk",label:"Estimated number of data subjects at risk of significant harm",section:"GAID 2025 Art. 33(5)(e)",satisfied:R(e.estimatedAffectedSubjects)},{id:"mitigation",label:"Steps taken to reduce the risk of harm",section:"GAID 2025 Art. 33(5)(f)",satisfied:d(e.mitigationMeasures)},{id:"notifySteps",label:"Steps taken to notify affected data subjects",section:"GAID 2025 Art. 33(5)(g)",satisfied:d(e.initialActions)},{id:"contactPoint",label:"Name and contact details of a contact point",section:"GAID 2025 Art. 33(5)(h)",satisfied:H(e.dpoContact)},{id:"dataSubjectCategories",label:"Categories of data subjects concerned",section:"NDPA 2023 S. 40(2)",satisfied:x(e.dataSubjectCategories)},{id:"recordCount",label:"Approximate number of personal data records concerned",section:"NDPA 2023 S. 40(2)",satisfied:R(e.approximateRecordCount)}],D=(O=(N=n.highRisk)!=null?N:(I=n.assessment)==null?void 0:I.highRisksToRightsAndFreedoms)!=null?O:false,g=D?[{id:"dsNature",label:"Nature and context of the breach in plain language",section:"NDPA 2023 S. 40(3)",satisfied:d(e.description)},{id:"dsConsequences",label:"Likely consequences of the breach",section:"NDPA 2023 S. 40(3)",satisfied:d(e.likelyConsequences)},{id:"dsMeasures",label:"Safeguards and measures data subjects can take",section:"NDPA 2023 S. 40(3)",satisfied:d(e.mitigationMeasures)},{id:"dsContact",label:"Contact point for data subjects",section:"NDPA 2023 S. 40(3)",satisfied:H(e.dpoContact)}]:[],l=[...f,...g],P=l.filter(m=>m.satisfied).length,S=Math.round(P/l.length*100),p=l.filter(m=>!m.satisfied).map(m=>m.label),y=p.length===0,u=[];for(let m of l.filter(L=>!L.satisfied))u.push(`Add: ${m.label} (${m.section}).`);return a?u.push("The 72-hour notification deadline has passed \u2014 notify the NDPC now and state the reasons for the delay; phased reporting is permitted where complete details are not yet available (NDPA S. 40(2))."):t||u.push(`${Math.max(0,h.hoursRemaining)} hour(s) remain to notify the NDPC within the 72-hour window (NDPA S. 40(2)).`),D&&u.push("High risk to data subjects \u2014 communicate the breach to affected data subjects immediately, in plain and clear language (NDPA S. 40(3))."),{complete:y,completeness:S,notificationToCommission:f,dataSubjectCommunication:g,dataSubjectCommunicationRequired:D,timing:h,missing:p,recommendations:u,asOf:i}}var j={ohl:200,ehl:1e3,uhl:5e3},k={UHL:25e4,EHL:1e5,OHL:1e4};function _(e,n={}){let i=a(a({},j),n.thresholds),r=a(a({},k),n.fees),s=e==null?void 0:e.dataSubjectsInSixMonths,o=typeof s=="number"&&s>0?Math.floor(s):0,t;o>i.uhl?t="UHL":o>=i.ehl?t="EHL":o>=i.ohl?t="OHL":e!=null&&e.isDesignated?t="listed":t="none";let c=t!=="none",b=t==="UHL"||t==="EHL"||t==="OHL"?r[t]:0,a$1=[];return t==="listed"&&a$1.push("Designated as a DCPMI below the volume tiers \u2014 confirm the applicable registration tier and fee with the NDPC."),c&&a$1.push(t==="OHL"?"OHL organisations renew their NDPC registration annually and file Compliance Audit Returns (CAR) each year.":"Register once with the NDPC, then file Compliance Audit Returns (CAR) annually."),a$1.push("Thresholds, fees, and filing dates follow the NDPC GAID 2025 baseline and can change \u2014 verify against current NDPC guidance before relying on them."),{tier:t,isDCPMI:c,annualFeeNGN:b,registration:{required:c,renewsAnnually:t==="OHL"},compliance:{auditReturnsAnnual:c,initialAuditWithinMonths:15},notes:a$1,dataSubjectsConsidered:o}}function w(e){return String(e).padStart(2,"0")}function T(e){let[n,i,r]=e.split("-").map(Number);return new Date(Date.UTC(n,i-1,r))}function B(e){return e.toISOString().slice(0,10)}function U(e,n){let[i,r,s]=e.split("-").map(Number);return B(new Date(Date.UTC(i,r-1+n,s)))}function F(){return new Date().toISOString().slice(0,10)}function W(e,n={}){var P,S,p,y,u,C,A;let i=(P=e.asOf)!=null?P:F(),r=(S=n.initialAuditWithinMonths)!=null?S:15,s=(y=(p=n.annualDeadline)==null?void 0:p.month)!=null?y:3,o=(C=(u=n.annualDeadline)==null?void 0:u.day)!=null?C:31,t=(A=n.deadlineOverrides)!=null?A:{},c=e.tier===void 0?true:e.tier!=="none",b=U(e.commencementDate,r),a=I=>{var N;return (N=t[I])!=null?N:`${I}-${w(s)}-${w(o)}`},h=Number(i.slice(0,4)),f=a(h);i>f&&(h+=1,f=a(h));let D=Math.round((T(f).getTime()-T(i).getTime())/864e5),g=i>=b,l=[];return c?(l.push("File the Compliance Audit Return with the NDPC via the NDPC Information Management Portal (NIMP)."),g&&l.push("The initial compliance-audit window has elapsed \u2014 ensure the initial audit has been conducted.")):l.push("Compliance Audit Returns apply only to Data Controllers/Processors of Major Importance."),l.push("Filing deadlines follow the NDPC GAID 2025 baseline and can be extended \u2014 verify the current deadline with the NDPC."),{applicable:c,schedule:{commencementDate:e.commencementDate,initialAuditWithinMonths:r,initialAuditDueDate:b,nextFilingDeadline:f,filingYear:h},status:{initialAuditDue:g,daysUntilNextDeadline:D},notes:l,asOf:i}}export{G as a,j as b,k as c,_ as d,W as e};

package/dist/chunk-NKFTLFPD.mjs

@@ -0,0 +1 @@
+import {a,d,e}from'./chunk-KOHFQIV4.mjs';import {a as a$1}from'./chunk-6A7M4CGJ.mjs';import {useMemo}from'react';function u(t,e){return useMemo(()=>a(t,e),[t,e])}function M({input:t}){let e=JSON.stringify(t);return useMemo(()=>a$1(t),[e])}function D(t,e){return useMemo(()=>d(t,e),[t.dataSubjectsInSixMonths,t.isDesignated,e])}function P(t,e$1){return useMemo(()=>e(t,e$1),[t.commencementDate,t.asOf,t.tier,e$1])}export{u as a,M as b,D as c,P as d};

package/dist/chunk-OXFULQTE.js

@@ -0,0 +1 @@
+'use strict';var chunkRFPLZDIO_js=require('./chunk-RFPLZDIO.js');var d=e=>typeof e=="string"&&e.trim().length>0,R=e=>typeof e=="number"&&Number.isFinite(e)&&e>=0,x=e=>Array.isArray(e)&&e.length>0,H=e=>!!e&&d(e.name)&&d(e.email);function G(e,n={}){var C,A,I,N,O;let i=(C=n.asOf)!=null?C:Date.now(),r=(A=n.deadlineHours)!=null?A:72,s=e.discoveredAt+r*36e5,o=n.notification,t=!!o,c=o==null?void 0:o.sentAt,a=(t?c:i)>s,h={deadline:s,hoursSinceDiscovery:Math.round((i-e.discoveredAt)/36e5),notified:t,notifiedAt:c,withinDeadline:!a,hoursRemaining:Math.round((s-i)/36e5),overdue:a,requiresDelayJustification:a},f=[{id:"circumstances",label:"Description of the circumstances of the breach",section:"GAID 2025 Art. 33(5)(a)",satisfied:d(e.description)},{id:"occurrence",label:"Date or time period of the breach",section:"GAID 2025 Art. 33(5)(b)",satisfied:R(e.occurredAt)},{id:"personalInfo",label:"Description of the personal data involved",section:"GAID 2025 Art. 33(5)(c)",satisfied:x(e.dataTypes)},{id:"riskOfHarm",label:"Assessment of the risk of harm to data subjects",section:"GAID 2025 Art. 33(5)(d)",satisfied:d(e.likelyConsequences)},{id:"numberAtRisk",label:"Estimated number of data subjects at risk of significant harm",section:"GAID 2025 Art. 33(5)(e)",satisfied:R(e.estimatedAffectedSubjects)},{id:"mitigation",label:"Steps taken to reduce the risk of harm",section:"GAID 2025 Art. 33(5)(f)",satisfied:d(e.mitigationMeasures)},{id:"notifySteps",label:"Steps taken to notify affected data subjects",section:"GAID 2025 Art. 33(5)(g)",satisfied:d(e.initialActions)},{id:"contactPoint",label:"Name and contact details of a contact point",section:"GAID 2025 Art. 33(5)(h)",satisfied:H(e.dpoContact)},{id:"dataSubjectCategories",label:"Categories of data subjects concerned",section:"NDPA 2023 S. 40(2)",satisfied:x(e.dataSubjectCategories)},{id:"recordCount",label:"Approximate number of personal data records concerned",section:"NDPA 2023 S. 40(2)",satisfied:R(e.approximateRecordCount)}],D=(O=(N=n.highRisk)!=null?N:(I=n.assessment)==null?void 0:I.highRisksToRightsAndFreedoms)!=null?O:false,g=D?[{id:"dsNature",label:"Nature and context of the breach in plain language",section:"NDPA 2023 S. 40(3)",satisfied:d(e.description)},{id:"dsConsequences",label:"Likely consequences of the breach",section:"NDPA 2023 S. 40(3)",satisfied:d(e.likelyConsequences)},{id:"dsMeasures",label:"Safeguards and measures data subjects can take",section:"NDPA 2023 S. 40(3)",satisfied:d(e.mitigationMeasures)},{id:"dsContact",label:"Contact point for data subjects",section:"NDPA 2023 S. 40(3)",satisfied:H(e.dpoContact)}]:[],l=[...f,...g],P=l.filter(m=>m.satisfied).length,S=Math.round(P/l.length*100),p=l.filter(m=>!m.satisfied).map(m=>m.label),y=p.length===0,u=[];for(let m of l.filter(L=>!L.satisfied))u.push(`Add: ${m.label} (${m.section}).`);return a?u.push("The 72-hour notification deadline has passed \u2014 notify the NDPC now and state the reasons for the delay; phased reporting is permitted where complete details are not yet available (NDPA S. 40(2))."):t||u.push(`${Math.max(0,h.hoursRemaining)} hour(s) remain to notify the NDPC within the 72-hour window (NDPA S. 40(2)).`),D&&u.push("High risk to data subjects \u2014 communicate the breach to affected data subjects immediately, in plain and clear language (NDPA S. 40(3))."),{complete:y,completeness:S,notificationToCommission:f,dataSubjectCommunication:g,dataSubjectCommunicationRequired:D,timing:h,missing:p,recommendations:u,asOf:i}}var j={ohl:200,ehl:1e3,uhl:5e3},k={UHL:25e4,EHL:1e5,OHL:1e4};function _(e,n={}){let i=chunkRFPLZDIO_js.a(chunkRFPLZDIO_js.a({},j),n.thresholds),r=chunkRFPLZDIO_js.a(chunkRFPLZDIO_js.a({},k),n.fees),s=e==null?void 0:e.dataSubjectsInSixMonths,o=typeof s=="number"&&s>0?Math.floor(s):0,t;o>i.uhl?t="UHL":o>=i.ehl?t="EHL":o>=i.ohl?t="OHL":e!=null&&e.isDesignated?t="listed":t="none";let c=t!=="none",b=t==="UHL"||t==="EHL"||t==="OHL"?r[t]:0,a=[];return t==="listed"&&a.push("Designated as a DCPMI below the volume tiers \u2014 confirm the applicable registration tier and fee with the NDPC."),c&&a.push(t==="OHL"?"OHL organisations renew their NDPC registration annually and file Compliance Audit Returns (CAR) each year.":"Register once with the NDPC, then file Compliance Audit Returns (CAR) annually."),a.push("Thresholds, fees, and filing dates follow the NDPC GAID 2025 baseline and can change \u2014 verify against current NDPC guidance before relying on them."),{tier:t,isDCPMI:c,annualFeeNGN:b,registration:{required:c,renewsAnnually:t==="OHL"},compliance:{auditReturnsAnnual:c,initialAuditWithinMonths:15},notes:a,dataSubjectsConsidered:o}}function w(e){return String(e).padStart(2,"0")}function T(e){let[n,i,r]=e.split("-").map(Number);return new Date(Date.UTC(n,i-1,r))}function B(e){return e.toISOString().slice(0,10)}function U(e,n){let[i,r,s]=e.split("-").map(Number);return B(new Date(Date.UTC(i,r-1+n,s)))}function F(){return new Date().toISOString().slice(0,10)}function W(e,n={}){var P,S,p,y,u,C,A;let i=(P=e.asOf)!=null?P:F(),r=(S=n.initialAuditWithinMonths)!=null?S:15,s=(y=(p=n.annualDeadline)==null?void 0:p.month)!=null?y:3,o=(C=(u=n.annualDeadline)==null?void 0:u.day)!=null?C:31,t=(A=n.deadlineOverrides)!=null?A:{},c=e.tier===void 0?true:e.tier!=="none",b=U(e.commencementDate,r),a=I=>{var N;return (N=t[I])!=null?N:`${I}-${w(s)}-${w(o)}`},h=Number(i.slice(0,4)),f=a(h);i>f&&(h+=1,f=a(h));let D=Math.round((T(f).getTime()-T(i).getTime())/864e5),g=i>=b,l=[];return c?(l.push("File the Compliance Audit Return with the NDPC via the NDPC Information Management Portal (NIMP)."),g&&l.push("The initial compliance-audit window has elapsed \u2014 ensure the initial audit has been conducted.")):l.push("Compliance Audit Returns apply only to Data Controllers/Processors of Major Importance."),l.push("Filing deadlines follow the NDPC GAID 2025 baseline and can be extended \u2014 verify the current deadline with the NDPC."),{applicable:c,schedule:{commencementDate:e.commencementDate,initialAuditWithinMonths:r,initialAuditDueDate:b,nextFilingDeadline:f,filingYear:h},status:{initialAuditDue:g,daysUntilNextDeadline:D},notes:l,asOf:i}}exports.a=G;exports.b=j;exports.c=k;exports.d=_;exports.e=W;

package/dist/core.d.mts

@@ -62,6 +62,12 @@ export declare const arabicLocale: Required<{
  */
 export declare function assemblePolicy(context: TemplateContext): PolicySection[];
 
+/**
+ * Assess a breach report against the NDPA S. 40 / GAID 2025 Article 33
+ * notification requirements.
+ */
+export declare function assessBreachNotification(report: BreachReport, options?: BreachNotificationOptions): BreachNotificationAssessment;
+
 /**
  * Analyzes all processing activities and returns compliance gaps including
  * missing DPO approval, overdue reviews, undocumented justifications,
@@ -112,6 +118,93 @@ export declare interface BreachCategory {
     defaultSeverity: 'low' | 'medium' | 'high' | 'critical';
 }
 
+export declare interface BreachNotificationAssessment {
+    /** Whether all applicable mandated content items are satisfied. */
+    complete: boolean;
+    /** Completeness of applicable content items, 0–100. */
+    completeness: number;
+    /** GAID 2025 Article 33(5) / NDPA S. 40(2) content of the notification to the Commission. */
+    notificationToCommission: BreachNotificationItem[];
+    /** NDPA S. 40(3) communication to data subjects — populated only when high-risk. */
+    dataSubjectCommunication: BreachNotificationItem[];
+    /** Whether a data-subject communication is owed (high risk). */
+    dataSubjectCommunicationRequired: boolean;
+    timing: BreachNotificationTiming;
+    /** Labels of unsatisfied applicable items. */
+    missing: string[];
+    /** Actionable next steps, including timing warnings. */
+    recommendations: string[];
+    asOf: number;
+}
+
+export declare interface BreachNotificationItem {
+    /** Stable identifier for the requirement. */
+    id: string;
+    /** Human-readable requirement. */
+    label: string;
+    /** Authoritative citation, e.g. `GAID 2025 Art. 33(5)(a)`. */
+    section: string;
+    /** Whether the report satisfies it. */
+    satisfied: boolean;
+}
+
+/**
+ * Personal-data-breach notification completeness checker for NDPA 2023
+ * Section 40, as detailed by NDPC General Application and Implementation
+ * Directive (GAID) 2025 Article 33.
+ *
+ * Section 40(2) requires a data controller to notify the Commission within 72
+ * hours of becoming aware of a breach likely to result in a risk to data
+ * subjects' rights and freedoms. GAID 2025 Article 33(5)(a)–(h) enumerates the
+ * content that a notification to the Commission "shall include". Where the
+ * breach is likely to result in a *high* risk, Section 40(3) additionally
+ * requires the controller to communicate the breach to affected data subjects
+ * in plain and clear language.
+ *
+ * This assesses a `BreachReport` against those requirements: which mandated
+ * content items are present, whether the 72-hour window is met, and whether a
+ * data-subject communication is owed. It is a documentation-completeness aid,
+ * not legal advice — verify against current NDPC guidance.
+ *
+ * @see NDPA 2023 Section 40 (Personal data breaches)
+ * @see NDPC GAID 2025 Article 33 (Data Breach Notification)
+ */
+
+export declare interface BreachNotificationOptions {
+    /** Risk assessment for the breach; drives whether data-subject communication is required. */
+    assessment?: RiskAssessment;
+    /** The regulatory notification actually sent, if any — used to judge timeliness. */
+    notification?: RegulatoryNotification;
+    /** Reference "now" in epoch ms. Defaults to `Date.now()`. */
+    asOf?: number;
+    /** Notification window in hours. Defaults to 72 (NDPA S. 40(2)). */
+    deadlineHours?: number;
+    /**
+     * Explicit high-risk flag (NDPA S. 40(3)). When omitted, derived from
+     * `assessment.highRisksToRightsAndFreedoms`.
+     */
+    highRisk?: boolean;
+}
+
+export declare interface BreachNotificationTiming {
+    /** `discoveredAt` + the notification window. */
+    deadline: number;
+    /** Whole hours between discovery and `asOf`. */
+    hoursSinceDiscovery: number;
+    /** Whether a regulatory notification has been recorded. */
+    notified: boolean;
+    /** When the regulatory notification was sent, if any. */
+    notifiedAt?: number;
+    /** Whether the notification (or, if none, `asOf`) falls within the deadline. */
+    withinDeadline: boolean;
+    /** Whole hours from `asOf` to the deadline (negative once past). */
+    hoursRemaining: number;
+    /** Whether the deadline has been missed. */
+    overdue: boolean;
+    /** Late filings must state the reasons for the delay (NDPA S. 40(2)). */
+    requiresDelayJustification: boolean;
+}
+
 /**
  * Represents a data breach report
  */

package/dist/core.d.ts

@@ -62,6 +62,12 @@ export declare const arabicLocale: Required<{
  */
 export declare function assemblePolicy(context: TemplateContext): PolicySection[];
 
+/**
+ * Assess a breach report against the NDPA S. 40 / GAID 2025 Article 33
+ * notification requirements.
+ */
+export declare function assessBreachNotification(report: BreachReport, options?: BreachNotificationOptions): BreachNotificationAssessment;
+
 /**
  * Analyzes all processing activities and returns compliance gaps including
  * missing DPO approval, overdue reviews, undocumented justifications,
@@ -112,6 +118,93 @@ export declare interface BreachCategory {
     defaultSeverity: 'low' | 'medium' | 'high' | 'critical';
 }
 
+export declare interface BreachNotificationAssessment {
+    /** Whether all applicable mandated content items are satisfied. */
+    complete: boolean;
+    /** Completeness of applicable content items, 0–100. */
+    completeness: number;
+    /** GAID 2025 Article 33(5) / NDPA S. 40(2) content of the notification to the Commission. */
+    notificationToCommission: BreachNotificationItem[];
+    /** NDPA S. 40(3) communication to data subjects — populated only when high-risk. */
+    dataSubjectCommunication: BreachNotificationItem[];
+    /** Whether a data-subject communication is owed (high risk). */
+    dataSubjectCommunicationRequired: boolean;
+    timing: BreachNotificationTiming;
+    /** Labels of unsatisfied applicable items. */
+    missing: string[];
+    /** Actionable next steps, including timing warnings. */
+    recommendations: string[];
+    asOf: number;
+}
+
+export declare interface BreachNotificationItem {
+    /** Stable identifier for the requirement. */
+    id: string;
+    /** Human-readable requirement. */
+    label: string;
+    /** Authoritative citation, e.g. `GAID 2025 Art. 33(5)(a)`. */
+    section: string;
+    /** Whether the report satisfies it. */
+    satisfied: boolean;
+}
+
+/**
+ * Personal-data-breach notification completeness checker for NDPA 2023
+ * Section 40, as detailed by NDPC General Application and Implementation
+ * Directive (GAID) 2025 Article 33.
+ *
+ * Section 40(2) requires a data controller to notify the Commission within 72
+ * hours of becoming aware of a breach likely to result in a risk to data
+ * subjects' rights and freedoms. GAID 2025 Article 33(5)(a)–(h) enumerates the
+ * content that a notification to the Commission "shall include". Where the
+ * breach is likely to result in a *high* risk, Section 40(3) additionally
+ * requires the controller to communicate the breach to affected data subjects
+ * in plain and clear language.
+ *
+ * This assesses a `BreachReport` against those requirements: which mandated
+ * content items are present, whether the 72-hour window is met, and whether a
+ * data-subject communication is owed. It is a documentation-completeness aid,
+ * not legal advice — verify against current NDPC guidance.
+ *
+ * @see NDPA 2023 Section 40 (Personal data breaches)
+ * @see NDPC GAID 2025 Article 33 (Data Breach Notification)
+ */
+
+export declare interface BreachNotificationOptions {
+    /** Risk assessment for the breach; drives whether data-subject communication is required. */
+    assessment?: RiskAssessment;
+    /** The regulatory notification actually sent, if any — used to judge timeliness. */
+    notification?: RegulatoryNotification;
+    /** Reference "now" in epoch ms. Defaults to `Date.now()`. */
+    asOf?: number;
+    /** Notification window in hours. Defaults to 72 (NDPA S. 40(2)). */
+    deadlineHours?: number;
+    /**
+     * Explicit high-risk flag (NDPA S. 40(3)). When omitted, derived from
+     * `assessment.highRisksToRightsAndFreedoms`.
+     */
+    highRisk?: boolean;
+}
+
+export declare interface BreachNotificationTiming {
+    /** `discoveredAt` + the notification window. */
+    deadline: number;
+    /** Whole hours between discovery and `asOf`. */
+    hoursSinceDiscovery: number;
+    /** Whether a regulatory notification has been recorded. */
+    notified: boolean;
+    /** When the regulatory notification was sent, if any. */
+    notifiedAt?: number;
+    /** Whether the notification (or, if none, `asOf`) falls within the deadline. */
+    withinDeadline: boolean;
+    /** Whole hours from `asOf` to the deadline (negative once past). */
+    hoursRemaining: number;
+    /** Whether the deadline has been missed. */
+    overdue: boolean;
+    /** Late filings must state the reasons for the delay (NDPA S. 40(2)). */
+    requiresDelayJustification: boolean;
+}
+
 /**
  * Represents a data breach report
  */

package/dist/core.js

@@ -1 +1 @@
-'use strict';var chunkLP5KXMBY_js=require('./chunk-LP5KXMBY.js'),chunkNUOHT3LO_js=require('./chunk-NUOHT3LO.js'),chunkWKY26JLT_js=require('./chunk-WKY26JLT.js'),chunk7TTXS7JX_js=require('./chunk-7TTXS7JX.js'),chunk3YTAOT5O_js=require('./chunk-3YTAOT5O.js'),chunkD2ZKDQVL_js=require('./chunk-D2ZKDQVL.js'),chunk6LJHLE6G_js=require('./chunk-6LJHLE6G.js'),chunkYFBDJ4FH_js=require('./chunk-YFBDJ4FH.js'),chunkWZYCBW2R_js=require('./chunk-WZYCBW2R.js'),chunk4CVBQC66_js=require('./chunk-4CVBQC66.js'),chunk3IA3KDII_js=require('./chunk-3IA3KDII.js'),chunkDKLJ5DYN_js=require('./chunk-DKLJ5DYN.js'),chunkUXUMYP4L_js=require('./chunk-UXUMYP4L.js'),chunkR2ZZMATR_js=require('./chunk-R2ZZMATR.js'),chunkTQZWJGJ2_js=require('./chunk-TQZWJGJ2.js'),chunkZVOIR4QH_js=require('./chunk-ZVOIR4QH.js'),chunkI5ZDNSX5_js=require('./chunk-I5ZDNSX5.js'),chunk7563FVMY_js=require('./chunk-7563FVMY.js');require('./chunk-RFPLZDIO.js');Object.defineProperty(exports,"arabicLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.e}});Object.defineProperty(exports,"frenchLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.f}});Object.defineProperty(exports,"hausaLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.c}});Object.defineProperty(exports,"igboLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.b}});Object.defineProperty(exports,"pidginLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.d}});Object.defineProperty(exports,"yorubaLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.a}});Object.defineProperty(exports,"ORG_POLICY_TEMPLATE_REGISTRY",{enumerable:true,get:function(){return chunkNUOHT3LO_js.a}});Object.defineProperty(exports,"createOrgTemplate",{enumerable:true,get:function(){return chunkNUOHT3LO_js.b}});Object.defineProperty(exports,"templateContextFor",{enumerable:true,get:function(){return chunkNUOHT3LO_js.b}});Object.defineProperty(exports,"DEFAULT_DCPMI_FEES_NGN",{enumerable:true,get:function(){return chunkWKY26JLT_js.b}});Object.defineProperty(exports,"DEFAULT_DCPMI_THRESHOLDS",{enumerable:true,get:function(){return chunkWKY26JLT_js.a}});Object.defineProperty(exports,"classifyDCPMI",{enumerable:true,get:function(){return chunkWKY26JLT_js.c}});Object.defineProperty(exports,"generateComplianceAuditReturn",{enumerable:true,get:function(){return chunkWKY26JLT_js.d}});Object.defineProperty(exports,"getComplianceScore",{enumerable:true,get:function(){return chunk7TTXS7JX_js.a}});Object.defineProperty(exports,"calculateBreachSeverity",{enumerable:true,get:function(){return chunk3YTAOT5O_js.a}});Object.defineProperty(exports,"DEFAULT_POLICY_SECTIONS",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.c}});Object.defineProperty(exports,"DEFAULT_POLICY_VARIABLES",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.d}});Object.defineProperty(exports,"createBusinessPolicyTemplate",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.e}});Object.defineProperty(exports,"findUnfilledTokens",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.a}});Object.defineProperty(exports,"generatePolicyText",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.b}});Object.defineProperty(exports,"assemblePolicy",{enumerable:true,get:function(){return chunk6LJHLE6G_js.c}});Object.defineProperty(exports,"createDefaultContext",{enumerable:true,get:function(){return chunk6LJHLE6G_js.e}});Object.defineProperty(exports,"evaluatePolicyCompliance",{enumerable:true,get:function(){return chunk6LJHLE6G_js.f}});Object.defineProperty(exports,"assessTransferRisk",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.h}});Object.defineProperty(exports,"getTransferMechanismDescription",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.f}});Object.defineProperty(exports,"isNDPCApprovalRequired",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.e}});Object.defineProperty(exports,"validateTransfer",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.g}});Object.defineProperty(exports,"assessComplianceGaps",{enumerable:true,get:function(){return chunkWZYCBW2R_js.c}});Object.defineProperty(exports,"generateLawfulBasisSummary",{enumerable:true,get:function(){return chunkWZYCBW2R_js.d}});Object.defineProperty(exports,"getLawfulBasisDescription",{enumerable:true,get:function(){return chunkWZYCBW2R_js.b}});Object.defineProperty(exports,"validateProcessingActivity",{enumerable:true,get:function(){return chunkWZYCBW2R_js.a}});Object.defineProperty(exports,"exportROPAToCSV",{enumerable:true,get:function(){return chunk4CVBQC66_js.c}});Object.defineProperty(exports,"generateROPASummary",{enumerable:true,get:function(){return chunk4CVBQC66_js.b}});Object.defineProperty(exports,"identifyComplianceGaps",{enumerable:true,get:function(){return chunk4CVBQC66_js.d}});Object.defineProperty(exports,"validateProcessingRecord",{enumerable:true,get:function(){return chunk4CVBQC66_js.a}});Object.defineProperty(exports,"appendAuditEntry",{enumerable:true,get:function(){return chunk3IA3KDII_js.c}});Object.defineProperty(exports,"createAuditEntry",{enumerable:true,get:function(){return chunk3IA3KDII_js.a}});Object.defineProperty(exports,"getAuditLog",{enumerable:true,get:function(){return chunk3IA3KDII_js.b}});Object.defineProperty(exports,"validateConsentOptionsStructured",{enumerable:true,get:function(){return chunkDKLJ5DYN_js.b}});Object.defineProperty(exports,"validateConsentStructured",{enumerable:true,get:function(){return chunkDKLJ5DYN_js.a}});Object.defineProperty(exports,"sanitizeInput",{enumerable:true,get:function(){return chunkUXUMYP4L_js.a}});Object.defineProperty(exports,"formatDSRRequestStructured",{enumerable:true,get:function(){return chunkR2ZZMATR_js.b}});Object.defineProperty(exports,"validateDsrSubmissionStructured",{enumerable:true,get:function(){return chunkR2ZZMATR_js.a}});Object.defineProperty(exports,"assessDPIARisk",{enumerable:true,get:function(){return chunkTQZWJGJ2_js.a}});Object.defineProperty(exports,"LEGAL_DISCLAIMER_LONG",{enumerable:true,get:function(){return chunkZVOIR4QH_js.b}});Object.defineProperty(exports,"LEGAL_DISCLAIMER_SHORT",{enumerable:true,get:function(){return chunkZVOIR4QH_js.a}});Object.defineProperty(exports,"legalDisclaimerBlock",{enumerable:true,get:function(){return chunkZVOIR4QH_js.c}});Object.defineProperty(exports,"NDPRProvider",{enumerable:true,get:function(){return chunkI5ZDNSX5_js.a}});Object.defineProperty(exports,"useNDPRConfig",{enumerable:true,get:function(){return chunkI5ZDNSX5_js.b}});Object.defineProperty(exports,"useNDPRLocale",{enumerable:true,get:function(){return chunkI5ZDNSX5_js.c}});Object.defineProperty(exports,"defaultLocale",{enumerable:true,get:function(){return chunk7563FVMY_js.a}});Object.defineProperty(exports,"mergeLocale",{enumerable:true,get:function(){return chunk7563FVMY_js.b}});
+'use strict';var chunkLP5KXMBY_js=require('./chunk-LP5KXMBY.js'),chunkNUOHT3LO_js=require('./chunk-NUOHT3LO.js'),chunkOXFULQTE_js=require('./chunk-OXFULQTE.js'),chunk7TTXS7JX_js=require('./chunk-7TTXS7JX.js'),chunk3YTAOT5O_js=require('./chunk-3YTAOT5O.js'),chunkD2ZKDQVL_js=require('./chunk-D2ZKDQVL.js'),chunk6LJHLE6G_js=require('./chunk-6LJHLE6G.js'),chunkYFBDJ4FH_js=require('./chunk-YFBDJ4FH.js'),chunkWZYCBW2R_js=require('./chunk-WZYCBW2R.js'),chunk4CVBQC66_js=require('./chunk-4CVBQC66.js'),chunk3IA3KDII_js=require('./chunk-3IA3KDII.js'),chunkDKLJ5DYN_js=require('./chunk-DKLJ5DYN.js'),chunkUXUMYP4L_js=require('./chunk-UXUMYP4L.js'),chunkR2ZZMATR_js=require('./chunk-R2ZZMATR.js'),chunkTQZWJGJ2_js=require('./chunk-TQZWJGJ2.js'),chunkZVOIR4QH_js=require('./chunk-ZVOIR4QH.js'),chunkI5ZDNSX5_js=require('./chunk-I5ZDNSX5.js'),chunk7563FVMY_js=require('./chunk-7563FVMY.js');require('./chunk-RFPLZDIO.js');Object.defineProperty(exports,"arabicLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.e}});Object.defineProperty(exports,"frenchLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.f}});Object.defineProperty(exports,"hausaLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.c}});Object.defineProperty(exports,"igboLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.b}});Object.defineProperty(exports,"pidginLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.d}});Object.defineProperty(exports,"yorubaLocale",{enumerable:true,get:function(){return chunkLP5KXMBY_js.a}});Object.defineProperty(exports,"ORG_POLICY_TEMPLATE_REGISTRY",{enumerable:true,get:function(){return chunkNUOHT3LO_js.a}});Object.defineProperty(exports,"createOrgTemplate",{enumerable:true,get:function(){return chunkNUOHT3LO_js.b}});Object.defineProperty(exports,"templateContextFor",{enumerable:true,get:function(){return chunkNUOHT3LO_js.b}});Object.defineProperty(exports,"DEFAULT_DCPMI_FEES_NGN",{enumerable:true,get:function(){return chunkOXFULQTE_js.c}});Object.defineProperty(exports,"DEFAULT_DCPMI_THRESHOLDS",{enumerable:true,get:function(){return chunkOXFULQTE_js.b}});Object.defineProperty(exports,"assessBreachNotification",{enumerable:true,get:function(){return chunkOXFULQTE_js.a}});Object.defineProperty(exports,"classifyDCPMI",{enumerable:true,get:function(){return chunkOXFULQTE_js.d}});Object.defineProperty(exports,"generateComplianceAuditReturn",{enumerable:true,get:function(){return chunkOXFULQTE_js.e}});Object.defineProperty(exports,"getComplianceScore",{enumerable:true,get:function(){return chunk7TTXS7JX_js.a}});Object.defineProperty(exports,"calculateBreachSeverity",{enumerable:true,get:function(){return chunk3YTAOT5O_js.a}});Object.defineProperty(exports,"DEFAULT_POLICY_SECTIONS",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.c}});Object.defineProperty(exports,"DEFAULT_POLICY_VARIABLES",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.d}});Object.defineProperty(exports,"createBusinessPolicyTemplate",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.e}});Object.defineProperty(exports,"findUnfilledTokens",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.a}});Object.defineProperty(exports,"generatePolicyText",{enumerable:true,get:function(){return chunkD2ZKDQVL_js.b}});Object.defineProperty(exports,"assemblePolicy",{enumerable:true,get:function(){return chunk6LJHLE6G_js.c}});Object.defineProperty(exports,"createDefaultContext",{enumerable:true,get:function(){return chunk6LJHLE6G_js.e}});Object.defineProperty(exports,"evaluatePolicyCompliance",{enumerable:true,get:function(){return chunk6LJHLE6G_js.f}});Object.defineProperty(exports,"assessTransferRisk",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.h}});Object.defineProperty(exports,"getTransferMechanismDescription",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.f}});Object.defineProperty(exports,"isNDPCApprovalRequired",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.e}});Object.defineProperty(exports,"validateTransfer",{enumerable:true,get:function(){return chunkYFBDJ4FH_js.g}});Object.defineProperty(exports,"assessComplianceGaps",{enumerable:true,get:function(){return chunkWZYCBW2R_js.c}});Object.defineProperty(exports,"generateLawfulBasisSummary",{enumerable:true,get:function(){return chunkWZYCBW2R_js.d}});Object.defineProperty(exports,"getLawfulBasisDescription",{enumerable:true,get:function(){return chunkWZYCBW2R_js.b}});Object.defineProperty(exports,"validateProcessingActivity",{enumerable:true,get:function(){return chunkWZYCBW2R_js.a}});Object.defineProperty(exports,"exportROPAToCSV",{enumerable:true,get:function(){return chunk4CVBQC66_js.c}});Object.defineProperty(exports,"generateROPASummary",{enumerable:true,get:function(){return chunk4CVBQC66_js.b}});Object.defineProperty(exports,"identifyComplianceGaps",{enumerable:true,get:function(){return chunk4CVBQC66_js.d}});Object.defineProperty(exports,"validateProcessingRecord",{enumerable:true,get:function(){return chunk4CVBQC66_js.a}});Object.defineProperty(exports,"appendAuditEntry",{enumerable:true,get:function(){return chunk3IA3KDII_js.c}});Object.defineProperty(exports,"createAuditEntry",{enumerable:true,get:function(){return chunk3IA3KDII_js.a}});Object.defineProperty(exports,"getAuditLog",{enumerable:true,get:function(){return chunk3IA3KDII_js.b}});Object.defineProperty(exports,"validateConsentOptionsStructured",{enumerable:true,get:function(){return chunkDKLJ5DYN_js.b}});Object.defineProperty(exports,"validateConsentStructured",{enumerable:true,get:function(){return chunkDKLJ5DYN_js.a}});Object.defineProperty(exports,"sanitizeInput",{enumerable:true,get:function(){return chunkUXUMYP4L_js.a}});Object.defineProperty(exports,"formatDSRRequestStructured",{enumerable:true,get:function(){return chunkR2ZZMATR_js.b}});Object.defineProperty(exports,"validateDsrSubmissionStructured",{enumerable:true,get:function(){return chunkR2ZZMATR_js.a}});Object.defineProperty(exports,"assessDPIARisk",{enumerable:true,get:function(){return chunkTQZWJGJ2_js.a}});Object.defineProperty(exports,"LEGAL_DISCLAIMER_LONG",{enumerable:true,get:function(){return chunkZVOIR4QH_js.b}});Object.defineProperty(exports,"LEGAL_DISCLAIMER_SHORT",{enumerable:true,get:function(){return chunkZVOIR4QH_js.a}});Object.defineProperty(exports,"legalDisclaimerBlock",{enumerable:true,get:function(){return chunkZVOIR4QH_js.c}});Object.defineProperty(exports,"NDPRProvider",{enumerable:true,get:function(){return chunkI5ZDNSX5_js.a}});Object.defineProperty(exports,"useNDPRConfig",{enumerable:true,get:function(){return chunkI5ZDNSX5_js.b}});Object.defineProperty(exports,"useNDPRLocale",{enumerable:true,get:function(){return chunkI5ZDNSX5_js.c}});Object.defineProperty(exports,"defaultLocale",{enumerable:true,get:function(){return chunk7563FVMY_js.a}});Object.defineProperty(exports,"mergeLocale",{enumerable:true,get:function(){return chunk7563FVMY_js.b}});

package/dist/core.mjs

@@ -1 +1 @@
-export{e as arabicLocale,f as frenchLocale,c as hausaLocale,b as igboLocale,d as pidginLocale,a as yorubaLocale}from'./chunk-KUI5W44P.mjs';export{a as ORG_POLICY_TEMPLATE_REGISTRY,b as createOrgTemplate,b as templateContextFor}from'./chunk-CWY2FMIC.mjs';export{b as DEFAULT_DCPMI_FEES_NGN,a as DEFAULT_DCPMI_THRESHOLDS,c as classifyDCPMI,d as generateComplianceAuditReturn}from'./chunk-SZXHNJGG.mjs';export{a as getComplianceScore}from'./chunk-6A7M4CGJ.mjs';export{a as calculateBreachSeverity}from'./chunk-WTGKZX7J.mjs';export{c as DEFAULT_POLICY_SECTIONS,d as DEFAULT_POLICY_VARIABLES,e as createBusinessPolicyTemplate,a as findUnfilledTokens,b as generatePolicyText}from'./chunk-NBQQ2GN3.mjs';export{c as assemblePolicy,e as createDefaultContext,f as evaluatePolicyCompliance}from'./chunk-BIJSMSUU.mjs';export{h as assessTransferRisk,f as getTransferMechanismDescription,e as isNDPCApprovalRequired,g as validateTransfer}from'./chunk-7BJXI2HI.mjs';export{c as assessComplianceGaps,d as generateLawfulBasisSummary,b as getLawfulBasisDescription,a as validateProcessingActivity}from'./chunk-LWIKDDSU.mjs';export{c as exportROPAToCSV,b as generateROPASummary,d as identifyComplianceGaps,a as validateProcessingRecord}from'./chunk-XP5PL6K7.mjs';export{c as appendAuditEntry,a as createAuditEntry,b as getAuditLog}from'./chunk-V7UFP6QU.mjs';export{b as validateConsentOptionsStructured,a as validateConsentStructured}from'./chunk-R3ZKV2J7.mjs';export{a as sanitizeInput}from'./chunk-EWVK45Z3.mjs';export{b as formatDSRRequestStructured,a as validateDsrSubmissionStructured}from'./chunk-RRVML7CU.mjs';export{a as assessDPIARisk}from'./chunk-LRRENTT5.mjs';export{b as LEGAL_DISCLAIMER_LONG,a as LEGAL_DISCLAIMER_SHORT,c as legalDisclaimerBlock}from'./chunk-ITCY2Z66.mjs';export{a as NDPRProvider,b as useNDPRConfig,c as useNDPRLocale}from'./chunk-PHA3YMFO.mjs';export{a as defaultLocale,b as mergeLocale}from'./chunk-5LJ652AH.mjs';import'./chunk-ZJYULEER.mjs';
+export{e as arabicLocale,f as frenchLocale,c as hausaLocale,b as igboLocale,d as pidginLocale,a as yorubaLocale}from'./chunk-KUI5W44P.mjs';export{a as ORG_POLICY_TEMPLATE_REGISTRY,b as createOrgTemplate,b as templateContextFor}from'./chunk-CWY2FMIC.mjs';export{c as DEFAULT_DCPMI_FEES_NGN,b as DEFAULT_DCPMI_THRESHOLDS,a as assessBreachNotification,d as classifyDCPMI,e as generateComplianceAuditReturn}from'./chunk-KOHFQIV4.mjs';export{a as getComplianceScore}from'./chunk-6A7M4CGJ.mjs';export{a as calculateBreachSeverity}from'./chunk-WTGKZX7J.mjs';export{c as DEFAULT_POLICY_SECTIONS,d as DEFAULT_POLICY_VARIABLES,e as createBusinessPolicyTemplate,a as findUnfilledTokens,b as generatePolicyText}from'./chunk-NBQQ2GN3.mjs';export{c as assemblePolicy,e as createDefaultContext,f as evaluatePolicyCompliance}from'./chunk-BIJSMSUU.mjs';export{h as assessTransferRisk,f as getTransferMechanismDescription,e as isNDPCApprovalRequired,g as validateTransfer}from'./chunk-7BJXI2HI.mjs';export{c as assessComplianceGaps,d as generateLawfulBasisSummary,b as getLawfulBasisDescription,a as validateProcessingActivity}from'./chunk-LWIKDDSU.mjs';export{c as exportROPAToCSV,b as generateROPASummary,d as identifyComplianceGaps,a as validateProcessingRecord}from'./chunk-XP5PL6K7.mjs';export{c as appendAuditEntry,a as createAuditEntry,b as getAuditLog}from'./chunk-V7UFP6QU.mjs';export{b as validateConsentOptionsStructured,a as validateConsentStructured}from'./chunk-R3ZKV2J7.mjs';export{a as sanitizeInput}from'./chunk-EWVK45Z3.mjs';export{b as formatDSRRequestStructured,a as validateDsrSubmissionStructured}from'./chunk-RRVML7CU.mjs';export{a as assessDPIARisk}from'./chunk-LRRENTT5.mjs';export{b as LEGAL_DISCLAIMER_LONG,a as LEGAL_DISCLAIMER_SHORT,c as legalDisclaimerBlock}from'./chunk-ITCY2Z66.mjs';export{a as NDPRProvider,b as useNDPRConfig,c as useNDPRLocale}from'./chunk-PHA3YMFO.mjs';export{a as defaultLocale,b as mergeLocale}from'./chunk-5LJ652AH.mjs';import'./chunk-ZJYULEER.mjs';