eu.ansvar/eu-regulations-mcp
Search 37 EU cybersecurity regulations (GDPR, NIS2, DORA, AI Act) with 2,278 articles
Ask AI about eu.ansvar/eu-regulations-mcp
Powered by Claude Β· Grounded in docs
I know everything about eu.ansvar/eu-regulations-mcp. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
EU Regulations MCP Server
The EUR-Lex alternative for the AI age.
Query 50 EU regulations β from GDPR and AI Act to DORA, Chips Act, MiFID II, eIDAS, Medical Device Regulation, MDCG cybersecurity guidance, and more β directly from Claude, Cursor, or any MCP-compatible client.
If you're building digital products, financial services, healthcare tech, or connected devices for the European market, this is your compliance reference.
Built by Ansvar Systems β Stockholm, Sweden
Why This Exists
EU compliance is scattered across EUR-Lex PDFs, official journals, and regulatory sites. Whether you're:
- A developer implementing GDPR data rights or NIS2 incident reporting
- A product team navigating AI Act risk assessments or Medical Device conformity
- A compliance officer mapping ISO 27001 to DORA requirements
- A legal researcher comparing PSD2 authentication vs. eIDAS trust services
...you shouldn't need a law degree and 47 browser tabs. Ask Claude. Get the exact article. With context.
This MCP server makes EU regulations searchable, cross-referenceable, and AI-readable.
Quick Start
Use Remotely (No Install Needed)
Connect directly to the hosted version β zero dependencies, nothing to install.
Endpoint: https://eu-regulations-mcp.vercel.app/mcp
| Client | How to Connect |
|---|---|
| Claude.ai | Settings > Connectors > Add Integration > paste URL |
| Claude Code | claude mcp add eu-regulations --transport http https://eu-regulations-mcp.vercel.app/mcp |
| Claude Desktop | Add to config (see below) |
| GitHub Copilot | Add to VS Code settings (see below) |
Claude Desktop β add to claude_desktop_config.json:
{
"mcpServers": {
"eu-regulations": {
"type": "url",
"url": "https://eu-regulations-mcp.vercel.app/mcp"
}
}
}
GitHub Copilot β add to VS Code settings.json:
{
"github.copilot.chat.mcp.servers": {
"eu-regulations": {
"type": "http",
"url": "https://eu-regulations-mcp.vercel.app/mcp"
}
}
}
Use Locally (npm)
npx @ansvar/eu-regulations-mcp
Claude Desktop β add to claude_desktop_config.json:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"eu-regulations": {
"command": "npx",
"args": ["-y", "@ansvar/eu-regulations-mcp"]
}
}
}
Cursor / VS Code:
{
"mcp.servers": {
"eu-regulations": {
"command": "npx",
"args": ["-y", "@ansvar/eu-regulations-mcp"]
}
}
}
Example Queries
Once connected, just ask naturally:
- "What are the risk management requirements under NIS2 Article 21?"
- "How long do I have to report a security incident under DORA?"
- "Compare GDPR breach notification with NIS2 incident reporting"
- "Does the EU AI Act apply to my recruitment screening tool?"
- "What are the essential cybersecurity requirements under the Cyber Resilience Act?"
- "Which regulations apply to a healthcare organization in Germany?"
- "Map DORA ICT risk management to ISO 27001 controls"
- "What is an EU Digital Identity Wallet under eIDAS 2.0?"
- "What are my data access rights under the Data Act?"
More examples: TEST_QUERIES.md β 60+ example queries organized by category
What's Included
- 49 Regulations β GDPR, DORA, NIS2, AI Act, Chips Act, MiCA, eIDAS 2.0, Medical Device Regulation, and 40 more
- 2,528 Articles + 3,869 Recitals + 1,226 Official Definitions
- Full-Text Search β Find relevant articles across all regulations instantly
- Control Mappings β 709 mappings to ISO 27001:2022 & NIST CSF 2.0
- Evidence Requirements β 407 audit artifacts across all 49 regulations
- Sector Rules β 323 applicability rules across all sectors and industries
- Daily Updates β Automatic freshness checks against EUR-Lex
Detailed coverage: docs/coverage.md Use cases by industry: docs/use-cases.md Available tools: docs/tools.md
π¬ See It In Action
Why This Works
Verbatim Source Text (No LLM Processing):
- All article text is ingested from EUR-Lex/UNECE official sources
- Snippets are returned unchanged from SQLite FTS5 database rows
- Zero LLM summarization or paraphrasing β the database contains regulation text, not AI interpretations
- Note: HTML-to-text conversion normalizes whitespace/formatting, but preserves content
Smart Context Management:
- Search returns 32-token snippets with highlighted matches (safe for context)
- Article retrieval warns about token usage (some articles = 70k tokens)
- Cross-references help navigate without loading everything at once
Technical Architecture:
EUR-Lex HTML β Parse β SQLite β FTS5 snippet() β MCP response
β β
Formatting only Verbatim database query
Example: EUR-Lex vs. This MCP
| EUR-Lex | This MCP Server |
|---|---|
| Search by CELEX number | Search by plain English: "incident reporting timeline" |
| Navigate 100+ page PDFs | Get the exact article with context |
| Manual cross-referencing | compare_requirements tool does it instantly |
| "Which regulations apply to me?" β research for days | check_applicability tool β answer in seconds |
| Copy-paste article text | Article + definitions + related requirements |
| Check 47 sites for updates | Daily automated freshness checks |
| No API, no integration | MCP protocol β AI-native |
EUR-Lex example: Download DORA PDF β Ctrl+F "incident" β Read Article 17 β Google "What's a major incident?" β Cross-reference NIS2 β Repeat for 5 regulations
This MCP: "Compare incident reporting requirements across DORA, NIS2, and CRA" β Done.
π Documentation
- Database SSL/TLS Configuration - Secure PostgreSQL connections for Cloudflare Workers deployments
- Security Policy - Vulnerability reporting and security best practices
- Coverage Gaps - Known missing content from EUR-Lex
- GitHub Actions Setup - CI/CD workflow configuration
- Privacy Policy - Data handling and retention notes
Directory Review Notes
Testing Account and Sample Data
This server is read-only and does not require a login account for functional review. For directory review, use the bundled dataset and these sample prompts:
- "What does NIS2 Article 21 require?"
- "Compare DORA and NIS2 incident reporting obligations."
- "Map ISO 27001 controls to DORA requirements."
Remote Authentication (OAuth 2.0)
The default server runtime is read-only and can be deployed without authentication. If you deploy a remote authenticated endpoint, use OAuth 2.0 over TLS with certificates from recognized authorities.
β οΈ Important Disclaimers
Legal Advice
π¨ THIS TOOL IS NOT LEGAL ADVICE π¨
Regulation text is sourced verbatim from EUR-Lex and UNECE (official public sources). However:
- Control mappings (ISO 27001, NIST CSF) are interpretive aids, not official guidance
- Applicability rules are generalizations, not legal determinations
- Cross-references are research helpers, not compliance mandates
Always verify against official sources and consult qualified legal counsel for compliance decisions.
Token Usage
β οΈ Context Window Warning
Some articles are very large (e.g., MDR Article 123 = ~70,000 tokens). The MCP server:
- Search tool: Returns smart snippets (safe for context)
- Get article tool: Returns full text (may consume significant tokens)
- Recommendation: Use search first, then fetch specific articles as needed
Claude Desktop has a 200k token context window. Monitor your usage when retrieving multiple large articles.
ISO Standards Copyright
No copyrighted ISO standards are included. Control mappings reference ISO 27001:2022 control IDs only (e.g., "A.5.1", "A.8.2"). The actual text of ISO standards requires a paid license from ISO. This tool helps map regulations to controls but doesn't replace the standard itself.
Related Projects: Complete Compliance Suite
This server is part of Ansvar's Compliance Suite - three MCP servers that work together for end-to-end compliance coverage:
πͺπΊ EU Regulations MCP (This Project)
Query 47 EU regulations directly from Claude
- GDPR, AI Act, DORA, NIS2, MiFID II, PSD2, eIDAS, MDR, and 39 more
- Full regulatory text with article-level search
- Cross-regulation reference and comparison
- Install:
npx @ansvar/eu-regulations-mcp
πΊπΈ US Regulations MCP
Query US federal and state compliance laws directly from Claude
- HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, FDA 21 CFR Part 11, and 8 more
- Federal and state privacy law comparison
- Breach notification timeline mapping
- Install:
npm install @ansvar/us-regulations-mcp
π Security Controls MCP
Query 1,451 security controls across 28 frameworks
- ISO 27001, NIST CSF, DORA, PCI DSS, SOC 2, CMMC, FedRAMP, and 21 more
- Bidirectional framework mapping and gap analysis
- Import your purchased standards for official text
- Install:
pipx install security-controls-mcp
How They Work Together
Regulations β Controls Implementation Workflow:
1. "What are DORA's ICT risk management requirements?"
β EU Regulations MCP returns Article 6 full text
2. "What security controls satisfy DORA Article 6?"
β Security Controls MCP maps to ISO 27001, NIST CSF, and SCF controls
3. "Show me ISO 27001 A.8.1 implementation details"
β Security Controls MCP returns control requirements and framework mappings
Complete compliance in one chat:
- EU/US Regulations MCPs tell you WHAT compliance requirements you must meet
- Security Controls MCP tells you HOW to implement controls that satisfy those requirements
Specialized: OT/ICS Security
π OT Security MCP
Query IEC 62443, NIST 800-82/53, and MITRE ATT&CK for ICS
- Specialized for OT/ICS environments (manufacturing, energy, critical infrastructure)
- Security levels, Purdue Model, zone/conduit architecture
- MITRE ATT&CK for ICS threat intelligence
- Install:
npx @ansvar/ot-security-mcp - Use case: NIS2-compliant OT operators, industrial manufacturers, critical infrastructure
Specialized: Automotive Cybersecurity
π Automotive Cybersecurity MCP
Query UNECE R155/R156 and ISO 21434
- Complete R155/R156 Revision 2 with all articles and annexes
- ISO 21434 clause guidance and work products
- R155 β ISO 21434 cross-references
- Install:
npx @ansvar/automotive-cybersecurity-mcp - Use case: OEMs, Tier 1/2 suppliers, type approval preparation
Specialized: Sanctions Screening
π¨ Sanctions MCP
Offline-capable sanctions screening for third-party risk
- OFAC, EU, UN sanctions lists via OpenSanctions (30+ lists)
- Fuzzy name matching with confidence scoring
- PEP (Politically Exposed Person) checks
- Install:
pip install ansvar-sanctions-mcp - Use case: DORA Article 28 ICT third-party risk, AML/KYC compliance
About Ansvar Systems
We build AI-accelerated threat modeling and compliance tools for automotive, financial services, and healthcare. This MCP server started as our internal reference tool β turns out everyone building for EU markets has the same EUR-Lex frustrations.
So we're open-sourcing it. Navigating 37 regulations shouldn't require a legal team.
ansvar.eu β Stockholm, Sweden
Documentation
- Coverage Details β All 37 regulations with article counts
- Use Cases β Industry-specific guidance (fintech, healthcare, IoT, etc.)
- Available Tools β Detailed tool descriptions
- Development Guide β Adding regulations, webhooks, CI/CD
- Troubleshooting β Common issues and fixes
- Roadmap β Upcoming features (delegated acts, national transpositions)
- Coverage Gaps β Known limitations
- Test Queries β 60+ example queries
Branching Strategy
This repository uses a dev integration branch. Do not push directly to main.
feature-branch β PR to dev β verify on dev β PR to main β deploy
mainis production-ready. Only receives merges fromdevvia PR.devis the integration branch. All changes land here first.- Feature branches are created from
dev.
License
Apache License 2.0. See LICENSE for details.
Built with care in Stockholm, Sweden