EU Regulations MCP

Query 37 EU regulations (DORA, NIS2, GDPR, AI Act, CRA) with full-text search, cross-regulation comparison, and ISO 27001/NIST CSF control mappings. Auto-updates via EUR-Lex monitoring.

GitHub

EU Regulations MCP Server

The EUR-Lex alternative for the AI age.

npm version MCP Registry License GitHub stars Daily EUR-Lex Check Database Recitals

Query 47 EU regulations — from GDPR and AI Act to DORA, MiFID II, eIDAS, Medical Device Regulation, and more — directly from Claude, Cursor, or any MCP-compatible client.

If you're building digital products, financial services, healthcare tech, or connected devices for the European market, this is your compliance reference.

Built by Ansvar Systems — Stockholm, Sweden

Why This Exists

EU compliance is scattered across EUR-Lex PDFs, official journals, and regulatory sites. Whether you're:

  • A developer implementing GDPR data rights or NIS2 incident reporting
  • A product team navigating AI Act risk assessments or Medical Device conformity
  • A compliance officer mapping ISO 27001 to DORA requirements
  • A legal researcher comparing PSD2 authentication vs. eIDAS trust services

...you shouldn't need a law degree and 47 browser tabs. Ask Claude. Get the exact article. With context.

This MCP server makes EU regulations searchable, cross-referenceable, and AI-readable.

Quick Start

Installation

Option 1: Claude Desktop (Recommended)

Add to your claude_desktop_config.json:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "eu-regulations": {
      "command": "npx",
      "args": ["-y", "@ansvar/eu-regulations-mcp"]
    }
  }
}

Restart Claude Desktop. Done!

Option 2: MCP Registry

Browse and install from the official MCP registry:

Option 3: Cursor / VS Code

{
  "mcp.servers": {
    "eu-regulations": {
      "command": "npx",
      "args": ["-y", "@ansvar/eu-regulations-mcp"]
    }
  }
}

Option 4: Global npm Install

npm install -g @ansvar/eu-regulations-mcp

Then use "command": "eu-regulations-mcp" in your config (without npx).

Example Queries

Once connected, just ask naturally:

  • "What are the risk management requirements under NIS2 Article 21?"
  • "How long do I have to report a security incident under DORA?"
  • "Compare GDPR breach notification with NIS2 incident reporting"
  • "Does the EU AI Act apply to my recruitment screening tool?"
  • "What are the essential cybersecurity requirements under the Cyber Resilience Act?"
  • "Which regulations apply to a healthcare organization in Germany?"
  • "Map DORA ICT risk management to ISO 27001 controls"
  • "What is an EU Digital Identity Wallet under eIDAS 2.0?"
  • "What are my data access rights under the Data Act?"

More examples: TEST_QUERIES.md — 60+ example queries organized by category

What's Included

  • 47 Regulations — GDPR, DORA, NIS2, AI Act, MiCA, eIDAS 2.0, Medical Device Regulation, and 30 more
  • 2,438 Articles + 3,712 Recitals + 1,138 Official Definitions
  • Full-Text Search — Find relevant articles across all regulations instantly
  • Control Mappings — 686 mappings to ISO 27001:2022 & NIST CSF 2.0
  • Sector Rules — Check which regulations apply to your industry
  • Daily Updates — Automatic freshness checks against EUR-Lex

Detailed coverage: docs/coverage.md Use cases by industry: docs/use-cases.md Available tools: docs/tools.md

🎬 See It In Action

Why This Works

Verbatim Source Text (No LLM Processing):

  • All article text is ingested from EUR-Lex/UNECE official sources
  • Snippets are returned unchanged from SQLite FTS5 database rows
  • Zero LLM summarization or paraphrasing — the database contains regulation text, not AI interpretations
  • Note: HTML-to-text conversion normalizes whitespace/formatting, but preserves content

Smart Context Management:

  • Search returns 32-token snippets with highlighted matches (safe for context)
  • Article retrieval warns about token usage (some articles = 70k tokens)
  • Cross-references help navigate without loading everything at once

Technical Architecture:

EUR-Lex HTML → Parse → SQLite → FTS5 snippet() → MCP response
                  ↑                    ↑
           Formatting only      Verbatim database query

Example: EUR-Lex vs. This MCP

EUR-LexThis MCP Server
Search by CELEX numberSearch by plain English: "incident reporting timeline"
Navigate 100+ page PDFsGet the exact article with context
Manual cross-referencingcompare_requirements tool does it instantly
"Which regulations apply to me?" → research for dayscheck_applicability tool → answer in seconds
Copy-paste article textArticle + definitions + related requirements
Check 47 sites for updatesDaily automated freshness checks
No API, no integrationMCP protocol → AI-native

EUR-Lex example: Download DORA PDF → Ctrl+F "incident" → Read Article 17 → Google "What's a major incident?" → Cross-reference NIS2 → Repeat for 5 regulations

This MCP: "Compare incident reporting requirements across DORA, NIS2, and CRA" → Done.

⚠️ Important Disclaimers

Legal Advice

🚨 THIS TOOL IS NOT LEGAL ADVICE 🚨

Regulation text is sourced verbatim from EUR-Lex and UNECE (official public sources). However:

  • Control mappings (ISO 27001, NIST CSF) are interpretive aids, not official guidance
  • Applicability rules are generalizations, not legal determinations
  • Cross-references are research helpers, not compliance mandates

Always verify against official sources and consult qualified legal counsel for compliance decisions.

Token Usage

⚠️ Context Window Warning

Some articles are very large (e.g., MDR Article 123 = ~70,000 tokens). The MCP server:

  • Search tool: Returns smart snippets (safe for context)
  • Get article tool: Returns full text (may consume significant tokens)
  • Recommendation: Use search first, then fetch specific articles as needed

Claude Desktop has a 200k token context window. Monitor your usage when retrieving multiple large articles.

ISO Standards Copyright

No copyrighted ISO standards are included. Control mappings reference ISO 27001:2022 control IDs only (e.g., "A.5.1", "A.8.2"). The actual text of ISO standards requires a paid license from ISO. This tool helps map regulations to controls but doesn't replace the standard itself.

Related Projects: Complete Compliance Suite

This server is part of Ansvar's Compliance Suite - three MCP servers that work together for end-to-end compliance coverage:

🇪🇺 EU Regulations MCP (This Project)

Query 47 EU regulations directly from Claude

  • GDPR, AI Act, DORA, NIS2, MiFID II, PSD2, eIDAS, MDR, and 39 more
  • Full regulatory text with article-level search
  • Cross-regulation reference and comparison
  • Install: npx @ansvar/eu-regulations-mcp

🇺🇸 US Regulations MCP

Query US federal and state compliance laws directly from Claude

  • HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, FDA 21 CFR Part 11, and 8 more
  • Federal and state privacy law comparison
  • Breach notification timeline mapping
  • Install: npm install @ansvar/us-regulations-mcp

🔐 Security Controls MCP

Query 1,451 security controls across 28 frameworks

  • ISO 27001, NIST CSF, DORA, PCI DSS, SOC 2, CMMC, FedRAMP, and 21 more
  • Bidirectional framework mapping and gap analysis
  • Import your purchased standards for official text
  • Install: pipx install security-controls-mcp

How They Work Together

Regulations → Controls Implementation Workflow:

1. "What are DORA's ICT risk management requirements?"
   → EU Regulations MCP returns Article 6 full text

2. "What security controls satisfy DORA Article 6?"
   → Security Controls MCP maps to ISO 27001, NIST CSF, and SCF controls

3. "Show me ISO 27001 A.8.1 implementation details"
   → Security Controls MCP returns control requirements and framework mappings

Complete compliance in one chat:

  • EU/US Regulations MCPs tell you WHAT compliance requirements you must meet
  • Security Controls MCP tells you HOW to implement controls that satisfy those requirements

Specialized: OT/ICS Security

🏭 OT Security MCP

Query IEC 62443, NIST 800-82/53, and MITRE ATT&CK for ICS

  • Specialized for OT/ICS environments (manufacturing, energy, critical infrastructure)
  • Security levels, Purdue Model, zone/conduit architecture
  • MITRE ATT&CK for ICS threat intelligence
  • Install: npm install @ansvar/ot-security-mcp
  • Use case: NIS2-compliant OT operators, industrial manufacturers, critical infrastructure

About Ansvar Systems

We build AI-accelerated threat modeling and compliance tools for automotive, financial services, and healthcare. This MCP server started as our internal reference tool — turns out everyone building for EU markets has the same EUR-Lex frustrations.

So we're open-sourcing it. Navigating 37 regulations shouldn't require a legal team.

ansvar.eu — Stockholm, Sweden

Documentation

License

Apache License 2.0. See LICENSE for details.

Related Servers