EU compliance - complisec
EU NIS2/GDPR compliance skill for agents
complisec
EU compliance enforcement for AI agents.
skills.eye.security/eu-compliance
What is complisec?
One skill that onboards your organisation, builds a compliance profile, and enforces EU compliance when it matters — code generation, cloud integrations, deployments, data handling, and regulatory discussions.
What to expect
You don't need to know complisec exists — it activates when your prompt carries compliance risk.
| You say | complisec does |
|---|---|
| "Write an API endpoint that stores customer records" | Flags personal data handling, enforces audit logging, checks data residency against your profile |
| "Add Stripe integration to the checkout flow" | Detects new supplier not in your profile, asks about DPA status and data hosting region |
| "Our monitoring detected unauthorized access last night" | Starts incident lifecycle, calculates NIS2 24h/72h notification deadlines, identifies affected critical assets |
| "Deploy the new database migration to production" | Triggers change management for critical asset, requires impact assessment and rollback plan |
| "Here's the config: DB_PASSWORD=hunter2" | Blocks immediately, never echoes the secret, warns to rotate credentials |
| "Are we compliant with NIS2?" | Runs applicability check, offers 39-control gap analysis with 5-level maturity scoring |
| "We're switching from AWS to Azure for hosting" | Checks data residency constraints, flags affected critical assets, validates new supplier |
Install
See the eyesecurity/skills README for installation instructions across all platforms.
Profile example
See .compliance/profile.example.json for what an org profile looks like — a compact ~25-line JSON block capturing your critical assets, data residency, risk appetite, suppliers, and legal obligations.
Python requirement
Only the nis2-gap-analysis sub-skill needs Python 3.10+ (for the NIS2 applicability checker). Everything else is pure markdown — no dependencies.
Skills
| Skill | What it does |
|---|---|
| complisec (root) | Onboarding questionnaire + profile-aware enforcement on compliance-relevant actions |
| org-profile | Questionnaire to capture critical assets, data residency, risk appetite, suppliers, legal obligations |
| nis2-gap-analysis | 5-level maturity NIS2/Cbw assessment with consultant field methodology |
| risk-assessment-writer | ISO 27001 risk entry generator with L/M/H scoring, guided likelihood/impact questions, measure library |
| incident-management | Structured incident lifecycle with NIS2 24/72h/30d + GDPR 72h deadline tracking and EU reporting directory |
| vendor-risk | Vendor assessment, DPA tracking, data residency checks, NIS2 Art. 21(2)(d) supply chain |
| change-management | Change records for critical assets with impact classification, approval workflow, rollback plans |
| audit-logging | Structured audit logging for agent actions + enforce logging in AI-generated code |
| data-sensitivity | Data classification, prompt secret interception, scanning, blocking — patterns mapped to GDPR/NIS2 |
| compliance-hub | Central collection for all compliance records — cloud storage, immutability, observability |
| security-compliance-tools | Critical asset methodology, CISO workflow, EU compliance tooling index |
| eu-compliance-directives | Curated index of authoritative EU and national compliance sources — look up, don't hardcode |
Plugin structure
complisec/
├── SKILL.md # Root skill — onboarding + enforcement
├── README.md # This file
├── .claude-plugin/
│ └── plugin.json # Claude Code plugin manifest
├── skills/
│ ├── complisec/ # Entry skill (for plugin convention)
│ ├── nis2-gap-analysis/ # NIS2 gap analysis + nis2_check.py
│ ├── incident-management/ # Incident lifecycle + EU reporting directory
│ ├── vendor-risk/ # Supply chain risk management
│ ├── change-management/ # Change records for critical assets
│ ├── audit-logging/ # Audit logging + schemas
│ ├── data-sensitivity/ # Classification + scanning + blocking
│ ├── compliance-hub/ # Central log collection + observability
│ ├── org-profile/ # Organisation profile builder
│ ├── security-compliance-tools/# Critical asset methodology + compliance tools
│ └── eu-compliance-directives/ # EU + national source index
└── .compliance/
└── profile.example.json # Example org profile
License
See LICENSE.
相关服务器
Baozi Bet Prediction Markets
Baozi bet MCP server to allow agents create their own prediction markets
Dinero MCP Server
MCP server for Dinero — Danish accounting for small businesses. Invoices, contacts, vouchers, and bookkeeping via AI agents.
企业经营分析洞察服务
Provides in-depth analysis of enterprise operations, including business status, development, and market performance.
LiveScore MCP
Real-time football live scores, fixtures, team stats, and player data from 1000+ leagues via SSE transport. Free, no API key required.
Facebook Ads MCP Server
Connect Facebook Ads to Claude or ChatGPT via Two Minute Reports MCP and get accurate answers about campaigns, creatives, and spend.
Smart Home Device Control
Control smart home devices and query information by connecting large models to smart home backend APIs.
MCP-Weather
Provides weather information using the Japan Meteorological Agency API. No authentication required.
Nano Currency MCP Server
Send Nano currency and retrieve account and block information using the Nano node RPC.
Cybersecurity Vulnerability Intel MCP
Real-time CVE lookup via NIST NVD 2.0, CISA KEV alerts, EPSS exploitation probability, and MITRE ATT&CK mappings. 7 tools for AI-powered vulnerability assessment.
Pace
Pace is the first MCP connector that brings wearable health data directly into Claude — no third-party dashboards, no manual exports, no extra apps. Most health apps lock your data behind their own UI. Pace breaks that wall: connect once, and Claude can analyze your sleep, activity, workouts, nutrition and recovery in natural language — with full visualizations inline.