npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@ansvar/eu-regulations-mcp

v0.7.1

Published

The first open-source MCP server for European cybersecurity regulations. Query DORA, NIS2, GDPR, EU AI Act, and more directly from Claude.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ansvaransvar

Keywords

mcpmodel-context-protocolcompliancegdprnis2doraai-acteu-regulationscybersecuritycyber-resilience-acteuropean-unionlegalregulatoryclaudellm

Readme

EU Regulations MCP Server

The EUR-Lex alternative for the AI age.

npm version License GitHub stars Daily EUR-Lex Check Database Recitals

Query 37 EU regulations — from GDPR and AI Act to DORA, MiFID II, eIDAS, Medical Device Regulation, and more — directly from Claude, Cursor, or any MCP-compatible client.

If you're building digital products, financial services, healthcare tech, or connected devices for the European market, this is your compliance reference.

Built by Ansvar Systems — Stockholm, Sweden

Why This Exists

EU compliance is scattered across EUR-Lex PDFs, official journals, and regulatory sites. Whether you're:

  • A developer implementing GDPR data rights or NIS2 incident reporting
  • A product team navigating AI Act risk assessments or Medical Device conformity
  • A compliance officer mapping ISO 27001 to DORA requirements
  • A legal researcher comparing PSD2 authentication vs. eIDAS trust services

...you shouldn't need a law degree and 47 browser tabs. Ask Claude. Get the exact article. With context.

This MCP server makes EU regulations searchable, cross-referenceable, and AI-readable.

Quick Start

Installation

npm install @ansvar/eu-regulations-mcp

Claude Desktop

Add to your claude_desktop_config.json:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "eu-regulations": {
      "command": "npx",
      "args": ["-y", "@ansvar/eu-regulations-mcp"]
    }
  }
}

Restart Claude Desktop. Done.

Cursor / VS Code

{
  "mcp.servers": {
    "eu-regulations": {
      "command": "npx",
      "args": ["-y", "@ansvar/eu-regulations-mcp"]
    }
  }
}

Example Queries

Once connected, just ask naturally:

  • "What are the risk management requirements under NIS2 Article 21?"
  • "How long do I have to report a security incident under DORA?"
  • "Compare GDPR breach notification with NIS2 incident reporting"
  • "Does the EU AI Act apply to my recruitment screening tool?"
  • "What are the essential cybersecurity requirements under the Cyber Resilience Act?"
  • "Which regulations apply to a healthcare organization in Germany?"
  • "Map DORA ICT risk management to ISO 27001 controls"
  • "What is an EU Digital Identity Wallet under eIDAS 2.0?"
  • "What are my data access rights under the Data Act?"

More examples: TEST_QUERIES.md — 60+ example queries organized by category

What's Included

  • 37 Regulations — GDPR, DORA, NIS2, AI Act, MiCA, eIDAS 2.0, Medical Device Regulation, and 30 more
  • 2,438 Articles + 3,712 Recitals + 1,138 Official Definitions
  • Full-Text Search — Find relevant articles across all regulations instantly
  • Control Mappings — 686 mappings to ISO 27001:2022 & NIST CSF 2.0
  • Sector Rules — Check which regulations apply to your industry
  • Daily Updates — Automatic freshness checks against EUR-Lex

Detailed coverage: docs/coverage.md Use cases by industry: docs/use-cases.md Available tools: docs/tools.md

🎬 See It In Action

Why This Works

Verbatim Source Text (No LLM Processing):

  • All article text is ingested from EUR-Lex/UNECE official sources
  • Snippets are returned unchanged from SQLite FTS5 database rows
  • Zero LLM summarization or paraphrasing — the database contains regulation text, not AI interpretations
  • Note: HTML-to-text conversion normalizes whitespace/formatting, but preserves content

Smart Context Management:

  • Search returns 32-token snippets with highlighted matches (safe for context)
  • Article retrieval warns about token usage (some articles = 70k tokens)
  • Cross-references help navigate without loading everything at once

Technical Architecture:

EUR-Lex HTML → Parse → SQLite → FTS5 snippet() → MCP response
                  ↑                    ↑
           Formatting only      Verbatim database query

Example: EUR-Lex vs. This MCP

| EUR-Lex | This MCP Server | |---------|-----------------| | Search by CELEX number | Search by plain English: "incident reporting timeline" | | Navigate 100+ page PDFs | Get the exact article with context | | Manual cross-referencing | compare_requirements tool does it instantly | | "Which regulations apply to me?" → research for days | check_applicability tool → answer in seconds | | Copy-paste article text | Article + definitions + related requirements | | Check 37 sites for updates | Daily automated freshness checks | | No API, no integration | MCP protocol → AI-native |

EUR-Lex example: Download DORA PDF → Ctrl+F "incident" → Read Article 17 → Google "What's a major incident?" → Cross-reference NIS2 → Repeat for 5 regulations

This MCP: "Compare incident reporting requirements across DORA, NIS2, and CRA" → Done.

⚠️ Important Disclaimers

Legal Advice

🚨 THIS TOOL IS NOT LEGAL ADVICE 🚨

Regulation text is sourced verbatim from EUR-Lex and UNECE (official public sources). However:

  • Control mappings (ISO 27001, NIST CSF) are interpretive aids, not official guidance
  • Applicability rules are generalizations, not legal determinations
  • Cross-references are research helpers, not compliance mandates

Always verify against official sources and consult qualified legal counsel for compliance decisions.

Token Usage

⚠️ Context Window Warning

Some articles are very large (e.g., MDR Article 123 = ~70,000 tokens). The MCP server:

  • Search tool: Returns smart snippets (safe for context)
  • Get article tool: Returns full text (may consume significant tokens)
  • Recommendation: Use search first, then fetch specific articles as needed

Claude Desktop has a 200k token context window. Monitor your usage when retrieving multiple large articles.

ISO Standards Copyright

No copyrighted ISO standards are included. Control mappings reference ISO 27001:2022 control IDs only (e.g., "A.5.1", "A.8.2"). The actual text of ISO standards requires a paid license from ISO. This tool helps map regulations to controls but doesn't replace the standard itself.

About Ansvar Systems

We build AI-accelerated threat modeling and compliance tools for automotive, financial services, and healthcare. This MCP server started as our internal reference tool — turns out everyone building for EU markets has the same EUR-Lex frustrations.

So we're open-sourcing it. Navigating 37 regulations shouldn't require a legal team.

ansvar.eu — Stockholm, Sweden

Documentation

License

Apache License 2.0. See LICENSE for details.