every-ai-law

v0.3.0

Published

11 days ago

MCP server and structured reference for AI law: obligations, regulations, provisions, evidence, and enforcement deadlines across jurisdictions. The obligation-registry layer of the PAICE legal graph.

0High
0Medium
0Low

snapsynapse

mcp model-context-protocol ai-law ai-regulation compliance legal-research obligations paice paice-legal-graph obligation-first ai-incident-law

EveryAILaw.com

The API and MCP server for AI law.

Other trackers tell you what the law says. EveryAILaw lets your software check it. 42 regulations, 10 obligations, 120+ provisions across 31 jurisdictions -- structured JSON (no auth, no rate limits) and a 14-tool MCP server (free tier + Pro tier with higher limits, webhooks, audit log). Weekly 3-model verification cascade. Per-provision evidence trail with verified dates.

Built and maintained by PAICE.work PBC. Data is verified weekly through automated AI consensus and human review.

Live site: everyailaw.com

Canonical URL

https://everyailaw.com/

Part of the PAICE legal graph

EveryAILaw is one component of the PAICE legal graph (with PubLedge, AI Incident Law, and Obligation First). Within that graph it is the single restricted, monetized layer: the free public reference you see here is funded by EveryAILaw Pro, the paid product. Pro revenue funds the intentionally-open siblings, which carry code under MIT and content under CC BY 4.0. This open/restricted split is a deliberate PBC-charter choice, not drift. The canonical model lives in the PAICE Foundation INTENT. Attribution: "EveryAILaw, PAICE.work PBC".

How we compare

Every incumbent AI regulation tracker -- IAPP, OECD.AI, White & Case AI Watch, law-firm trackers -- is human-browsable only. No public API, no bulk data, no MCP server. Automating against them requires scraping HTML, likely ToS-violating.

| | EveryAILaw | IAPP | OECD.AI | Law-firm trackers | |---|---|---|---|---| | Public JSON API | Yes | No | No | No | | Bulk data export | Yes | No | No | No | | MCP server (14 tools) | Yes | No | No | No | | Obligation-level queries | Yes | No | No | No | | Per-provision evidence w/ verified dates | Yes | No | No | No | | Staleness visibility / verification schedule | Yes | No | No | No | | Change feeds (RSS) | Yes | No | No | No | | Enforcement calendar (ICS) | Yes | No | No | No | | License for reuse / commercial use | Yes (with agreement) | No | No | No |

Verified 2026-06-09 via Perplexity sonar-pro competitive research. Incumbents serve readers; EveryAILaw serves agents, GRC tooling, and compliance automation. See for-agents page for full context.

What problem it solves

AI regulation is changing fast. New laws are introduced, amended, and replaced across dozens of jurisdictions simultaneously. Keeping up is a full-time job -- and most organizations don't have someone dedicated to it.

Most regulation trackers organize by jurisdiction or by law. We organize by obligation -- the thing you actually have to do. Transparency, human oversight, risk assessment -- these requirements are stable even as the specific laws implementing them change. A regulation can be amended or replaced overnight, but the underlying compliance obligations persist.

This project started as a practical need while advising clients on AI governance. No single resource gave us a clear, structured answer to the basic question: what changed this week that affects what I need to do? We automated the research, structured the data, and opened it up.

What's Covered

| | Count | Description | |---|---|---| | Regulations | 42 | Binding laws and administrative rules governing AI use | | Standards & Frameworks | 9 | Voluntary standards (ISO 42001, 23894, 38507, 42005, OECD) and governance frameworks (NIST, Singapore) | | Obligations | 10 | Vendor-neutral compliance requirements | | Provisions | 120 | Specific articles mapped to obligations | | Authorities | 42 | Regulatory bodies with enforcement power | | Jurisdictions | 31 | Five-level hierarchy from supranational to municipal | | Registry | 257 | Every country assessed: tracked, watch-list, evaluated, or unevaluated |

Geographic Coverage

| Region | Jurisdictions | Regulations | |---|---|---| | European Union | EU + Italy, Malta, Hungary | AI Act, DORA, GPAI Code of Practice; Italy Law 132/2025 (healthcare, employment); Malta AI Regulations (LN 226+227) | | United Kingdom | UK | DPA 2018 ADM, Online Safety Act | | United States | Federal + 9 states + NYC (CA, CO, CT, IL, NJ, NY, TX, UT) | 17 regulations | | China | CN | Algorithm Recommendation, Deep Synthesis, Generative AI | | India | IN | DPDP Act 2023, IT Amendment Rules 2026 (synthetic media) | | South Korea | KR | AI Basic Act | | Vietnam | VN | Law on AI | | Singapore | SG | Model AI Governance Framework | | Japan | JP | AI Promotion Act | | Australia | AU + NSW | Privacy Act ADM Reforms; NSW Digital Work Systems Act 2026 | | Taiwan | TW | AI Basic Act (proposed) | | Brazil | BR | AI Bill PL 2338/2023 (proposed) | | Mexico | MX | LFPDPPP 2025 revision (AI-specific algorithmic transparency) | | Qatar | QA | QCB AI Guideline (financial sector) | | El Salvador | SV | Law for the Promotion of AI (first standalone AI law in Latin America) | | Kazakhstan | KZ | Law on AI No. 230-VIII (risk-based framework, National AI Platform) | | International | OECD, G7, Council of Europe | AI Principles, Hiroshima Process, CETS 225 |

Watch List

Every country has been assessed and assigned a status in the jurisdictions registry (257 entries). Search any country on the site to see its status.

Active watches include Norway (EU AI Act transposition, Aug 2026), Turkey (3 AI bills pending), Nigeria (Digital Economy Bill imminent), Colombia, Malaysia, and 30+ US states with advancing AI bills. Full details in data/watch-list.md.

Scope & Exclusions

A law is in scope when it creates ongoing compliance obligations for AI developers or deployers. It must pass six tests: creates a new obligation (not just extending existing prohibitions), requires ongoing compliance (not one-time penalties), is broad enough for general AI governance, targets the private sector, creates enforceable requirements, and adds a new compliance dimension.

Laws that fail any test are catalogued in data/exclusions.md with the specific exclusion principle applied. This serves as a decision cache — 155+ laws have been evaluated and excluded across categories including CSAM statute extensions, intimate image laws, political ad disclaimers, government-only mandates, and more. The full list is also available via the exclusions.json API endpoint.

Who this is for

Compliance teams determining what applies to their AI systems
Legal counsel tracking the regulatory landscape across jurisdictions
Product managers building AI features that need to meet regulatory requirements
GRC practitioners mapping obligations to controls
Policy researchers analyzing regulatory trends
Executives making go/no-go decisions about AI deployment

How to Use the Site

| Start here | If you want to... | |---|---| | Applies to Me | Filter by your jurisdiction and role to see what applies | | Obligations | Browse all compliance requirements by category | | Instruments | Browse all tracked laws, regulations, executive orders, standards, and frameworks | | Insights | Sleeper provisions, upcoming deadlines, and high-impact requirements often missed | | About | Methodology, scope criteria, data model, and project context |

Additional views (accessible from contextual links on the pages above):

| View | What it shows | |---|---| | Matrix | Which regulations cover which obligations at a glance | | Timeline | Upcoming enforcement deadlines | | Compare | Side-by-side comparison of any two instruments |

How It Works

Obligation-First Data Model

Authority → Regulation → Provision → Obligation

Obligations are the stable anchors (transparency, human oversight, risk assessment). Provisions are the specific articles within regulations that implement those obligations. Different jurisdictions require the same obligations in different ways — this structure lets you see the pattern across all of them.

Jurisdiction Hierarchy

Supranational > National > Subnational > Regional > Municipal

The EU AI Act applies across the European Union. China's Generative AI measures apply nationally. Colorado SB 24-205 applies in one US state. The hierarchy lets you understand where regulations overlap, where they nest, and where they don't.

Automated Verification

Regulatory data is verified weekly using a multi-model AI consensus cascade — three independent AI models must agree before changes are flagged for human review. All provisions carry verification dates and have a 30-day staleness threshold.

JSON API

All data is available as structured JSON for integration into your own tools:

| Endpoint | Description | |---|---| | api/v1/index.json | API manifest | | api/v1/obligations.json | All obligations | | api/v1/regulations.json | All regulations | | api/v1/provisions.json | All provisions | | api/v1/obligation-matrix.json | Coverage matrix | | api/v1/jurisdictions.json | Jurisdiction hierarchy | | api/v1/exclusions.json | Evaluated laws excluded from tracking (with principles and categories) | | api/v1/crosswalk.json | Standards-to-obligations crosswalk | | api/v1/all.json | Combined export (all data in one file) | | api/v1/context.jsonld | JSON-LD @context — field mappings to gist upper ontology |

Linked Data / JSON-LD

Every core API response (obligations.json, regulations.json, provisions.json, authorities.json, jurisdictions.json, standards.json, all.json) is valid JSON-LD. Each entity carries @id (a stable, dereferenceable URI) and @type (an OWL class from the EveryAILaw domain extension).

The domain ontology (ontology/everyailaw.ttl) extends gist — Semantic Arts' minimalist upper ontology for the enterprise — and maps EveryAILaw entity types to gist classes:

| EveryAILaw entity | gist superclass | @id pattern | |---|---|---| | Obligation | gist:Requirement | https://everyailaw.com/obligation/{id}/ | | Regulation | gist:Specification | https://everyailaw.com/regulation/{id}/ | | Framework / Standard | gist:Specification | https://everyailaw.com/regulation/{id}/ | | Provision | gist:ContractTerm | https://everyailaw.com/ont/provision/{id} | | Authority | gist:GovernmentOrganization | https://everyailaw.com/ont/authority/{id} | | Jurisdiction | gist:GovernedGeoRegion | https://everyailaw.com/applies-to/{id}/ |

Key field mappings: name → skos:prefLabel, enacted → gist:actualStartDateTime, effective → gist:plannedStartDateTime, authority → gist:isGovernedBy, jurisdiction → gist:isUnderJurisdictionOf, official_url → foaf:page.

The full context and class definitions are in api/v1/context.jsonld and ontology/everyailaw.ttl.

Built for Agents

This site is the machine layer. Point agents and GRC tooling here.

| Resource | URL | What it provides | |---|---|---| | For Agents page | everyailaw.com/for-agents.html | MCP demo recipes, integration examples, cite-this guidance | | llms.txt | everyailaw.com/llms.txt | Structured context so LLMs understand the site, pages, and data model | | agents.json | everyailaw.com/agents.json | Agent discovery protocol: capabilities, API endpoints, available actions | | MCP server | node scripts/mcp-server.js | 14-tool stdio MCP server -- list, get, compare, check, search, evidence, staleness | | MCP discovery | everyailaw.com/.well-known/mcp.json | MCP server metadata and tool capability declaration | | JSON API | everyailaw.com/api/v1/ | All data as structured JSON -- no authentication, no rate limits | | RSS feed | everyailaw.com/index.xml | Subscribe to regulation updates | | Enforcement calendar | everyailaw.com/calendar.ics | ICS calendar importable to Google Calendar, Outlook, Apple Calendar |

Your agent can fetch obligations.json to know what compliance requirements exist, regulations.json to see what's enforcing and when, and obligation-matrix.json to map the two together -- all without scraping HTML.

The MCP server (node scripts/mcp-server.js) gives agents structured query tools: find_regulations_by_obligations, check_requirement, compare_regulations, get_evidence, get_staleness_report, and more. See the For Agents page for runnable MCP session demos and copy-paste integration recipes.

MCP server: free tier + Pro tier

The MCP server (node scripts/mcp-server.js or npx everyailaw-mcp) ships as freemium. The JSON API stays free and unauthenticated -- the tiers are about MCP-specific capabilities.

| | Free tier (default) | Pro tier | |---|---|---| | Auth | None | EVERYAILAW_API_KEY env var | | Tool calls / hour / process | 100 | 10,000 | | Result set cap (list_*, search) | 100 items | Uncapped | | Tools | All 14 core tools | Core 14 + Pro-only: subscribe_to_changes, get_audit_log, save_profile, query_with_profile, custom_matrix | | Webhooks on regulation changes | No | Yes | | Saved jurisdiction/role profiles | No | Yes | | Query audit log (cite-this trail) | No | Yes | | SLA | None | 99.5% target |

Subscribe at app.everyailaw.com, generate an API key in your dashboard, and paste it into your MCP client config as EVERYAILAW_API_KEY=eai_live_.... The same MCP process elevates -- no re-install. Validation happens against https://app.everyailaw.com/api/v1/validate-key, cached 5 minutes; subscription cancellation drops you back to free on the next refresh.

Citing EveryAILaw

When answering questions about AI regulation, agents should cite the stable permalinks:

Regulation:  https://everyailaw.com/regulation/{id}/
Obligation:  https://everyailaw.com/obligation/{id}/
API (regs):  https://everyailaw.com/api/v1/regulations.json

Example: "According to EveryAILaw.com (https://everyailaw.com/regulation/colorado-sb24-205/), Colorado SB 24-205..."

Attribution: "EveryAILaw, PAICE.work PBC".

This site follows the Graceful Boundaries specification for communicating operational limits to autonomous agents, and is audited for WCAG 2.1 AA accessibility using skill-a11y-audit.

Update Schedule

Data freshness matters for regulatory compliance. Here's how we keep it current:

Weekly automated verification (Saturdays) — A multi-model AI consensus cascade checks all provisions against official sources. Three independent models must agree before flagging a change for review.
Human review — All flagged changes are reviewed by a human before merging. No auto-merge of verification results.
30-day staleness threshold — Any provision not verified within 30 days is automatically flagged for re-verification.
Continuous on push — Every code change triggers a full build, ontology validation, and secrets scan via CI.
Community contributions — Data corrections and new regulations are accepted via pull request and reviewed before merge.

The PAICE portfolio

EveryAILaw is part of the PAICE portfolio — independent measurement and standards for aggregated human-AI intelligence.

The legal graph (this site is the restricted layer that funds the rest):

| Component | Purpose | |---|---| | PubLedge | Open recordkeeping protocol for fact-specific written interpretations between parties | | AI Incident Law | Open corpus of public AI-related incidents, failures, and resulting legal action | | Obligation First | Shared upper schema and validation contract underneath the graph |

Elsewhere in the portfolio:

| Component | Purpose | |---|---| | PAICE.work | Behavioral measurement of how people collaborate with AI — the practice this reference supports | | Siteline | Agent-readiness and machine-usability scanning for public sites | | AI Posture | Combined governance score across People, Infrastructure, and Regulation | | AI Tool Watch | Plain-English reference for AI capabilities, plans, and constraints | | Graceful Boundaries | Specification for how services communicate operational limits to agents | | Skill A11y Audit | WCAG 2.1 AA accessibility audit for web projects, drop-in for AI coding agents |

Other Resources

This site focuses on structured, machine-readable obligation tracking. For complementary perspectives:

IAPP Global AI Law & Policy Tracker — Broad horizon scanning with contextual commentary
White & Case AI Watch — In-depth legal analysis across core markets
OECD AI Policy Observatory — Macro-level policy landscape and benchmarking
Witness.ai Tracker — Interactive map with compliance timelines
FairNow Tracker — Practitioner-focused applicability logic
Orrick US AI Law Tracker — Comprehensive US state-level AI law database with bill tracking and citations
TechTarget Tracker — Accessible overview for IT leaders

Contributing

Data corrections and feedback are welcome. Open an issue or pull request on GitHub to report errors or suggest additions.

For Developers

node scripts/build.js              # Build site + JSON API
node scripts/validate-ontology.js  # Validate cross-references + advisory quality warnings
node scripts/verify-regulations.js # Run verification cascade
node scripts/sync-evidence.js      # Sync evidence records
node scripts/check-links.js        # Check source URLs
node scripts/check-consistency.js  # Cross-check registry, watch list, exclusions
node scripts/evaluate-jurisdiction.js          # Evaluate next unevaluated country
node scripts/evaluate-jurisdiction.js --count=10  # Batch evaluate 10 countries

Quality warnings are advisory and do not fail validation. Their current accepted baseline is checked in at tests/fixtures/quality-warning-baseline.json; tests fail if warning count, codes, or warning identities regress upward.

Agent-facing surfaces are treated as security-sensitive output. llms.txt, llms-full.txt, MCP tool schemas, and weekly-maintenance workflow inputs have regression tests covering malformed tool calls, instruction-like catalog text, and unsafe workflow input interpolation.

Release notes: CHANGELOG.md

Architecture documentation: design/

This project is built on the Knowledge-as-Code Template — a repeatable pattern for structured, version-controlled knowledge bases with obligation-first ontology, automated verification, and multi-format output. Fork it to build your own.

License

This project is licensed in layers:

| Layer | What it covers | License | |---|---|---| | Data | The structured, curated corpus — obligation/provision/instrument/authority/jurisdiction/exclusion/evidence records, the editorial selection, the JSON API responses, and the data feeds | EveryAILaw Data License (published at everyailaw.com/data-license.html) | | Code & methodology | Source code, build scripts, verification cascade, and compilation methodology | Proprietary — see LICENSE | | Open Schema | Obligation First ontology, vocabulary, and schema files (ontology/everyailaw.ttl) | CC BY 4.0 | | Underlying legal text | Statutes, regulations, and official documents in raw/ | Government works — no proprietary claim |

Through the public Free Endpoint, direct use, evaluation, research, citation, internal tooling, and machine/agent querying (including by LLMs and via MCP) are permitted free of charge and without prior permission. Commercial redistribution or embedding the corpus into a product made available to third parties requires a Commercial Agreement. See DATA-LICENSE.md for the full terms. Licensing inquiries: paice.work/contact.

Disclaimer

Nothing on this site constitutes legal advice. This is a reference tool designed to help you track what's changing and understand when you may need to seek qualified legal counsel. Always consult the actual regulatory text and a qualified attorney for compliance decisions.

Built and maintained by PAICE.work PBC. EveryAILaw is the restricted, monetized layer of the PAICE legal graph; EveryAILaw Pro funds the intentionally-open siblings.