EU Regulations MCP Server

EU Regulations MCP Server

The EUR-Lex alternative for the AI age.

Query 37 EU regulations — from GDPR and AI Act to DORA, MiFID II, eIDAS, Medical Device Regulation, and more — directly from Claude, Cursor, or any MCP-compatible client.

If you're building digital products, financial services, healthcare tech, or connected devices for the European market, this is your compliance reference.

Built by Ansvar Systems — Stockholm, Sweden

Why This Exists

EU compliance is scattered across EUR-Lex PDFs, official journals, and regulatory sites. Whether you're:

• A developer implementing GDPR data rights or NIS2 incident reporting
• A product team navigating AI Act risk assessments or Medical Device conformity
• A compliance officer mapping ISO 27001 to DORA requirements
• A legal researcher comparing PSD2 authentication vs. eIDAS trust services

...you shouldn't need a law degree and 47 browser tabs. Ask Claude. Get the exact article. With context.

This MCP server makes EU regulations searchable, cross-referenceable, and AI-readable.

Quick Start

Installation

npm install @ansvar/eu-regulations-mcp

Claude Desktop

Add to your claude_desktop_config.json:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.jsonWindows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "eu-regulations": {
      "command": "npx",
      "args": ["-y", "@ansvar/eu-regulations-mcp"]
    }
  }
}

Restart Claude Desktop. Done.

Cursor / VS Code

{
  "mcp.servers": {
    "eu-regulations": {
      "command": "npx",
      "args": ["-y", "@ansvar/eu-regulations-mcp"]
    }
  }
}

Hosted Service (Zero Setup)

Already running on Azure - just add to your config:

{
  "mcpServers": {
    "eu-regulations": {
      "url": "https://eu-regulations-mcp.jollysea-916ea475.westeurope.azurecontainerapps.io/mcp"
    }
  }
}

See HANDOVER.md and SETUP-CICD.md for deployment details.

Example Queries

Once connected, just ask naturally:

• "What are the risk management requirements under NIS2 Article 21?"
• "How long do I have to report a security incident under DORA?"
• "Compare GDPR breach notification with NIS2 incident reporting"
• "Does the EU AI Act apply to my recruitment screening tool?"
• "What are the essential cybersecurity requirements under the Cyber Resilience Act?"
• "Which regulations apply to a healthcare organization in Germany?"
• "Map DORA ICT risk management to ISO 27001 controls"
• "What is an EU Digital Identity Wallet under eIDAS 2.0?"
• "What are my data access rights under the Data Act?"

More examples: TEST_QUERIES.md — 60+ example queries organized by category

What's Included

• 37 Regulations — GDPR, DORA, NIS2, AI Act, MiCA, eIDAS 2.0, Medical Device Regulation, and 30 more
• 2,278 Articles + 3,508 Recitals + 1,145 Official Definitions
• Full-Text Search — Find relevant articles across all regulations instantly
• Control Mappings — 686 mappings to ISO 27001:2022 & NIST CSF 2.0
• Sector Rules — Check which regulations apply to your industry
• Daily Updates — Automatic freshness checks against EUR-Lex

Detailed coverage: docs/coverage.mdUse cases by industry: docs/use-cases.mdAvailable tools: docs/tools.md

🎬 See It In Action

Why This Works

Smart Context Management:

• Search returns relevant snippets, not entire regulations
• Article retrieval includes token usage warnings for large content
• Cross-references help navigate without loading everything

Example: EUR-Lex vs. This MCP

EUR-Lex example: Download DORA PDF → Ctrl+F "incident" → Read Article 17 → Google "What's a major incident?" → Cross-reference NIS2 → Repeat for 5 regulations

This MCP: "Compare incident reporting requirements across DORA, NIS2, and CRA" → Done.

⚠️ Important Disclaimers

Legal Advice

🚨 THIS TOOL IS NOT LEGAL ADVICE 🚨

Regulation text is sourced verbatim from EUR-Lex and UNECE (official public sources). However:

• Control mappings (ISO 27001, NIST CSF) are interpretive aids, not official guidance
• Applicability rules are generalizations, not legal determinations
• Cross-references are research helpers, not compliance mandates

Always verify against official sources and consult qualified legal counsel for compliance decisions.

Token Usage

⚠️ Context Window Warning

Some articles are very large (e.g., MDR Article 123 = ~70,000 tokens). The MCP server:

• Search tool: Returns smart snippets (safe for context)
• Get article tool: Returns full text (may consume significant tokens)
• Recommendation: Use search first, then fetch specific articles as needed

Claude Desktop has a 200k token context window. Monitor your usage when retrieving multiple large articles.

ISO Standards Copyright

No copyrighted ISO standards are included. Control mappings reference ISO 27001:2022 control IDs only (e.g., "A.5.1", "A.8.2"). The actual text of ISO standards requires a paid license from ISO. This tool helps map regulations to controls but doesn't replace the standard itself.

About Ansvar Systems

We build AI-accelerated threat modeling and compliance tools for automotive, financial services, and healthcare. This MCP server started as our internal reference tool — turns out everyone building for EU markets has the same EUR-Lex frustrations.

So we're open-sourcing it. Navigating 37 regulations shouldn't require a legal team.

ansvar.ai — Stockholm, Sweden

Documentation

• Coverage Details — All 37 regulations with article counts
• Use Cases — Industry-specific guidance (fintech, healthcare, IoT, etc.)
• Available Tools — Detailed tool descriptions
• Development Guide — Adding regulations, webhooks, CI/CD
• Troubleshooting — Common issues and fixes
• Roadmap — Upcoming features (delegated acts, national transpositions)
• Coverage Gaps — Known limitations
• Test Queries — 60+ example queries

License

Apache License 2.0. See LICENSE for details.

_{Built with care in Stockholm, Sweden}