No tracking. No cookie wall.·100 % EU-hosted on Hetzner
coverage

The law that applies to your business, covered and citable.

Check whether your country, your regulations and your sector are covered today. Each answer names its source and clears a licence audit before we serve it — and every figure here is read live from that data, not written as marketing copy.

28Jurisdictions live
230k+National laws indexed
7.8MProvisions, article-level
119More in development

figures read from coverage.json · file generated 2026-07-06

coverage explorer

Do we cover you?

Ask by country, by framework, or by sector — the same three scopes your AI agent uses against the gateway. Only what is live and licence-audited appears; grey means not covered.

1 Find your scope

Europe
North America
JurisdictionStatute lawCase lawData protectionCybersecuritySector regulatorsLawsProvisions
SwedenEU6,04560,013
United States10,244380,164
AustriaEUEU5,10156,760
BelgiumEUEU5,778143,390
CzechiaEUEU45,899461,571
DenmarkEUEU62,764621,260
EstoniaEUEU1,60264,000
FinlandEUEU8,586161,785
GermanyEUEU4,75392,295
HungaryEUEU4,316130,568
Iceland1,71019,033
NetherlandsEUEU3,25478,001
PolandEUEU80574,651
SlovakiaEUEU4,08955,921
SloveniaEUEU4011,970
CroatiaEUEU4,511161,423
FranceEUEU3,958193,793
LatviaEUEU2,25058,063
Liechtenstein3,61473,213
RomaniaEUEU12,001112,545
SpainEUEU12,183298,241
United Kingdom3,243514,115
BulgariaEUEU1,99717,103
LithuaniaEUEU12,04789,810
LuxembourgEUEU4,55436,098
MaltaEUEU5,00956,516
Norway73929,222
PortugalEUEU1,13081,012

The EU layer — served once, inherited by every member state

The EU-level regulation, guidance and supervisory content every member state inherits (17 corpora) — the live facets are listed here. That's the “+ EU” you see on member-state answers.

EU regulationsCybersecuritySector regulators

Read from coverage.json (generated 2026-07-06). A scope appears only when its corpus is live and its source-licensing audit is GREEN; EU-level coverage applies in member states via the EU corpus, independent of national tiles.

the fleet

Three clusters. One connection.

Your AI client connects once, over OAuth. The gateway routes each call to the servers in scope; the answers come from the sources, not from a model.

law · 55 servers

Statutes & regulation

National law and EU regulation, segmented to article level. 232,222 laws serving across 28 audited jurisdictions — 4.1M provisions in the live tier.

GDPR Art. 33(1)NIS2 Art. 23(4)DORA Art. 18(1)
sector regulators · 75 servers

Sector regulators

The supervisory layer above the statute. Calls are routed by country and sector to the regulators your business actually answers to.

BaFinEIOPACNIL
domain · 46 servers

Security & threat domain

Vulnerability intelligence, threat modeling, sanctions, OWASP, and the security frameworks your controls map to.

ISO 27001 A.5.24OWASP

In active development

Already in our corpus, currently in licensing audit, content validation, or structural recovery.

🇨🇭 Switzerlandrecovery
🇨🇾 Cyprusrecovery
🇬🇷 Greecerecovery
🇮🇪 Irelandrecovery
🇮🇹 Italyrecovery

Coverage by sector

What we cover for each sector — regulations and standards a live, source-licensed corpus serves today. Standards are surfaced as requirement mapping, not reproduced text. Premium adds case law and agency guidance.

IT & cloud security

AppSec, infrastructure security, and product-security obligations.

  • ·Cyber Resilience Act (Reg (EU) 2024/2847)
  • ·NIS2 (Dir (EU) 2022/2555)
  • ·GDPR Art. 32 — security of processing
  • ·Control mapping: OWASP ASVS · NIST CSF/800-53 · ISO 27001 Annex A · CIS · MITRE ATT&CK
  • ·MITRE ATT&CK · CAPEC · CWE · D3FEND
  • ·CVE · CISA KEV · EPSS — live vulnerability context
Explore Security

AI governance

EU AI Act role classification, obligations, and conformity readiness.

  • ·EU AI Act (Reg (EU) 2024/1689)
  • ·Risk classification — prohibited practices (Art. 5), high-risk (Art. 6 + Annex III)
  • ·Role duties — provider (Art. 16), deployer (Art. 26), FRIA (Art. 27), conformity (Art. 43)
  • ·GPAI & systemic-risk model provisions (Art. 51–55)
  • ·GDPR intersection — automated decisions (Art. 22), DPIA trigger (Art. 35)
  • ·EU AI Office guidance · premium
  • ·ISO/IEC 42001 — AI management systems
Explore AI governance

Privacy & data protection

DPIA, privacy-by-design, transfers, and data-subject rights — grounded in GDPR.

  • ·GDPR (Reg (EU) 2016/679)
  • ·ePrivacy Directive (2002/58/EC)
  • ·Law Enforcement Directive (EU) 2016/680
  • ·GDPR Art. 22 — automated individual decision-making
  • ·National GDPR-implementation statutes
  • ·Case-law fan-out where licensing permits · premium
Explore Privacy

Public sector

Procurement lawfulness, public-body AI duties, and administration compliance.

  • ·National public-procurement law
  • ·Procurement case law & preparatory works · premium
  • ·EU AI Act Art. 27 — public-body FRIA duty
  • ·GDPR Art. 35 — public-body DPIA basis
  • ·NIS2 (Dir (EU) 2022/2555) Art. 21 — public-administration security
Explore Public sector

Financial services

DORA, MiCA, PSD2 and the prudential stack — at article level, with the technical standards.

  • ·DORA (Reg (EU) 2022/2554)
  • ·DORA RTS/ITS — 11 technical-standard instruments
  • ·MiCA (Reg (EU) 2023/1114) + RTS/ITS
  • ·PSD2 (Dir (EU) 2015/2366)
  • ·MiFID II / MiFIR · CRR/CRD · Solvency II · EMIR
  • ·Horizontal: GDPR · NIS2 · EU AI Act · eIDAS2
  • ·Control mapping: ISO 27001 · NIST
  • ·Case law · agency guidance · preparatory works · premium
Explore Financial

Automotive

Vehicle cybersecurity engineering, TARA, and type-approval evidence.

  • ·UN R155 (cybersecurity) · UN R156 (software update)
  • ·Control mapping: ISO/SAE 21434
  • ·Control mapping: UDS · DoIP · SOVD · AUTOSAR diagnostics
  • ·Repair & maintenance information access — RMI / SERMI
  • ·Horizontal: Cyber Resilience Act · GDPR (connected-vehicle data)
Explore Automotive

Drone & UAS

Drone operations, product security, threat modelling, and counter-UAS.

  • ·EU drone law — Reg (EU) 2019/947 (operations) · 2019/945 (product)
  • ·UAS threat library
  • ·Control mapping: UAS standards stack
  • ·National UAS rules + US 14 CFR Part 107
  • ·Horizontal: Cyber Resilience Act · RED · GPSR
Explore Drone / UAS

Agriculture & machinery

Autonomous-machinery safety and the AI duties that ride on top.

  • ·Machinery Regulation (EU) 2023/1230
  • ·EU AI Act — high-risk safety-component duties (Reg (EU) 2024/1689)
  • ·Control mapping: agri-machinery safety stack (ISO 4254 · ISOBUS 11783 · ISO 25119 · IEC 62061 · EN 690)
  • ·Control mapping: functional safety & autonomous-machine stack (ISO 12100 · ISO 13849 · ISO 18497 · ISO 3691-4 · ISO 10218)
  • ·Farm-data governance — EU Data Act (Reg (EU) 2023/2854)
  • ·EUDR (Reg (EU) 2023/1115) — deforestation-free supply-chain duties
  • ·Horizontal: Cyber Resilience Act · GDPR
Explore Agri & machinery

Healthcare & medical devices

Medical-device regulation, clinical data, and special-category privacy.

  • ·Medical Device Regulation (Reg (EU) 2017/745)
  • ·In Vitro Diagnostic Regulation (Reg (EU) 2017/746)
  • ·Clinical Trials Regulation (Reg (EU) 536/2014)
  • ·European Health Data Space (Reg (EU) 2025/327)
  • ·GDPR Art. 9 — special-category health data (+ full GDPR)
  • ·Horizontal: NIS2 · EU AI Act (software as a medical device) · CRA
  • ·MDCG medical-device guidance · premium
Explore Healthcare

Industrial / OT / ICS

OT security, robot-cell safety, and live ICS advisory enrichment.

  • ·Control mapping: IEC 62443 (1-1…4-2)
  • ·Control mapping: ISO 10218-1/-2:2025 + the safety-security bridge
  • ·OT protocol security models: Modbus/TCP, DNP3, OPC UA, PROFINET, EtherNet/IP (CIP), IEC 61850/62351, BACnet/SC
  • ·EU Machinery Regulation (EU) 2023/1230
  • ·Cyber Resilience Act · NIS2
  • ·CISA ICS/OT advisories
Explore Industrial / OT

Robotics & automation

Robot and cobot safety, machinery conformity, and the security of the robot stack.

  • ·Machinery Regulation (EU) 2023/1230
  • ·EU AI Act — high-risk safety-component duties (Reg (EU) 2024/1689)
  • ·Control mapping: ISO 10218-1/-2:2025 + ISO/TS 15066 collaborative operation
  • ·Control mapping: functional safety (ISO 12100 · ISO 13849) + IEC 62443 industrial cyber
  • ·ROS 2 / DDS security + robot exploitation chains
  • ·Horizontal: Cyber Resilience Act · NIS2
Explore Robotics

Rail & signalling

Railway cybersecurity and signalling safety, from CLC/TS 50701 zones to the safety case.

  • ·Control mapping: CLC/TS 50701 railway cybersecurity
  • ·Control mapping: EN 50126 RAMS · EN 50129 signalling safety case
  • ·Control mapping: IEC 62443 industrial cyber
  • ·ENISA transport threat landscape — railway
  • ·Horizontal: NIS2 (Dir (EU) 2022/2555) · CER (EU) 2022/2557
Explore Rail

Energy & utilities

Grid and generation compliance, anchored on NIS2 essential-entity duties.

  • ·National energy statutes
  • ·NIS2 (Dir (EU) 2022/2555)
  • ·Critical Entities Resilience Directive (EU) 2022/2557
  • ·Cybersecurity Act (EUCC) · Cyber Solidarity Act
  • ·Energy case law · preparatory works · agency guidance · premium
Explore Energy

ESG & sustainability

Sustainability reporting and the EU green-finance taxonomy, at article level.

  • ·CSRD (Dir (EU) 2022/2464)
  • ·EU Taxonomy Regulation (Reg (EU) 2020/852)
  • ·CBAM (Reg (EU) 2023/956)

Telecommunications

National regulatory-authority decisions and NIS2 operator obligations.

  • ·National telecom regulatory-authority decisions · premium
  • ·NIS2 — telecom-operator obligations

Defense & aerospace

Aviation-information-security regulation and national security-protection law.

  • ·EASA Part-IS (Reg (EU) 2023/203)
  • ·National security-protection law
  • ·Horizontal: NIS2
More sectors in development
  • Chemicals & REACHChemicals Regulation is serving while its methodology corpus completes a content review.
  • MaritimeMaritime security is held offline pending a source-licensing audit.

Listed only where a live MCP serves the corpus and its source licensing is GREEN. Per the No Silent Fallbacks policy, planned coverage is in the "in development" list, not above.

beyond the map

Not everything we work from is something we can hand you as data.

This page maps what you query directly through the gateway — corpora that cleared source-licensing review and come back clause by clause, with a citation. Some of what our work rests on can’t be served that way. It still shapes the answer; it reaches you as advice and synthesis, not a feed you pull.

served as data

The corpora on this page. Licensed to reproduce, addressable to the clause, returned in the same citation envelope as every other Ansvar source. You query them; you cite them.

served as advice

Sources we can reference but not republish — licensed standards we map to controls rather than reproduce, confidential engagement material, method that was never a document. We hold these off the gateway and put them to work in our consultancy and delivery, as synthesis, attributed to where it came from.

the line we hold

We never dress synthesis up as a source you could have pulled yourself, and we never serve licensed text we can’t defend. When a point rests on advice rather than a citeable provision, it says so.

What we can’t expose as data, we still bring to the work.

Missing a corpus you need? Tell us.

Every framework, jurisdiction, and sector above has cleared source-licensing review. We add new corpora when a real customer workflow needs them and the licensing audit closes — we'd rather say "not yet" than serve content we can't defend.

Tell us the source, the workflow it would unlock, and any license terms you already know about. We come back with an honest read on whether we can host it and roughly how long the licensing review would take.

Check your jurisdiction from your own client.

One MCP connection to gateway.ansvar.eu — Claude, Claude Code, Cursor, VS Code Copilot, or Open WebUI. Free tier: 100 searches a day with a B2B sign-up.

Start free