refactor(admin): split requirements page.tsx into colocated components

Break 838-line page.tsx into _types.ts, _data.ts (templates),
_components/{AddRequirementForm,RequirementCard,LoadingSkeleton}.tsx,
and _hooks/useRequirementsData.ts. page.tsx is now 246 LOC (wiring
only). No behavior changes.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

admin-compliance/app/sdk/requirements/_data.ts

@@ -0,0 +1,110 @@
+import { DisplayRequirement } from './_types'
+
+// Fallback templates (used when backend is unavailable)
+export const requirementTemplates: Omit<DisplayRequirement, 'displayStatus' | 'controlsLinked' | 'evidenceCount'>[] = [
+  {
+    id: 'req-gdpr-6',
+    regulation: 'DSGVO',
+    article: 'Art. 6',
+    code: 'GDPR-6.1',
+    title: 'Rechtmaessigkeit der Verarbeitung',
+    description: 'Personenbezogene Daten duerfen nur verarbeitet werden, wenn eine Rechtsgrundlage vorliegt.',
+    source: 'DSGVO Art. 6',
+    category: 'Rechtmaessigkeit',
+    priority: 'critical',
+    criticality: 'CRITICAL',
+    applicableModules: ['mod-gdpr'],
+    status: 'NOT_STARTED',
+    controls: [],
+  },
+  {
+    id: 'req-gdpr-13',
+    regulation: 'DSGVO',
+    article: 'Art. 13/14',
+    code: 'GDPR-13',
+    title: 'Informationspflichten',
+    description: 'Betroffene Personen muessen ueber die Datenverarbeitung informiert werden.',
+    source: 'DSGVO Art. 13/14',
+    category: 'Transparenz',
+    priority: 'high',
+    criticality: 'HIGH',
+    applicableModules: ['mod-gdpr'],
+    status: 'NOT_STARTED',
+    controls: [],
+  },
+  {
+    id: 'req-ai-act-9',
+    regulation: 'AI Act',
+    article: 'Art. 9',
+    code: 'AI-ACT-9',
+    title: 'Risikomanagementsystem',
+    description: 'Hochrisiko-KI-Systeme erfordern ein Risikomanagementsystem.',
+    source: 'AI Act Art. 9',
+    category: 'KI-Governance',
+    priority: 'high',
+    criticality: 'HIGH',
+    applicableModules: ['mod-ai-act'],
+    status: 'NOT_STARTED',
+    controls: [],
+  },
+  {
+    id: 'req-gdpr-32',
+    regulation: 'DSGVO',
+    article: 'Art. 32',
+    code: 'GDPR-32',
+    title: 'Sicherheit der Verarbeitung',
+    description: 'Geeignete technische und organisatorische Massnahmen zur Datensicherheit.',
+    source: 'DSGVO Art. 32',
+    category: 'Sicherheit',
+    priority: 'critical',
+    criticality: 'CRITICAL',
+    applicableModules: ['mod-gdpr', 'mod-iso27001'],
+    status: 'NOT_STARTED',
+    controls: [],
+  },
+  {
+    id: 'req-gdpr-35',
+    regulation: 'DSGVO',
+    article: 'Art. 35',
+    code: 'GDPR-35',
+    title: 'Datenschutz-Folgenabschaetzung',
+    description: 'Bei hohem Risiko ist eine DSFA durchzufuehren.',
+    source: 'DSGVO Art. 35',
+    category: 'Risikobewertung',
+    priority: 'high',
+    criticality: 'HIGH',
+    applicableModules: ['mod-gdpr'],
+    status: 'NOT_STARTED',
+    controls: [],
+  },
+  {
+    id: 'req-ai-act-13',
+    regulation: 'AI Act',
+    article: 'Art. 13',
+    code: 'AI-ACT-13',
+    title: 'Transparenzanforderungen',
+    description: 'KI-Systeme muessen fuer Nutzer nachvollziehbar und transparent sein.',
+    source: 'AI Act Art. 13',
+    category: 'Transparenz',
+    priority: 'high',
+    criticality: 'HIGH',
+    applicableModules: ['mod-ai-act'],
+    status: 'NOT_STARTED',
+    controls: [],
+  },
+  {
+    id: 'req-nis2-21',
+    regulation: 'NIS2',
+    article: 'Art. 21',
+    code: 'NIS2-21',
+    title: 'Risikomanagementmassnahmen',
+    description: 'Wesentliche und wichtige Einrichtungen muessen Cybersicherheitsmassnahmen implementieren.',
+    source: 'NIS2 Art. 21',
+    category: 'Cybersicherheit',
+    priority: 'high',
+    criticality: 'HIGH',
+    applicableModules: ['mod-nis2'],
+    status: 'NOT_STARTED',
+    controls: [],
+  },
+]