Initial commit: breakpilot-compliance - Compliance SDK Platform

Services: Admin-Compliance, Backend-Compliance, AI-Compliance-SDK, Consent-SDK, Developer-Portal, PCA-Platform, DSMS Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-11 23:47:28 +01:00
commit 4435e7ea0a
734 changed files with 251369 additions and 0 deletions
--- a/breakpilot-compliance-sdk/legal-corpus/eu/ai-act/metadata.json
+++ b/breakpilot-compliance-sdk/legal-corpus/eu/ai-act/metadata.json
@@ -0,0 +1,110 @@
+{
+  "id": "ai-act",
+  "name": "Verordnung ueber kuenstliche Intelligenz",
+  "nameEn": "Artificial Intelligence Act",
+  "abbreviation": "KI-VO",
+  "abbreviationEn": "AI Act",
+  "type": "regulation",
+  "jurisdiction": "EU",
+  "effectiveDate": "2024-08-01",
+  "officialReference": "Verordnung (EU) 2024/1689",
+  "articles": 113,
+  "recitals": 180,
+  "chapters": 13,
+  "estimatedChunks": 85,
+  "language": "de",
+  "topics": [
+    "artificial-intelligence",
+    "machine-learning",
+    "high-risk-ai",
+    "prohibited-ai",
+    "transparency",
+    "conformity-assessment",
+    "ai-governance"
+  ],
+  "riskCategories": [
+    {
+      "level": "unacceptable",
+      "title": "Verbotene KI-Praktiken",
+      "articles": [5],
+      "examples": [
+        "Social Scoring",
+        "Biometrische Fernidentifizierung",
+        "Emotionserkennung am Arbeitsplatz"
+      ]
+    },
+    {
+      "level": "high",
+      "title": "Hochrisiko-KI-Systeme",
+      "articles": [6, 7, 8, 9, 10, 11, 12, 13, 14, 15],
+      "examples": [
+        "Biometrische Identifizierung",
+        "Kritische Infrastruktur",
+        "Bildung und Berufsausbildung",
+        "Beschaeftigung",
+        "Zugang zu oeffentlichen Diensten"
+      ]
+    },
+    {
+      "level": "limited",
+      "title": "Begrenzte Transparenzpflichten",
+      "articles": [50],
+      "examples": [
+        "Chatbots",
+        "Deepfakes",
+        "Emotionserkennung"
+      ]
+    },
+    {
+      "level": "minimal",
+      "title": "Minimales Risiko",
+      "articles": [],
+      "examples": [
+        "Spam-Filter",
+        "Videospiel-KI"
+      ]
+    }
+  ],
+  "keyArticles": [
+    {
+      "article": 5,
+      "title": "Verbotene Praktiken im KI-Bereich",
+      "importance": "critical"
+    },
+    {
+      "article": 6,
+      "title": "Klassifizierungsregeln fuer Hochrisiko-KI",
+      "importance": "critical"
+    },
+    {
+      "article": 9,
+      "title": "Risikomanagementsystem",
+      "importance": "high"
+    },
+    {
+      "article": 10,
+      "title": "Daten und Daten-Governance",
+      "importance": "high"
+    },
+    {
+      "article": 13,
+      "title": "Transparenz und Bereitstellung von Informationen",
+      "importance": "high"
+    },
+    {
+      "article": 14,
+      "title": "Menschliche Aufsicht",
+      "importance": "high"
+    },
+    {
+      "article": 50,
+      "title": "Transparenzpflichten fuer bestimmte KI-Systeme",
+      "importance": "high"
+    }
+  ],
+  "relatedRegulations": [
+    "dsgvo",
+    "nis2",
+    "cra"
+  ]
+}
--- a/breakpilot-compliance-sdk/legal-corpus/eu/dsgvo/metadata.json
+++ b/breakpilot-compliance-sdk/legal-corpus/eu/dsgvo/metadata.json
@@ -0,0 +1,95 @@
+{
+  "id": "dsgvo",
+  "name": "Datenschutz-Grundverordnung",
+  "nameEn": "General Data Protection Regulation",
+  "abbreviation": "DSGVO",
+  "abbreviationEn": "GDPR",
+  "type": "regulation",
+  "jurisdiction": "EU",
+  "effectiveDate": "2018-05-25",
+  "officialReference": "Verordnung (EU) 2016/679",
+  "articles": 99,
+  "recitals": 173,
+  "chapters": 11,
+  "estimatedChunks": 99,
+  "language": "de",
+  "topics": [
+    "data-protection",
+    "privacy",
+    "consent",
+    "data-subject-rights",
+    "data-processing",
+    "data-transfers",
+    "data-breach",
+    "dpo",
+    "impact-assessment"
+  ],
+  "keyArticles": [
+    {
+      "article": 5,
+      "title": "Grundsaetze fuer die Verarbeitung personenbezogener Daten",
+      "importance": "critical"
+    },
+    {
+      "article": 6,
+      "title": "Rechtmaessigkeit der Verarbeitung",
+      "importance": "critical"
+    },
+    {
+      "article": 7,
+      "title": "Bedingungen fuer die Einwilligung",
+      "importance": "high"
+    },
+    {
+      "article": 9,
+      "title": "Verarbeitung besonderer Kategorien",
+      "importance": "high"
+    },
+    {
+      "article": 13,
+      "title": "Informationspflicht bei Erhebung",
+      "importance": "high"
+    },
+    {
+      "article": 15,
+      "title": "Auskunftsrecht",
+      "importance": "critical"
+    },
+    {
+      "article": 17,
+      "title": "Recht auf Loeschung",
+      "importance": "critical"
+    },
+    {
+      "article": 25,
+      "title": "Datenschutz durch Technikgestaltung",
+      "importance": "high"
+    },
+    {
+      "article": 30,
+      "title": "Verzeichnis von Verarbeitungstaetigkeiten",
+      "importance": "high"
+    },
+    {
+      "article": 32,
+      "title": "Sicherheit der Verarbeitung",
+      "importance": "high"
+    },
+    {
+      "article": 33,
+      "title": "Meldung von Verletzungen",
+      "importance": "critical"
+    },
+    {
+      "article": 35,
+      "title": "Datenschutz-Folgenabschaetzung",
+      "importance": "high"
+    }
+  ],
+  "relatedRegulations": [
+    "bdsg",
+    "ttdsg",
+    "tdddg",
+    "eprivacy"
+  ]
+}
--- a/breakpilot-compliance-sdk/legal-corpus/eu/nis2/metadata.json
+++ b/breakpilot-compliance-sdk/legal-corpus/eu/nis2/metadata.json
@@ -0,0 +1,102 @@
+{
+  "id": "nis2",
+  "name": "Richtlinie ueber Massnahmen fuer ein hohes gemeinsames Cybersicherheitsniveau",
+  "nameEn": "Network and Information Security Directive 2",
+  "abbreviation": "NIS2",
+  "abbreviationEn": "NIS2",
+  "type": "directive",
+  "jurisdiction": "EU",
+  "effectiveDate": "2024-10-18",
+  "officialReference": "Richtlinie (EU) 2022/2555",
+  "articles": 46,
+  "recitals": 144,
+  "chapters": 9,
+  "estimatedChunks": 46,
+  "language": "de",
+  "topics": [
+    "cybersecurity",
+    "critical-infrastructure",
+    "incident-reporting",
+    "risk-management",
+    "supply-chain-security"
+  ],
+  "entityCategories": [
+    {
+      "type": "essential",
+      "title": "Wesentliche Einrichtungen",
+      "sectors": [
+        "Energie",
+        "Verkehr",
+        "Bankwesen",
+        "Finanzmarktinfrastrukturen",
+        "Gesundheitswesen",
+        "Trinkwasser",
+        "Abwasser",
+        "Digitale Infrastruktur",
+        "IKT-Dienste",
+        "Oeffentliche Verwaltung",
+        "Weltraum"
+      ]
+    },
+    {
+      "type": "important",
+      "title": "Wichtige Einrichtungen",
+      "sectors": [
+        "Post- und Kurierdienste",
+        "Abfallbewirtschaftung",
+        "Chemische Industrie",
+        "Lebensmittel",
+        "Verarbeitendes Gewerbe",
+        "Digitale Anbieter",
+        "Forschung"
+      ]
+    }
+  ],
+  "keyArticles": [
+    {
+      "article": 21,
+      "title": "Risikomanagementmassnahmen",
+      "importance": "critical"
+    },
+    {
+      "article": 23,
+      "title": "Berichtspflichten",
+      "importance": "critical"
+    },
+    {
+      "article": 24,
+      "title": "Verwendung von Zertifizierungsschemata",
+      "importance": "high"
+    },
+    {
+      "article": 25,
+      "title": "Normung",
+      "importance": "high"
+    },
+    {
+      "article": 32,
+      "title": "Aufsichtsmassnahmen - Wesentliche Einrichtungen",
+      "importance": "high"
+    },
+    {
+      "article": 33,
+      "title": "Aufsichtsmassnahmen - Wichtige Einrichtungen",
+      "importance": "high"
+    },
+    {
+      "article": 34,
+      "title": "Sanktionen",
+      "importance": "high"
+    }
+  ],
+  "reportingTimelines": {
+    "initialNotification": "24 hours",
+    "incidentNotification": "72 hours",
+    "finalReport": "1 month"
+  },
+  "relatedRegulations": [
+    "cra",
+    "eucsa",
+    "dsgvo"
+  ]
+}