diff --git a/admin-compliance/lib/sdk/__tests__/compliance-scope-engine.test.ts b/admin-compliance/lib/sdk/__tests__/compliance-scope-engine.test.ts index fd58754..33d9e40 100644 --- a/admin-compliance/lib/sdk/__tests__/compliance-scope-engine.test.ts +++ b/admin-compliance/lib/sdk/__tests__/compliance-scope-engine.test.ts @@ -370,3 +370,101 @@ describe('evaluateRiskFlags', () => { expect(orgFlag).toBeUndefined() }) }) + +// ============================================================================ +// HT-H01a/b: B2B vs B2C Webshop Trigger Split +// ============================================================================ + +describe('HT-H01a/b — B2B vs B2C Webshop', () => { + it('B2C webshop triggers HT-H01a with Verbraucherschutz documents', () => { + const triggers = complianceScopeEngine.evaluateHardTriggers([ + ans('prod_webshop', true), + ans('org_business_model', 'B2C'), + ]) + const h01a = triggers.find((t: any) => t.ruleId === 'HT-H01a') + const h01b = triggers.find((t: any) => t.ruleId === 'HT-H01b') + expect(h01a).toBeDefined() + expect(h01b).toBeUndefined() + expect(h01a!.mandatoryDocuments).toContain('WIDERRUFSBELEHRUNG') + expect(h01a!.mandatoryDocuments).toContain('PREISANGABEN') + expect(h01a!.mandatoryDocuments).toContain('FERNABSATZ_INFO') + expect(h01a!.mandatoryDocuments).toContain('STREITBEILEGUNG') + }) + + it('B2B webshop triggers HT-H01b without Verbraucherschutz documents', () => { + const triggers = complianceScopeEngine.evaluateHardTriggers([ + ans('prod_webshop', true), + ans('org_business_model', 'B2B'), + ]) + const h01a = triggers.find((t: any) => t.ruleId === 'HT-H01a') + const h01b = triggers.find((t: any) => t.ruleId === 'HT-H01b') + expect(h01a).toBeUndefined() + expect(h01b).toBeDefined() + expect(h01b!.mandatoryDocuments).toContain('DSE') + expect(h01b!.mandatoryDocuments).toContain('AGB') + expect(h01b!.mandatoryDocuments).toContain('COOKIE_BANNER') + expect(h01b!.mandatoryDocuments).not.toContain('WIDERRUFSBELEHRUNG') + expect(h01b!.mandatoryDocuments).not.toContain('PREISANGABEN') + }) + + it('B2B_B2C (hybrid) webshop triggers HT-H01a (Verbraucherschutz applies)', () => { + const triggers = complianceScopeEngine.evaluateHardTriggers([ + ans('prod_webshop', true), + ans('org_business_model', 'B2B_B2C'), + ]) + const h01a = triggers.find((t: any) => t.ruleId === 'HT-H01a') + const h01b = triggers.find((t: any) => t.ruleId === 'HT-H01b') + expect(h01a).toBeDefined() + expect(h01b).toBeUndefined() + }) + + it('no webshop → neither HT-H01a nor HT-H01b fires', () => { + const triggers = complianceScopeEngine.evaluateHardTriggers([ + ans('prod_webshop', false), + ans('org_business_model', 'B2C'), + ]) + const h01a = triggers.find((t: any) => t.ruleId === 'HT-H01a') + const h01b = triggers.find((t: any) => t.ruleId === 'HT-H01b') + expect(h01a).toBeUndefined() + expect(h01b).toBeUndefined() + }) + + it('webshop without business_model answer → HT-H01a fires (excludeWhen not matched)', () => { + const triggers = complianceScopeEngine.evaluateHardTriggers([ + ans('prod_webshop', true), + ]) + const h01a = triggers.find((t: any) => t.ruleId === 'HT-H01a') + const h01b = triggers.find((t: any) => t.ruleId === 'HT-H01b') + // excludeWhen B2B: not matched (undefined !== 'B2B') → fires + expect(h01a).toBeDefined() + // requireWhen B2B: not matched (undefined !== 'B2B') → does not fire + expect(h01b).toBeUndefined() + }) +}) + +// ============================================================================ +// excludeWhen / requireWhen Logic (unit) +// ============================================================================ + +describe('excludeWhen / requireWhen — generic logic', () => { + it('excludeWhen with array value excludes any matching value', () => { + // HT-H01a has excludeWhen: { questionId: 'org_business_model', value: 'B2B' } + // This test verifies the single-value case works (B2B excluded) + const triggers = complianceScopeEngine.evaluateHardTriggers([ + ans('prod_webshop', true), + ans('org_business_model', 'B2B'), + ]) + const h01a = triggers.find((t: any) => t.ruleId === 'HT-H01a') + expect(h01a).toBeUndefined() + }) + + it('requireWhen with non-matching value prevents trigger', () => { + // HT-H01b has requireWhen: { questionId: 'org_business_model', value: 'B2B' } + const triggers = complianceScopeEngine.evaluateHardTriggers([ + ans('prod_webshop', true), + ans('org_business_model', 'B2C'), + ]) + const h01b = triggers.find((t: any) => t.ruleId === 'HT-H01b') + expect(h01b).toBeUndefined() + }) +}) diff --git a/admin-compliance/lib/sdk/compliance-scope-engine.ts b/admin-compliance/lib/sdk/compliance-scope-engine.ts index d87712e..7fb0a17 100644 --- a/admin-compliance/lib/sdk/compliance-scope-engine.ts +++ b/admin-compliance/lib/sdk/compliance-scope-engine.ts @@ -642,16 +642,31 @@ export const HARD_TRIGGER_RULES: HardTriggerRule[] = [ // ========== H: Produkt/Business (7 rules) ========== { - id: 'HT-H01', + id: 'HT-H01a', category: 'product', questionId: 'prod_webshop', condition: 'EQUALS', conditionValue: true, + excludeWhen: { questionId: 'org_business_model', value: 'B2B' }, minimumLevel: 'L2', requiresDSFA: false, - mandatoryDocuments: ['DSE', 'AGB', 'COOKIE_BANNER', 'EINWILLIGUNGEN', 'VERBRAUCHERSCHUTZ'], + mandatoryDocuments: ['DSE', 'AGB', 'COOKIE_BANNER', 'EINWILLIGUNGEN', + 'WIDERRUFSBELEHRUNG', 'PREISANGABEN', 'FERNABSATZ_INFO', 'STREITBEILEGUNG'], + legalReference: 'Art. 6 DSGVO + Fernabsatzrecht + PAngV + VSBG', + description: 'E-Commerce / Webshop (B2C) — Verbraucherschutzpflichten', + }, + { + id: 'HT-H01b', + category: 'product', + questionId: 'prod_webshop', + condition: 'EQUALS', + conditionValue: true, + requireWhen: { questionId: 'org_business_model', value: 'B2B' }, + minimumLevel: 'L2', + requiresDSFA: false, + mandatoryDocuments: ['DSE', 'AGB', 'COOKIE_BANNER'], legalReference: 'Art. 6 DSGVO + eCommerce', - description: 'E-Commerce / Webshop-Betrieb', + description: 'E-Commerce / Webshop (B2B) — Basis-Pflichten', }, { id: 'HT-H02', @@ -1224,6 +1239,26 @@ export class ComplianceScopeEngine { if (!baseCondition) return false + // Exclude-Bedingung: Regel feuert NICHT wenn excludeWhen zutrifft + if (rule.excludeWhen) { + const exVal = answerMap.get(rule.excludeWhen.questionId) + if (Array.isArray(rule.excludeWhen.value) + ? rule.excludeWhen.value.includes(exVal) + : exVal === rule.excludeWhen.value) { + return false + } + } + + // Require-Bedingung: Regel feuert NUR wenn requireWhen zutrifft + if (rule.requireWhen) { + const reqVal = answerMap.get(rule.requireWhen.questionId) + if (Array.isArray(rule.requireWhen.value) + ? !rule.requireWhen.value.includes(reqVal) + : reqVal !== rule.requireWhen.value) { + return false + } + } + // Combined checks if (rule.combineWithArt9) { const art9 = answerMap.get('data_art9') @@ -1388,10 +1423,14 @@ export class ComplianceScopeEngine { NOTFALLPLAN: 12, COOKIE_BANNER: 4, AGB: 6, - VERBRAUCHERSCHUTZ: 4, + WIDERRUFSBELEHRUNG: 3, + PREISANGABEN: 2, + FERNABSATZ_INFO: 4, + STREITBEILEGUNG: 1, + PRODUKTSICHERHEIT: 8, + AI_ACT_DOKU: 12, AUDIT_CHECKLIST: 8, VENDOR_MANAGEMENT: 10, - AI_ACT_DOKU: 12, } return effortMap[docType] || 6 } diff --git a/admin-compliance/lib/sdk/compliance-scope-types.ts b/admin-compliance/lib/sdk/compliance-scope-types.ts index b2c0334..1aaed27 100644 --- a/admin-compliance/lib/sdk/compliance-scope-types.ts +++ b/admin-compliance/lib/sdk/compliance-scope-types.ts @@ -130,24 +130,38 @@ export type HardTriggerOperator = export interface HardTriggerRule { /** Eindeutige ID der Regel */ id: string; - /** Kurze Bezeichnung */ - label: string; - /** Detaillierte Beschreibung */ - description: string; - /** Feld, das geprüft wird (questionId oder company_profile Feld) */ - conditionField: string; + /** Kategorie der Regel */ + category: string; + /** Frage-ID, die geprüft wird */ + questionId: string; /** Bedingungsoperator */ - conditionOperator: HardTriggerOperator; + condition: HardTriggerOperator; /** Wert, der geprüft wird */ conditionValue: unknown; /** Minimal erforderliches Level */ minimumLevel: ComplianceDepthLevel; - /** Pflichtdokumente bei Trigger */ - mandatoryDocuments: ScopeDocumentType[]; /** DSFA erforderlich? */ - dsfaRequired: boolean; + requiresDSFA: boolean; + /** Pflichtdokumente bei Trigger */ + mandatoryDocuments: string[]; /** Rechtsgrundlage */ legalReference: string; + /** Detaillierte Beschreibung */ + description: string; + /** Kombiniert mit Art. 9 Daten? */ + combineWithArt9?: boolean; + /** Kombiniert mit Minderjährigen-Daten? */ + combineWithMinors?: boolean; + /** Kombiniert mit KI-Nutzung? */ + combineWithAI?: boolean; + /** Kombiniert mit Mitarbeiterüberwachung? */ + combineWithEmployeeMonitoring?: boolean; + /** Kombiniert mit automatisierter Entscheidungsfindung? */ + combineWithADM?: boolean; + /** Regel feuert NICHT wenn diese Bedingung zutrifft */ + excludeWhen?: { questionId: string; value: string | string[] }; + /** Regel feuert NUR wenn diese Bedingung zutrifft */ + requireWhen?: { questionId: string; value: string | string[] }; } /** @@ -195,7 +209,13 @@ export type ScopeDocumentType = | 'notfallplan' // Notfall- & Krisenplan | 'zertifizierung' // Zertifizierungsvorbereitung | 'datenschutzmanagement' // Datenschutzmanagement-System (DSMS) - | 'iace_ce_assessment'; // CE-Risikobeurteilung SW/FW/KI (IACE) + | 'iace_ce_assessment' // CE-Risikobeurteilung SW/FW/KI (IACE) + | 'widerrufsbelehrung' // Widerrufsbelehrung (§ 312g BGB) + | 'preisangaben' // Preisangaben (PAngV) + | 'fernabsatz_info' // Informationspflichten Fernabsatz (§ 312d BGB) + | 'streitbeilegung' // Streitbeilegungshinweis (VSBG § 36) + | 'produktsicherheit' // Produktsicherheit (GPSR EU 2023/988) + | 'ai_act_doku'; // AI Act Technische Dokumentation (Art. 11) // ============================================================================ // Decision & Output Types @@ -429,6 +449,12 @@ export const DOCUMENT_TYPE_LABELS: Record = { zertifizierung: 'Zertifizierungsvorbereitung', datenschutzmanagement: 'Datenschutzmanagement-System (DSMS)', iace_ce_assessment: 'CE-Risikobeurteilung SW/FW/KI (IACE)', + widerrufsbelehrung: 'Widerrufsbelehrung (§ 312g BGB)', + preisangaben: 'Preisangaben (PAngV)', + fernabsatz_info: 'Informationspflichten Fernabsatz (§ 312d BGB)', + streitbeilegung: 'Streitbeilegungshinweis (VSBG § 36)', + produktsicherheit: 'Produktsicherheitsdokumentation (GPSR)', + ai_act_doku: 'AI Act Technische Dokumentation (Art. 11)', }; /** @@ -1311,6 +1337,231 @@ export const DOCUMENT_SCOPE_MATRIX: Record> = zertifizierung: '/sdk/iace', datenschutzmanagement: '/sdk/dsms', iace_ce_assessment: '/sdk/iace', + widerrufsbelehrung: '/sdk/policy-generator', + preisangaben: '/sdk/policy-generator', + fernabsatz_info: '/sdk/policy-generator', + streitbeilegung: '/sdk/policy-generator', + produktsicherheit: '/sdk/iace', + ai_act_doku: '/sdk/ai-act', }; // ============================================================================ diff --git a/scripts/ingest-legal-corpus.sh b/scripts/ingest-legal-corpus.sh index b50d6d6..030518a 100755 --- a/scripts/ingest-legal-corpus.sh +++ b/scripts/ingest-legal-corpus.sh @@ -35,7 +35,7 @@ while [[ $# -gt 0 ]]; do --only) ONLY_PHASE="$2"; shift 2 ;; -h|--help) echo "Usage: $0 [--skip-download] [--only PHASE]" - echo "Phases: download, gesetze, eu, templates, datenschutz, verify, version" + echo "Phases: download, gesetze, eu, templates, datenschutz, verbraucherschutz, verify, version" exit 0 ;; *) echo "Unknown option: $1"; exit 1 ;; @@ -762,6 +762,148 @@ phase_datenschutz() { log "Collection $col: $before → $after chunks" } +# ============================================================================= +# PHASE H: Verbraucherschutz & AI Act +# ============================================================================= +phase_verbraucherschutz() { + log "==========================================" + log "PHASE H: Verbraucherschutz & AI Act" + log "==========================================" + + mkdir -p "$WORK_DIR"/{pdfs,texts} + + # --- H1: Deutsche Verbraucherschutz-Gesetze → bp_compliance_gesetze --- + local col="bp_compliance_gesetze" + local before + before=$(collection_count "$col") + log "Collection $col: $before chunks (before)" + + # Download + Ingest deutsche Gesetze (gesetze-im-internet.de, Public Domain § 5 UrhG) + local -a verbraucherschutz_gesetze=( + "pangv_2022/PAngV:PAngV:Preisangabenverordnung" + "vsbg/VSBG:VSBG:Verbraucherstreitbeilegungsgesetz" + "prodhaftg/ProdHaftG:ProdHaftG:Produkthaftungsgesetz" + "verpackg/VerpackG:VerpackG:Verpackungsgesetz" + "elektrog_2015/ElektroG:ElektroG:Elektro- und Elektronikgeraetegesetz" + "battdg/BattDG:BattDG:Batteriegesetz" + "bfsg/BFSG:BFSG:Barrierefreiheitsstaerkungsgesetz" + "uwg_2004/UWG:UWG:Gesetz gegen den unlauteren Wettbewerb" + ) + + for entry in "${verbraucherschutz_gesetze[@]}"; do + local path="${entry%%:*}" + local rest="${entry#*:}" + local short="${rest%%:*}" + local fullname="${rest#*:}" + local pdf_file="$WORK_DIR/pdfs/${short}.pdf" + + download_pdf \ + "https://www.gesetze-im-internet.de/${path}.pdf" \ + "$pdf_file" + + if [[ -f "$pdf_file" ]]; then + upload_file "$pdf_file" "$col" "compliance" "legal_reference" "2025" \ + "{\"regulation_id\":\"${short,,}\",\"regulation_name_de\":\"$fullname ($short)\",\"category\":\"verbraucherschutz\",\"license\":\"public_domain_§5_UrhG\",\"source\":\"gesetze-im-internet.de\"}" \ + "$short ($fullname)" + fi + done + + # BGB komplett (Fernabsatz §§ 312-312k, Digitale Inhalte §§ 327-327u, Kaufrecht §§ 433-480) + download_pdf \ + "https://www.gesetze-im-internet.de/bgb/BGB.pdf" \ + "$WORK_DIR/pdfs/BGB_full.pdf" + + if [[ -f "$WORK_DIR/pdfs/BGB_full.pdf" ]]; then + upload_file "$WORK_DIR/pdfs/BGB_full.pdf" "$col" "compliance" "legal_reference" "2025" \ + '{"regulation_id":"bgb_fernabsatz","regulation_name_de":"BGB (Fernabsatz, Digitale Inhalte, Kaufrecht)","category":"verbraucherschutz","license":"public_domain_§5_UrhG","source":"gesetze-im-internet.de"}' \ + "BGB (Fernabsatz/Digitale Inhalte/Kaufrecht)" + fi + + # EGBGB fuer Muster-Widerrufsbelehrung (Anlage 1+2 zu Art. 246a) + download_pdf \ + "https://www.gesetze-im-internet.de/bgbeg/BGBEG.pdf" \ + "$WORK_DIR/pdfs/BGBEG.pdf" + + if [[ -f "$WORK_DIR/pdfs/BGBEG.pdf" ]]; then + upload_file "$WORK_DIR/pdfs/BGBEG.pdf" "$col" "compliance" "legal_reference" "2025" \ + '{"regulation_id":"egbgb_muster_widerruf","regulation_name_de":"EGBGB (Muster-Widerrufsbelehrung, Anlage 1+2 zu Art. 246a)","category":"verbraucherschutz","license":"public_domain_§5_UrhG","source":"gesetze-im-internet.de"}' \ + "EGBGB (Muster-Widerrufsbelehrung)" + fi + + local after + after=$(collection_count "$col") + log "Collection $col: $before → $after chunks" + + # --- H2: EU-Verordnungen → bp_compliance_ce --- + col="bp_compliance_ce" + before=$(collection_count "$col") + log "Collection $col: $before chunks (before)" + + # GPSR (EU 2023/988) - Produktsicherheit + download_pdf \ + "https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32023R0988" \ + "$WORK_DIR/pdfs/GPSR_2023_988.pdf" + + if [[ -f "$WORK_DIR/pdfs/GPSR_2023_988.pdf" ]]; then + upload_file "$WORK_DIR/pdfs/GPSR_2023_988.pdf" "$col" "compliance_ce" "legal_reference" "2024" \ + '{"regulation_id":"gpsr","regulation_name_de":"Allgemeine Produktsicherheitsverordnung (GPSR)","regulation_name_en":"General Product Safety Regulation","regulation_short":"GPSR","celex":"32023R0988","category":"produktsicherheit","license":"CC_BY_4.0","source":"eur-lex"}' \ + "GPSR (EU) 2023/988" + fi + + # AI Act (EU 2024/1689) + download_pdf \ + "https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=OJ:L_202401689" \ + "$WORK_DIR/pdfs/AI_Act_2024_1689.pdf" + + if [[ -f "$WORK_DIR/pdfs/AI_Act_2024_1689.pdf" ]]; then + upload_file "$WORK_DIR/pdfs/AI_Act_2024_1689.pdf" "$col" "compliance_ce" "legal_reference" "2024" \ + '{"regulation_id":"ai_act","regulation_name_de":"KI-Verordnung (AI Act)","regulation_name_en":"Artificial Intelligence Act","regulation_short":"AI Act","celex":"32024R1689","category":"ki_regulierung","license":"CC_BY_4.0","source":"eur-lex"}' \ + "AI Act (EU) 2024/1689" + fi + + # EU Batterieverordnung (EU 2023/1542) + download_pdf \ + "https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32023R1542" \ + "$WORK_DIR/pdfs/Batterie_VO_2023_1542.pdf" + + if [[ -f "$WORK_DIR/pdfs/Batterie_VO_2023_1542.pdf" ]]; then + upload_file "$WORK_DIR/pdfs/Batterie_VO_2023_1542.pdf" "$col" "compliance_ce" "legal_reference" "2024" \ + '{"regulation_id":"batterie_vo","regulation_name_de":"Batterieverordnung","regulation_name_en":"Battery Regulation","regulation_short":"BattVO","celex":"32023R1542","category":"produktsicherheit","license":"CC_BY_4.0","source":"eur-lex"}' \ + "EU Batterieverordnung (EU) 2023/1542" + fi + + # Digitale-Inhalte-Richtlinie (EU 2019/770) + download_pdf \ + "https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32019L0770" \ + "$WORK_DIR/pdfs/Digitale_Inhalte_RL_2019_770.pdf" + + if [[ -f "$WORK_DIR/pdfs/Digitale_Inhalte_RL_2019_770.pdf" ]]; then + upload_file "$WORK_DIR/pdfs/Digitale_Inhalte_RL_2019_770.pdf" "$col" "compliance_ce" "legal_reference" "2019" \ + '{"regulation_id":"digitale_inhalte_rl","regulation_name_de":"Richtlinie ueber digitale Inhalte","regulation_name_en":"Digital Content Directive","regulation_short":"DCD","celex":"32019L0770","category":"verbraucherschutz","license":"CC_BY_4.0","source":"eur-lex"}' \ + "Digitale-Inhalte-RL (EU) 2019/770" + fi + + after=$(collection_count "$col") + log "Collection $col: $before → $after chunks" + + # --- H3: HLEG Ethics Guidelines → bp_compliance_datenschutz --- + col="bp_compliance_datenschutz" + before=$(collection_count "$col") + + download_pdf \ + "https://op.europa.eu/en/publication-detail/-/publication/d3988569-0434-11ea-8c1f-01aa75ed71a1/language-en/format-PDF" \ + "$WORK_DIR/pdfs/hleg_trustworthy_ai.pdf" + + if [[ -f "$WORK_DIR/pdfs/hleg_trustworthy_ai.pdf" ]]; then + upload_file "$WORK_DIR/pdfs/hleg_trustworthy_ai.pdf" "$col" "compliance_datenschutz" "guidance" "2019" \ + '{"source_id":"hleg","doc_type":"ethics_guidelines","guideline_name":"Ethics Guidelines for Trustworthy AI","license":"CC_BY_4.0","attribution":"High-Level Expert Group on AI (HLEG)","source":"op.europa.eu"}' \ + "HLEG Ethics Guidelines Trustworthy AI" + fi + + after=$(collection_count "$col") + log "Collection $col: $before → $after chunks" +} + # ============================================================================= # PHASE F: Verifizierung # ============================================================================= @@ -809,6 +951,36 @@ try: for r in results[:3]: print(f' [{r.get(\"score\",0):.3f}] {r.get(\"regulation_code\",\"?\")} - {r.get(\"content\",\"\")[:80]}...') except: print(' (parse error)') +" 2>/dev/null || echo " (search failed)" + + log "Suche: 'Widerrufsbelehrung Fernabsatz' in bp_compliance_gesetze" + curl $CURL_OPTS -X POST "https://localhost:8097/api/v1/search" \ + -H 'Content-Type: application/json' \ + -d '{"query":"Widerrufsbelehrung Fernabsatz Widerrufsfrist","regulation_codes":null,"limit":3,"min_score":0.5}' 2>/dev/null \ + | python3 -c " +import sys,json +try: + data = json.load(sys.stdin) + results = data.get('results', []) + print(f' Treffer: {len(results)}') + for r in results[:3]: + print(f' [{r.get(\"score\",0):.3f}] {r.get(\"regulation_code\",\"?\")} - {r.get(\"content\",\"\")[:80]}...') +except: print(' (parse error)') +" 2>/dev/null || echo " (search failed)" + + log "Suche: 'AI Act Hochrisiko Konformitaet' in bp_compliance_ce" + curl $CURL_OPTS -X POST "https://localhost:8097/api/v1/search" \ + -H 'Content-Type: application/json' \ + -d '{"query":"AI Act Hochrisiko Konformitaetsbewertung","regulation_codes":null,"limit":3,"min_score":0.5}' 2>/dev/null \ + | python3 -c " +import sys,json +try: + data = json.load(sys.stdin) + results = data.get('results', []) + print(f' Treffer: {len(results)}') + for r in results[:3]: + print(f' [{r.get(\"score\",0):.3f}] {r.get(\"regulation_code\",\"?\")} - {r.get(\"content\",\"\")[:80]}...') +except: print(' (parse error)') " 2>/dev/null || echo " (search failed)" log "Suche: 'Privacy Policy Template GDPR' in bp_legal_templates" @@ -925,9 +1097,10 @@ main() { gesetze) phase_gesetze ;; eu) phase_eu ;; templates) phase_templates ;; - datenschutz) phase_datenschutz ;; - verify) phase_verify ;; - version) phase_register_version ;; + datenschutz) phase_datenschutz ;; + verbraucherschutz) phase_verbraucherschutz ;; + verify) phase_verify ;; + version) phase_register_version ;; *) fail "Unknown phase: $ONLY_PHASE"; exit 1 ;; esac else @@ -945,6 +1118,8 @@ main() { echo "" phase_datenschutz echo "" + phase_verbraucherschutz + echo "" phase_verify echo "" phase_register_version diff --git a/scripts/rag-sources.md b/scripts/rag-sources.md new file mode 100644 index 0000000..8870b8c --- /dev/null +++ b/scripts/rag-sources.md @@ -0,0 +1,77 @@ +# RAG-Quellennachweis — BreakPilot Compliance + +Stand: 2026-03-11 + +## Collection: bp_compliance_gesetze + +| # | Dokument | Quelle | Lizenz | +|---|----------|--------|--------| +| 1 | DDG § 5 (Impressum) | gesetze-im-internet.de | Public Domain (§ 5 UrhG) | +| 2 | TDDDG § 25 (Cookies) | gesetze-im-internet.de | Public Domain (§ 5 UrhG) | +| 3 | UrhG § 5 (Amtliche Werke) | gesetze-im-internet.de | Public Domain (§ 5 UrhG) | +| 4 | EGBGB Muster-Widerrufsbelehrung | gesetze-im-internet.de | Public Domain (§ 5 UrhG) | +| 5 | BGB (komplett) | github.com/bundestag/gesetze | Unlicense | +| 6 | UrhG (komplett) | github.com/bundestag/gesetze | Unlicense | +| 7 | TMG (komplett) | github.com/bundestag/gesetze | Unlicense | +| 8 | PAngV (Preisangabenverordnung) | gesetze-im-internet.de | Public Domain (§ 5 UrhG) | +| 9 | VSBG (Verbraucherstreitbeilegungsgesetz) | gesetze-im-internet.de | Public Domain (§ 5 UrhG) | +| 10 | ProdHaftG (Produkthaftungsgesetz) | gesetze-im-internet.de | Public Domain (§ 5 UrhG) | +| 11 | VerpackG (Verpackungsgesetz) | gesetze-im-internet.de | Public Domain (§ 5 UrhG) | +| 12 | ElektroG (WEEE) | gesetze-im-internet.de | Public Domain (§ 5 UrhG) | +| 13 | BattDG (Batterierecht) | gesetze-im-internet.de | Public Domain (§ 5 UrhG) | +| 14 | BFSG (Barrierefreiheit) | gesetze-im-internet.de | Public Domain (§ 5 UrhG) | +| 15 | UWG (Unlauterer Wettbewerb) | gesetze-im-internet.de | Public Domain (§ 5 UrhG) | +| 16 | BGB (Fernabsatz/Digitale Inhalte/Kaufrecht) | gesetze-im-internet.de | Public Domain (§ 5 UrhG) | +| 17 | EGBGB (Muster-Widerrufsbelehrung Anlage 1+2) | gesetze-im-internet.de | Public Domain (§ 5 UrhG) | + +## Collection: bp_compliance_ce + +| # | Dokument | Quelle | Lizenz | +|---|----------|--------|--------| +| 1 | Digital Services Act (EU) 2022/2065 | eur-lex.europa.eu | CC BY 4.0 | +| 2 | ePrivacy-Richtlinie 2002/58/EC | eur-lex.europa.eu | CC BY 4.0 | +| 3 | Standardvertragsklauseln (EU) 2021/914 | eur-lex.europa.eu | CC BY 4.0 | +| 4 | GPSR (EU) 2023/988 | eur-lex.europa.eu | CC BY 4.0 | +| 5 | AI Act (EU) 2024/1689 | eur-lex.europa.eu | CC BY 4.0 | +| 6 | Batterieverordnung (EU) 2023/1542 | eur-lex.europa.eu | CC BY 4.0 | +| 7 | Digitale-Inhalte-RL (EU) 2019/770 | eur-lex.europa.eu | CC BY 4.0 | + +## Collection: bp_legal_templates + +| # | Dokument | Quelle | Lizenz | +|---|----------|--------|--------| +| 1 | GitHub Site Policy | github.com/github/site-policy | CC0 | +| 2 | OpenGov Site Policy | github.com/opengovfoundation/site-policy | CC0 | +| 3 | CC Legal Tools | github.com/creativecommons/cc-legal-tools-data | CC0 | +| 4 | opr.vc DSGVO-Mustertexte | github.com/oprvc/oprvc.github.io | CC0 | +| 5 | webflorist Privacy Policy Text | github.com/webflorist/privacy-policy-text | MIT | +| 6 | Tempest Privacy Policy Generator | github.com/Tempest-Solutions-Company | MIT | +| 7 | Tempest Terms of Service Generator | github.com/Tempest-Solutions-Company | MIT | +| 8 | Tempest Cookie Banner | github.com/Tempest-Solutions-Company | MIT | +| 9 | CookieConsent (orestbida) | github.com/orestbida/cookieconsent | MIT | +| 10 | CommonPaper CSA/SLA/PSA | github.com/CommonPaper | CC BY 4.0 | +| 11 | Datennutzungsklauseln | gitlab.opencode.de/wernerth | CC BY 4.0 | + +## Collection: bp_compliance_datenschutz + +| # | Dokument | Quelle | Lizenz | +|---|----------|--------|--------| +| 1 | EDPB Guidelines 05/2020 Consent | edpb.europa.eu | Reuse Notice | +| 2 | EDPB Guidelines 4/2019 Privacy by Design | edpb.europa.eu | Reuse Notice | +| 3 | EDPB Guidelines 03/2022 Dark Patterns | edpb.europa.eu | Reuse Notice | +| 4 | EDPB Guidelines 8/2020 Social Media Targeting | edpb.europa.eu | Reuse Notice | +| 5 | EDPB Cookie Banner Taskforce Report 2023 | edpb.europa.eu | Reuse Notice | +| 6 | EDPB Guidelines 2/2023 ePrivacy Art. 5(3) | edpb.europa.eu | Reuse Notice | +| 7 | EDPB Guidelines 1/2024 Legitimate Interest | edpb.europa.eu | Reuse Notice | +| 8 | EDPB DPO Enforcement Report 2024 | edpb.europa.eu | Reuse Notice | +| 9 | EDPS GenAI Orientations 2024 | edps.europa.eu | Reuse Notice | +| 10 | EDPS Digital Ethics Report 2018 | edps.europa.eu | Reuse Notice | +| 11 | HLEG Ethics Guidelines Trustworthy AI | op.europa.eu | CC BY 4.0 | + +## Lizenz-Hinweise + +- **Public Domain (§ 5 UrhG):** Deutsche amtliche Werke (Gesetze, Verordnungen) sind gemeinfrei. +- **CC BY 4.0:** EU-Rechtstexte und EU-Publikationen. Attribution: "European Union, https://eur-lex.europa.eu" +- **CC0:** Public-Domain-Widmung, keine Einschraenkungen. +- **MIT:** Permissive Open-Source-Lizenz, kommerzielle Nutzung erlaubt. +- **Reuse Notice:** EDPB/EDPS-Dokumente duerfen unter Quellenangabe wiederverwendet werden.