import { DisplayRequirement } from './_types'

// Fallback templates (used when backend is unavailable)
export const requirementTemplates: Omit<DisplayRequirement, 'displayStatus' | 'controlsLinked' | 'evidenceCount'>[] = [
  {
    id: 'req-gdpr-6',
    regulation: 'DSGVO',
    article: 'Art. 6',
    code: 'GDPR-6.1',
    title: 'Rechtmaessigkeit der Verarbeitung',
    description: 'Personenbezogene Daten duerfen nur verarbeitet werden, wenn eine Rechtsgrundlage vorliegt.',
    source: 'DSGVO Art. 6',
    category: 'Rechtmaessigkeit',
    priority: 'critical',
    criticality: 'CRITICAL',
    applicableModules: ['mod-gdpr'],
    status: 'NOT_STARTED',
    controls: [],
  },
  {
    id: 'req-gdpr-13',
    regulation: 'DSGVO',
    article: 'Art. 13/14',
    code: 'GDPR-13',
    title: 'Informationspflichten',
    description: 'Betroffene Personen muessen ueber die Datenverarbeitung informiert werden.',
    source: 'DSGVO Art. 13/14',
    category: 'Transparenz',
    priority: 'high',
    criticality: 'HIGH',
    applicableModules: ['mod-gdpr'],
    status: 'NOT_STARTED',
    controls: [],
  },
  {
    id: 'req-ai-act-9',
    regulation: 'AI Act',
    article: 'Art. 9',
    code: 'AI-ACT-9',
    title: 'Risikomanagementsystem',
    description: 'Hochrisiko-KI-Systeme erfordern ein Risikomanagementsystem.',
    source: 'AI Act Art. 9',
    category: 'KI-Governance',
    priority: 'high',
    criticality: 'HIGH',
    applicableModules: ['mod-ai-act'],
    status: 'NOT_STARTED',
    controls: [],
  },
  {
    id: 'req-gdpr-32',
    regulation: 'DSGVO',
    article: 'Art. 32',
    code: 'GDPR-32',
    title: 'Sicherheit der Verarbeitung',
    description: 'Geeignete technische und organisatorische Massnahmen zur Datensicherheit.',
    source: 'DSGVO Art. 32',
    category: 'Sicherheit',
    priority: 'critical',
    criticality: 'CRITICAL',
    applicableModules: ['mod-gdpr', 'mod-iso27001'],
    status: 'NOT_STARTED',
    controls: [],
  },
  {
    id: 'req-gdpr-35',
    regulation: 'DSGVO',
    article: 'Art. 35',
    code: 'GDPR-35',
    title: 'Datenschutz-Folgenabschaetzung',
    description: 'Bei hohem Risiko ist eine DSFA durchzufuehren.',
    source: 'DSGVO Art. 35',
    category: 'Risikobewertung',
    priority: 'high',
    criticality: 'HIGH',
    applicableModules: ['mod-gdpr'],
    status: 'NOT_STARTED',
    controls: [],
  },
  {
    id: 'req-ai-act-13',
    regulation: 'AI Act',
    article: 'Art. 13',
    code: 'AI-ACT-13',
    title: 'Transparenzanforderungen',
    description: 'KI-Systeme muessen fuer Nutzer nachvollziehbar und transparent sein.',
    source: 'AI Act Art. 13',
    category: 'Transparenz',
    priority: 'high',
    criticality: 'HIGH',
    applicableModules: ['mod-ai-act'],
    status: 'NOT_STARTED',
    controls: [],
  },
  {
    id: 'req-nis2-21',
    regulation: 'NIS2',
    article: 'Art. 21',
    code: 'NIS2-21',
    title: 'Risikomanagementmassnahmen',
    description: 'Wesentliche und wichtige Einrichtungen muessen Cybersicherheitsmassnahmen implementieren.',
    source: 'NIS2 Art. 21',
    category: 'Cybersicherheit',
    priority: 'high',
    criticality: 'HIGH',
    applicableModules: ['mod-nis2'],
    status: 'NOT_STARTED',
    controls: [],
  },
]