5a31f52310
Services: Admin-Lehrer, Backend-Lehrer, Studio v2, Website, Klausur-Service, School-Service, Voice-Service, Geo-Service, BreakPilot Drive, Agent-Core Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
221 lines
9.2 KiB
TypeScript
221 lines
9.2 KiB
TypeScript
/**
|
|
* Compliance Regulations API Route - Proxy to Backend
|
|
*
|
|
* Returns all 21 regulations with source URLs to original documents
|
|
* Includes: GDPR, ePrivacy, TDDDG, SCC, DPF, AI Act, CRA, NIS2, EU CSA,
|
|
* Data Act, DGA, DSA, EAA, DSM, PLD, GPSR, BSI-TR-03161 (1-3), BSI C5, DORA
|
|
*/
|
|
|
|
import { NextRequest, NextResponse } from 'next/server'
|
|
|
|
const BACKEND_URL = process.env.BACKEND_URL || 'http://localhost:8000'
|
|
|
|
export async function GET(request: NextRequest) {
|
|
try {
|
|
const response = await fetch(`${BACKEND_URL}/api/v1/compliance/regulations`, {
|
|
method: 'GET',
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
},
|
|
signal: AbortSignal.timeout(30000)
|
|
})
|
|
|
|
if (!response.ok) {
|
|
// If backend doesn't have this endpoint yet, return seed data
|
|
if (response.status === 404) {
|
|
return NextResponse.json({
|
|
regulations: getStaticRegulations()
|
|
})
|
|
}
|
|
const errorText = await response.text()
|
|
return NextResponse.json(
|
|
{ error: `Backend Error: ${response.status}`, details: errorText },
|
|
{ status: response.status }
|
|
)
|
|
}
|
|
|
|
const data = await response.json()
|
|
return NextResponse.json(data)
|
|
} catch (error) {
|
|
console.error('Regulations proxy error:', error)
|
|
// Return static data as fallback
|
|
return NextResponse.json({
|
|
regulations: getStaticRegulations()
|
|
})
|
|
}
|
|
}
|
|
|
|
// Static seed data with source URLs - matches regulations.py
|
|
function getStaticRegulations() {
|
|
return [
|
|
{
|
|
id: '1', code: 'GDPR', name: 'DSGVO',
|
|
full_name: 'Verordnung (EU) 2016/679 - Datenschutz-Grundverordnung',
|
|
regulation_type: 'eu_regulation',
|
|
source_url: 'https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng',
|
|
description: 'Grundverordnung zum Schutz natuerlicher Personen bei der Verarbeitung personenbezogener Daten.',
|
|
is_active: true, requirement_count: 99,
|
|
},
|
|
{
|
|
id: '2', code: 'EPRIVACY', name: 'ePrivacy-Richtlinie',
|
|
full_name: 'Richtlinie 2002/58/EG',
|
|
regulation_type: 'eu_directive',
|
|
source_url: 'https://eur-lex.europa.eu/eli/dir/2002/58/oj/eng',
|
|
description: 'Datenschutz in der elektronischen Kommunikation, Cookies und Tracking.',
|
|
is_active: true, requirement_count: 25,
|
|
},
|
|
{
|
|
id: '3', code: 'TDDDG', name: 'TDDDG',
|
|
full_name: 'Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz',
|
|
regulation_type: 'de_law',
|
|
source_url: 'https://www.gesetze-im-internet.de/ttdsg/',
|
|
description: 'Deutsche Umsetzung der ePrivacy-Richtlinie.',
|
|
is_active: true, requirement_count: 15,
|
|
},
|
|
{
|
|
id: '4', code: 'SCC', name: 'Standardvertragsklauseln',
|
|
full_name: 'Durchfuehrungsbeschluss (EU) 2021/914',
|
|
regulation_type: 'eu_regulation',
|
|
source_url: 'https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj/eng',
|
|
description: 'Standardvertragsklauseln fuer Drittlandtransfers.',
|
|
is_active: true, requirement_count: 18,
|
|
},
|
|
{
|
|
id: '5', code: 'DPF', name: 'EU-US Data Privacy Framework',
|
|
full_name: 'Durchfuehrungsbeschluss (EU) 2023/1795',
|
|
regulation_type: 'eu_regulation',
|
|
source_url: 'https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj',
|
|
description: 'Angemessenheitsbeschluss fuer USA-Transfers.',
|
|
is_active: true, requirement_count: 12,
|
|
},
|
|
{
|
|
id: '6', code: 'AIACT', name: 'EU AI Act',
|
|
full_name: 'Verordnung (EU) 2024/1689 - KI-Verordnung',
|
|
regulation_type: 'eu_regulation',
|
|
source_url: 'https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng',
|
|
description: 'EU-Verordnung zur Regulierung von KI-Systemen nach Risikostufen.',
|
|
is_active: true, requirement_count: 85,
|
|
},
|
|
{
|
|
id: '7', code: 'CRA', name: 'Cyber Resilience Act',
|
|
full_name: 'Verordnung (EU) 2024/2847',
|
|
regulation_type: 'eu_regulation',
|
|
source_url: 'https://eur-lex.europa.eu/eli/reg/2024/2847/oj/eng',
|
|
description: 'Cybersicherheitsanforderungen, SBOM-Pflicht.',
|
|
is_active: true, requirement_count: 45,
|
|
},
|
|
{
|
|
id: '8', code: 'NIS2', name: 'NIS2-Richtlinie',
|
|
full_name: 'Richtlinie (EU) 2022/2555',
|
|
regulation_type: 'eu_directive',
|
|
source_url: 'https://eur-lex.europa.eu/eli/dir/2022/2555/oj/eng',
|
|
description: 'Cybersicherheit fuer wesentliche Einrichtungen.',
|
|
is_active: true, requirement_count: 46,
|
|
},
|
|
{
|
|
id: '9', code: 'EUCSA', name: 'EU Cybersecurity Act',
|
|
full_name: 'Verordnung (EU) 2019/881',
|
|
regulation_type: 'eu_regulation',
|
|
source_url: 'https://eur-lex.europa.eu/eli/reg/2019/881/oj/eng',
|
|
description: 'ENISA und Cybersicherheitszertifizierung.',
|
|
is_active: true, requirement_count: 35,
|
|
},
|
|
{
|
|
id: '10', code: 'DATAACT', name: 'Data Act',
|
|
full_name: 'Verordnung (EU) 2023/2854',
|
|
regulation_type: 'eu_regulation',
|
|
source_url: 'https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng',
|
|
description: 'Fairer Datenzugang, IoT-Daten, Cloud-Wechsel.',
|
|
is_active: true, requirement_count: 42,
|
|
},
|
|
{
|
|
id: '11', code: 'DGA', name: 'Data Governance Act',
|
|
full_name: 'Verordnung (EU) 2022/868',
|
|
regulation_type: 'eu_regulation',
|
|
source_url: 'https://eur-lex.europa.eu/eli/reg/2022/868/oj/eng',
|
|
description: 'Weiterverwendung oeffentlicher Daten.',
|
|
is_active: true, requirement_count: 35,
|
|
},
|
|
{
|
|
id: '12', code: 'DSA', name: 'Digital Services Act',
|
|
full_name: 'Verordnung (EU) 2022/2065',
|
|
regulation_type: 'eu_regulation',
|
|
source_url: 'https://eur-lex.europa.eu/eli/reg/2022/2065/oj/eng',
|
|
description: 'Digitale Dienste, Transparenzpflichten.',
|
|
is_active: true, requirement_count: 93,
|
|
},
|
|
{
|
|
id: '13', code: 'EAA', name: 'European Accessibility Act',
|
|
full_name: 'Richtlinie (EU) 2019/882',
|
|
regulation_type: 'eu_directive',
|
|
source_url: 'https://eur-lex.europa.eu/eli/dir/2019/882/oj/eng',
|
|
description: 'Barrierefreiheit digitaler Produkte.',
|
|
is_active: true, requirement_count: 25,
|
|
},
|
|
{
|
|
id: '14', code: 'DSM', name: 'DSM-Urheberrechtsrichtlinie',
|
|
full_name: 'Richtlinie (EU) 2019/790',
|
|
regulation_type: 'eu_directive',
|
|
source_url: 'https://eur-lex.europa.eu/eli/dir/2019/790/oj/eng',
|
|
description: 'Urheberrecht, Text- und Data-Mining.',
|
|
is_active: true, requirement_count: 22,
|
|
},
|
|
{
|
|
id: '15', code: 'PLD', name: 'Produkthaftungsrichtlinie',
|
|
full_name: 'Richtlinie (EU) 2024/2853',
|
|
regulation_type: 'eu_directive',
|
|
source_url: 'https://eur-lex.europa.eu/eli/dir/2024/2853/oj/eng',
|
|
description: 'Produkthaftung inkl. Software und KI.',
|
|
is_active: true, requirement_count: 18,
|
|
},
|
|
{
|
|
id: '16', code: 'GPSR', name: 'General Product Safety',
|
|
full_name: 'Verordnung (EU) 2023/988',
|
|
regulation_type: 'eu_regulation',
|
|
source_url: 'https://eur-lex.europa.eu/eli/reg/2023/988/oj/eng',
|
|
description: 'Allgemeine Produktsicherheit.',
|
|
is_active: true, requirement_count: 30,
|
|
},
|
|
{
|
|
id: '17', code: 'BSI-TR-03161-1', name: 'BSI-TR-03161 Teil 1',
|
|
full_name: 'BSI Technische Richtlinie - Allgemeine Anforderungen',
|
|
regulation_type: 'bsi_standard',
|
|
source_url: 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03161/BSI-TR-03161-1.html',
|
|
description: 'Allgemeine Sicherheitsanforderungen (45 Pruefaspekte).',
|
|
is_active: true, requirement_count: 45,
|
|
},
|
|
{
|
|
id: '18', code: 'BSI-TR-03161-2', name: 'BSI-TR-03161 Teil 2',
|
|
full_name: 'BSI Technische Richtlinie - Web-Anwendungen',
|
|
regulation_type: 'bsi_standard',
|
|
source_url: 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03161/BSI-TR-03161-2.html',
|
|
description: 'Web-Sicherheit (40 Pruefaspekte).',
|
|
is_active: true, requirement_count: 40,
|
|
},
|
|
{
|
|
id: '19', code: 'BSI-TR-03161-3', name: 'BSI-TR-03161 Teil 3',
|
|
full_name: 'BSI Technische Richtlinie - Hintergrundsysteme',
|
|
regulation_type: 'bsi_standard',
|
|
source_url: 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03161/BSI-TR-03161-3.html',
|
|
description: 'Backend-Sicherheit (35 Pruefaspekte).',
|
|
is_active: true, requirement_count: 35,
|
|
},
|
|
{
|
|
id: '20', code: 'BSI-C5', name: 'BSI C5',
|
|
full_name: 'Cloud Computing Compliance Criteria Catalogue',
|
|
regulation_type: 'bsi_standard',
|
|
source_url: 'https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/kriterienkatalog-c5_node.html',
|
|
description: 'Deutscher Cloud-Sicherheitsstandard mit 121 Kriterien in 17 Bereichen (OIS, SP, HR, AM, PS, OPS, COS, IDM, CRY, SIM, BCM, COM, SA, SUA, PI).',
|
|
is_active: true, requirement_count: 121,
|
|
},
|
|
{
|
|
id: '21', code: 'DORA', name: 'DORA',
|
|
full_name: 'Verordnung (EU) 2022/2554 - Digital Operational Resilience Act',
|
|
regulation_type: 'eu_regulation',
|
|
source_url: 'https://eur-lex.europa.eu/eli/reg/2022/2554/oj/deu',
|
|
description: 'EU-Verordnung fuer digitale operationale Resilienz im Finanzsektor. IKT-Risikomanagement, Incident-Reporting, Resilienztests, Drittparteienrisiko.',
|
|
is_active: true, requirement_count: 64,
|
|
},
|
|
]
|
|
}
|