How it works

How it works.

A short walk through the methodology, the primary legal sources we rely on, the update cadence, and where humans review the output before it reaches a customer.

01 · Methodology

Two passes, with humans reviewing the second.

Each scan runs in two passes. The first pass is deterministic. We parse your code, read your dependency manifests, and check your product surfaces for specific patterns: a cookie banner that sets non-essential cookies before consent, a checkout button without the required wording, a missing cancellation flow. The output is a list of factual observations about what the code does.

The second pass uses a language model, but in a narrow way. For each structured requirement, we pass a small set of relevant code snippets and ask a single question with a fixed answer space (yes, no, or insufficient context). The model works against the testable form of the requirement and returns a finding only when it can cite the article and paragraph it relates to.

Every finding has a confidence score. High confidence comes from a deterministic match and goes straight to the board. Medium confidence is reviewed by an analyst on our team before delivery. Low confidence is held back and only released after a human upgrades or discards it.

High confidence

Deterministic match against a structured requirement. Auto-published to the board.

Medium confidence

AI-assisted reasoning with a clear primary source. Reviewed by an analyst before delivery.

Low confidence

Ambiguous signal or insufficient context. Held back until verified or discarded.

02 · Sources

Primary legal sources. Browsable. Public.

Every regulation we track is listed here with a link to the primary source: EUR-Lex, the national gazette, or the official government publication. Not blog posts. Not LLM training data. Not secondary summaries.

This list is fully public. If you're evaluating us, copy it, send it to your counsel, and verify any entry directly at the source.

62 of 62

Regulation	Market	Domain	Primary source	Last reviewed	Status
General Data Protection Regulation GDPR	EU	Data & privacy	EUR-Lex 32016R0679	2026-05-12	Enacted
ePrivacy Directive 2002/58/EC	EU	Telecom & ePrivacy	EUR-Lex 32002L0058	2026-04-30	Enacted
Digital Services Act DSA	EU	Platforms & content	EUR-Lex 32022R2065	2026-05-19	Enacted
Digital Markets Act DMA	EU	Platforms & content	EUR-Lex 32022R1925	2026-05-19	Enacted
AI Act Regulation (EU) 2024/1689	EU	AI & algorithms	EUR-Lex 32024R1689	2026-05-20	In force, phased
Data Act Regulation (EU) 2023/2854	EU	Data & privacy	EUR-Lex 32023R2854	2026-04-22	Enacted
Data Governance Act DGA	EU	Data & privacy	EUR-Lex 32022R0868	2026-03-11	Enacted
NIS2 Directive 2022/2555	EU	Data & privacy	EUR-Lex 32022L2555	2026-04-08	Enacted
Cyber Resilience Act CRA	EU	Product safety	EUR-Lex 32024R2847	2026-05-02	In force, phased
Consumer Rights Directive CRD 2011/83/EU	EU	Consumer protection	EUR-Lex 32011L0083	2026-02-26	Enacted
Unfair Commercial Practices Directive UCPD	EU	Consumer protection	EUR-Lex 32005L0029	2026-02-26	Enacted
Omnibus Directive 2019/2161	EU	Consumer protection	EUR-Lex 32019L2161	2026-02-26	Enacted
Sale of Goods Directive 2019/771	EU	Consumer protection	EUR-Lex 32019L0771	2026-01-30	Enacted
Digital Content Directive 2019/770	EU	Consumer protection	EUR-Lex 32019L0770	2026-01-30	Enacted
Geo-blocking Regulation 2018/302	EU	Consumer protection	EUR-Lex 32018R0302	2026-02-04	Enacted
European Accessibility Act EAA 2019/882	EU	Accessibility	EUR-Lex 32019L0882	2026-05-06	In force, phased
Web Accessibility Directive 2016/2102	EU	Accessibility	EUR-Lex 32016L2102	2026-03-18	Enacted
PSD2 Payment Services Directive	EU	Payments & finance	EUR-Lex 32015L2366	2026-04-15	Enacted
PSR / PSD3 (proposal)	EU	Payments & finance	EUR-Lex COM/2023/367	2026-05-09	In draft
MiCA Markets in Crypto-Assets	EU	Payments & finance	EUR-Lex 32023R1114	2026-04-15	Enacted
DORA Digital Operational Resilience Act	EU	Payments & finance	EUR-Lex 32022R2554	2026-03-25	Enacted
eIDAS 2 Regulation (EU) 2024/1183	EU	Data & privacy	EUR-Lex 32024R1183	2026-04-02	In force, phased
GPSR General Product Safety Regulation 2023/988	EU	Product safety	EUR-Lex 32023R0988	2026-04-29	Enacted
CLP Regulation 1272/2008	EU	Product safety	EUR-Lex 32008R1272	2026-01-22	Enacted
REACH Regulation 1907/2006	EU	Product safety	EUR-Lex 32006R1907	2026-01-22	Enacted
VAT Directive 2006/112/EC	EU	Tax & invoicing	EUR-Lex 32006L0112	2026-03-04	Enacted
ViDA package VAT in the Digital Age	EU	Tax & invoicing	EUR-Lex COM/2022/701	2026-05-15	In draft
CSRD Corporate Sustainability Reporting Directive	EU	Sustainability	EUR-Lex 32022L2464	2026-03-12	Enacted
Green Claims Directive (proposal)	EU	Sustainability	EUR-Lex COM/2023/166	2026-05-09	In draft
Empowering Consumers for the Green Transition Directive (EU) 2024/825	EU	Sustainability	EUR-Lex 32024L0825	2026-04-21	Enacted
Right to Repair Directive 2024/1799	EU	Sustainability	EUR-Lex 32024L1799	2026-04-21	Enacted
Buttonlösung § 312j BGB	Germany	Consumer protection	Gesetze im Internet · BGB § 312j	2026-05-14	Enacted
Kündigungsbutton § 312k BGB	Germany	Consumer protection	Gesetze im Internet · BGB § 312k	2026-05-14	Enacted
Telekommunikation-Telemedien-Datenschutz-Gesetz TTDSG / TDDDG	Germany	Telecom & ePrivacy	Bundesgesetzblatt · TTDSG	2026-03-28	Enacted
Bundesdatenschutzgesetz BDSG	Germany	Data & privacy	Gesetze im Internet · BDSG	2026-03-28	Enacted
Verpackungsgesetz VerpackG	Germany	Sustainability	Gesetze im Internet · VerpackG	2026-02-12	Enacted
Loi Hamon Loi n° 2014-344	France	Consumer protection	Légifrance · Loi 2014-344	2026-04-10	Enacted
Loi Informatique et Libertés	France	Data & privacy	Légifrance · Loi 78-17	2026-03-30	Enacted
Loi AGEC anti-gaspillage	France	Sustainability	Légifrance · Loi 2020-105	2026-02-18	Enacted
Loi REEN Réduction empreinte env. du numérique	France	Sustainability	Légifrance · Loi 2021-1485	2026-02-18	Enacted
Loi SREN Sécuriser et réguler l'espace numérique	France	Platforms & content	Légifrance · Loi 2024-449	2026-05-07	Enacted
E-invoicing reform (Factur-X)	France	Tax & invoicing	impots.gouv.fr · facturation électronique	2026-05-15	In force, phased
Codice del Consumo D.Lgs. 206/2005	Italy	Consumer protection	Gazzetta Ufficiale · D.Lgs. 206/2005	2026-03-05	Enacted
Codice Privacy D.Lgs. 196/2003	Italy	Data & privacy	Garante Privacy · Codice	2026-03-05	Enacted
Fatturazione elettronica (SDI)	Italy	Tax & invoicing	Agenzia delle Entrate · SDI	2026-04-18	Enacted
LSSI-CE Ley 34/2002	Spain	Telecom & ePrivacy	BOE · Ley 34/2002	2026-03-12	Enacted
LOPDGDD LO 3/2018	Spain	Data & privacy	BOE · LO 3/2018	2026-03-12	Enacted
Ley General para la Defensa de Consumidores RDL 1/2007	Spain	Consumer protection	BOE · RDL 1/2007	2026-03-12	Enacted
Ley Crea y Crece (e-invoicing B2B) Ley 18/2022	Spain	Tax & invoicing	BOE · Ley 18/2022	2026-05-05	In force, phased
Uitvoeringswet AVG UAVG	Netherlands	Data & privacy	Overheid.nl · UAVG	2026-02-20	Enacted
Telecommunicatiewet (cookie rules)	Netherlands	Telecom & ePrivacy	Overheid.nl · Telecommunicatiewet	2026-02-20	Enacted
Code de droit économique – Livre VI	Belgium	Consumer protection	Moniteur belge · CDE	2026-02-08	Enacted
Marknadsföringslagen SFS 2008:486	Sweden	Consumer protection	Riksdagen · SFS 2008:486	2026-02-15	Enacted
Markedsføringsloven	Denmark	Consumer protection	Retsinformation · LBK 866/2019	2026-02-15	Enacted
Markkinointioikeus Kuluttajansuojalaki	Finland	Consumer protection	Finlex · 38/1978	2026-02-15	Enacted
UK GDPR + Data Protection Act 2018	United Kingdom	Data & privacy	legislation.gov.uk · DPA 2018	2026-04-02	Enacted
PECR Privacy and Electronic Communications Regulations	United Kingdom	Telecom & ePrivacy	legislation.gov.uk · PECR 2003	2026-04-02	Enacted
Online Safety Act 2023	United Kingdom	Platforms & content	legislation.gov.uk · OSA 2023	2026-05-08	In force, phased
Digital Markets, Competition and Consumers Act 2024 DMCCA	United Kingdom	Consumer protection	legislation.gov.uk · DMCCA 2024	2026-05-08	In force, phased
Data Protection Act 2018	Ireland	Data & privacy	Irish Statute Book · DPA 2018	2026-03-19	Enacted
revFADP / nFADP Federal Act on Data Protection	Switzerland	Data & privacy	Fedlex · SR 235.1	2026-03-25	Enacted
Personopplysningsloven	Norway	Data & privacy	Lovdata · LOV-2018-06-15-38	2026-02-28	Enacted

Coverage grows weekly. Missing a regulation that matters to you? Tell us and we'll prioritize it.

03 · Update cadence

Daily monitoring. Weekly review. Monthly horizon scan.

Daily. Automated polling of regulatory databases and gazettes for new publications, amendments, and implementing acts. Diffs are queued for analyst triage within the same day.

Weekly. Our team reviews every diff, classifies the change, updates affected structured requirements, and re-evaluates rules that depend on them.

Monthly. A deep review of upcoming regulations, trilogues, draft acts, and regulator guidance. This is what feeds the 12-month forward-looking horizon you see on the board.

When something changes, customers on monitoring plans get a notification with the specific impact on their product, not a generic "the regulation moved" email.

EUR-Lex

EU primary law

Légifrance

France

Bundesgesetzblatt

Germany

Gazzetta Ufficiale

Italy

BOE

Spain

Overheid.nl

Netherlands

legislation.gov.uk

United Kingdom

Lovdata · Fedlex

Norway · Switzerland

04 · Structured requirements

From legal prose to testable rules.

We decompose every regulation into machine-readable requirements with a clear pass/fail condition. That is what the scanner evaluates. Not the prose. Not a summary.

Here is what that looks like for one well-known example: the German Buttonlösung (§ 312j BGB), which requires that any button on a paid order page makes the payment obligation unambiguous to the user.

Source · § 312j BGB

"Die Schaltfläche muss gut lesbar mit nichts anderem als den Wörtern 'zahlungspflichtig bestellen'oder mit einer entsprechenden eindeutigen Formulierung beschriftet sein."

The button must be legibly labeled with nothing other than "order with obligation to pay" or an equivalent, unambiguous formulation.

Structured requirement

id: DE-BGB-312j-3
market: DE
source: gesetze-im-internet.de/bgb/__312j.html
appliesTo: checkout.submitButton
test:
  buttonLabel:
    matches:
      - "zahlungspflichtig bestellen"
      - "kostenpflichtig bestellen"
      - "kaufen"
    rejects:
      - "weiter"
      - "bestellen"
      - "jetzt anmelden"
severity: high

Failing example

<button type="submit" onClick={pay}>
  Weiter
</button>

Label is ambiguous about the payment obligation. Scanner flags as high.

Passing example

<button type="submit" onClick={pay}>
  Zahlungspflichtig bestellen
</button>

Label matches the statutory phrasing. Scanner passes the check and records the source line.

05 · Accuracy & feedback

We track our false positives. Out loud.

We are in early audits. The dataset is not yet big enough for a number we'd be comfortable publishing, and we'd rather say that than invent one. We will publish the aggregate false positive rate on this page the moment it becomes statistically meaningful.

Every disputed finding is reviewed by an analyst. If the dispute is right, the rule is refined, the structured requirement is updated, and the change ships into the next scan for every customer. The product gets sharper with every audit.

You can dispute a finding directly from the board. We respond within one business day with a verdict and, if we changed the rule, a diff of what changed and why.

06 · What we don't do

We are not a law firm.

We do not give legal opinions. We do not guarantee compliance. We do not replace your lawyer, your DPO, or your local counsel.

We surface engineering-actionable findings traceable to primary legal sources, so your team can ship a product that stands a fair chance of passing the audit your lawyer eventually runs.

For formal legal opinions, retain qualified counsel in the jurisdiction. We can recommend several we trust.

Get your free score →About us