# CompliancePulse

> Global regulatory intelligence API. 8 endpoints: data privacy law (145+ jurisdictions), KYC/AML requirements, corporate compliance and UBO, employment law and contractor classification, industry-specific regulation (FinTech/crypto/AI/healthcare), cybersecurity mandates (NIS2/DORA/ISO27001/SOC2), ESG reporting (CSRD/ISSB/SEC climate), and regulatory enforcement news. Pay-per-query via x402 on Base.

A single missed GDPR breach notification costs up to €20M or 4% of global turnover. A misclassified contractor in Brazil triggers 3 years of back-taxes. CompliancePulse delivers the intelligence to navigate 145+ privacy laws, 300+ KYC regimes, and the EU's landmark AI Act, NIS2, DORA, and CSRD.

## Payment

All endpoints require x402 micropayment (USDC on Base mainnet).
Protocol: x402 | Network: eip155:8453 | Asset: USDC
Payment address: 0x50ab2018c06c6E4eAA9BA52057Eb55eD284912fc

## Endpoints

GET /api/comply/privacy?country={country}
- Data privacy law intelligence for any jurisdiction
- Returns: jurisdiction (law name/regulator/adequacy), scope (territorial/extraterritorial), key_obligations (lawful basis/consent/notices/minimisation), data_subject_rights (access/erasure/portability/timeframe), sensitive_data categories, dpo_requirement (threshold/registration), breach_notification (hours to authority/individual threshold), cross_border_transfers (mechanisms/adequacy list/SCCs), dpia_requirement, enforcement (penalties/private right of action/notable fines), comparison_to_gdpr
- Required: country (or jurisdiction). Optional: context (SaaS/fintech/healthcare), lang
- Key laws: GDPR (EU), CCPA/CPRA (California), PIPL (China), DPDPA (India), LGPD (Brazil), POPIA (South Africa), PDPL (Saudi Arabia/UAE), APPI (Japan), PDPA (Thailand/Singapore/Malaysia), NDPR (Nigeria), KVKK (Turkey), and 80+ more
- Price: $0.15

GET /api/comply/kyc?country={country}
- KYC/AML requirements by jurisdiction
- Returns: jurisdiction (FATF status/AML law), obliged_entities (financial/DNFBP/VASP), customer_due_diligence (simplified/standard/enhanced tiers with triggers), beneficial_ownership (threshold %/national register/public access), pep_screening (domestic/foreign/family), transaction_reporting (CTR threshold/STR standard/tipping-off prohibition), record_keeping, sanctions_screening (lists/frequency), enforcement, crypto_and_virtual_assets, compliance_checklist
- Required: country (or jurisdiction). Optional: sector (fintech|banking|crypto|real-estate|legal), lang
- FATF grey list: Myanmar, Nigeria, South Africa, and others — enhanced measures required
- FATF black list: DPRK, Iran, Myanmar — call-out restrictions
- Price: $0.12

GET /api/comply/corporate?country={country}
- Corporate compliance and entity setup intelligence
- Returns: jurisdiction (company act/legal system), entity_types (formation/capital/directors/timeline/cost), most_common_for_foreign_investors, beneficial_ownership (threshold/register/public access/penalties), annual_compliance (return/accounts/audit/AGM/tax), director_obligations (fiduciary duties/personal liability), foreign_ownership (restrictions/FDI screening threshold), branch_vs_subsidiary (pros/cons/recommendation), special_economic_zones
- Required: country (or jurisdiction). Optional: entity_type (Ltd/GmbH/BV/etc.), lang
- Price: $0.15

GET /api/comply/employment?country={country}
- Employment law and HR compliance
- Returns: jurisdiction (primary legislation/labor authority/protections rating), employee_vs_contractor (classification test name/key factors/misclassification_risk/penalties/EoR viability), employment_contract (mandatory clauses/probation/fixed-term), compensation_and_benefits (minimum wage/mandatory benefits/social security %/overtime), leave_entitlements (annual/sick/maternity/paternity), termination (grounds/notice/severance formula), remote_work (PE risk/social security risk), non_compete (enforceability/compensation required), global_hiring_playbook (total cost multiplier)
- Required: country (or jurisdiction). Optional: worker_type (contractor|employee|freelancer), lang
- Misclassification risk is highest in: Brazil, France, Germany, Spain, California, UK
- EoR recommended when: <5 employees, testing market, pre-entity, short-term project
- Price: $0.15

GET /api/comply/sector?sector={sector}
- Industry-specific regulatory compliance
- Returns: regulatory_overview (primary regulator/legislation/approach), licensing_requirements (license types/capital/timeline/passporting/sandbox), key_compliance_obligations, sector_specific_deep_dive (varies by sector — see below), enforcement_environment (intensity/recent fines), cross_border_considerations, compliance_technology
- Required: sector (or industry). Optional: country (or jurisdiction), lang
- Sector coverage:
  - fintech: PSD2/PSD3, e-money license, SCA, open banking APIs
  - crypto: EU MiCA (ART/EMT/CASP), BitLicense (NY), VASP registration, DeFi/NFT treatment
  - banking: Basel III/IV, DFAST, LCR/NSFR, conduct rules
  - insurance: Solvency II, IDD
  - healthcare: HIPAA, EU MDR/CE marking, FDA 510(k), clinical trial regulation
  - food: EU General Food Law, FDA FSMA, HACCP, allergen labelling
  - ai: EU AI Act (prohibited/high-risk/limited/minimal tiers), GPAI/foundation model rules, EU AI Liability Directive
  - investment-management: MiFID II, UCITS/AIFMD, SFDR Article 6/8/9
- Price: $0.15

GET /api/comply/cyber?country={country}
- Cybersecurity compliance requirements
- Returns: applicable_frameworks (mandatory/voluntary/who must comply), nis2_deep_dive (entity categories/obligations/incident reporting/management liability/penalties), dora_deep_dive (5 pillars/TLPT/ICT third-party/in force Jan 2025), nist_csf_deep_dive (6 functions/tiers), iso_27001_deep_dive (2022 version/93 controls/timeline/cost), soc2_deep_dive (TSC/Type 1 vs 2), cmmc_deep_dive (DoD contractors/3 levels), national_cyber_regulations (UK/China MLPS/Singapore/Australia/India 6h reporting), incident_response_obligations (all notification timelines), compliance_roadmap, cyber_insurance
- Required: country or framework. Optional: sector, lang
- NIS2: essential entities up to €10M or 2% global turnover; management personally liable
- DORA: in force January 17, 2025 — EU financial entities must comply
- EU AI Act cybersecurity: high-risk AI must meet cybersecurity standards
- Price: $0.12

GET /api/comply/esg?country={country}
- ESG and sustainability reporting requirements
- Returns: applicable_frameworks (mandatory/voluntary/who/deadlines), csrd_deep_dive (phase 1-4/ESRS E1-E5/S1-S4/G1/double materiality/value chain/assurance), issb_ifrs_s1_s2 (mandatory countries list), sec_climate_rules (status/Scope 1-2/litigation), tcfd_framework (4 pillars/scenario analysis), scope_emissions (Scope 1/2/3 — all 15 categories), additional_frameworks (GRI/CDP/UK SECR/EU Taxonomy/SFDR/CBAM/supply chain CSDDD/LkSG), reporting_calendar, practical_compliance_roadmap, esg_ratings_context (MSCI/Sustainalytics/ISS/S&P/EcoVadis)
- Required: country (or jurisdiction). Optional: company_size (large|medium|small), sector, listed (true|false), lang
- CSRD Phase 2 (FY2025): all large EU companies >250 employees OR >€50M revenue OR >€25M balance sheet
- EU CBAM: January 2026 — importers of steel/aluminum/cement/fertilizers/electricity must report embedded carbon
- Price: $0.12

GET /api/comply/news
- Regulatory intelligence and enforcement news
- Returns: headline_stories, enforcement_actions (regulator/target/violation/penalty/lesson), new_regulations (status/effective date/who affected), regulatory_consultations (deadline/expected outcome), deadline_calendar (this month + next 90 days), privacy_and_data_roundup, aml_and_financial_crime, employment_and_hr (gig economy/pay transparency/AI in HR), esg_and_sustainability, cyber_and_technology (NIS2 transposition/DORA/EU AI Act/SEC cyber), global_regulatory_divergence
- All params optional: country (or jurisdiction), topic (privacy|kyc|corporate|employment|sector|cyber|esg|all), lang
- Price: $0.08

## Key Facts for Agents

- /privacy is the entry point for any cross-border data question — covers 145+ jurisdictions
- /kyc + /privacy together handle full FinTech onboarding compliance in any country
- /employment covers the EoR question — always flag misclassification risk before recommending contractor
- /sector?sector=ai covers EU AI Act — most rapidly changing regulation globally right now
- /cyber?framework=NIS2 tells EU companies if they are essential or important entity (different penalty tier)
- /esg tells companies if CSRD applies — many don't realize they're in scope for FY2025
- /news?topic=esg covers CSRD transposition news — member state implementation varies
- All endpoints support ?lang= (zh, ja, de, fr, es, ar, hi, pt, ko, id, tr, nl, pl, etc.)

## Agent Workflow Examples

- International market entry: /privacy → /kyc → /corporate → /employment
- Crypto startup: /sector?sector=crypto → /kyc?sector=crypto → /privacy (user data)
- NIS2 scoping: /cyber?framework=NIS2&country=France → am I essential or important?
- CSRD readiness: /esg?country=Germany&company_size=large → /news?topic=esg
- Hiring in Brazil: /employment?country=Brazil&worker_type=contractor → EoR recommendation
- M&A due diligence: /privacy + /kyc + /corporate + /employment for target jurisdiction

## Disclaimer

This is informational intelligence only, not legal advice. Regulatory compliance requirements are highly fact-specific and change frequently. Always consult qualified legal counsel before making compliance decisions.