{ "openapi": "3.1.0", "info": { "title": "CompliancePulse API", "description": "Global regulatory intelligence API. 8 endpoints: data privacy law (145+ jurisdictions; privacy endpoint includes Cookiebot/OneTrust/Usercentrics consent tool links), KYC/AML requirements, corporate compliance and UBO, employment law and contractor classification, industry-specific regulation (FinTech/crypto/healthcare/EU AI Act), cybersecurity mandates (NIS2/DORA/ISO27001/SOC2; cyber endpoint includes Vanta/Drata automation platform links), ESG reporting (CSRD/ISSB/SEC), and regulatory news. Ideal for legal tech agents and compliance workflow automation. All require x402 micropayment (USDC on Base).", "version": "1.1.0", "contact": { "url": "https://compliancepulse-eight.vercel.app" } }, "servers": [{ "url": "https://compliancepulse-eight.vercel.app" }], "components": { "securitySchemes": { "x402": { "type": "apiKey", "in": "header", "name": "PAYMENT-SIGNATURE", "description": "x402 micropayment signature. Omit to receive 402 with payment requirements. Sign and retry to receive data." } } }, "paths": { "/api/comply/privacy": { "get": { "summary": "Data privacy law by jurisdiction", "description": "Data privacy law intelligence for any country — GDPR, CCPA/CPRA, China PIPL, India DPDPA, Brazil LGPD, South Africa POPIA, Saudi PDPL, UAE PDPL, Japan APPI, and 80+ more. Returns law overview, lawful basis, data subject rights, DPO requirement, breach notification timeline (hours), cross-border transfer mechanisms, DPIA requirements, and penalties.", "operationId": "complyPrivacy", "security": [{ "x402": [] }], "parameters": [ { "name": "country", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Country or jurisdiction — e.g. Germany, California, China, Brazil, Singapore. Also accepts 'jurisdiction'" }, { "name": "context", "in": "query", "required": false, "schema": { "type": "string" }, "description": "Business context — e.g. SaaS company, healthcare, e-commerce, fintech" }, { "name": "lang", "in": "query", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Privacy law analysis with obligations, rights, and penalties" }, "402": { "description": "Payment required" } }, "x-price-usd": 0.15, "x-agent-use-case": "on-demand", "x-agent-chaining": "Response includes Cookiebot/OneTrust/Usercentrics tool links; follow with /api/comply/kyc for AML requirements in same jurisdiction" } }, "/api/comply/kyc": { "get": { "summary": "KYC/AML requirements by jurisdiction", "description": "KYC/AML compliance requirements for any jurisdiction. Returns FATF status (grey/black list), obliged entity categories, CDD tiers (simplified/standard/enhanced due diligence), beneficial ownership threshold and UBO register details, PEP screening, STR/CTR reporting thresholds, VASP/crypto rules, Travel Rule implementation, and MLRO requirements.", "operationId": "complyKYC", "security": [{ "x402": [] }], "parameters": [ { "name": "country", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Country or jurisdiction. Also accepts 'jurisdiction'" }, { "name": "sector", "in": "query", "required": false, "schema": { "type": "string" }, "description": "fintech | banking | crypto | real-estate | legal | accounting | casino" }, { "name": "lang", "in": "query", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "KYC/AML requirements with FATF status and CDD tiers" }, "402": { "description": "Payment required" } }, "x-price-usd": 0.12, "x-agent-use-case": "on-demand" } }, "/api/comply/corporate": { "get": { "summary": "Corporate compliance and entity setup", "description": "Corporate compliance for any country — entity types with formation cost/timeline, UBO disclosure rules and national register access, annual filing obligations, audit requirements, director duties and personal liability, foreign ownership restrictions and investment screening thresholds, branch vs subsidiary analysis, and Special Economic Zone benefits.", "operationId": "complyCorporate", "security": [{ "x402": [] }], "parameters": [ { "name": "country", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Country or jurisdiction. Also accepts 'jurisdiction'" }, { "name": "entity_type", "in": "query", "required": false, "schema": { "type": "string" }, "description": "Entity type — e.g. Ltd, GmbH, BV, SAS, Pvt Ltd, LLC" }, { "name": "lang", "in": "query", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Corporate compliance with entity types and annual obligations" }, "402": { "description": "Payment required" } }, "x-price-usd": 0.15, "x-agent-use-case": "on-demand" } }, "/api/comply/employment": { "get": { "summary": "Employment law and HR compliance", "description": "Employment law compliance for any country — contractor vs employee classification test and misclassification penalties, mandatory contract clauses, minimum wage, mandatory benefits and total social security cost, leave entitlements, termination rules and severance formula, non-compete enforceability, cross-border remote work risks (PE/social security/data), and Employer of Record viability.", "operationId": "complyEmployment", "security": [{ "x402": [] }], "parameters": [ { "name": "country", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Country or jurisdiction. Also accepts 'jurisdiction'" }, { "name": "worker_type", "in": "query", "required": false, "schema": { "type": "string" }, "description": "contractor | employee | freelancer | gig — focus the classification risk analysis. Also accepts 'type'" }, { "name": "lang", "in": "query", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Employment law compliance with classification risk and mandatory benefits" }, "402": { "description": "Payment required" } }, "x-price-usd": 0.15, "x-agent-use-case": "on-demand" } }, "/api/comply/sector": { "get": { "summary": "Industry-specific regulatory compliance", "description": "Sector-specific compliance — FinTech (PSD2/3, e-money, open banking), Crypto (EU MiCA, CASP license, DeFi/NFT treatment), Banking (Basel III/IV), Healthcare (HIPAA, EU MDR, FDA), AI (EU AI Act risk tiers, GPAI rules, AI Liability Directive), Food (FSMA, HACCP), Insurance (Solvency II). Returns licensing requirements, sandbox availability, key obligations, and enforcement environment.", "operationId": "complySector", "security": [{ "x402": [] }], "parameters": [ { "name": "sector", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Industry sector — fintech | crypto | banking | insurance | healthcare | food | ai | real-estate | investment-management. Also accepts 'industry'" }, { "name": "country", "in": "query", "required": false, "schema": { "type": "string" }, "description": "Country or jurisdiction for country-specific rules. Also accepts 'jurisdiction'" }, { "name": "lang", "in": "query", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Sector-specific regulatory requirements with licensing and obligations" }, "402": { "description": "Payment required" } }, "x-price-usd": 0.15, "x-agent-use-case": "on-demand" } }, "/api/comply/cyber": { "get": { "summary": "Cybersecurity compliance requirements", "description": "Cybersecurity compliance — NIS2 (essential/important entity classification, 24h/72h incident reporting, management liability, up to €10M penalty), DORA (5 pillars, TLPT, ICT third-party risk, in force Jan 2025), NIST CSF 2.0, ISO 27001:2022, SOC2 Type 1/2, CMMC (DoD contractors), SEC cyber 4-day disclosure rule, India CERT-In 6-hour reporting. Includes cyber insurance requirements.", "operationId": "complyCyber", "security": [{ "x402": [] }], "parameters": [ { "name": "country", "in": "query", "required": false, "schema": { "type": "string" }, "description": "Country or jurisdiction. Also accepts 'jurisdiction'" }, { "name": "framework", "in": "query", "required": false, "schema": { "type": "string" }, "description": "NIS2 | DORA | NIST | ISO27001 | SOC2 | CMMC — or omit for country-based analysis" }, { "name": "sector", "in": "query", "required": false, "schema": { "type": "string" }, "description": "Sector context — financial services, healthcare, energy, etc." }, { "name": "lang", "in": "query", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Cybersecurity compliance requirements with incident reporting obligations" }, "402": { "description": "Payment required" } }, "x-price-usd": 0.12, "x-agent-use-case": "on-demand", "x-agent-chaining": "Response includes Vanta/Drata SOC2 and ISO27001 automation tool links for immediate remediation path" } }, "/api/comply/esg": { "get": { "summary": "ESG and sustainability reporting requirements", "description": "ESG reporting compliance — CSRD phases (who must report and when, 50,000+ companies by 2026), ESRS standards (E1 climate through G1 governance), double materiality, ISSB/IFRS S1-S2 (mandatory in AU/SG/JP/BR/HK), SEC climate rules, TCFD, Scope 1/2/3 emissions, EU Taxonomy, SFDR Article 6/8/9, EU CBAM (2026), supply chain due diligence (CSDDD, German LkSG). Includes ESG rating context.", "operationId": "complyESG", "security": [{ "x402": [] }], "parameters": [ { "name": "country", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Country or jurisdiction. Also accepts 'jurisdiction'" }, { "name": "company_size", "in": "query", "required": false, "schema": { "type": "string" }, "description": "large | medium | small — determines which mandatory frameworks apply. Also accepts 'size'" }, { "name": "sector", "in": "query", "required": false, "schema": { "type": "string" }, "description": "Industry sector — affects CSRD materiality and CBAM applicability" }, { "name": "listed", "in": "query", "required": false, "schema": { "type": "string" }, "description": "true | false — listed companies have additional disclosure requirements" }, { "name": "lang", "in": "query", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "ESG reporting requirements with applicable frameworks and deadlines" }, "402": { "description": "Payment required" } }, "x-price-usd": 0.12, "x-agent-use-case": "on-demand" } }, "/api/comply/news": { "get": { "summary": "Regulatory intelligence and enforcement news", "description": "Regulatory intelligence feed — enforcement actions with fine amounts and compliance lessons, new laws with effective dates, open consultations with deadlines, 90-day compliance deadline calendar. Covers GDPR, CCPA, PIPL enforcement, FATF grey/black list updates, crypto AML enforcement, NIS2/DORA implementation, CSRD transposition news, SEC cyber disclosures, employment reclassification cases.", "operationId": "complyNews", "security": [{ "x402": [] }], "parameters": [ { "name": "country", "in": "query", "required": false, "schema": { "type": "string" }, "description": "Filter by jurisdiction. Also accepts 'jurisdiction'" }, { "name": "topic", "in": "query", "required": false, "schema": { "type": "string" }, "description": "privacy | kyc | corporate | employment | sector | cyber | esg | all" }, { "name": "lang", "in": "query", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Regulatory news with enforcement actions and deadline calendar" }, "402": { "description": "Payment required" } }, "x-price-usd": 0.08, "x-agent-use-case": "scheduled" } } } }