Use these slugs in API calls and SDK methods: client.articles.list("gdpr"), /frameworks/cra/articles, etc.
Framework List
| Slug | Name | CELEX | Status | Documentation |
|---|
cra | Cyber Resilience Act | 32024R2847 | Active | View Docs |
nis2 | NIS2 Directive | 32022L2555 | Active | View Docs |
dora | Digital Operational Resilience Act | 32022R2554 | Active | View Docs |
gdpr | General Data Protection Regulation | 32016R0679 | Active | View Docs |
ai_act | AI Act | 32024R1689 | Active | View Docs |
eidas | eIDAS Regulation | 32014R0910 | Active | View Docs |
dsa | Digital Services Act | 32022R2065 | Active | View Docs |
dma | Digital Markets Act | 32022R1925 | Active | View Docs |
data_act | Data Act | 32023R2854 | Active | View Docs |
dga | Data Governance Act | 32022R0868 | Active | View Docs |
eidas2 | eIDAS 2.0 | 32024R1183 | Active | View Docs |
cer | Critical Entities Resilience Directive | 32022L2557 | Active | View Docs |
psd2 | Payment Services Directive 2 | 32015L2366 | Active | View Docs |
mica | Markets in Crypto-Assets Regulation | 32023R1114 | Active | View Docs |
cybersecurity_act | Cybersecurity Act | 32019R0881 | Active | View Docs |
eprivacy | ePrivacy Directive | 32002L0058 | Active | View Docs |
red | Radio Equipment Directive | 32014L0053 | Active | View Docs |
csrd | Corporate Sustainability Reporting Directive | 32022L2464 | Active | View Docs |
nis1 | NIS Directive (Original) | 32016L1148 | Superseded | View Docs |
nis1 has status: "superseded" — it is still accessible for historical reference but NIS2 is the current directive.
Stakeholder Roles
Across all frameworks, the following stakeholder roles are defined:
| Role | Description |
|---|
manufacturer | Entities that develop, produce, or place products/services on the market |
importer | Entities that bring products/services from third countries into the EU |
distributor | Entities that make products/services available in the EU supply chain |
authorized_representative | EU-based representatives for non-EU entities |
open_source_steward | Maintainers of open source components (CRA-specific) |
notified_body | Designated conformity assessment bodies |
market_surveillance | National competent authorities overseeing compliance |
consumer | End users, data subjects, or recipients of services |
Requirement Types
Requirements across frameworks are classified into these types:
| Type | Description |
|---|
obligation | Mandatory actions that must be taken |
prohibition | Actions or practices that are forbidden |
right | Entitlements granted to stakeholders (e.g., data subject rights) |
procedure | Processes that must be followed (e.g., incident reporting) |
general | General provisions, definitions, and scope |
Using Slugs