us-law-mcp

Build a comprehensive legal research summary for a US cybersecurity/privacy question. Searches statutes and state requirements simultaneously to aggregate relevant citations. Use this for broad legal research questions like "What are the breach notification requirements for companies operating in multiple states?" Returns statute matches, classified requirements, and metadata. For targeted single-tool queries, use the specific tools instead. To drill into a specific result, pass its short_name and jurisdiction to get_provision for full text, or use compare_requirements for cross-state analysis.

Check whether a US statute is currently in force, repealed, or superseded. Returns status (in_force, amended, repealed, superseded, not_found), effective date, and last amendment date. is_current is true for both "in_force" and "amended" statuses (an amended law is still current). Use this to verify that a law is still valid before relying on it. Provide either law_identifier or short_name (required, not both).

Compare cybersecurity/privacy legal requirements across multiple US states side by side. This is the key cross-state analysis tool — use it when comparing how different states handle the same requirement. Returns structured data including notification timelines, penalty maximums, scope, and applicability for each state. Example: compare breach notification timelines across CA, NY, TX to see that TX requires 60-day notification. Do NOT use this for single-state lookup — use get_state_requirements instead.

Retrieve the full text of a specific US statute provision. Use this when you know which law you want — by short name (e.g. "CFAA", "CCPA/CPRA", "SHIELD Act") or identifier (e.g. "18 USC 1030"). Returns all provisions for the law, or a specific section if section_number is provided. Supports partial short_name matching (e.g. "CCPA" matches "CCPA/CPRA"). If no results are found, returns hints listing available laws in the jurisdiction. Do NOT use this for keyword search — use search_legislation instead.

Get all classified cybersecurity/privacy requirements for a single US state. Returns structured data: breach notification timelines, privacy rights, cybersecurity obligations, and sector-specific rules. Each requirement includes summary, notification days, penalty maximum, private right of action, and linked law. Use this for single-state deep dive. For multi-state comparison, use compare_requirements instead.

List all jurisdictions available in the US Law database with document and provision counts per jurisdiction. Use this tool first when you need to discover available data or verify which states are covered. Returns jurisdiction codes (e.g. "US-FED", "US-CA"), human-readable names, and counts. Currently covers 55 jurisdictions: Federal + 50 states + DC + Guam + Puerto Rico + US Virgin Islands.

Full-text search across US federal and state cybersecurity/privacy statutes. Returns BM25-ranked results with highlighted snippets from 55 jurisdictions (federal + 50 states + DC + territories). Covers breach notification, data privacy, cybersecurity, and sector-specific laws. Use this tool when you need to find provisions by keyword or topic. Do NOT use this when you already know the exact law and section — use get_provision instead. Multi-word queries use AND by default with OR fallback if no results found. To get full text of a result, pass its short_name and jurisdiction to get_provision.

Validate whether a US legal citation exists in the database. Checks short names (e.g. "CFAA", "HIPAA"), identifiers (e.g. "18 USC 1030"), and provision section numbers. Returns the matched document and provision if found. Use this as a zero-hallucination check before citing a law. Returns valid=false with match_quality="none" if the citation is not found. match_quality indicates confidence: "section_exact" (section matched directly), "section_fuzzy" (section matched via number extraction), or "document_only" (law found but specific section not confirmed — matched_provision is a representative first section).