eu-regulations

[ { "control_id": "A.5.1", "control_name": "Policies for information security", "regulation": "DMA", "articles": ["5", "6"], "coverage": "partial", "notes": "Art 5-6 gatekeeper obligations include data handling policies" }, { "control_id": "A.5.31", "control_name": "Legal, statutory, regulatory and contractual requirements", "regulation": "DMA", "articles": ["1", "2", "3"], "coverage": "full", "notes": "Art 1-3 define scope, gatekeeper designation, and core platform services" }, { "control_id": "A.5.35", "control_name": "Independent review of information security", "regulation": "DMA", "articles": ["15"], "coverage": "partial", "notes": "Art 15 requires audited compliance reports for gatekeepers" }, { "control_id": "A.8.3", "control_name": "Information access restriction", "regulation": "DMA", "articles": ["5", "6"], "coverage": "full", "notes": "Art 5-6 restrict gatekeepers from combining user data across services without consent" }, { "control_id": "A.8.10", "control_name": "Information deletion", "regulation": "DMA", "articles": ["6"], "coverage": "partial", "notes": "Art 6 requires data portability enabling user data deletion" }, { "control_id": "A.8.11", "control_name": "Data masking", "regulation": "DMA", "articles": ["6"], "coverage": "partial", "notes": "Art 6 requires anonymization of search ranking data shared with competitors" } ]