get_compliance_check
Retrieve country-specific compliance requirements for cold outreach, including GDPR, email legality, and fine ranges, to ensure your AI agent operates legally in EU/UK markets.
Instructions
Get country-specific compliance requirements for cold outreach: GDPR framework, cold email legality, required elements (Impressum for Germany, Mentions légales for France, etc.), cookie consent rules, regulator names, fine ranges. Critical for AI agents doing autonomous outreach in EU/UK.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| country | Yes |
Implementation Reference
- src/main.ts:907-920 (registration)The tool 'get_compliance_check' is registered in the ListToolsRequestSchema handler with its name, description, and input schema. It accepts a 'country' parameter with enum values for EMEA countries.
{ name: "get_compliance_check", description: "Get country-specific compliance requirements for cold outreach: GDPR framework, cold email legality, required elements (Impressum for Germany, Mentions légales for France, etc.), cookie consent rules, regulator names, fine ranges. Critical for AI agents doing autonomous outreach in EU/UK.", inputSchema: { type: "object", properties: { country: { type: "string", enum: ["uk", "ireland", "spain", "germany", "france", "netherlands", "nordics"] } }, required: ["country"] } }, - src/main.ts:907-919 (schema)Input schema for get_compliance_check: requires a 'country' string parameter (enum: uk, ireland, spain, germany, france, netherlands, nordics).
{ name: "get_compliance_check", description: "Get country-specific compliance requirements for cold outreach: GDPR framework, cold email legality, required elements (Impressum for Germany, Mentions légales for France, etc.), cookie consent rules, regulator names, fine ranges. Critical for AI agents doing autonomous outreach in EU/UK.", inputSchema: { type: "object", properties: { country: { type: "string", enum: ["uk", "ireland", "spain", "germany", "france", "netherlands", "nordics"] } }, required: ["country"] } - src/main.ts:1019-1034 (handler)The actual handler logic for 'get_compliance_check'. It extracts the 'country' argument, looks up the data in the COMPLIANCE_CHECKS object, and returns it as JSON with a disclaimer. The COMPLIANCE_CHECKS data is defined at lines 647-734.
case "get_compliance_check": { const country = args?.country as string; const compliance = COMPLIANCE_CHECKS[country as keyof typeof COMPLIANCE_CHECKS]; if (!compliance) throw new Error(`Unknown country: ${country}`); return { content: [{ type: "text", text: JSON.stringify({ module: "EMEA Compliance Check", country, disclaimer: "This is general guidance, not legal advice. Always have a qualified privacy lawyer review your final outreach process for your specific case.", ...compliance }, null, 2) }] }; } - src/main.ts:647-734 (helper)The COMPLIANCE_CHECKS data object containing per-country compliance requirements including GDPR framework, cold email legality, required outreach elements, cookie consent rules, risks, and safe harbor guidance for all EMEA countries.
const COMPLIANCE_CHECKS = { uk: { framework: "UK GDPR (separate from EU GDPR post-Brexit) + Privacy and Electronic Communications Regulations (PECR)", cold_email_legality: "Permitted under legitimate interest basis for B2B if recipient is a corporate role-holder. Must have opt-out.", required_in_outreach: [ "Clear identification of sender (name + company)", "Working unsubscribe link or instruction", "Contact email/address for data subject rights" ], cookie_consent: "PECR requires explicit opt-in for non-essential cookies", risks: "Information Commissioner's Office (ICO) fines for non-compliance. £500K max for serious breaches.", safe_harbor: "Reference: ICO B2B marketing guidance" }, ireland: { framework: "EU GDPR + Irish Data Protection Act 2018", cold_email_legality: "Legitimate interest valid for B2B. Strong DPC scrutiny.", required_in_outreach: [ "Sender identification with full company details", "Opt-out mechanism in every email", "Privacy notice link in signature recommended" ], cookie_consent: "Explicit opt-in (Irish DPC strict on this)", risks: "Data Protection Commission (DPC) is the EU's lead regulator for many big tech companies. Fines up to 4% of global turnover.", safe_harbor: "Always include link to your Privacy Policy" }, spain: { framework: "EU GDPR + Ley Orgánica de Protección de Datos (LOPD-GDD)", cold_email_legality: "Legitimate interest for B2B. Spanish DPA (AEPD) enforces actively.", required_in_outreach: [ "Identidad del responsable (data controller identity)", "Finalidad (purpose of processing)", "Mechanism to exercise rights (acceso, rectificación, supresión)" ], cookie_consent: "Explicit opt-in required", risks: "AEPD has been one of the most active EU regulators, with fines up to €20M", safe_harbor: "Include LOPD compliance line in privacy notice" }, germany: { framework: "EU GDPR + Bundesdatenschutzgesetz (BDSG) + telemedia law (TMG/DDG)", cold_email_legality: "STRICT. Legitimate interest viable for B2B but high scrutiny. Many companies require prior business relationship.", required_in_outreach: [ "Impressum (legal notice with full company details, court registration, VAT ID)", "Datenschutzerklärung link (privacy policy)", "Sender's full legal name and address", "Clear opt-out mechanism" ], cookie_consent: "Strictest in EU. Explicit opt-in, granular, with reject-all option clearly visible", risks: "BfDI (Federal Commissioner for Data Protection) plus 16 state-level DPAs. Multi-jurisdiction risk.", safe_harbor: "Always include Impressum. Treat German prospects as the highest-compliance bar in your CRM." }, france: { framework: "EU GDPR + Loi Informatique et Libertés (1978, updated)", cold_email_legality: "Legitimate interest valid for B2B. CNIL enforces actively.", required_in_outreach: [ "Mentions légales (legal notice on website)", "Privacy notice (Politique de confidentialité)", "Opt-out mechanism", "Data Protection Officer contact if applicable" ], cookie_consent: "Explicit opt-in. CNIL was first to fine Google for cookie violations.", risks: "CNIL has been most active EU regulator on cookie violations. Fines up to 4% global turnover.", safe_harbor: "Always link to Mentions légales and Politique de confidentialité" }, netherlands: { framework: "EU GDPR + Dutch Implementation Act (UAVG)", cold_email_legality: "Legitimate interest for B2B. Dutch are tech-friendly but privacy-conscious.", required_in_outreach: [ "Sender identification", "Opt-out mechanism", "Privacy policy link in signature" ], cookie_consent: "Explicit opt-in", risks: "Autoriteit Persoonsgegevens (AP) actively enforces. Cooperative regulator vs adversarial.", safe_harbor: "Include AVG-compliance reference (AVG = Dutch term for GDPR)" }, nordics: { framework: "EU GDPR (all 4 are EU/EEA). Each has national law: Sweden (Dataskyddsförordningen), Denmark (Databeskyttelsesloven), Finland (Tietosuojalaki), Norway (Personopplysningsloven)", cold_email_legality: "Legitimate interest for B2B. Nordic privacy norms are strong.", required_in_outreach: [ "Sender identification", "Opt-out mechanism", "Privacy notice link" ], cookie_consent: "Explicit opt-in across all 4 markets", risks: "Each country has its own DPA. Norway's Datatilsynet, Sweden's IMY, Denmark's Datatilsynet, Finland's Tietosuojavaltuutettu. Generally cooperative regulators.", safe_harbor: "Be modest in claims, transparent in data use" } };