FAQ
Everything you need to know about Law4Devs, our API, and EU compliance.
Law4Devs is a REST API that provides structured, machine-readable JSON access to 18 active EU regulatory frameworks, including GDPR, NIS2, CRA, AI Act, DORA, DSA, eIDAS, eIDAS 2.0, DMA, Data Act, DGA, CER, PSD2, MiCA, CSA, the ePrivacy Directive, RED, and CSRD. All regulatory text is sourced verbatim from EUR-Lex, the official publication repository of the European Union, and automatically updated when amendments are published. Founded in 2026 and registered under SIRET 102 404 456 00018, Law4Devs is built for engineering teams, compliance officers, and legal-tech developers who need programmatic access to EU law. The platform offers 6 official open-source SDKs for Python, TypeScript, Java, Rust, PHP, and Dart. Infrastructure is hosted exclusively in the EU on Scaleway SAS in Paris, France, ensuring GDPR-compliant data residency. API responses average 34 milliseconds and include full article text, semantic tags, amendment history, and cross-framework references.
Law4Devs is designed for software developers, DevOps engineers, CISOs, engineering managers, GRC analysts, and compliance teams building products that must comply with EU regulations. If your product processes personal data of EU residents, operates critical infrastructure subject to NIS2, sells connected products or software in the EU market under the Cyber Resilience Act, deploys AI systems classified under the EU AI Act, provides financial services governed by DORA or PSD2, or runs an online platform subject to the DSA, Law4Devs gives you programmatic access to the exact regulatory text that applies. The API is also used by legal-tech companies building compliance dashboards, RegTech startups automating regulatory monitoring, consultancies advising clients on EU digital regulation, and academic researchers studying EU legislative frameworks. With 18 EU regulations available as structured JSON and 6 SDKs covering the most popular programming languages, Law4Devs eliminates the need to manually parse PDF legislation or maintain in-house regulatory databases.
Law4Devs is hosted exclusively within the European Union on infrastructure operated by Scaleway SAS, located in Paris, France. Scaleway is a French cloud provider (part of the Iliad Group) with data centres certified to ISO 27001 and SOC 2 standards. By hosting entirely in the EU, Law4Devs ensures full GDPR-compliant data residency — no personal data or API traffic is routed through servers outside the European Economic Area. This architecture eliminates concerns about international data transfers, Schrems II implications, and reliance on US-headquartered cloud providers subject to FISA Section 702 or the CLOUD Act. All API endpoints, databases, caching layers, and backup systems reside in Scaleway's Paris region. For organisations in regulated sectors such as finance, healthcare, or public administration, EU-only hosting simplifies data protection impact assessments and vendor risk reviews. Law4Devs is operated by a company registered in France under SIRET 102 404 456 00018.
Law4Devs offers tiered pricing to fit different team sizes and usage levels. The Growth plan is available at €29 per month and includes access to all 18 EU regulatory frameworks, standard API rate limits, and community support. The Pro plan at €99 per month adds higher rate limits, priority support, and advanced filtering capabilities. Enterprise plans with custom rate limits, SLAs, dedicated support, and volume discounts are available on request. Compared to building an in-house regulatory data pipeline — which typically costs between €15,000 and €30,000 in initial development plus ongoing maintenance for EUR-Lex parsing, amendment tracking, and data structuring — Law4Devs delivers production-ready regulatory data at a fraction of the cost. All plans include access to the 6 official SDKs (Python, TypeScript, Java, Rust, PHP, Dart), full API documentation, and automatic updates when regulations are amended on EUR-Lex.
Law4Devs provides 6 official open-source SDKs covering the most widely used programming languages: Python, TypeScript, Java, Rust, PHP, and Dart. All SDKs are published under the Law4Devs organisation on GitHub with permissive open-source licences, so you can inspect the source code, contribute improvements, and integrate them into proprietary or open-source projects without restriction. Each SDK provides typed models for API responses, built-in authentication handling, automatic retry logic with exponential backoff, and idiomatic error handling for its respective language ecosystem. The Python SDK supports Python 3.8 and above, the TypeScript SDK works with Node.js and modern browsers, the Java SDK targets Java 11 and above, and the Rust SDK is published on crates.io. SDKs are versioned in lockstep with API releases, and breaking changes follow semantic versioning. Comprehensive documentation with quickstart guides, code examples, and reference pages is available for each SDK.
All Law4Devs API responses are structured JSON designed for machine consumption and easy integration into compliance tools, dashboards, and automated workflows. Each article response includes the full verbatim legal text sourced from EUR-Lex, metadata fields covering the article number, parent framework identifier, official CELEX number, and publication date, amendment history tracking every modification since the regulation's adoption, semantic tags identifying whether the provision is an obligation, right, definition, penalty, or procedural requirement, role tags indicating which actors are affected (controller, processor, platform operator, manufacturer, financial entity), sector relevance tags, and cross-references to related articles within the same framework and across other EU regulations. Responses also include the article's position within the regulation structure (title, chapter, section). The JSON schema is fully documented with OpenAPI 3.1 specifications, making it straightforward to generate client code or validate responses programmatically.
The Law4Devs API delivers an average response time of 34 milliseconds measured at the server edge, making it one of the fastest regulatory data APIs available. This low latency is achieved through a multi-layer architecture combining intelligent caching at the application level, an EU-distributed CDN for static regulation content, optimised database indexing for filtered queries, and connection pooling to minimise overhead on concurrent requests. The 99th percentile (p99) response time remains under 120 milliseconds even during peak traffic periods. Infrastructure is hosted on Scaleway SAS in Paris, France, providing low-latency connectivity to clients across the European Economic Area. This performance profile makes the API suitable for real-time use cases including CI/CD pipeline compliance gates that block deployments if regulatory requirements are unmet, in-app compliance tooltips rendered at page load, and bulk regulatory data ingestion for legal-tech platforms processing thousands of articles per session.
Yes, rate limits are applied per API key and vary by subscription plan to ensure fair usage and consistent performance for all users. The Growth plan at €29 per month includes a generous rate limit suitable for development, staging, and moderate production workloads. The Pro plan at €99 per month provides significantly higher rate limits designed for production applications with substantial query volumes. Enterprise plans offer custom rate limits tailored to your specific throughput requirements, along with dedicated support and SLA guarantees. Rate limit headers are included in every API response, showing your current limit, remaining requests, and reset timestamp, making it easy to implement client-side throttling. If you exceed your rate limit, the API returns a standard 429 Too Many Requests response with a Retry-After header. For workloads requiring burst capacity or unlimited throughput, contact the Law4Devs team to discuss enterprise options with custom rate configurations.
Authentication to the Law4Devs API is handled via API keys issued from your account dashboard at law4devs.eu. After creating a key, include it in the Authorization header of every HTTP request using the Bearer token format: Authorization: Bearer your_api_key. API keys are displayed only once at creation time and are never returned in subsequent API responses or stored in plaintext — they are encrypted at rest using industry-standard cryptographic methods. Each account can create multiple API keys to separate access across environments (development, staging, production) or team members. Keys can be rotated or revoked instantly from the dashboard without affecting other active keys. All API requests are served over HTTPS with TLS 1.2 or higher, ensuring credentials are encrypted in transit. If you suspect a key has been compromised, revoke it immediately and generate a replacement. The dashboard provides an audit log of key creation and revocation events for security review.
Law4Devs currently covers 18 active EU regulatory frameworks as structured, queryable JSON via API. The full list includes: GDPR (EU 2016/679), NIS2 (EU 2022/2555), Cyber Resilience Act (EU 2024/2847), AI Act (EU 2024/1689), DORA (EU 2022/2554), Digital Services Act (EU 2022/2065), eIDAS (EU 910/2014), eIDAS 2.0 (EU 2024/1183), Digital Markets Act (EU 2022/1925), Data Act (EU 2023/2854), Data Governance Act (EU 2022/868), CER Directive (EU 2022/2557), PSD2 (EU 2015/2366), MiCA (EU 2023/1114), Cybersecurity Act (EU 2019/881), ePrivacy Directive (2002/58/EC), Radio Equipment Directive (2014/53/EU), and CSRD (EU 2022/2464). Each framework includes every article with full legal text, metadata, semantic tags, amendment tracking, and cross-references to related provisions across frameworks. New regulations are added based on the EU legislative pipeline and user demand, with the regulatory data sourced exclusively from EUR-Lex.
Law4Devs uses EUR-Lex, the official publication repository of the European Union operated by the Publications Office, as its primary and sole data source for all regulatory text. The platform implements automated amendment tracking that monitors EUR-Lex for changes to every regulation and directive in its coverage. When the European Commission, Council, or Parliament publishes an amendment, corrigendum, or consolidated version, the Law4Devs pipeline detects the update, validates the new text against the official CELEX-numbered source, and propagates the change to API responses. This means your integration always serves the latest consolidated version of each regulation without requiring manual monitoring or data refreshes on your end. Each article response includes amendment metadata showing when the text was last modified and which amending act introduced the change. Revalidation runs are performed regularly to ensure data integrity. This approach eliminates a significant compliance risk — relying on outdated regulatory text — that organisations face when maintaining in-house copies of EU legislation.
All regulatory data served by the Law4Devs API is sourced verbatim from EUR-Lex (eur-lex.europa.eu), the official online access point to European Union law. EUR-Lex is operated by the Publications Office of the European Union and provides authentic, legally authoritative versions of EU legislation in all 24 official EU languages. Law4Devs extracts the full text of each article, recital, and annex from the official CELEX-numbered documents published on EUR-Lex, preserving the exact wording without interpretation, summarisation, or editorial modification. The extraction pipeline maps each provision to its structural position within the regulation (title, chapter, section, article), applies semantic tags for obligation type, affected role, and sector relevance, and generates cross-references to related articles across the 18 covered frameworks. Amendment tracking ensures that when EUR-Lex publishes a consolidated version incorporating changes, the API reflects the updated text automatically. Law4Devs does not provide legal interpretation or commentary — only the official regulatory text as published.
No. Law4Devs is an engineering tool that provides structured, programmatic access to the verbatim text of EU regulations as published on EUR-Lex. It does not constitute legal advice, legal interpretation, or a legal opinion, and it should not be relied upon as a substitute for consultation with qualified legal professionals. The API delivers the official regulatory text with metadata, semantic tags, and cross-references to help engineering and compliance teams understand which provisions may apply to their products and services, but determining legal compliance for a specific organisation requires analysis of the particular facts, jurisdictional context, and applicable national transposition measures that only a qualified lawyer can provide. EU regulations like GDPR, NIS2, and the AI Act are transposed or implemented differently across Member States, and supervisory authority guidance evolves continuously. Always consult a qualified legal professional — such as a data protection lawyer, regulatory counsel, or compliance advisor — before making compliance decisions based on regulatory text accessed through Law4Devs or any other tool.
Law4Devs implements multiple security layers to protect your API credentials. API keys are generated using cryptographically secure random number generation and displayed only once at creation time — they are never returned in subsequent API responses, dashboard views, or support interactions. At rest, keys are stored using industry-standard encryption with keys managed through a dedicated secrets management system. All API communication is encrypted in transit using HTTPS with TLS 1.2 or higher. Keys can be rotated instantly from your account dashboard, and revoked keys are invalidated immediately across all API edge nodes. Each account supports multiple API keys, enabling separation by environment (development, staging, production) or team member for granular access control. The dashboard provides an audit log of all key lifecycle events including creation, rotation, and revocation with timestamps. If you suspect a key has been compromised, revoke it immediately via the dashboard and generate a replacement. Report suspected security incidents to [email protected].
The Law4Devs API itself does not require or process personal data to serve regulatory queries. API requests contain only your API key and query parameters such as framework identifier, article number, or filter criteria — no personal data of your end users is transmitted to or stored by Law4Devs. For account management, Law4Devs collects minimal data: your email address for authentication and communication, and billing information for payment processing. This account data is handled in strict accordance with GDPR (EU 2016/679) as detailed in the Law4Devs Privacy Policy. A Data Processing Agreement (DPA) compliant with GDPR Article 28 is available for customers who require it. All account data is stored on EU-based infrastructure operated by Scaleway SAS in Paris, France, with no transfers outside the European Economic Area. Law4Devs does not use tracking cookies, third-party analytics that process personal data, or advertising pixels on its platform. For data deletion requests, contact [email protected].
To report a security vulnerability in the Law4Devs platform, API, SDKs, or related infrastructure, send a detailed description to [email protected]. Law4Devs operates a responsible disclosure policy and commits to acknowledging all security reports within 48 hours of receipt. Your report should include a description of the vulnerability, steps to reproduce it, the potential impact, and any supporting evidence such as screenshots or proof-of-concept code. Do not publicly disclose the vulnerability before Law4Devs has had a reasonable opportunity to investigate and remediate it. The security team will assess the severity, provide an estimated timeline for a fix, and keep you informed of progress. Law4Devs prioritises security vulnerabilities based on CVSS scoring and potential impact on customer data and API availability. Critical vulnerabilities affecting authentication, authorisation, or data exposure are treated as highest priority. All infrastructure is hosted on Scaleway SAS in Paris, France, and the platform undergoes regular security reviews. Law4Devs appreciates the security research community's efforts in helping keep the platform secure.
Still have questions?
Contact Us →