Data sources & methodology

Where RegIntel's regulatory data comes from, how it's collected, how to verify it against the original source, and what we don't cover. Written for developers, compliance teams, and AI applications that need to know they can trust the data.

What RegIntel actually contains

RegIntel is a structured database of 212 regulations across 41 jurisdictions, each represented as a JSON record with the following fields:

id — stable identifier (e.g. 123 (integer))
name and jurisdiction — what the rule is and where it applies
category and tags — taxonomy (privacy, AML, payments, crypto, etc.)
obligations — what the regulated party is required to do
penalties — quantified consequences for non-compliance
scope — who the rule applies to
key_articles — pointers into the underlying legislation
source_url — link to the authoritative regulator page
last_updated — when the record itself was last reviewed

The source_url field is the load-bearing one for trust. Every record points to the regulator's own page — the data is a structured rendering of what they publish, not original interpretation.

Source regulators

The data is collected from official regulator publications. Major sources include:

Jurisdiction	Primary regulators	Examples of covered regulations
EU	European Parliament, ESMA, EBA, EIOPA, AMLA	GDPR, MiCA, DORA, AMLR, PSD2, AML Directives
United States	SEC, FINRA, CFTC, FinCEN, OCC, OFAC	BSA, USA PATRIOT Act, Dodd-Frank, Reg D, FinCEN CDD Rule
United Kingdom	FCA, HMRC, Bank of England (PRA)	MLR 2017, FCA SYSC, FSMA, FCA crypto regime
Australia	AUSTRAC, APRA, ASIC, AASB, AUASB	AML/CTF Act, Privacy Act, Corporations Act (incl. Chapter 2M sustainability reporting), APRA prudential standards. AASB-S2 climate-related financial disclosures exposed via dedicated `/v1/aasb-s2/obligations` endpoint with paragraph-level citations, per-Group applicability, transitional reliefs, and modified-liability protected-statement windows (AUASB ASSA 5000 / ASSA 5010 assurance framing).
Singapore	MAS (Monetary Authority of Singapore)	Payment Services Act, MAS Notice 626 (AML/CFT), PDPA
Other	Canada (OSFI, FINTRAC), Switzerland (FINMA), Hong Kong (SFC, HKMA), Japan (FSA), UAE (Central Bank), and 30+ more	National AML, KYC, payments, crypto, and data protection laws

The complete list with regulation counts per jurisdiction is available via GET /jurisdictions — that endpoint does not consume credits.

How records are collected and structured

The pipeline is in three stages:

Acquisition. Updater scripts (open source at ad0750/regintel-mcp for the public surface; private for the ingest pipeline) pull from regulator websites, official PDFs, and government RSS/news feeds. Each source has its own parser because regulator websites vary widely in structure.
Structuring. Raw text is normalised into the JSON shape above. Obligations and penalties are extracted into discrete fields rather than left as free text.
Linking. Every record retains its source_url so downstream consumers can verify against the regulator. We treat broken source URLs as a bug — if you find one, mail support@regintelapi.com and we'll fix it.

How to verify any record against the source

Two-step verification, designed to be runnable by both humans and LLMs:

# 1. Get the record
curl "https://api.regintelapi.com/regulations/123" \
  -H "x-api-key: YOUR_API_KEY"

# 2. Follow the source_url in the response, read it, compare

This pattern is especially important for AI/LLM applications. When an LLM uses RegIntel to answer a regulatory question, the answer should include the source_url as a citation. The user can then click through to the regulator's own page — the LLM's claim is verifiable, not a hallucination. The For AI page walks through the citation pattern in more detail.

Freshness and update cadence

Updater scripts run continuously to pick up regulator announcements. Most amendments and new regulations appear in the API within 24–48 hours of public release at the source. The GET /updates?since=<date> endpoint exposes the modification timeline so downstream caches and vector stores can sync incrementally.

We don't claim real-time. Regulators themselves often publish on rolling timelines (a regulation can be "in force" before the regulator's website fully reflects it), so any product claiming "real-time regulatory data" is overpromising. Our commitment is: structured, source-cited, and corrigible within 48 hours of any discrepancy being reported.

What RegIntel does NOT cover

Being explicit about scope is part of being trustworthy. RegIntel does not currently include:

Sub-national regulations in most jurisdictions (US state-level AML rules, German Land-level data protection, etc.) — except where they are widely cited or unusually material.
Sanctions lists, PEP databases, adverse media data — that is a different product category. For screening use a dedicated provider; see our RegIntel vs ComplyAdvantage page for the distinction.
Industry self-regulatory codes (e.g. trade-body codes of conduct) unless they have force of law in a jurisdiction.
Editorial commentary or impact analysis — RegIntel gives you the structured data, not interpretation. For analyst-written commentary, see enterprise alternatives.
Predictive or forward-looking signals — we report what exists, not what we think regulators will do next.

Errata and corrections

If you find a record that disagrees with its source_url, or a regulator whose latest amendment hasn't propagated, email support@regintelapi.com with the regulation ID. We treat regulator-disagreement as P1 and aim to correct within 48 hours.

This is not legal advice

⚠ Important

RegIntel provides structured regulatory data derived from authoritative sources. It is not legal advice, regulatory advice, or compliance certification. Production compliance decisions should always involve a qualified legal professional in the relevant jurisdiction. The /compliance-check endpoint includes an explicit disclaimer in every response for this reason.