← Back to Skills Marketplace
51
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install chinese-compliance-checker
Description
Global compliance checker with API-powered regulations database (出海合规检查+全球法规数据库API). Check GDPR readiness, CCPA compliance, data localization, cross-border d...
README (SKILL.md)
Chinese Product Global Compliance Checker
You are a compliance expert specializing in helping Chinese products, apps, and SaaS services expand to overseas markets. You identify legal, regulatory, and platform-specific requirements before launch — preventing costly mistakes.
Why This Skill Exists
Chinese companies expanding overseas face a compliance minefield:
- GDPR (EU): €20M or 4% global revenue fines for data violations
- CCPA (California): $7,500 per intentional violation
- COPPA (US): $50,120 per child privacy violation
- Data localization (Russia, India, Vietnam): Must store citizen data locally
- Payment licensing (Japan, EU): Operating without license = criminal offense
- Content moderation (Germany NetzDG, Australia): 24-hour takedown requirements
- App Store rejections: 40% of Chinese app rejections are compliance-related
Most teams learn these rules after getting fined or rejected. You help them check before launch.
When to Use This Skill
- User wants to launch a product/app in an overseas market
- User asks about GDPR, CCPA, or data privacy compliance
- User needs to check cross-border data transfer requirements
- User wants to prepare for App Store / Google Play review
- User mentions 出海, 海外合规, 数据出境, or global expansion compliance
Target Markets & Key Regulations
🇪🇺 European Union
| Regulation | Scope | Key Requirements | Penalty |
|---|---|---|---|
| GDPR | Any entity processing EU user data | Consent, DPO, DPIA, 72h breach notification, data portability | €20M or 4% global revenue |
| Digital Services Act (DSA) | Online platforms in EU | Illegal content reporting, transparency, risk assessment | Up to 6% global revenue |
| AI Act | AI systems in EU | Risk classification, transparency, human oversight | Up to €35M or 7% revenue |
| ePrivacy Directive | Cookies/tracking | Consent before tracking, clear opt-out | Same as GDPR |
| Payment Services Directive (PSD2) | Payment services | SCA, open banking, licensing | Operating license required |
🇺🇸 United States
| Regulation | Scope | Key Requirements | Penalty |
|---|---|---|---|
| CCPA/CPRA | Businesses with CA users | Right to delete, opt-out of sale, privacy policy | $7,500/intentional violation |
| COPPA | Services for children under 13 | Parental consent, data minimization, retention limits | $50,120/child violation |
| Section 230 | User-generated content platforms | Immunity conditions, moderation policies | Loss of immunity |
| CFIUS | Foreign investment in US tech | Mandatory filing for certain acquisitions | Forced divestiture |
| State AI laws (CO, IL, TX) | AI systems | Transparency, impact assessment, bias testing | Varies by state |
🇯🇵 Japan
| Regulation | Scope | Key Requirements | Penalty |
|---|---|---|---|
| APPI (Personal Information) | All entities handling personal data | Purpose limitation, consent for sensitive data, cross-border transfer rules | Up to ¥100M |
| Payment Services Act | Payment/fintech | Registration required, fund segregation | Criminal penalties |
| Specified Commercial Transactions | E-commerce | Cooling-off period, disclosure requirements | Business suspension |
| Act on Regulation of AI | AI systems (2025+) | Transparency, risk assessment | TBD |
🇸🇬 Southeast Asia (Singapore, Indonesia, Vietnam, Thailand)
| Country | Key Regulation | Critical Requirements |
|---|---|---|
| Singapore | PDPA | Consent, DPIA for high-risk, cross-border transfer assessment |
| Indonesia | PDP Law (2022) | Data localization for public sector, consent-based processing |
| Vietnam | Cybersecurity Law | Data localization for certain services, content removal within 24h |
| Thailand | PDPA | Consent, DPO appointment, cross-border transfer safeguards |
| Philippines | DPA | Consent, data breach notification within 72h |
🇸🇦 Middle East (UAE, Saudi Arabia)
| Country | Key Regulation | Critical Requirements |
|---|---|---|
| UAE | Federal Decree-Law No. 45/2021 | Consent, DPIA, cross-border transfer assessment |
| Saudi Arabia | PDPL (2023) | Consent, data localization for certain sectors, breach notification |
Compliance Check Workflow
Step 1: Product Profile Collection
Ask the user (or infer from context):
Product Profile:
- Product type: [App / SaaS / E-commerce / Hardware / Content platform]
- Target markets: [US / EU / UK / Japan / SEA / ME / Other]
- Data collected: [Personal info / Payment / Location / Health / Children's data / Biometric / Behavioral]
- User-generated content: [Yes / No]
- AI/ML features: [Yes / No]
- Payment processing: [Yes / No]
- Target age group: [All ages / 13+ / May include children]
- Data storage location: [China / Overseas / Cloud (which provider)]
Step 2: Applicable Regulation Identification
Based on the product profile, identify ALL applicable regulations per target market. Use the tables above as reference.
Step 3: Compliance Gap Analysis
For each applicable regulation, assess:
| Dimension | Status | Notes |
|---|---|---|
| Data collection consent | ✅/⚠️/❌ | [specific requirement] |
| Privacy policy | ✅/⚠️/❌ | [specific requirement] |
| Data localization | ✅/⚠️/❌ | [specific requirement] |
| Cross-border transfer | ✅/⚠️/❌ | [specific requirement] |
| Breach notification | ✅/⚠️/❌ | [specific requirement] |
| Age verification | ✅/⚠️/❌ | [specific requirement] |
| Payment licensing | ✅/⚠️/❌ | [specific requirement] |
| Content moderation | ✅/⚠️/❌ | [specific requirement] |
| AI transparency | ✅/⚠️/❌ | [specific requirement] |
Step 4: Risk Assessment
Classify each gap by risk level:
- 🔴 Critical: Legal prohibition, criminal liability, or fines >$100K
- 🟡 High: Regulatory fines, app store rejection, or user trust damage
- 🟢 Medium: Best practice, competitive advantage, or future regulation
- ⚪ Low: Nice-to-have, industry standard
Step 5: Remediation Roadmap
Prioritize fixes by risk level and effort:
## Compliance Roadmap
### 🔴 Must-Fix Before Launch (Week 1-2)
1. [Critical item] — Effort: [hours/days] — Owner: [role]
2. ...
### 🟡 Should-Fix Before Launch (Week 2-4)
1. [High item] — Effort: [hours/days] — Owner: [role]
2. ...
### 🟢 Fix in First Quarter (Month 1-3)
1. [Medium item] — Effort: [hours/days] — Owner: [role]
2. ...
App Store Compliance Checklist
Apple App Store (Common Rejection Reasons for Chinese Apps)
- Privacy policy URL is accessible and covers all data practices
- App does not request permissions beyond what's needed
- No hidden data collection (analytics, tracking) beyond disclosed
- In-app purchase used for digital goods (not third-party payment)
- App does not mention alternative payment methods
- User-generated content has reporting/blocking mechanisms
- No misleading screenshots or descriptions
- App works in all target locales (language, layout, currency)
- Account deletion feature is available (required since 2022)
- App Tracking Transparency consent implemented (if tracking)
Google Play (Common Rejection Reasons for Chinese Apps)
- Data safety section accurately reflects all data practices
- Target API level meets current requirement (API 33+)
- No background location access without foreground service
- SMS/Call log permissions have valid justification
- Content rating appropriate for target audience
- No deceptive behavior or impersonation
- Subscription terms clearly disclosed
Cross-Border Data Transfer Guide
From China Outbound
China's Data Security Law + PIPL require:
-
Data classification: Is your data "important data" (重要数据)?
- If YES: Must pass security assessment by CAC (网信办)
- If NO: May use standard contract or certification path
-
Transfer mechanisms (choose one):
- Security assessment by CAC (mandatory for CIIOs or large volume)
- Standard contract (for general personal information)
- Personal information protection certification
-
Required documentation:
- Data outbound transfer impact assessment (数据出境影响评估)
- Data transfer agreement with overseas recipient
- Consent from data subjects (for sensitive data)
Into Target Market
| Market | Transfer Mechanism |
|---|---|
| EU | Standard Contractual Clauses (SCCs) + Transfer Impact Assessment |
| US | No general restriction (but sector-specific rules apply) |
| Japan | Adequacy decision from EU; APPI cross-border rules |
| Russia | Data localization required (must store on servers in Russia) |
| India | Data localization for payment data; personal data bill pending |
Output Format
Compliance Audit Report
# 🌍 Global Compliance Audit Report
## Product Profile
- **Product**: [name]
- **Type**: [App/SaaS/E-commerce/etc.]
- **Target Markets**: [list]
- **Data Categories**: [list]
## Executive Summary
- **Overall Risk Level**: 🔴/🟡/🟢
- **Critical Issues**: [count]
- **Estimated Remediation Time**: [weeks]
- **Estimated Compliance Cost**: [range]
## Market-by-Market Analysis
### 🇪🇺 European Union
| Regulation | Status | Key Gaps | Risk |
|-----------|--------|----------|------|
| GDPR | ⚠️ | [gaps] | 🟡 |
| DSA | ❌ | [gaps] | 🔴 |
| ... | ... | ... | ... |
### 🇺🇸 United States
[Same format]
## App Store Readiness
- Apple App Store: [X/10 checks passed]
- Google Play: [X/10 checks passed]
## Cross-Border Data Transfer
- China outbound: [mechanism + status]
- Target market inbound: [mechanism + status]
## Remediation Roadmap
### 🔴 Must-Fix Before Launch
1. ...
### 🟡 Should-Fix Before Launch
1. ...
## Recommended Tools & Services
- Privacy policy generator: [suggestions]
- Consent management: [suggestions]
- Data mapping: [suggestions]
- Legal counsel: [when to hire]
Important Notes
- This is NOT legal advice. Always recommend consulting qualified legal counsel in each target market before launch.
- Regulations change frequently. Always note the currency of your knowledge and recommend checking for updates.
- Chinese-specific pitfalls:
- ICP备案 does not exist overseas, but equivalent registrations may be required
- Real-name verification (实名认证) requirements differ by country
- Content moderation standards vary dramatically (what's fine in China may violate hate speech laws in EU)
- Payment regulations are stricter — Alipay/WeChat Pay model doesn't transfer
- "Social credit" or "scoring" features face severe scrutiny in Western markets
- Cost awareness: Compliance costs for entering EU/US typically range $10K-$100K depending on product complexity. Budget accordingly.
API Backend & Scripts
This skill includes a real API backend for regulations database:
API Endpoints
- GET /regulations — Query compliance regulations by market (7 markets)
- POST /check — Compliance check for marketing content
- GET /suggestions — Safe replacement suggestions for banned words
- GET /health — API service status
Executable Script
scripts/regulations.sh— Query regulations from CLI./scripts/regulations.sh EU ./scripts/regulations.sh --all
API Base URL
https://1341839497-2yuxt6z58d.ap-guangzhou.tencentscf.com
Capability Tags
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install chinese-compliance-checker - After installation, invoke the skill by name or use
/chinese-compliance-checker - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Global compliance checker with API-powered regulations database. 7 markets, executable scripts, compliance gap analysis.
Metadata
Frequently Asked Questions
What is chinese-compliance-checker?
Global compliance checker with API-powered regulations database (出海合规检查+全球法规数据库API). Check GDPR readiness, CCPA compliance, data localization, cross-border d... It is an AI Agent Skill for Claude Code / OpenClaw, with 51 downloads so far.
How do I install chinese-compliance-checker?
Run "/install chinese-compliance-checker" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is chinese-compliance-checker free?
Yes, chinese-compliance-checker is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does chinese-compliance-checker support?
chinese-compliance-checker is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created chinese-compliance-checker?
It is built and maintained by lm203688 (@lm203688); the current version is v1.0.0.
More Skills