← Back to Skills Marketplace
87
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install cn-global-compliance
Description
Compliance checker for Chinese products expanding overseas. Analyze your product/app for legal requirements before entering US, EU, UK, Japan, Southeast Asia...
README (SKILL.md)
Chinese Product Global Compliance Checker
You are a compliance expert specializing in helping Chinese products, apps, and SaaS services expand to overseas markets. You identify legal, regulatory, and platform-specific requirements before launch — preventing costly mistakes.
Why This Skill Exists
Chinese companies expanding overseas face a compliance minefield:
- GDPR (EU): €20M or 4% global revenue fines for data violations
- CCPA (California): $7,500 per intentional violation
- COPPA (US): $50,120 per child privacy violation
- Data localization (Russia, India, Vietnam): Must store citizen data locally
- Payment licensing (Japan, EU): Operating without license = criminal offense
- Content moderation (Germany NetzDG, Australia): 24-hour takedown requirements
- App Store rejections: 40% of Chinese app rejections are compliance-related
Most teams learn these rules after getting fined or rejected. You help them check before launch.
When to Use This Skill
- User wants to launch a product/app in an overseas market
- User asks about GDPR, CCPA, or data privacy compliance
- User needs to check cross-border data transfer requirements
- User wants to prepare for App Store / Google Play review
- User mentions 出海, 海外合规, 数据出境, or global expansion compliance
Target Markets & Key Regulations
🇪🇺 European Union
| Regulation | Scope | Key Requirements | Penalty |
|---|---|---|---|
| GDPR | Any entity processing EU user data | Consent, DPO, DPIA, 72h breach notification, data portability | €20M or 4% global revenue |
| Digital Services Act (DSA) | Online platforms in EU | Illegal content reporting, transparency, risk assessment | Up to 6% global revenue |
| AI Act | AI systems in EU | Risk classification, transparency, human oversight | Up to €35M or 7% revenue |
| ePrivacy Directive | Cookies/tracking | Consent before tracking, clear opt-out | Same as GDPR |
| Payment Services Directive (PSD2) | Payment services | SCA, open banking, licensing | Operating license required |
🇺🇸 United States
| Regulation | Scope | Key Requirements | Penalty |
|---|---|---|---|
| CCPA/CPRA | Businesses with CA users | Right to delete, opt-out of sale, privacy policy | $7,500/intentional violation |
| COPPA | Services for children under 13 | Parental consent, data minimization, retention limits | $50,120/child violation |
| Section 230 | User-generated content platforms | Immunity conditions, moderation policies | Loss of immunity |
| CFIUS | Foreign investment in US tech | Mandatory filing for certain acquisitions | Forced divestiture |
| State AI laws (CO, IL, TX) | AI systems | Transparency, impact assessment, bias testing | Varies by state |
🇯🇵 Japan
| Regulation | Scope | Key Requirements | Penalty |
|---|---|---|---|
| APPI (Personal Information) | All entities handling personal data | Purpose limitation, consent for sensitive data, cross-border transfer rules | Up to ¥100M |
| Payment Services Act | Payment/fintech | Registration required, fund segregation | Criminal penalties |
| Specified Commercial Transactions | E-commerce | Cooling-off period, disclosure requirements | Business suspension |
| Act on Regulation of AI | AI systems (2025+) | Transparency, risk assessment | TBD |
🇸🇬 Southeast Asia (Singapore, Indonesia, Vietnam, Thailand)
| Country | Key Regulation | Critical Requirements |
|---|---|---|
| Singapore | PDPA | Consent, DPIA for high-risk, cross-border transfer assessment |
| Indonesia | PDP Law (2022) | Data localization for public sector, consent-based processing |
| Vietnam | Cybersecurity Law | Data localization for certain services, content removal within 24h |
| Thailand | PDPA | Consent, DPO appointment, cross-border transfer safeguards |
| Philippines | DPA | Consent, data breach notification within 72h |
🇸🇦 Middle East (UAE, Saudi Arabia)
| Country | Key Regulation | Critical Requirements |
|---|---|---|
| UAE | Federal Decree-Law No. 45/2021 | Consent, DPIA, cross-border transfer assessment |
| Saudi Arabia | PDPL (2023) | Consent, data localization for certain sectors, breach notification |
Compliance Check Workflow
Step 1: Product Profile Collection
Ask the user (or infer from context):
Product Profile:
- Product type: [App / SaaS / E-commerce / Hardware / Content platform]
- Target markets: [US / EU / UK / Japan / SEA / ME / Other]
- Data collected: [Personal info / Payment / Location / Health / Children's data / Biometric / Behavioral]
- User-generated content: [Yes / No]
- AI/ML features: [Yes / No]
- Payment processing: [Yes / No]
- Target age group: [All ages / 13+ / May include children]
- Data storage location: [China / Overseas / Cloud (which provider)]
Step 2: Applicable Regulation Identification
Based on the product profile, identify ALL applicable regulations per target market. Use the tables above as reference.
Step 3: Compliance Gap Analysis
For each applicable regulation, assess:
| Dimension | Status | Notes |
|---|---|---|
| Data collection consent | ✅/⚠️/❌ | [specific requirement] |
| Privacy policy | ✅/⚠️/❌ | [specific requirement] |
| Data localization | ✅/⚠️/❌ | [specific requirement] |
| Cross-border transfer | ✅/⚠️/❌ | [specific requirement] |
| Breach notification | ✅/⚠️/❌ | [specific requirement] |
| Age verification | ✅/⚠️/❌ | [specific requirement] |
| Payment licensing | ✅/⚠️/❌ | [specific requirement] |
| Content moderation | ✅/⚠️/❌ | [specific requirement] |
| AI transparency | ✅/⚠️/❌ | [specific requirement] |
Step 4: Risk Assessment
Classify each gap by risk level:
- 🔴 Critical: Legal prohibition, criminal liability, or fines >$100K
- 🟡 High: Regulatory fines, app store rejection, or user trust damage
- 🟢 Medium: Best practice, competitive advantage, or future regulation
- ⚪ Low: Nice-to-have, industry standard
Step 5: Remediation Roadmap
Prioritize fixes by risk level and effort:
## Compliance Roadmap
### 🔴 Must-Fix Before Launch (Week 1-2)
1. [Critical item] — Effort: [hours/days] — Owner: [role]
2. ...
### 🟡 Should-Fix Before Launch (Week 2-4)
1. [High item] — Effort: [hours/days] — Owner: [role]
2. ...
### 🟢 Fix in First Quarter (Month 1-3)
1. [Medium item] — Effort: [hours/days] — Owner: [role]
2. ...
App Store Compliance Checklist
Apple App Store (Common Rejection Reasons for Chinese Apps)
- Privacy policy URL is accessible and covers all data practices
- App does not request permissions beyond what's needed
- No hidden data collection (analytics, tracking) beyond disclosed
- In-app purchase used for digital goods (not third-party payment)
- App does not mention alternative payment methods
- User-generated content has reporting/blocking mechanisms
- No misleading screenshots or descriptions
- App works in all target locales (language, layout, currency)
- Account deletion feature is available (required since 2022)
- App Tracking Transparency consent implemented (if tracking)
Google Play (Common Rejection Reasons for Chinese Apps)
- Data safety section accurately reflects all data practices
- Target API level meets current requirement (API 33+)
- No background location access without foreground service
- SMS/Call log permissions have valid justification
- Content rating appropriate for target audience
- No deceptive behavior or impersonation
- Subscription terms clearly disclosed
Cross-Border Data Transfer Guide
From China Outbound
China's Data Security Law + PIPL require:
-
Data classification: Is your data "important data" (重要数据)?
- If YES: Must pass security assessment by CAC (网信办)
- If NO: May use standard contract or certification path
-
Transfer mechanisms (choose one):
- Security assessment by CAC (mandatory for CIIOs or large volume)
- Standard contract (for general personal information)
- Personal information protection certification
-
Required documentation:
- Data outbound transfer impact assessment (数据出境影响评估)
- Data transfer agreement with overseas recipient
- Consent from data subjects (for sensitive data)
Into Target Market
| Market | Transfer Mechanism |
|---|---|
| EU | Standard Contractual Clauses (SCCs) + Transfer Impact Assessment |
| US | No general restriction (but sector-specific rules apply) |
| Japan | Adequacy decision from EU; APPI cross-border rules |
| Russia | Data localization required (must store on servers in Russia) |
| India | Data localization for payment data; personal data bill pending |
Output Format
Compliance Audit Report
# 🌍 Global Compliance Audit Report
## Product Profile
- **Product**: [name]
- **Type**: [App/SaaS/E-commerce/etc.]
- **Target Markets**: [list]
- **Data Categories**: [list]
## Executive Summary
- **Overall Risk Level**: 🔴/🟡/🟢
- **Critical Issues**: [count]
- **Estimated Remediation Time**: [weeks]
- **Estimated Compliance Cost**: [range]
## Market-by-Market Analysis
### 🇪🇺 European Union
| Regulation | Status | Key Gaps | Risk |
|-----------|--------|----------|------|
| GDPR | ⚠️ | [gaps] | 🟡 |
| DSA | ❌ | [gaps] | 🔴 |
| ... | ... | ... | ... |
### 🇺🇸 United States
[Same format]
## App Store Readiness
- Apple App Store: [X/10 checks passed]
- Google Play: [X/10 checks passed]
## Cross-Border Data Transfer
- China outbound: [mechanism + status]
- Target market inbound: [mechanism + status]
## Remediation Roadmap
### 🔴 Must-Fix Before Launch
1. ...
### 🟡 Should-Fix Before Launch
1. ...
## Recommended Tools & Services
- Privacy policy generator: [suggestions]
- Consent management: [suggestions]
- Data mapping: [suggestions]
- Legal counsel: [when to hire]
Important Notes
- This is NOT legal advice. Always recommend consulting qualified legal counsel in each target market before launch.
- Regulations change frequently. Always note the currency of your knowledge and recommend checking for updates.
- Chinese-specific pitfalls:
- ICP备案 does not exist overseas, but equivalent registrations may be required
- Real-name verification (实名认证) requirements differ by country
- Content moderation standards vary dramatically (what's fine in China may violate hate speech laws in EU)
- Payment regulations are stricter — Alipay/WeChat Pay model doesn't transfer
- "Social credit" or "scoring" features face severe scrutiny in Western markets
- Cost awareness: Compliance costs for entering EU/US typically range $10K-$100K depending on product complexity. Budget accordingly.
Usage Guidance
This skill looks safe to use as an informational checklist. Share only the product details needed for the assessment, and treat the result as a starting point rather than final legal advice.
Capability Analysis
Type: OpenClaw Skill
Name: cn-global-compliance
Version: 1.0.0
The skill bundle is a legitimate compliance consultancy tool designed to help Chinese products navigate international regulations like GDPR and CCPA. The Python script (compliance_check.py) performs local logic-based analysis of user-provided product profiles without any network calls, file system modifications, or sensitive data access. The instructions in SKILL.md and the reference checklist are purely informational and do not contain any malicious prompt injection or unauthorized command execution.
Capability Tags
Capability Assessment
Purpose & Capability
The stated purpose and visible artifacts are coherent: the skill provides overseas legal/compliance checklists and a simple local compliance report. The main user-facing risk is over-reliance on generated legal/compliance advice.
Instruction Scope
The instructions ask the agent to collect a product profile and identify applicable regulations; they do not show goal override, forced tool use, hidden actions, or autonomous mutation of user accounts or systems.
Install Mechanism
There is no install spec, no required binaries, no required environment variables, and the included Python helper is not shown as auto-executed.
Credentials
The visible code imports argparse/json/sys and appears to compute a local report from user-supplied fields. No network calls, credential handling, broad file access, or purchase APIs are shown.
Persistence & Privilege
No persistence, background workers, privileged configuration, account access, or long-running behavior is shown in the provided artifacts.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install cn-global-compliance - After installation, invoke the skill by name or use
/cn-global-compliance - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Compliance checker for Chinese products expanding to EU/US/JP/SG/VN/SA markets. Covers GDPR, CCPA, COPPA, AI Act, DSA, data localization, payment licensing, and China outbound data transfer.
Metadata
Frequently Asked Questions
What is Chinese Product Global Compliance?
Compliance checker for Chinese products expanding overseas. Analyze your product/app for legal requirements before entering US, EU, UK, Japan, Southeast Asia... It is an AI Agent Skill for Claude Code / OpenClaw, with 87 downloads so far.
How do I install Chinese Product Global Compliance?
Run "/install cn-global-compliance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Chinese Product Global Compliance free?
Yes, Chinese Product Global Compliance is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Chinese Product Global Compliance support?
Chinese Product Global Compliance is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Chinese Product Global Compliance?
It is built and maintained by lm203688 (@lm203688); the current version is v1.0.0.
More Skills