Regex backstop for German Heilmittelwerbegesetz (HWG) & EU Regulation 1924/2006 — flags medical claims, healing promises and unsafe health language in AI-generated marketing copy.
You run an LLM (Claude, GPT, …) that writes marketing copy for food, supplements, cosmetics or "Hildegard von Bingen"-style traditional products. You tell it "don't write health claims" in the system prompt. It regresses anyway. One caption in fifty slips through something like:
"Dieser Tee heilt deine Erkältung in 3 Tagen."
In Germany that single sentence is a textbook § 3 HWG violation. The fine schedule goes up to €50k per incident, plus wettbewerbsrechtliche Abmahnungen from competitors.
This library is not a legal check — you still need a lawyer — but it catches the 80 % of common regressions before publish, at ~50 µs per caption, zero dependencies, one function call.
npm install hwg-guardRequires Node 18+. ESM only. TypeScript types included.
import { checkHWG } from 'hwg-guard';
const caption = "Dieser Tee hilft gegen Erkältung und stärkt dein Immunsystem.";
const result = checkHWG(caption);
// {
// compliant: false,
// flagged: [
// { phrase: 'hilft gegen', reason: 'Wirkaussage' },
// { phrase: 'gegen Erkältung', reason: 'Indikation' },
// { phrase: 'stärkt', reason: 'Staerkungs-Claim' },
// ],
// status: 'needs_legal_review',
// }If result.compliant === true, publish. Otherwise route the content to a human reviewer.
const { decorateForN8n } = require('hwg-guard');
return [{ json: decorateForN8n($input.first().json) }];The decorator adds three fields — compliance_status, flagged_terms, status_for_db — so your SQL INSERT downstream can branch on status_for_db directly:
INSERT INTO content_queue (status, caption, ...)
VALUES ('{{ $json.status_for_db }}', '{{ $json.caption }}', ...);Approved items auto-publish. Flagged items land in needs_legal_review and your Telegram/Slack approval-gate picks them up.
See examples/n8n-code-node.js for the full pattern.
echo "Hildegard von Bingen empfahl es gegen alle Leiden." \
| node examples/cli-demo.jsExit code is 0 when clean, 2 when flagged — useful for CI / pre-commit checks on static content.
| # | Pattern | Reason code | Covers |
|---|---|---|---|
| 1 | heilt |
Heilversprechen | Direct healing promise |
| 2 | lindert |
Wirkaussage | Symptom-relief claim |
| 3 | schützt vor |
Praeventive Gesundheitsaussage | Preventive health claim |
| 4 | stärkt … (immun/abwehr/nerv/herz/körper) |
Staerkungs-Claim | "Strengthens" + body system |
| 5 | hilft bei / hilft gegen |
Wirkaussage | Indirect medical-purpose claim |
| 6 | gegen Erkältung / Demenz / Infekt / Grippe / … |
Indikation | Disease-specific indication |
| 7 | optimiert |
Funktions-Claim | "Optimizes" bodily function |
| 8 | reguliert |
Funktions-Claim | "Regulates" bodily function |
| 9 | verbessert … (gesund/verdau/schlaf/konzentr) |
Funktions-Claim | "Improves" + health area |
| 10 | schlaffördernd |
Gesundheitsaussage | "Sleep-promoting" |
| 11 | verdauungsfreundlich |
Gesundheitsaussage | "Digestion-friendly" |
| 12 | immunstärkend |
Gesundheitsaussage | "Immune-strengthening" |
| 13 | Hildegard … (gegen/bei/hilft/heilt) |
Tradition + Heilaussage | Hildegard-mysticism health exploit (DACH-common) |
| 14 | Krebs |
Schwere Krankheit | Cancer — absolute prohibition per § 12 HWG |
All patterns are case-insensitive (/i) and global (/g). They are a const array — you can import HWG_PATTERNS directly if you want to extend or override.
- Nutrition claims under EU 1169/2011 (LMIV) — e.g. "zuckerfrei", "light"
- Pre-approved health claims you ARE allowed to make (see the EU Register)
- Comparative advertising (§ 6 UWG)
- Medical device regulation (MDR)
- Novel food disclosure (EU 2015/2283)
- Anything wrapped in sarcasm, metaphor or indirect framing that the regex doesn't literally match
Translation: if you publish regulated products in the DACH region, your lawyer is not optional.
These patterns are extracted from the production newsletter-to-Instagram pipeline WRLZ.AI built for Tausendkraut — a DACH herbs brand. The full architecture, including the Claude prompt that sits in front of this guard, is documented in the case study:
→ https://wrlz.ai/case/tausendkraut/
npm test12 unit tests, Node's built-in test runner, no dev dependencies.
MIT — use it, ship it, modify it. Includes an explicit liability disclaimer — regulatory compliance remains your responsibility.
Found a regex that's too greedy / too loose? Open an issue with an example string and the German legal basis (HWG paragraph, EU regulation article, court decision). PRs welcome.
If you maintain a DACH regulated-products brand and hit a false positive that cost you a campaign slot, please tell us — real-world FP cases matter more than adding new patterns.
Built by Pascal Jäger · pascal@wrlz.ai · Heidelberg