Annex IV-as-Code CLI: generate & validate EU AI Act Annex IV
Project description
Annex IV‑as‑Code (annex4ac)
Generate and validate EU AI Act Annex IV technical documentation straight from your CI.
100% local by default.
SaaS/PDF unlocks with a licence key .
✨ Features
- Always up‑to‑date – every run pulls the latest Annex IV HTML from the official AI Act Explorer.
- Schema‑first – YAML scaffold mirrors the 9 numbered sections adopted in the July 2024 Official Journal.
- Fail‑fast CI –
annex4ac validateexits 1 when a mandatory field is missing, so a GitHub Action can block the PR. - Zero binaries – ReportLab renders the PDF; no LaTeX, no system packages.
- Freemium –
fetch-schema&validateare free;generate(PDF) requiresANNEX4AC_LICENSE. - Built-in rule engine – business-logic validation runs locally via WebAssembly (OPA/Rego in Wasm, no external binaries required).
🛠 Requirements
- Python 3.9+
- python-opa-wasm (installed automatically via pip)
- wasmer (installed automatically via pip)
🚀 Quick‑start
# 1 Install (Python 3.9+)
pip install annex4ac
# 2 Pull the latest Annex IV layout
annex4ac fetch-schema annex_template.yaml
# 3 Fill in the YAML → validate
cp annex_template.yaml my_annex.yaml
$EDITOR my_annex.yaml
annex4ac validate -i my_annex.yaml # "Validation OK!" or exit 1
# 4 (Pro) Generate the PDF
echo "ANNEX4AC_LICENSE=your_key" >> ~/.bashrc
annex4ac generate -i my_annex.yaml -o docs/annex_iv.pdf
Hint : You only need to edit the YAML once per model version—CI keeps it green.
🗂 Required YAML fields (June 2024 format)
| Key | Annex IV § |
|---|---|
risk_level |
— |
use_cases |
— |
system_overview |
1 |
development_process |
2 |
system_monitoring |
3 |
performance_metrics |
4 |
risk_management |
5 |
changes_and_versions |
6 |
standards_applied |
7 |
compliance_declaration |
8 |
post_market_plan |
9 |
enterprise_size |
— |
🛠 Commands
| Command | What it does |
|---|---|
fetch-schema |
Download current Annex IV HTML, convert to YAML scaffold annex_schema.yaml. |
validate |
Validate your YAML against the Pydantic schema and OPA policy. Exits 1 on error. Supports --sarif for GitHub annotations. |
generate |
Render PDF with pure‑Python ReportLab (Pro tier). |
Run annex4ac --help for full CLI.
🏷️ Schema version in PDF
Each PDF now displays the Annex IV schema version stamp (e.g., v20240613) and the document generation date.
🔑 Pro-licence & JWT
To generate PDF in Pro mode, a license is required (JWT, RSA signature). The ANNEX4AC_LICENSE key can be checked offline, the public key is stored in the package.
🛡️ Rule-based validation (OPA/Rego)
- High-risk systems: All 9 sections of Annex IV are mandatory (Art. 11 §1).
- Limited/minimal risk: Annex IV is optional but recommended for transparency (Art. 52).
- For high-risk (
risk_level: high), post_market_plan is required. - If use_cases contains a high-risk tag (Annex III), risk_level must be high (auto high-risk).
- SARIF report now supports coordinates (line/col) for integration with GitHub Code Scanning.
- Auto-detection: Systems with Annex III use_cases are automatically classified as high-risk.
🐙 GitHub Action example
name: Annex IV gate
on: [pull_request]
jobs:
ai-act-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.11'
- run: pip install annex4ac
- run: annex4ac validate -i spec/model.yaml
Add ANNEX4AC_LICENSE as a secret to use PDF export in CI.
📄 Offline cache
If Annex IV is temporarily unavailable online, use:
annex4ac fetch-schema --offline
This will load the last saved schema from ~/.cache/annex4ac/ (the cache is updated automatically every 14 days).
⚙️ Local development
git clone https://github.com/your‑org/annex4ac
cd annex4ac
python -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
pytest # unit tests
python annex4ac.py --help
🔑 Licensing & pricing
| Tier | Price | Features |
|---|---|---|
| Community | Free | fetch-schema, validate, unlimited public repos |
| Pro | €15 / month | PDF generation, version history (future SaaS), email support |
| Enterprise | Custom | Self‑hosted Docker, SLA 99.9 %, custom sections |
Pay once, use anywhere – CLI, GitHub Action, future REST API.
📚 References
- Annex IV HTML – https://artificialintelligenceact.eu/annex/4/
- Official Journal PDF – https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202401689
- ReportLab docs – https://www.reportlab.com/documentation
- Typer docs – https://typer.tiangolo.com
- Pydantic docs – https://docs.pydantic.dev
- Open Policy Agent – https://www.openpolicyagent.org
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file annex4ac-0.7.0.tar.gz.
File metadata
- Download URL: annex4ac-0.7.0.tar.gz
- Upload date:
- Size: 76.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6e50b02f180b1df5df69b92f116ad065ddeed814a19cb9ed0fdfde92d2108559
|
|
| MD5 |
79d84092694ddd0ea02727d577a83a53
|
|
| BLAKE2b-256 |
e73dd5a6168a164f61cb44c8cbff00c2235ca438f6002043c05013fbac08351e
|
File details
Details for the file annex4ac-0.7.0-py3-none-any.whl.
File metadata
- Download URL: annex4ac-0.7.0-py3-none-any.whl
- Upload date:
- Size: 63.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
222312284b5f491f63baf5386ce8174d6b46e04670ca501e65ba23747d7b65f3
|
|
| MD5 |
d68bb26de37e21168f51afe6e65cb987
|
|
| BLAKE2b-256 |
54c14c99211e76969041f6bcd88291d443d73f7fe62692b15fc14c2aed04dce1
|
