African AI governance compliance — enforcement engine and sector packs for NDPA, CBN, NHA, NAICOM, KDPA, POPIA and 15+ African regulatory frameworks. LangGraph-native guard node included.
Project description
Comply54
Open-source AI governance enforcement for African regulatory compliance.
What it does
Comply54 intercepts AI agent tool calls and evaluates them against African regulatory frameworks — CBN, NDPA, NHA, NAICOM, KDPA, POPIA, and more — before execution. Blocked calls never reach the tool.
Agent decides to call transfer_funds(amount=15_000_000)
│
▼
comply54 guard ──► CBN NIP cap exceeded ──► ToolMessage error returned
│ Agent explains to user
✗ tool never executes
No OPA binary required. No subprocess. Works in serverless environments.
How it relates to agt-policies-nigeria
kingztech2019/agt-policies-nigeria comply54
────────────────────────────────── ────────────────────────────────────
The policy SOURCE. The enforcement and tooling LAYER.
• Rego policy packs (NDPA, CBN, ...) ──▶ • PackSpec registry indexes them
• Cited in Microsoft AGT main ──▶ • Sector classes compose them
• OPA tests (306 passing) ──▶ • LangGraph / CrewAI / AutoGen adapters
• Stays at kingztech2019 forever ──▶ • regopy evaluates in-process (no binary)
agt-policies-nigeria is where the policy files live — permanently cited in
Microsoft Agent-OS.
comply54 is where the ecosystem lives — the enforcement engine, sector compositions,
framework adapters, and CI tooling that make those policies consumable from LangChain,
LangGraph, CrewAI, AutoGen, and any OPA pipeline.
Quick Start
Install
# Core (no framework)
pip install comply54
# With LangGraph / LangChain
pip install "comply54[langgraph]"
# With CrewAI
pip install "comply54[crewai]"
# Everything
pip install "comply54[all]"
Nigerian Fintech Agent (LangGraph)
from comply54.sectors import NigeriaFintechCompliance
from comply54.langchain import Comply54Guard, comply54_route
from langgraph.graph import END, StateGraph
from langgraph.prebuilt import ToolNode
compliance = NigeriaFintechCompliance()
guard = Comply54Guard(compliance, context={"kyc_tier": 3})
graph = StateGraph(AgentState)
graph.add_node("agent", call_model)
graph.add_node("comply54_guard", guard) # intercepts before tools run
graph.add_node("tools", ToolNode(tools))
graph.add_conditional_edges("agent", should_continue,
{"comply54_guard": "comply54_guard", END: END})
graph.add_conditional_edges("comply54_guard", comply54_route,
{"tools": "tools", "agent": "agent"}) # blocked → agent, clear → tools
graph.add_edge("tools", "agent")
Direct check (no framework)
from comply54.sectors import NigeriaFintechCompliance
compliance = NigeriaFintechCompliance()
result = compliance.check(
action="transfer_funds",
params={"amount": 15_000_000, "currency": "NGN"},
context={"kyc_tier": 3},
)
print(result.overall) # "deny"
print(result.primary_violation.messages[0]) # "CBN NIP Framework: ..."
Compliance certificate (for auditors)
cert = compliance.certificate(
action="transfer_funds",
params={"amount": 5_000_000, "currency": "NGN"},
context={"kyc_tier": 3},
)
print(cert.to_json()) # tamper-evident JSON with SHA-256 integrity hash
Sector Packs
Sector packs are the main entry point. One import wires up all relevant regulatory frameworks for your use case.
Nigerian Sector Packs
| Sector class | Regulations covered | Use case |
|---|---|---|
NigeriaFintechCompliance |
NDPA + CBN + BVN/NIN + NFIU AML + OWASP | Payment agents, digital banking |
NigeriaHealthcareCompliance |
NHA 2014 + NDPA (special-category) + FMOH AI Policy + OWASP | EHR agents, clinical decision support |
NigeriaInsuranceCompliance |
Insurance Act 2003 + NAICOM Guidelines + NFIU AML + NDPA + OWASP | Claims processing, underwriting |
Other Sector Packs
| Sector class | Jurisdictions | Use case |
|---|---|---|
KenyaFintechCompliance |
KE | Kenyan payment agents |
PanAfricanFintechCompliance |
NG, KE, ZA, GH, RW, EG, ET, MU, TZ, UG | Multi-market agents |
from comply54.sectors import (
NigeriaFintechCompliance,
NigeriaHealthcareCompliance,
NigeriaInsuranceCompliance,
KenyaFintechCompliance,
PanAfricanFintechCompliance,
)
Policy Packs
All packs use in-process Rego evaluation via regopy — no OPA binary required.
Universal Agent Safety Controls
| Pack ID | Regulation | OWASP Ref |
|---|---|---|
universal/prompt-injection |
OWASP Agentic AI — LLM01/ASI01 | LLM01 |
universal/pii-leakage |
OWASP LLM06 — Sensitive Information Disclosure | LLM06 |
universal/tool-permissions |
OWASP LLM08 — Excessive Agency | LLM08 |
universal/human-approval |
OWASP LLM09 — Overreliance | LLM09 |
universal/model-routing |
OWASP LLM03/LLM05 — Model Selection Controls | LLM03/LLM05 |
Nigerian Regulatory Packs
| Pack ID | Regulation | Authority |
|---|---|---|
nigeria/ndpa |
Nigeria Data Protection Act 2023 | NDPC |
nigeria/cbn |
CBN Transaction Limits & Tiered KYC (FPR/DIR/GEN/CIR/07/003) | CBN |
nigeria/bvn-nin |
CBN BVN Framework & NIBSS Scheme Rules | CBN / NIBSS |
nigeria/nfiu-aml |
MLPPA 2022 / NFIU AML Guidelines | NFIU |
nigeria/nha |
Nigeria National Health Act 2014 / FMOH AI Policy | FMOH / MDCN |
nigeria/naicom |
Insurance Act 2003 / NAICOM Operational Guidelines 2021 / Market Conduct 2023 | NAICOM |
East Africa
| Pack ID | Regulation | Authority |
|---|---|---|
kenya/kdpa |
Kenya Data Protection Act 2019 | ODPC |
mauritius/dpa |
Mauritius Data Protection Act 2017 | DPC Mauritius |
tanzania/pdpa |
Tanzania Personal Data Protection Act 2022 | PDPC Tanzania |
uganda/dppa |
Uganda Data Protection and Privacy Act 2019 | PDPO Uganda |
ethiopia/pdp |
Ethiopia Personal Data Protection Proclamation 1321/2024 | ECA |
rwanda/dpa |
Rwanda Law No. 058/2021 on Personal Data Protection | RISA |
Southern Africa
| Pack ID | Regulation | Authority |
|---|---|---|
south-africa/popia |
Protection of Personal Information Act 4 of 2013 | Information Regulator ZA |
West Africa
| Pack ID | Regulation | Authority |
|---|---|---|
ghana/dpa |
Ghana Data Protection Act 843 of 2012 | DPC Ghana |
North Africa
| Pack ID | Regulation | Authority |
|---|---|---|
egypt/pdpl |
Egypt Personal Data Protection Law No. 151/2020 | PDPRL Egypt |
Framework Adapters
LangGraph (recommended)
from comply54.langchain import Comply54Guard, comply54_route
# Comply54Guard is a callable LangGraph node.
# It reads AIMessage.tool_calls, evaluates each via comply54,
# and injects ToolMessage errors for any blocked calls.
guard = Comply54Guard(
NigeriaFintechCompliance(),
context={"kyc_tier": 3},
block_on_escalate=False, # True = escalate decisions also block
)
LangChain StructuredTool
from comply54.langchain import comply54_tool
# Exposes comply54 as a tool the agent can call to self-check
tool = comply54_tool(NigeriaFintechCompliance())
agent = create_react_agent(llm, tools=[*my_tools, tool])
CrewAI
from comply54.crewai import build_compliance_tools
tools = build_compliance_tools(NigeriaFintechCompliance())
agent = Agent(role="Fintech Agent", tools=tools, ...)
AutoGen
from comply54.autogen import ComplianceMiddleware
middleware = ComplianceMiddleware(NigeriaFintechCompliance())
Direct OPA (from agt-policies-nigeria)
git clone https://github.com/kingztech2019/agt-policies-nigeria
cd agt-policies-nigeria
opa test policies/rego/ -v # 306 tests
Example Agents
Three complete LangGraph demo agents are in examples/:
| Example | Sector | Regulations demonstrated |
|---|---|---|
examples/nigeria_fintech_agent/ |
Fintech | CBN NIP cap, Tier KYC limits, Maker-Checker, NFIU AML |
examples/nigeria_health_agent/ |
Healthcare | NHA patient consent, AI diagnosis oversight, NDPA special-category |
examples/nigeria_insurance_agent/ |
Insurance | NAICOM auto-denial cap, anti-discrimination, life underwriting, fraud |
export ANTHROPIC_API_KEY=sk-ant-...
cd examples/nigeria_fintech_agent && python agent.py
cd examples/nigeria_health_agent && python agent.py
cd examples/nigeria_insurance_agent && python agent.py
Adding a New Pack
See CONTRIBUTING.md for the full guide. Quick summary:
- Write
comply54/packs/<jurisdiction>/<pack>.regowith Regodeny,escalate,audit,allowrules - Add a
PackSpecentry incomply54/core/packs.py - Compose it into a sector class in
comply54/sectors/ - Add tests in
tests/
Validation & CI
pip install -e ".[dev]"
# Run all tests
pytest tests/ -v
# Validate pack registry
python tools/validate.py
# OPA tests (requires opa binary)
opa test comply54/packs/ -v
# Lint Rego
regal lint comply54/packs/
Disclaimer
Comply54 policy packs are community-maintained governance starter templates, not certified legal compliance instruments. Organisations must perform their own assessments with qualified legal and regulatory advisors before deploying in regulated environments.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
comply54-0.2.0.tar.gz
(53.9 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
comply54-0.2.0-py3-none-any.whl
(74.4 kB
view details)
File details
Details for the file comply54-0.2.0.tar.gz.
File metadata
- Download URL: comply54-0.2.0.tar.gz
- Upload date:
- Size: 53.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
defd7a686d321e61ad58c5238fdd516bee46568b85d0117304f8803d27e2c4fb
|
|
| MD5 |
bc9f11441cd30fd4d559fd1ffd579487
|
|
| BLAKE2b-256 |
77db4c30cc5a330d50ed3f226bc1a67b3e3ce73bae27f5af5448b2788c91a98c
|
File details
Details for the file comply54-0.2.0-py3-none-any.whl.
File metadata
- Download URL: comply54-0.2.0-py3-none-any.whl
- Upload date:
- Size: 74.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9aeae73f2614222319b77289bcc83522e4624b2a027cad595e1921da069dbe76
|
|
| MD5 |
c5a15b4355162d702e4783ade6f11161
|
|
| BLAKE2b-256 |
9aad3015ef4d735482af9bd92b0f3d879d14de64c0853c76ed51c8f00dc68b55
|
