AI governance compliance scanner — Colorado SB 205 AI Act self-assessment
Project description
dingdawg-compliance
Colorado SB 205 AI Act compliance scanner. Run it in 60 seconds. Get your score. Know your gaps before June 30, 2026.
pip install dingdawg-compliance
python3 -m dingdawg_compliance scan
What it does
Colorado SB 205 requires any company using AI for consequential decisions (employment, housing, credit, insurance, healthcare, education) to:
- Conduct impact assessments before deployment
- Disclose AI use to consumers at point of decision
- Provide appeal and human review mechanisms
- Designate a Responsible AI Officer
- Test for discriminatory bias
- Maintain a 3-year audit trail
This tool scores your readiness across all 25 SB 205 controls. Free. No signup. Runs locally.
Install
pip install dingdawg-compliance
Requires Python 3.9+. No external dependencies — stdlib only.
Usage
Interactive scan (recommended)
python3 -m dingdawg_compliance scan
Walk through all 25 controls. Answer y/n/skip for each. Get your score at the end.
Example output:
──────────────────────────────────────────────────────
Overall Score: 44/100 [████████░░░░░░░░░░░░] NEEDS WORK
──────────────────────────────────────────────────────
Category Scores:
~ scope 100%
✗ impact_assessment 0%
✗ transparency 33%
✗ appeal 0%
~ governance 50%
✗ bias_testing 0%
✗ data_governance 0%
✗ incident_response 50%
✓ audit 100%
⚠ Critical gaps (2) — mandatory under SB 205:
• CO-3 Pre-Deployment Impact Assessment
• CO-6 Consumer Disclosure at Point of Decision
Need the full remediation report?
→ dingdawg.com/compliance (CO SB 205 gap report — $199)
Score from a JSON file
python3 -m dingdawg_compliance score responses.json
Format for responses.json:
{
"CO-1": true,
"CO-2": true,
"CO-3": false,
"CO-4": null
}
true = implemented, false = not implemented, null = unknown (scored as not implemented).
List all 25 controls
python3 -m dingdawg_compliance controls
Use as a library
from dingdawg_compliance import calculate_co_sb205_score, CO_SB_205_CONTROLS
# Score a self-assessment
responses = {
"CO-1": True, # scope: identified consequential decisions
"CO-3": False, # impact_assessment: no pre-deployment assessment yet
"CO-6": True, # transparency: consumer disclosure implemented
# ... rest of controls
}
result = calculate_co_sb205_score(responses)
print(result["score"]) # 0-100
print(result["gaps"]) # list of unimplemented controls
print(result["critical_gaps"]) # CO-3, CO-6, CO-10, CO-14 if missing
Track assessments in SQLite
from dingdawg_compliance import ComplianceStore, ComplianceScorer, ComplianceFramework
store = ComplianceStore() # stored at ~/.dingdawg/compliance/compliance.db
# Register and assess a control
store.assess_control("CO-3", status="COMPLIANT", assessor="legal-team", notes="Completed Q1 2026")
# Score
scorer = ComplianceScorer(store)
print(scorer.overall_posture_score()) # e.g. 72.0
print(scorer.per_framework_score()) # per-framework breakdown
print(scorer.gap_analysis()) # prioritized gap list
Automated checks (read-only)
from dingdawg_compliance import AutoAssessor
from pathlib import Path
assessor = AutoAssessor(
base_dir=Path("./src"),
db_paths=[Path("./data/app.db")]
)
results = assessor.run_all_checks()
print(results["checks"]["access_controls"]["summary"])
print(results["checks"]["audit_logging"]["summary"])
The 25 CO SB 205 Controls
| ID | Category | Control | Critical |
|---|---|---|---|
| CO-1 | scope | Consequential Decision Identification | |
| CO-2 | scope | High-Risk AI System Classification | |
| CO-3 | impact_assessment | Pre-Deployment Impact Assessment | ★ |
| CO-4 | impact_assessment | Annual Impact Assessment Review | |
| CO-5 | impact_assessment | Impact Assessment Documentation | |
| CO-6 | transparency | Consumer Disclosure at Point of Decision | ★ |
| CO-7 | transparency | Disclosure Timing | |
| CO-8 | transparency | Disclosure Content — AI Role | |
| CO-9 | transparency | Disclosure Content — Data Used | |
| CO-10 | appeal | Appeal Mechanism | ★ |
| CO-11 | appeal | Human Review Option | |
| CO-12 | appeal | Opt-Out Mechanism | |
| CO-13 | appeal | Appeal Response Timeline | |
| CO-14 | governance | Responsible AI Officer Designation | ★ |
| CO-15 | governance | AI Inventory | |
| CO-16 | governance | Vendor Due Diligence | |
| CO-17 | governance | Policy Documentation | |
| CO-18 | bias_testing | Pre-Deployment Bias Testing | |
| CO-19 | bias_testing | Ongoing Bias Monitoring | |
| CO-20 | bias_testing | Protected Class Analysis | |
| CO-21 | data_governance | Training Data Documentation | |
| CO-22 | data_governance | Data Minimization | |
| CO-23 | incident_response | AI Incident Response Plan | |
| CO-24 | incident_response | Error Notification | |
| CO-25 | audit | Third-Party Audit Trail |
★ Critical — mandatory remediation required before June 30, 2026.
What this doesn't include
This scanner shows what to check and where your gaps are. It does not generate remediation plans, regulatory citations, evidence templates, or audit-ready documentation.
For the full gap report with remediation guidance → dingdawg.com/compliance
License
Apache 2.0 — free to use, fork, and contribute.
Contributing
PRs welcome for new indicators, additional frameworks, or CLI improvements. Open an issue first for anything structural.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file dingdawg_compliance-1.0.1-py3-none-any.whl.
File metadata
- Download URL: dingdawg_compliance-1.0.1-py3-none-any.whl
- Upload date:
- Size: 14.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
aad3b0bbc30b96215d28479ea010c750675f0acabc832dee0a05a0af9d1e780d
|
|
| MD5 |
e1a8aef7fda62d99b6dac82d3db0884c
|
|
| BLAKE2b-256 |
ddb26557e2b775ebbafeb88b7e73c76942960970dcf3e64ae0a055da73eaa48f
|
