Automated EU AI Act (2024/1689) compliance checker. Classifies AI systems by risk tier, generates checklists, and produces audit-ready reports.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ogulcan from gravatar.com ogulcan

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: EU AI Act Compliance Kit Contributors
  • Tags eu-ai-act , compliance , risk-assessment , ai-governance
  • Requires: Python >=3.11
  • Provides-Extra: dev , docs , reporting
Classifiers
Report project as malware

Project description

CI Release PyPI Docs Python License

EU AI Act Compliance Kit

Open-source toolkit to operationalize EU AI Act (Regulation 2024/1689) obligations.
It classifies AI systems by risk tier, evaluates compliance evidence, generates actionable checklists, and produces audit-ready reports.

Why This Exists

Teams building AI for EU markets need a practical path from policy text to engineering controls. This project provides that path:

  • Risk classification (unacceptable, high_risk, limited, minimal)
  • Evidence-based compliance checks (status model: compliant, partial, non_compliant, not_assessed)
  • Checklist and remediation workflow tied to article-level obligations
  • Auditable reporting in json, md, html, pdf
  • CI/CD + pre-push gates aligned with deterministic fail policy
  • History and dashboard artifacts for trend visibility across systems

End-to-End Pipeline

flowchart LR
    A["AI System Descriptor (YAML)"] --> B["validate"]
    B --> C["classify --json"]
    C --> D["check --json"]
    D --> E["checklist"]
    D --> F["report (json|md|html|pdf)"]
    D --> G["history append (JSONL)"]
    C --> H["articles"]
    D --> I["dashboard build"]
    G --> I

CI/CD and Action Gate Flow

flowchart LR
    A["PR / Push"] --> B["GitHub Action: classify + check + report"]
    B --> C{"risk_tier == unacceptable?"}
    C -- "yes" --> Z["Fail"]
    C -- "no" --> D{"risk_tier == high_risk\nAND non_compliant_count > 0\nAND fail_on_high_risk=true?"}
    D -- "yes" --> Z
    D -- "no" --> E["Pass"]
    B --> F["Outputs: compliance %, counts, report path"]

Quick Start

Install

pip install eu-ai-act-compliance-kit
# or
pip install -e .

For PDF export support:

pip install -e ".[reporting]"

Run

ai-act validate examples/medical_diagnosis.yaml
ai-act classify examples/medical_diagnosis.yaml --json
ai-act check examples/medical_diagnosis.yaml --json
ai-act checklist examples/medical_diagnosis.yaml --format md -o checklist.md
ai-act report examples/medical_diagnosis.yaml --format html -o report.html
ai-act export check examples/medical_diagnosis.yaml --target generic --json

CLI Surface

  • ai-act classify <system.yaml> [--json]
  • ai-act check <system.yaml> [--json]
  • ai-act checklist <system.yaml> [--format json|md|html]
  • ai-act transparency <system.yaml> [--json]
  • ai-act gpai <model.yaml> [--json]
  • ai-act report <system.yaml> [--format json|md|html|pdf]
  • ai-act validate <system.yaml>
  • ai-act articles [--tier minimal|limited|high_risk|unacceptable]
  • ai-act history list|show|diff
  • ai-act dashboard build <descriptor_dir> [--recursive] [--include-history]
  • ai-act export check <system.yaml> --target jira|servicenow|generic [--output PATH] [--history-path PATH] [--json] [--push] [--dry-run] [--idempotency-path PATH] [--disable-idempotency]
  • ai-act export history <event_id> --target jira|servicenow|generic [--output PATH] [--history-path PATH] [--json] [--push] [--dry-run] [--idempotency-path PATH] [--disable-idempotency]

Full reference: docs/cli-reference.md

Example Systems

  • examples/medical_diagnosis.yaml (high risk)
  • examples/hiring_tool.yaml (high risk)
  • examples/social_scoring.yaml (unacceptable)
  • examples/chatbot.yaml (minimal)
  • examples/spam_filter.yaml (minimal)
  • examples/gpai_model.yaml / examples/gpai_model_low_risk.yaml

GitHub Action Contract

Action entrypoint: action.yml

Outputs:

  • risk_tier
  • compliance_percentage
  • report_path
  • articles_applicable
  • total_requirements
  • compliant_count
  • non_compliant_count
  • partial_count
  • not_assessed_count

Fail policy:

  • unacceptable always fails
  • high_risk fails only when fail_on_high_risk=true and non_compliant_count > 0

For UK Global Talent Evidence

This repository is structured to generate verifiable signals of technical impact:

  • Measurable output artifacts: compliance reports, checklist items, history events, static dashboards
  • Release discipline: semver tag-driven pipeline (qa-build -> trusted PyPI publish -> GitHub Release)
  • Open contribution readiness: CI, tests, docs, contribution guide, roadmap, changelog
  • Public traceability: issues, PRs, release notes, and workflow history

Evidence-friendly links:

Open-Core Boundary (Commercial Strategy)

Open-source scope (Apache-2.0)

  • Core compliance engine (classification/checker/checklist/transparency/gpai)
  • CLI + report generation + local history/dashboard
  • Documentation, examples, and CI integration

Reserved commercial scope (private)

  • Enterprise policy packs and jurisdiction overlays
  • Managed multi-tenant dashboard / hosted compliance ops
  • Advisory automation and premium support SLAs
  • Proprietary integrations and deployment controls

Development

pip install -e ".[dev,docs]"
pytest -q
mkdocs build --strict

First Contribution Path

pip install -e ".[dev,docs]"
./scripts/quickstart_smoke.sh
pre-commit install --hook-type pre-push
pre-commit run --hook-stage pre-push --all-files

If all checks pass, pick a small docs or test issue, open a focused PR, and include command outputs in the PR description.

Local pre-push gate:

pre-commit install --hook-type pre-push
pre-commit run --hook-stage pre-push --all-files

Documentation

Roadmap Status

  • Phase 1-12: completed (including v0.1.0 launch closure)
  • Phase 13: adoption hardening completed
  • Phase 14: external export core completed (payload-first, no live API push)
  • Phase 15: CI/release runtime hardening completed (Node20 deprecation cleanup + security gate stabilization)
  • Phase 16: live export push completed (strict fail-fast + retry/backoff controls for --push)
  • Phase 17: export push production hardening in progress (create-only idempotency ledger + duplicate-safe push)

Disclaimer

This project provides technical compliance signals and engineering guidance. It is not legal advice.

License

Apache License 2.0. See LICENSE.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ogulcan from gravatar.com ogulcan

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: EU AI Act Compliance Kit Contributors
  • Tags eu-ai-act , compliance , risk-assessment , ai-governance
  • Requires: Python >=3.11
  • Provides-Extra: dev , docs , reporting
Classifiers

Release history Release notifications | RSS feed

0.1.38

0.1.37

0.1.36

0.1.35

0.1.34

0.1.33

0.1.32

0.1.31

0.1.30

0.1.29

0.1.28

0.1.27

0.1.26

0.1.25

0.1.24

0.1.23

0.1.22

0.1.21

0.1.19

0.1.18

0.1.17

0.1.16

0.1.15

0.1.14

0.1.13

0.1.12

0.1.11

0.1.10

0.1.9

0.1.8

0.1.7

This version

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

eu_ai_act_compliance_kit-0.1.6.tar.gz (79.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

eu_ai_act_compliance_kit-0.1.6-py3-none-any.whl (60.5 kB view details)

Uploaded Python 3

File details

Details for the file eu_ai_act_compliance_kit-0.1.6.tar.gz.

File metadata

  • Download URL: eu_ai_act_compliance_kit-0.1.6.tar.gz
  • Upload date:
  • Size: 79.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for eu_ai_act_compliance_kit-0.1.6.tar.gz
Algorithm Hash digest
SHA256 83b6bd5b1bb55ec343c3a20d3d6f44d4a5976a5372065597ef980f3e77856e19
MD5 44be4512d237dd87ea0b8e2212e5ef86
BLAKE2b-256 78cd1a4902be1fe4edd5cb3fd806d846c06a39f2995507986c8132b5c9b354fb

See more details on using hashes here.

Provenance

The following attestation bundles were made for eu_ai_act_compliance_kit-0.1.6.tar.gz:

Publisher: release.yml on ogulcanaydogan/eu-ai-act-compliance-kit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file eu_ai_act_compliance_kit-0.1.6-py3-none-any.whl.

File metadata

File hashes

Hashes for eu_ai_act_compliance_kit-0.1.6-py3-none-any.whl
Algorithm Hash digest
SHA256 dbf4fd0ce38a48cce3834973825b28a25c19d6ed17c3f81627e3fa81d42de91f
MD5 ab84e03815037603b911ccbcdec028f1
BLAKE2b-256 e18bab66bb82786ba0535969f45a25af1af67da0317d58a7f31405a390599f0e

See more details on using hashes here.

Provenance

The following attestation bundles were made for eu_ai_act_compliance_kit-0.1.6-py3-none-any.whl:

Publisher: release.yml on ogulcanaydogan/eu-ai-act-compliance-kit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page