Automated EU AI Act (2024/1689) compliance checker. Classifies AI systems by risk tier, generates checklists, and produces audit-ready reports.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ogulcan from gravatar.com ogulcan

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: EU AI Act Compliance Kit Contributors
  • Tags eu-ai-act , compliance , risk-assessment , ai-governance
  • Requires: Python >=3.11
  • Provides-Extra: dev , docs , reporting
Classifiers
Report project as malware

Project description

CI Release PyPI Docs Python License

EU AI Act Compliance Kit

Open-source toolkit to operationalize EU AI Act (Regulation 2024/1689) obligations.
It classifies AI systems by risk tier, evaluates compliance evidence, generates actionable checklists, and produces audit-ready reports.

Why This Exists

Teams building AI for EU markets need a practical path from policy text to engineering controls. This project provides that path:

  • Risk classification (unacceptable, high_risk, limited, minimal)
  • Evidence-based compliance checks (status model: compliant, partial, non_compliant, not_assessed)
  • Checklist and remediation workflow tied to article-level obligations
  • Auditable reporting in json, md, html, pdf
  • CI/CD + pre-push gates aligned with deterministic fail policy
  • History and dashboard artifacts for trend visibility across systems

End-to-End Pipeline

flowchart LR
    A["AI System Descriptor (YAML)"] --> B["validate"]
    B --> C["classify --json"]
    C --> D["check --json"]
    D --> E["checklist"]
    D --> F["report (json|md|html|pdf)"]
    D --> G["history append (JSONL)"]
    C --> H["articles"]
    D --> I["dashboard build"]
    G --> I

CI/CD and Action Gate Flow

flowchart LR
    A["PR / Push"] --> B["GitHub Action: classify + check + report"]
    B --> C{"risk_tier == unacceptable?"}
    C -- "yes" --> Z["Fail"]
    C -- "no" --> D{"risk_tier == high_risk\nAND non_compliant_count > 0\nAND fail_on_high_risk=true?"}
    D -- "yes" --> Z
    D -- "no" --> E["Pass"]
    B --> F["Outputs: compliance %, counts, report path"]

Quick Start

Install

pip install eu-ai-act-compliance-kit
# or
pip install -e .

For PDF export support:

pip install -e ".[reporting]"

Run

ai-act validate examples/medical_diagnosis.yaml
ai-act classify examples/medical_diagnosis.yaml --json
ai-act check examples/medical_diagnosis.yaml --json
ai-act checklist examples/medical_diagnosis.yaml --format md -o checklist.md
ai-act report examples/medical_diagnosis.yaml --format html -o report.html
ai-act export check examples/medical_diagnosis.yaml --target generic --json

CLI Surface

  • ai-act classify <system.yaml> [--json]
  • ai-act check <system.yaml> [--json]
  • ai-act checklist <system.yaml> [--format json|md|html]
  • ai-act transparency <system.yaml> [--json]
  • ai-act gpai <model.yaml> [--json]
  • ai-act report <system.yaml> [--format json|md|html|pdf]
  • ai-act validate <system.yaml>
  • ai-act articles [--tier minimal|limited|high_risk|unacceptable]
  • ai-act history list|show|diff
  • ai-act dashboard build <descriptor_dir> [--recursive] [--include-history]
  • ai-act export check <system.yaml> --target jira|servicenow|generic [--output PATH] [--history-path PATH] [--json] [--push] [--push-mode create|upsert] [--dry-run] [--idempotency-path PATH] [--disable-idempotency]
  • ai-act export history <event_id> --target jira|servicenow|generic [--output PATH] [--history-path PATH] [--json] [--push] [--push-mode create|upsert] [--dry-run] [--idempotency-path PATH] [--disable-idempotency]
  • ai-act export ledger list [--idempotency-path PATH] [--target jira|servicenow|generic] [--system NAME] [--requirement-id ID] [--limit N] [--json]
  • ai-act export ledger stats [--idempotency-path PATH] [--json]

Full reference: docs/cli-reference.md

Example Systems

  • examples/medical_diagnosis.yaml (high risk)
  • examples/hiring_tool.yaml (high risk)
  • examples/social_scoring.yaml (unacceptable)
  • examples/chatbot.yaml (minimal)
  • examples/spam_filter.yaml (minimal)
  • examples/gpai_model.yaml / examples/gpai_model_low_risk.yaml

GitHub Action Contract

Action entrypoint: action.yml

Outputs:

  • risk_tier
  • compliance_percentage
  • report_path
  • articles_applicable
  • total_requirements
  • compliant_count
  • non_compliant_count
  • partial_count
  • not_assessed_count

Fail policy:

  • unacceptable always fails
  • high_risk fails only when fail_on_high_risk=true and non_compliant_count > 0

For UK Global Talent Evidence

This repository is structured to generate verifiable signals of technical impact:

  • Measurable output artifacts: compliance reports, checklist items, history events, static dashboards
  • Release discipline: semver tag-driven pipeline (qa-build -> trusted PyPI publish -> GitHub Release)
  • Open contribution readiness: CI, tests, docs, contribution guide, roadmap, changelog
  • Public traceability: issues, PRs, release notes, and workflow history

Evidence-friendly links:

Open-Core Boundary (Commercial Strategy)

Open-source scope (Apache-2.0)

  • Core compliance engine (classification/checker/checklist/transparency/gpai)
  • CLI + report generation + local history/dashboard
  • Documentation, examples, and CI integration

Reserved commercial scope (private)

  • Enterprise policy packs and jurisdiction overlays
  • Managed multi-tenant dashboard / hosted compliance ops
  • Advisory automation and premium support SLAs
  • Proprietary integrations and deployment controls

Development

pip install -e ".[dev,docs]"
pytest -q
mkdocs build --strict

First Contribution Path

pip install -e ".[dev,docs]"
./scripts/quickstart_smoke.sh
pre-commit install --hook-type pre-push
pre-commit run --hook-stage pre-push --all-files

If all checks pass, pick a small docs or test issue, open a focused PR, and include command outputs in the PR description.

Local pre-push gate:

pre-commit install --hook-type pre-push
pre-commit run --hook-stage pre-push --all-files

Documentation

Roadmap Status

  • Phase 1-12: completed (including v0.1.0 launch closure)
  • Phase 13: adoption hardening completed
  • Phase 14: external export core completed (payload-first, no live API push)
  • Phase 15: CI/release runtime hardening completed (Node20 deprecation cleanup + security gate stabilization)
  • Phase 16: live export push completed (strict fail-fast + retry/backoff controls for --push)
  • Phase 17: export push production hardening completed (create-only idempotency ledger + duplicate-safe push)
  • Phase 18: export operator observability + upsert kickoff in progress (export ledger list|stats + --push-mode create|upsert)

Disclaimer

This project provides technical compliance signals and engineering guidance. It is not legal advice.

License

Apache License 2.0. See LICENSE.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ogulcan from gravatar.com ogulcan

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: EU AI Act Compliance Kit Contributors
  • Tags eu-ai-act , compliance , risk-assessment , ai-governance
  • Requires: Python >=3.11
  • Provides-Extra: dev , docs , reporting
Classifiers

Release history Release notifications | RSS feed

0.1.38

0.1.37

0.1.36

0.1.35

0.1.34

0.1.33

0.1.32

0.1.31

0.1.30

0.1.29

0.1.28

0.1.27

0.1.26

0.1.25

0.1.24

0.1.23

0.1.22

0.1.21

0.1.19

0.1.18

0.1.17

0.1.16

0.1.15

0.1.14

0.1.13

0.1.12

0.1.11

0.1.10

0.1.9

0.1.8

This version

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

eu_ai_act_compliance_kit-0.1.7.tar.gz (86.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

eu_ai_act_compliance_kit-0.1.7-py3-none-any.whl (63.9 kB view details)

Uploaded Python 3

File details

Details for the file eu_ai_act_compliance_kit-0.1.7.tar.gz.

File metadata

  • Download URL: eu_ai_act_compliance_kit-0.1.7.tar.gz
  • Upload date:
  • Size: 86.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for eu_ai_act_compliance_kit-0.1.7.tar.gz
Algorithm Hash digest
SHA256 ad293e96c8e531648f6eb4228c0f0709b65208dea2e8b653818246d30e157967
MD5 37ce0b187a4d2b22fc3235282adb6d17
BLAKE2b-256 2d9342a2fdced6cc44b5752341396d4c7cd65e0d69c1e6a27c596e856496eeb1

See more details on using hashes here.

Provenance

The following attestation bundles were made for eu_ai_act_compliance_kit-0.1.7.tar.gz:

Publisher: release.yml on ogulcanaydogan/eu-ai-act-compliance-kit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file eu_ai_act_compliance_kit-0.1.7-py3-none-any.whl.

File metadata

File hashes

Hashes for eu_ai_act_compliance_kit-0.1.7-py3-none-any.whl
Algorithm Hash digest
SHA256 d1bb2ae4b917ffd2237ffe088d1f13d0f35c19e56fd50c6c43f8bcab60d71b34
MD5 58fdbd99b562ab9eca85fb7b497f3e49
BLAKE2b-256 d15c2de28ec00adc38b68bfece3c92855c34a83d15713e9a58301f3386f43bca

See more details on using hashes here.

Provenance

The following attestation bundles were made for eu_ai_act_compliance_kit-0.1.7-py3-none-any.whl:

Publisher: release.yml on ogulcanaydogan/eu-ai-act-compliance-kit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page