Automated EU AI Act (2024/1689) compliance checker. Classifies AI systems by risk tier, generates checklists, and produces audit-ready reports.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ogulcan from gravatar.com ogulcan

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: EU AI Act Compliance Kit Contributors
  • Tags eu-ai-act , compliance , risk-assessment , ai-governance
  • Requires: Python >=3.11
  • Provides-Extra: dev , docs , reporting
Classifiers
Report project as malware

Project description

CI Release PyPI Docs Python License

EU AI Act Compliance Kit

Open-source toolkit to operationalize EU AI Act (Regulation 2024/1689) obligations.
It classifies AI systems by risk tier, evaluates compliance evidence, generates actionable checklists, and produces audit-ready reports.

Why This Exists

Teams building AI for EU markets need a practical path from policy text to engineering controls. This project provides that path:

  • Risk classification (unacceptable, high_risk, limited, minimal)
  • Evidence-based compliance checks (status model: compliant, partial, non_compliant, not_assessed)
  • Checklist and remediation workflow tied to article-level obligations
  • Auditable reporting in json, md, html, pdf
  • CI/CD + pre-push gates aligned with deterministic fail policy
  • History and dashboard artifacts for trend visibility across systems

End-to-End Pipeline

flowchart LR
    A["AI System Descriptor (YAML)"] --> B["validate"]
    B --> C["classify --json"]
    C --> D["check --json"]
    D --> E["checklist"]
    D --> F["report (json|md|html|pdf)"]
    D --> G["history append (JSONL)"]
    C --> H["articles"]
    D --> I["dashboard build"]
    G --> I

CI/CD and Action Gate Flow

flowchart LR
    A["PR / Push"] --> B["GitHub Action: classify + check + report"]
    B --> C{"risk_tier == unacceptable?"}
    C -- "yes" --> Z["Fail"]
    C -- "no" --> D{"risk_tier == high_risk\nAND non_compliant_count > 0\nAND fail_on_high_risk=true?"}
    D -- "yes" --> Z
    D -- "no" --> E["Pass"]
    B --> F["Outputs: compliance %, counts, report path"]

Quick Start

Install

pip install eu-ai-act-compliance-kit
# or
pip install -e .

For PDF export support:

pip install -e ".[reporting]"

Run

ai-act validate examples/medical_diagnosis.yaml
ai-act classify examples/medical_diagnosis.yaml --json
ai-act check examples/medical_diagnosis.yaml --json
ai-act checklist examples/medical_diagnosis.yaml --format md -o checklist.md
ai-act report examples/medical_diagnosis.yaml --format html -o report.html
ai-act export check examples/medical_diagnosis.yaml --target generic --json

CLI Surface

  • ai-act classify <system.yaml> [--json]
  • ai-act check <system.yaml> [--json]
  • ai-act checklist <system.yaml> [--format json|md|html]
  • ai-act transparency <system.yaml> [--json]
  • ai-act gpai <model.yaml> [--json]
  • ai-act report <system.yaml> [--format json|md|html|pdf]
  • ai-act validate <system.yaml>
  • ai-act articles [--tier minimal|limited|high_risk|unacceptable]
  • ai-act history list|show|diff
  • ai-act dashboard build <descriptor_dir> [--recursive] [--include-history]
  • ai-act export check <system.yaml> --target jira|servicenow|generic [--output PATH] [--history-path PATH] [--json] [--push] [--push-mode create|upsert] [--dry-run] [--idempotency-path PATH] [--disable-idempotency]
  • ai-act export history <event_id> --target jira|servicenow|generic [--output PATH] [--history-path PATH] [--json] [--push] [--push-mode create|upsert] [--dry-run] [--idempotency-path PATH] [--disable-idempotency]
  • ai-act export ledger list [--idempotency-path PATH] [--target jira|servicenow|generic] [--system NAME] [--requirement-id ID] [--limit N] [--json]
  • ai-act export ledger stats [--idempotency-path PATH] [--json]

Full reference: docs/cli-reference.md

Example Systems

  • examples/medical_diagnosis.yaml (high risk)
  • examples/hiring_tool.yaml (high risk)
  • examples/social_scoring.yaml (unacceptable)
  • examples/chatbot.yaml (minimal)
  • examples/spam_filter.yaml (minimal)
  • examples/gpai_model.yaml / examples/gpai_model_low_risk.yaml

GitHub Action Contract

Action entrypoint: action.yml

Outputs:

  • risk_tier
  • compliance_percentage
  • report_path
  • articles_applicable
  • total_requirements
  • compliant_count
  • non_compliant_count
  • partial_count
  • not_assessed_count

Fail policy:

  • unacceptable always fails
  • high_risk fails only when fail_on_high_risk=true and non_compliant_count > 0

For UK Global Talent Evidence

This repository is structured to generate verifiable signals of technical impact:

  • Measurable output artifacts: compliance reports, checklist items, history events, static dashboards
  • Release discipline: semver tag-driven pipeline (qa-build -> trusted PyPI publish -> GitHub Release)
  • Open contribution readiness: CI, tests, docs, contribution guide, roadmap, changelog
  • Public traceability: issues, PRs, release notes, and workflow history

Evidence-friendly links:

Open-Core Boundary (Commercial Strategy)

Open-source scope (Apache-2.0)

  • Core compliance engine (classification/checker/checklist/transparency/gpai)
  • CLI + report generation + local history/dashboard
  • Documentation, examples, and CI integration

Reserved commercial scope (private)

  • Enterprise policy packs and jurisdiction overlays
  • Managed multi-tenant dashboard / hosted compliance ops
  • Advisory automation and premium support SLAs
  • Proprietary integrations and deployment controls

Development

pip install -e ".[dev,docs]"
pytest -q
mkdocs build --strict

First Contribution Path

pip install -e ".[dev,docs]"
./scripts/quickstart_smoke.sh
pre-commit install --hook-type pre-push
pre-commit run --hook-stage pre-push --all-files

If all checks pass, pick a small docs or test issue, open a focused PR, and include command outputs in the PR description.

Local pre-push gate:

pre-commit install --hook-type pre-push
pre-commit run --hook-stage pre-push --all-files

Documentation

Roadmap Status

  • Phase 1-12: completed (including v0.1.0 launch closure)
  • Phase 13: adoption hardening completed
  • Phase 14: external export core completed (payload-first, no live API push)
  • Phase 15: CI/release runtime hardening completed (Node20 deprecation cleanup + security gate stabilization)
  • Phase 16: live export push completed (strict fail-fast + retry/backoff controls for --push)
  • Phase 17: export push production hardening completed (create-only idempotency ledger + duplicate-safe push)
  • Phase 18: export operator observability + upsert push completed (export ledger list|stats + lookup-first upsert mode)

Disclaimer

This project provides technical compliance signals and engineering guidance. It is not legal advice.

License

Apache License 2.0. See LICENSE.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ogulcan from gravatar.com ogulcan

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: EU AI Act Compliance Kit Contributors
  • Tags eu-ai-act , compliance , risk-assessment , ai-governance
  • Requires: Python >=3.11
  • Provides-Extra: dev , docs , reporting
Classifiers

Release history Release notifications | RSS feed

0.1.38

0.1.37

0.1.36

0.1.35

0.1.34

0.1.33

0.1.32

0.1.31

0.1.30

0.1.29

0.1.28

0.1.27

0.1.26

0.1.25

0.1.24

0.1.23

0.1.22

0.1.21

0.1.19

0.1.18

0.1.17

0.1.16

0.1.15

0.1.14

0.1.13

0.1.12

0.1.11

0.1.10

0.1.9

This version

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

eu_ai_act_compliance_kit-0.1.8.tar.gz (86.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

eu_ai_act_compliance_kit-0.1.8-py3-none-any.whl (63.8 kB view details)

Uploaded Python 3

File details

Details for the file eu_ai_act_compliance_kit-0.1.8.tar.gz.

File metadata

  • Download URL: eu_ai_act_compliance_kit-0.1.8.tar.gz
  • Upload date:
  • Size: 86.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for eu_ai_act_compliance_kit-0.1.8.tar.gz
Algorithm Hash digest
SHA256 ca8a0dfc3bcf080490e86c6c7a558d227ad32a291a7a9b1fdcfa24708f462f31
MD5 783692a2ec79f1c323867919b56a466b
BLAKE2b-256 042057d1f4ea36ddaf272f5e8cc1571f0ee0d18cd87126326dbacf3e6b67cd02

See more details on using hashes here.

Provenance

The following attestation bundles were made for eu_ai_act_compliance_kit-0.1.8.tar.gz:

Publisher: release.yml on ogulcanaydogan/eu-ai-act-compliance-kit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file eu_ai_act_compliance_kit-0.1.8-py3-none-any.whl.

File metadata

File hashes

Hashes for eu_ai_act_compliance_kit-0.1.8-py3-none-any.whl
Algorithm Hash digest
SHA256 387e9531022d1b56fdfdef195a53ee8112e122f2e05f6677e137a5608fd18127
MD5 2e6c7891de0062b9603dc7bdf5b4f30e
BLAKE2b-256 30d1caf74571e185ac4c00485f4d13adfa1003b621626f301ead8a0036826033

See more details on using hashes here.

Provenance

The following attestation bundles were made for eu_ai_act_compliance_kit-0.1.8-py3-none-any.whl:

Publisher: release.yml on ogulcanaydogan/eu-ai-act-compliance-kit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page