Art. 53 GPAI duties in force · Commission fines from 2 Aug 2026

Compliance-as-code for the EU AI Act.

One tool per EU AI Act article. Each ships a real file your legal team can hand to a regulator: an SBOM, a Risk Management File, a benchmark report, a prohibited-practice verdict. Apache 2.0, runs locally, no telemetry.

bashpip install license-compliance-checker riskforge rag-benchmarking litmus-screener
evidence.flowlive
INAI systemmodel + data + config
01Art. 53License Compliance Checker
02Art. 9RiskForge CLI
03Art. 15RAG-Bench

· · · 11 more · · ·

OUTEvidence chainper-article artefacts

Find your obligation

What are you deploying?

Pick one. We show the article that applies, when it bites, and the file it demands.

GPAI duties under Article 53 carry live enforcement today.

Art. 53 · in force

GPAI provider obligations

You must produce OSS + model licence report (JSON).

Maximum fine Up to €15M or 3% global turnover (Art. 101(1) · Commission-imposed)

bashpip install license-compliance-checker
Generate now with License Compliance Checker
Art. 5Prohibited AI practices
Art. 9Risk management system
Art. 15Accuracy, robustness, cybersecurity

Not legal advice. Not a notified body. Tools produce evidence, not conformity assessment. Dates and fine bands cite Regulation (EU) 2024/1689 (EUR-Lex CELEX:32024R1689).

The regulatory forcing function

2 Aug 2026

Commission GPAI fining powers attach

Article 53 GPAI documentation duties have applied since 2 August 2025. On 2 August 2026 the Commission's power to fine GPAI providers attaches, at up to €15M or 3% of global annual turnover under Article 101(1). Three more application dates follow.

Feb 2025

Bans + AI literacy apply

Aug 2025

GPAI duties apply

Dec 2027

High-risk systems comply *

Aug 2028

AI inside regulated products *

* Deferred high-risk dates (2 Dec 2027 Annex III; 2 Aug 2028 Annex I) reflect the Digital Omnibus on AI, adopted 29 June 2026 and pending publication in the EU Official Journal. Until OJEU publication the original Regulation (EU) 2024/1689 dates remain technically in force.

The audit workflow

One tool per article. The artefact is the proof.

Each tool answers one obligation and hands the next tool a real file. Run them in order and the evidence pack assembles itself.

Art. 5LitmusAI$ litmus screen
verdict: PASS
Art. 53License Compliance Checker$ lcc scan .
cyclonedx.json
Art. 9RiskForge$ riskforge assess
rmf.json + PDF
Art. 15RAG Benchmarking$ rag-benchmark run
accuracy_report.json
Your evidence packthe files a regulator asks for

Art. 4 and Art. 13 tools join the chain as they ship. The full 14-tool catalogue lives on the products page.

Install today

Four flagship tools. One artefact per obligation.

Each maps to one EU AI Act obligation and ships a real file. Free, Apache 2.0, zero telemetry.

Art. 53 · in forceLive · v1.0.0

License Compliance Checker

Article 53 requires model documentation. Scan the repo; the licence and training-data report comes out.

licence + model reportJSONSBOM
bashpip install license-compliance-checker
Art. 9 · applies Dec 2027 · pending OJEULive · v1.0.0

RiskForge

Article 9 requires a documented risk management system. 37 guided questions produce the file, no consultants, ~30 minutes.

Risk Management FileJSONPDF
bashpip install riskforge
Art. 15 · applies Dec 2027 · pending OJEULive · v1.0.0

RAG Benchmarking

Article 15 requires declared accuracy and robustness. Benchmark the system; the metrics report comes out.

accuracy + robustness reportJSON
bashpip install rag-benchmarking
Art. 5 · in forceLive · v1.0.0

LitmusAI

Article 5 prohibits eight AI practices. Screen the system; a per-prohibition verdict comes out.

prohibited-practices verdictSARIF
bashpip install litmus-screener
Art. 4Building · Sep 2026

OrgLiterate

Will emit the Article 4 literacy-evidence file (JSON + PDF).

Art. 10Built on request

TraceForge

Will emit the Art. 10 data-governance file.

Early-access partners

We are recruiting our first design partners: teams with a named EU AI Act obligation and a real system to run the tools against. Partner names appear here only after a completed pilot, with consent. We don't list logos before they clear our authenticity gate.