Compliance-as-code for the EU AI Act.

One tool per EU AI Act article. Each ships a real file — a signed SBOM, a Risk Management File, a benchmark report, a prohibited-practice verdict — that your legal team can hand to a regulator. Apache 2.0, runs locally, no telemetry.

Install in 60 seconds View on GitHub →

bashpip install license-compliance-checker riskforge rag-benchmarking litmus-screener

evidence.flowlive

INAI systemmodel + data + config

01Art. 53License Compliance Checker

02Art. 9RiskForge CLI

03Art. 15RAG-Bench

· · · 11 more · · ·

OUTEvidence chainper-article artefacts

Find your obligation

Obligation. Date. Fine. Artefact. Tool.

Pick a use case and jurisdiction. Cards reorder by relevance. Every fine band carries its Article reference; every tool below ships under Apache 2.0.

I'm deployingin

Art. 5

Enforced

Prohibited AI practices

Date: 2025-02-02

Fine: Up to €35M or 7% global turnover
(Art. 99(3))

Artefact: Per-prohibition Red/Amber/Clear verdict (SARIF)
Tool: LitmusAI · v1.0.0

Screen now →

This screens against Art. 5 prohibitions. NOT legal advice or conformity assessment.

Art. 9

Upcoming

Risk management system

Date: 2026-08-02

Fine: Up to €15M or 3% global turnover
(Art. 99(4))

Artefact: Annex IV-aligned Risk Management File (JSON / PDF)
Tool: RiskForge · v1.0.0

Generate now →

This produces Art. 9 evidence. NOT a notified-body conformity assessment.

Art. 15

Upcoming

Accuracy, robustness, cybersecurity

Date: 2026-08-02

Fine: Up to €15M or 3% global turnover
(Art. 99(4))

Artefact: Retrieval accuracy & robustness report
Tool: RAG Benchmarking · v1.0.0

Benchmark now →

This benchmarks Art. 15 accuracy + robustness for RAG systems. Cybersecurity coverage is partial; pair with a runtime AI security control.

Art. 53

Enforced

GPAI provider obligations

Date: 2025-08-02

Fine: Up to €15M or 3% global turnover
(Art. 101(1) — Commission-imposed)

Artefact: OSS + model licence report (JSON)
Tool: License Compliance Checker · v1.1.0

Generate now →

This produces Art. 53 documentation evidence. NOT an AI Office submission of record.

Art. 53License Compliance Checker
Art. 15RAG-Bench
Art. 9RiskForge CLI
Art. 5LitmusAI
Art. 10TraceForge
Art. 13TransparencyDeck
Art. 11, 12Agentic Document Analyser
Art. 72VigilanceDash
Art. 4OrgLiterate
Art. 14, 17Sigil
Art. 53License Compliance Checker
Art. 15RAG-Bench
Art. 9RiskForge CLI
Art. 5LitmusAI
Art. 10TraceForge
Art. 13TransparencyDeck
Art. 11, 12Agentic Document Analyser
Art. 72VigilanceDash
Art. 4OrgLiterate
Art. 14, 17Sigil

The Regulatory Forcing Function

The deadlines have already started.

One regulation, four staged enforcement dates. Each tool ships evidence against a specific article on the date the law sets.

2 August 2026

Article 6+ high-risk system obligations apply across the EU on this date. It is the next forcing function — and it is closer than a typical procurement cycle.

Per Art. 113 · Regulation (EU) 2024/1689

EU AI Act · Application Dates

Four dates. One regulation. Staged enforcement.

Feb 2025

Prohibited Practices + AI Literacy

Articles 4 & 5

Enforced

Eight AI practices are illegal. Deployers must evidence staff AI literacy proportionate to role and risk. Fines up to €35M.

Aug 2025

GPAI Transparency

Article 53

Enforced

GPAI providers must publish technical documentation, training-data summaries, and copyright compliance policies.

Aug 2026

High-Risk AI Systems

Articles 6+

Imminent

Risk management, data governance, accuracy, transparency, human oversight — all required for high-risk AI.

Aug 2027

Full Applicability

Annex I sectoral

Upcoming

AI embedded in medical devices, machinery, and vehicles — sector-specific application extends.

Feb 2025

Prohibited Practices + AI Literacy

Articles 4 & 5

Eight AI practices are illegal. Deployers must evidence staff AI literacy proportionate to role and risk. Fines up to €35M.

Aug 2025

GPAI Transparency

Article 53

GPAI providers must publish technical documentation, training-data summaries, and copyright compliance policies.

Aug 2026

High-Risk AI Systems

Articles 6+

Risk management, data governance, accuracy, transparency, human oversight — all required for high-risk AI.

Aug 2027

Full Applicability

Annex I sectoral

AI embedded in medical devices, machinery, and vehicles — sector-specific application extends.

How the tools chain

One tool per article. The artefact is the proof.

Conformity assessment is a paper trail across roughly a dozen EU AI Act articles. We ship one tool per article, each producing the file the assessor opens next.

#ToolArticleOutput artefactStatus

01
01License Compliance Checker
Art. 53OSS + model licence report (JSON)Live
02
02RAG Benchmarking
Art. 15Retrieval accuracy report (JSON / Markdown)Live
03
03RiskForge
Art. 9Risk Management File (JSON / PDF)Live
04
04LitmusAI
Art. 5Prohibited-practices verdict (SARIF)Live
05
05TraceForge
Art. 10Dataset governance reportQ2 2026
06
06TransparencyDeck
Art. 13Deployer-facing transparency documentQ3 2026
07
07Agentic Document Analyser
Art. 11, 12Technical file + logging extractAlpha
08
08RMFMapper
NIST AI RMF ↔ EU AI ActCross-map matrixQ4 2026
09
09ISOEvidence
ISO 42001Management-system gap report2027
10
10VigilanceDash
Art. 72Post-market monitoring feedQ4 2026
11
11OrgLiterate
Art. 4AI-literacy training records2027
12
12ConformityBot
Art. 43Conformity-assessment aggregation2027
13
13Sigil
Art. 14, 17Runtime oversight + QMS evidenceQ1 2027
14
14HealthAI-Comply
MDR + EU AI Act + FDAClinical-AI evidence bundle2028

Four open-source tools live today — License Compliance Checker, RiskForge, RAG Benchmarking, LitmusAI. Each maps to one EU AI Act obligation. Install any of them in under 60 seconds. The rest of the chain ships through 2026–2027, with HealthAI-Comply in 2028.

The four tools, live now

Four flagship tools. One evidence chain.

Each tool maps to a specific obligation and produces structured evidence the next tool consumes. Free. Apache 2.0. Zero telemetry.

Article 53

License Compliance Checker

Framework-agnostic license compliance harness for AI systems and software dependencies.

GPAI Compliance

Flagship

bashpip install license-compliance-checker

Docs GitHub

Article 9

RiskForge

EU AI Act Article 9 Risk Management System builder — 30 minutes to a signed, audit-trailed Risk Management File.

Risk Management

Flagship

bashpip install riskforge

Docs GitHub

Article 15

RAG Benchmarking

Framework-agnostic evaluation harness for RAG and agentic AI systems.

Accuracy Requirements

Flagship

bashpip install rag-benchmarking

Docs GitHub

Article 5

LitmusAI

Free, deterministic CLI screener for the eight prohibited AI practices in EU AI Act Article 5.

Prohibited Practices

Flagship

bashpip install litmus-screener

Docs GitHub

Early-access partners

Pilots underway with regulated-enterprise teams in financial services, healthcare, and public sector. Partner names announced post-pilot, with consent. We don't list logos before they clear our authenticity gate.