Art. 53 GPAI duties in force · Commission fines from 2 Aug 2026

Compliance-as-code for the EU AI Act.

One tool per EU AI Act article. Each ships a real file your legal team can hand to a regulator: an SBOM, a Risk Management File, a benchmark report, a prohibited-practice verdict. Apache 2.0, runs locally, no telemetry.

bashpip install license-compliance-checker riskforge rag-benchmarking litmus-screener
evidence.flowlive
INAI systemmodel + data + config
01Art. 53License Compliance Checker
02Art. 9RiskForge CLI
03Art. 15RAG-Bench

· · · 11 more · · ·

OUTEvidence chainper-article artefacts

Find your obligation

Obligation. Date. Fine. Artefact. Tool.

Pick a use case and jurisdiction. Cards reorder by relevance. Every fine band carries its Article reference; every tool below ships under Apache 2.0.

I'm deployingin

Art. 5

Enforced

Prohibited AI practices

Date: 2025-02-02

Fine: Up to €35M or 7% global turnover
(Art. 99(3))

Artefact: Per-prohibition Red/Amber/Clear verdict (SARIF)
Tool: LitmusAI · v1.0.0

Screen now

This screens against Art. 5 prohibitions. NOT legal advice or conformity assessment.

Art. 9

Upcoming

Risk management system

Date: 2027-12-02 · pending OJEU

Fine: Up to €15M or 3% global turnover
(Art. 99(4))

Artefact: Annex IV-aligned Risk Management File (JSON / PDF)
Tool: RiskForge · v1.0.0

Generate now

This produces Art. 9 evidence. NOT a notified-body conformity assessment.

Art. 15

Upcoming

Accuracy, robustness, cybersecurity

Date: 2027-12-02 · pending OJEU

Fine: Up to €15M or 3% global turnover
(Art. 99(4))

Artefact: Retrieval accuracy & robustness report
Tool: RAG Benchmarking · v1.0.0

Benchmark now

This benchmarks Art. 15 accuracy + robustness for RAG systems. Cybersecurity coverage is partial; pair with a runtime AI security control.

Art. 53

Enforced

GPAI provider obligations

Date: 2025-08-02

Fine: Up to €15M or 3% global turnover
(Art. 101(1) · Commission-imposed)

Artefact: OSS + model licence report (JSON)
Tool: License Compliance Checker · v1.0.0

Generate now

This produces Art. 53 documentation evidence. NOT an AI Office submission of record.

The Regulatory Forcing Function

The deadlines have already started.

One regulation, four staged enforcement dates. Each tool ships evidence against a specific article on the date the law sets.

2 August 2026

Art. 101 · Commission GPAI fining powers attach

Article 53 GPAI documentation duties have applied since 2 August 2025. On this date the Commission's power to fine GPAI providers attaches: up to €15M or 3% of global annual turnover under Article 101(1). This is the obligation with live enforcement today.

The next horizon: high-risk obligations (Annex III) apply from 2 December 2027, deferred from 2 August 2026; Annex I product-embedded systems follow on 2 August 2028 (Digital Omnibus, adopted June 2026, pending OJEU publication).

Per Art. 113 · Regulation (EU) 2024/1689, as amended by the Digital Omnibus (adopted, pending OJEU publication)

EU AI Act · Application Dates

Four dates. One regulation. Staged enforcement.

Feb 2025

Prohibited Practices + AI Literacy

Articles 4 & 5

Eight AI practices are illegal, with fines up to €35M or 7% of turnover (Article 5). Deployers must also evidence staff AI literacy under Article 4, which sets no dedicated fine tier.

Aug 2025

GPAI Transparency

Article 53

GPAI providers must publish technical documentation, training-data summaries, and copyright compliance policies.

Dec 2027· pending OJEU

High-Risk AI Systems

Articles 6+ (Annex III)

Risk management, data governance, accuracy, transparency, human oversight: all required for high-risk AI. Deferred from 2 Aug 2026 under the Digital Omnibus (adopted June 2026, pending publication in the Official Journal).

Aug 2028· pending OJEU

Full Applicability

Annex I sectoral

AI embedded in medical devices, machinery, and vehicles: sector-specific application extends. Deferred from 2 Aug 2027 under the Digital Omnibus (adopted June 2026, pending publication in the Official Journal).

How the tools chain

One tool per article. The artefact is the proof.

Conformity assessment is a paper trail across roughly a dozen EU AI Act articles. We ship one tool per article, each producing the file the assessor opens next.

Four open-source tools live today: License Compliance Checker, RiskForge, RAG Benchmarking, LitmusAI. Each maps to one EU AI Act obligation. Install any of them in under 60 seconds. The rest of the chain ships through 2026–2027, with HealthAI-Comply in 2028.

The four tools, live now

Four flagship tools. One artefact per obligation.

Each tool maps to a specific obligation and produces structured evidence the next tool consumes. Free. Apache 2.0. Zero telemetry.

01
Article 53

License Compliance Checker

Framework-agnostic license compliance harness for AI systems and software dependencies.

GPAI Compliance

Flagship
bashpip install license-compliance-checker
02
Article 9

RiskForge

EU AI Act Article 9 Risk Management System builder: 30 minutes to a signed, audit-trailed Risk Management File.

Risk Management

Flagship
bashpip install riskforge
03
Article 15

RAG Benchmarking

Framework-agnostic evaluation harness for RAG and agentic AI systems.

Accuracy Requirements

Flagship
bashpip install rag-benchmarking
04
Article 5

LitmusAI

Free, deterministic CLI screener for the eight prohibited AI practices in EU AI Act Article 5.

Prohibited Practices

Flagship
bashpip install litmus-screener

Early-access partners

We are recruiting our first design partners: teams with a named EU AI Act obligation and a real system to run the tools against. Partner names appear here only after a completed pilot, with consent. We don't list logos before they clear our authenticity gate.