Compliance-as-code for the EU AI Act.
One tool per EU AI Act article. Each ships a real file your legal team can hand to a regulator: an SBOM, a Risk Management File, a benchmark report, a prohibited-practice verdict. Apache 2.0, runs locally, no telemetry.
bashpip install license-compliance-checker riskforge rag-benchmarking litmus-screener· · · 11 more · · ·
Find your obligation
Obligation. Date. Fine. Artefact. Tool.
Pick a use case and jurisdiction. Cards reorder by relevance. Every fine band carries its Article reference; every tool below ships under Apache 2.0.
Art. 5
EnforcedProhibited AI practices
Date: 2025-02-02
Fine: Up to €35M or 7% global turnover
(Art. 99(3))
Artefact: Per-prohibition Red/Amber/Clear verdict (SARIF)
Tool: LitmusAI · v1.0.0
This screens against Art. 5 prohibitions. NOT legal advice or conformity assessment.
Art. 9
UpcomingRisk management system
Date: 2027-12-02 · pending OJEU
Fine: Up to €15M or 3% global turnover
(Art. 99(4))
Artefact: Annex IV-aligned Risk Management File (JSON / PDF)
Tool: RiskForge · v1.0.0
This produces Art. 9 evidence. NOT a notified-body conformity assessment.
Art. 15
UpcomingAccuracy, robustness, cybersecurity
Date: 2027-12-02 · pending OJEU
Fine: Up to €15M or 3% global turnover
(Art. 99(4))
Artefact: Retrieval accuracy & robustness report
Tool: RAG Benchmarking · v1.0.0
This benchmarks Art. 15 accuracy + robustness for RAG systems. Cybersecurity coverage is partial; pair with a runtime AI security control.
Art. 53
EnforcedGPAI provider obligations
Date: 2025-08-02
Fine: Up to €15M or 3% global turnover
(Art. 101(1) · Commission-imposed)
Artefact: OSS + model licence report (JSON)
Tool: License Compliance Checker · v1.0.0
This produces Art. 53 documentation evidence. NOT an AI Office submission of record.
- Art. 53License Compliance Checker
- Art. 15RAG-Bench
- Art. 9RiskForge CLI
- Art. 5LitmusAI
- Art. 10TraceForge
- Art. 13TransparencyDeck
- Art. 11, 19Agentic Document Analyser
- Art. 72VigilanceDash
- Art. 4OrgLiterate
- Art. 14, 17Sigil
- Art. 53License Compliance Checker
- Art. 15RAG-Bench
- Art. 9RiskForge CLI
- Art. 5LitmusAI
- Art. 10TraceForge
- Art. 13TransparencyDeck
- Art. 11, 19Agentic Document Analyser
- Art. 72VigilanceDash
- Art. 4OrgLiterate
- Art. 14, 17Sigil
The Regulatory Forcing Function
The deadlines have already started.
One regulation, four staged enforcement dates. Each tool ships evidence against a specific article on the date the law sets.
2 August 2026
Art. 101 · Commission GPAI fining powers attach
Article 53 GPAI documentation duties have applied since 2 August 2025. On this date the Commission's power to fine GPAI providers attaches: up to €15M or 3% of global annual turnover under Article 101(1). This is the obligation with live enforcement today.
The next horizon: high-risk obligations (Annex III) apply from 2 December 2027, deferred from 2 August 2026; Annex I product-embedded systems follow on 2 August 2028 (Digital Omnibus, adopted June 2026, pending OJEU publication).
Per Art. 113 · Regulation (EU) 2024/1689, as amended by the Digital Omnibus (adopted, pending OJEU publication)
EU AI Act · Application Dates
Four dates. One regulation. Staged enforcement.
Feb 2025
Prohibited Practices + AI Literacy
Articles 4 & 5
Eight AI practices are illegal, with fines up to €35M or 7% of turnover (Article 5). Deployers must also evidence staff AI literacy under Article 4, which sets no dedicated fine tier.
Aug 2025
GPAI Transparency
Article 53
GPAI providers must publish technical documentation, training-data summaries, and copyright compliance policies.
Dec 2027· pending OJEU
High-Risk AI Systems
Articles 6+ (Annex III)
Risk management, data governance, accuracy, transparency, human oversight: all required for high-risk AI. Deferred from 2 Aug 2026 under the Digital Omnibus (adopted June 2026, pending publication in the Official Journal).
Aug 2028· pending OJEU
Full Applicability
Annex I sectoral
AI embedded in medical devices, machinery, and vehicles: sector-specific application extends. Deferred from 2 Aug 2027 under the Digital Omnibus (adopted June 2026, pending publication in the Official Journal).
Feb 2025
Prohibited Practices + AI Literacy
Articles 4 & 5
Eight AI practices are illegal, with fines up to €35M or 7% of turnover (Article 5). Deployers must also evidence staff AI literacy under Article 4, which sets no dedicated fine tier.
Aug 2025
GPAI Transparency
Article 53
GPAI providers must publish technical documentation, training-data summaries, and copyright compliance policies.
Dec 2027· pending OJEU
High-Risk AI Systems
Articles 6+ (Annex III)
Risk management, data governance, accuracy, transparency, human oversight: all required for high-risk AI. Deferred from 2 Aug 2026 under the Digital Omnibus (adopted June 2026, pending publication in the Official Journal).
Aug 2028· pending OJEU
Full Applicability
Annex I sectoral
AI embedded in medical devices, machinery, and vehicles: sector-specific application extends. Deferred from 2 Aug 2027 under the Digital Omnibus (adopted June 2026, pending publication in the Official Journal).
How the tools chain
One tool per article. The artefact is the proof.
Conformity assessment is a paper trail across roughly a dozen EU AI Act articles. We ship one tool per article, each producing the file the assessor opens next.
- 0101License Compliance CheckerArt. 53OSS + model licence report (JSON)Live
- 0202RAG BenchmarkingArt. 15Retrieval accuracy report (JSON / Markdown)Live
- 0303RiskForgeArt. 9Risk Management File (JSON / PDF)Live
- 0404LitmusAIArt. 5Prohibited-practices verdict (SARIF)Live
- 0505TraceForgeArt. 10Dataset governance report2027 · gated
- 0606TransparencyDeckArt. 13Deployer-facing transparency documentOct 2026
- 0707Agentic Document AnalyserArt. 11, 12Technical file + logging extractAlpha
- 0808RMFMapperNIST AI RMF ↔ EU AI ActCross-map matrixDemand-gated
- 0909ISOEvidenceISO 42001Management-system gap reportDemand-gated
- 1010VigilanceDashArt. 72Post-market monitoring feedRevisit 2027
- 1111OrgLiterateArt. 4Literacy evidence file (JSON / PDF)Sep 2026
- 1212ConformityBotArt. 43Conformity-assessment aggregationRevisit 2027
- 1313SigilArt. 14, 17Runtime oversight + QMS evidencePilots
- 1414HealthAI-ComplyMDR + EU AI Act + FDAClinical-AI evidence bundle2028
Four open-source tools live today: License Compliance Checker, RiskForge, RAG Benchmarking, LitmusAI. Each maps to one EU AI Act obligation. Install any of them in under 60 seconds. The rest of the chain ships through 2026–2027, with HealthAI-Comply in 2028.
The four tools, live now
Four flagship tools. One artefact per obligation.
Each tool maps to a specific obligation and produces structured evidence the next tool consumes. Free. Apache 2.0. Zero telemetry.
License Compliance Checker
Framework-agnostic license compliance harness for AI systems and software dependencies.
GPAI Compliance
Flagshipbashpip install license-compliance-checkerRiskForge
EU AI Act Article 9 Risk Management System builder: 30 minutes to a signed, audit-trailed Risk Management File.
Risk Management
Flagshipbashpip install riskforgeRAG Benchmarking
Framework-agnostic evaluation harness for RAG and agentic AI systems.
Accuracy Requirements
Flagshipbashpip install rag-benchmarkingEarly-access partners
We are recruiting our first design partners: teams with a named EU AI Act obligation and a real system to run the tools against. Partner names appear here only after a completed pilot, with consent. We don't list logos before they clear our authenticity gate.