Compliance-as-code for the EU AI Act.
One tool per EU AI Act article. Each ships a real file your legal team can hand to a regulator: an SBOM, a Risk Management File, a benchmark report, a prohibited-practice verdict. Apache 2.0, runs locally, no telemetry.
bashpip install license-compliance-checker riskforge rag-benchmarking litmus-screener· · · 11 more · · ·
Find your obligation
What are you deploying?
Pick one. We show the article that applies, when it bites, and the file it demands.
GPAI duties under Article 53 carry live enforcement today.
Art. 53 · in forceGPAI provider obligations
You must produce OSS + model licence report (JSON).
Maximum fine Up to €15M or 3% global turnover (Art. 101(1) · Commission-imposed)
bashpip install license-compliance-checkerNot legal advice. Not a notified body. Tools produce evidence, not conformity assessment. Dates and fine bands cite Regulation (EU) 2024/1689 (EUR-Lex CELEX:32024R1689).
The regulatory forcing function
2 Aug 2026
Commission GPAI fining powers attach
Article 53 GPAI documentation duties have applied since 2 August 2025. On 2 August 2026 the Commission's power to fine GPAI providers attaches, at up to €15M or 3% of global annual turnover under Article 101(1). Three more application dates follow.
Feb 2025
Bans + AI literacy apply
Aug 2025
GPAI duties apply
Dec 2027
High-risk systems comply *
Aug 2028
AI inside regulated products *
* Deferred high-risk dates (2 Dec 2027 Annex III; 2 Aug 2028 Annex I) reflect the Digital Omnibus on AI, adopted 29 June 2026 and pending publication in the EU Official Journal. Until OJEU publication the original Regulation (EU) 2024/1689 dates remain technically in force.
The audit workflow
One tool per article. The artefact is the proof.
Each tool answers one obligation and hands the next tool a real file. Run them in order and the evidence pack assembles itself.
Art. 4 and Art. 13 tools join the chain as they ship. The full 14-tool catalogue lives on the products page.
Install today
Four flagship tools. One artefact per obligation.
Each maps to one EU AI Act obligation and ships a real file. Free, Apache 2.0, zero telemetry.
License Compliance Checker
Article 53 requires model documentation. Scan the repo; the licence and training-data report comes out.
bashpip install license-compliance-checkerRiskForge
Article 9 requires a documented risk management system. 37 guided questions produce the file, no consultants, ~30 minutes.
bashpip install riskforgeRAG Benchmarking
Article 15 requires declared accuracy and robustness. Benchmark the system; the metrics report comes out.
bashpip install rag-benchmarkingOrgLiterate
Will emit the Article 4 literacy-evidence file (JSON + PDF).
TraceForge
Will emit the Art. 10 data-governance file.
Early-access partners
We are recruiting our first design partners: teams with a named EU AI Act obligation and a real system to run the tools against. Partner names appear here only after a completed pilot, with consent. We don't list logos before they clear our authenticity gate.