LitmusAI

Article 5Flagshipv1.0.0

Screens any AI system description against the eight Article 5 prohibitions and returns per-category Red / Amber / Clear verdicts with regulatory citations, confidence levels, and remediation guidance. Conservative-by-default: prefers Amber over Clear on ambiguity. UNREVIEWED reference ruleset; signed BYO rulesets supported. Apache 2.0, zero network calls, runs entirely offline. The PyPI distribution is `litmus-screener` (the brand is "LitmusAI"; an unrelated `litmus-ai` package already exists on PyPI).

View on GitHubPyPI ↗
On this page

Quick Start

bashpip install litmus-screener
python# Quick screen from a free-text description
litmus screen --describe "a chatbot for mental health support for teenagers"

# Or from a structured YAML file
litmus init                    # creates a system.yaml template
litmus screen system.yaml --output report.json

# Bring your own lawyer-signed ruleset
litmus use-ruleset your-firm-ruleset.json
litmus screen system.yaml      # report header now reads "(SIGNED by: ...)"

# CI integration with conventional exit codes (0 / 1 / 2 / 3)
litmus screen system.yaml --fail-on red --output report.sarif

Features

  • All 8 Article 5 sub-points (5.1.a–h) covered by a 22-rule reference ruleset
  • Constrained expression language — no `eval`, no Python execution at evaluation time
  • Per-rule confidence band (high / medium / low) on every verdict
  • SHA-256 input hash on every report; canonical JSON ordering (RFC 8785)
  • SARIF 2.1.0 output for GitHub Advanced Security / GitLab SAST / Azure DevOps
  • Markdown + JSON + optional PDF (WeasyPrint) exporters
  • Bring-Your-Own-Ruleset with signed `RulesetSignature` block
  • `litmus diff-ruleset` for structural diffs between ruleset versions
  • Zero network calls during screening (CI-enforced via pytest-socket)
  • GitHub Action wrapper at `aiexponenthq/litmusai/.github/actions/litmusai-screen@v1`

Regulatory Foundation

Article 5Prohibited AI practicesApplication date 2025-02-02· Enforced

Read the full pillar: EU AI Act Article 5 explainer →

What the regulation requires

1. The following AI practices shall be prohibited: (a) the placing on the market, the putting into service or the use of an AI system that deploys subliminal techniques beyond a person's consciousness or purposefully manipulative or deceptive techniques, with the objective, or the effect of materially distorting the behaviour of a person or a group of persons by appreciably impairing their ability to make an informed decision, thereby causing them to take a decision that they would not have otherwise taken in a manner that causes or is reasonably likely to cause that person, another person or group of persons significant harm; (b) the placing on the market, the putting into service or the use of an AI system that exploits any of the vulnerabilities of a natural person or a specific group of persons due to their age, disability or a specific social or economic situation, with the objective, or the effect, of materially distorting the behaviour of that person or a person belonging to that group in a manner that causes or is reasonably likely to cause that person or another person significant harm; (e) the placing on the market, the putting into service for this specific purpose, or the use of AI systems that create or expand facial recognition databases through the untargeted scraping of facial images from the internet or CCTV footage; (f) the placing on the market, the putting into service for this specific purpose, or the use of AI systems to infer emotions of a natural person in the areas of workplace and education institutions, except where the use of the AI system is intended to be put in place or into the market for medical or safety reasons.
5(1)(a)5(1)(b)5(1)(e)5(1)(f)

What you face if you don't comply

Article 5 has been applicable since 2 February 2025 (Art. 113(a)) and sanctionable under Chapter XII (Articles 99–100) since 2 August 2025 (Art. 113(b)) — placing or using a prohibited-practice AI system on the EU market today exposes the provider, importer, distributor, or deployer to the highest tier of fines in the regulation: up to €35M or 7% of global annual turnover, whichever is higher, under Article 99(3). The eight prohibitions are absolute — no consent, opt-out, or post-hoc mitigation rescues a prohibited practice once the system meets the prohibition's criteria. Pre-deployment screening before code is shipped is the only defensible posture.

Up to €35M or 7% of global annual turnover, whichever is higher
Article 99(3) · Penalties

How LitmusAI addresses this

  • 5(1)(a)Detects subliminal-manipulation indicators in system descriptions and outputs; flags when a system materially distorts behaviour against the user's interest
  • 5(1)(b)Pattern-matches vulnerable-population markers (minors, persons with disabilities, persons in vulnerable economic situations) and flags exploitation patterns
  • 5(1)(e)Detects untargeted-facial-image-scraping indicators (web crawl + facial recognition + database creation) — the exact pattern Article 5(1)(e) prohibits
  • 5(1)(f)Emits a Red verdict on any system combining emotion inference with workplace or education deployment context (without the medical/safety carve-out)

Source: eur-lex.europa.eu/…/CELEX:32024R1689 · Retrieved

Frequently asked questions

Direct answers to common questions about LitmusAI and Article 5. Regulatory citations reference EUR-Lex CELEX:32024R1689.

What does EU AI Act Article 5 prohibit?
Eight categories of AI practice are absolutely prohibited: subliminal techniques materially distorting behaviour (5(1)(a)), exploitation of vulnerabilities (5(1)(b)), social scoring of natural persons based on social behaviour or personal characteristics (5(1)(c) — note: the final regulation as adopted dropped the "by public authorities" limitation that appeared in the 2021 Commission proposal; the prohibition applies to any actor), individual criminal-risk assessment based solely on profiling (5(1)(d)), untargeted scraping of facial images for facial-recognition databases (5(1)(e)), emotion inference in workplaces and education (5(1)(f)), biometric categorisation inferring sensitive or protected attributes (5(1)(g)), and real-time remote biometric identification in publicly accessible spaces for law enforcement subject to narrow exceptions (5(1)(h)). Source: Regulation (EU) 2024/1689 Article 5.
When did Article 5 become enforceable?
Article 5 has been applicable since 2 February 2025 per Art. 113(a) of the EU AI Act. Sanctionable under Chapter XII (Articles 99–100) since 2 August 2025 per Art. 113(b) — meaning that between 2 February and 2 August 2025 the prohibitions applied but national fines under Art. 99 were not yet attachable. Source: Regulation (EU) 2024/1689 Article 113.
Is LitmusAI a substitute for legal review?
No. LitmusAI produces a screening verdict — Red, Amber, or Clear with confidence levels — not a legal opinion. Final determination of whether a system falls within an Article 5 prohibition requires qualified legal counsel.
What is the UNREVIEWED reference ruleset disclaimer?
The reference ruleset shipped with LitmusAI v1.0 was internally panel-authored and has not yet been reviewed by an external EU AI Act lawyer. This is surfaced verbatim in every report header and CLI output. Use the BYO-ruleset path if you need lawyer-signed output today; full external review is targeted for v1.1.
Can I use a lawyer-signed Bring-Your-Own ruleset?
Yes. `litmus use-ruleset your-firm-ruleset.json` switches the active ruleset; subsequent reports show "(SIGNED by: …)" in the header. Cryptographic signature verification of BYO rulesets is structural in v1.0 and lands fully in v1.1.
Does LitmusAI cover all 8 Article 5 prohibitions?
Yes. The 22-rule reference ruleset covers all 8 sub-points (5(1)(a) through 5(1)(h)), with conservative-by-default verdict logic — preferring Amber over Clear on ambiguity. The trade-off is more false-positives, never false-negatives on Red.
What is the penalty for Article 5 violations?
Up to €35M or 7% of global annual turnover, whichever is higher, under Article 99(3) — the highest tier of fines in the EU AI Act. The eight prohibitions are absolute: no consent, opt-out, or post-hoc mitigation rescues a prohibited practice once the system meets the prohibition criteria.
Does LitmusAI make any network calls during screening?
No. Default-mode screening is fully offline — outbound network calls are blocked at CI level via pytest-socket. An optional `--enhanced` mode uses an LLM judge for ambiguous cases (configurable, requires API key). The default behaviour ships zero-network for compliance teams that need it.
Is LitmusAI free?
Yes. Apache 2.0 licensed. No telemetry, no remote calls in default mode, no enterprise tier. The PyPI distribution is `litmus-screener`.
Why is the PyPI package called litmus-screener instead of litmusai?
The PyPI name `litmusai` was unavailable due to PyPI name-similarity rules — an unrelated package called `litmus-ai` already exists on PyPI. The brand is "LitmusAI"; the distribution name is `litmus-screener`. Both names resolve to this same tool through the schema.org `alternateName` declared on the docs page.

Known Limitations

  • Reference ruleset is UNREVIEWED — internally panel-authored, no external EU AI Act lawyer review yet.
  • Conservative-by-default: prefers Amber over Clear on ambiguity. The trade-off is more false-positives, never false-negatives on Red.
  • A screening is a screening, not a legal certification. Final determination requires qualified counsel.
  • BYO-ruleset signature verification is structural in v1.0; cryptographic signature verification lands in v1.1.
  • Article 5 only — Articles 6 (high-risk classification), 9 (risk management), 13 (transparency) are out of scope. See RiskForge / TransparencyDeck.

For the most current status, see GitHub issues.

Contributing

Contributions are welcome — Apache 2.0 licensed. See the contributing guide and open issues.

License

Licensed under the Apache License 2.0. Not legal advice. Not a notified body.

AI Exponent LLC is a USA-registered company that operates two brand arms: aiexponent.com (the technology arm shipping these open-source tools) and askajay.ai (an independent advisory practice). The tool above is product, not advisory. The advisory does not require, sell, or recommend purchase of any product on this site.

Evidence flow

One tool covers one article. The full set covers your audit.

Each AI Exponent tool emits a named artefact the next tool reads as input. Browse the full toolchain — from Article 5 screening through Article 72 post-market monitoring.

See all tools →