Products

The full toolchain.

Every AI Exponent open source tool, the regulatory articles they answer, and the enterprise runtime governance platform in active development. Free tools are Apache 2.0, zero telemetry, installed in 30 seconds. Sigil early access is open.

Free · Apache 2.0 · Zero Telemetry

Four flagship tools. Each one stands alone. Together they cover the whole compliance file.

Each tool maps to a specific EU AI Act obligation and produces a named regulatory artefact — a signed SBOM, a Risk Management File, a benchmark report, a prohibited-practice verdict. Install via pip, run locally.

01
Article 53

License Compliance Checker

Scans AI models, software packages, and agentic pipelines for license compliance across 8 ecosystems. Detects HuggingFace model references in code, GGUF/ONNX files, and generates EU AI Act Article 53 audit evidence with an honest dataset risk registry.

Regulatory relevance

GPAI Compliance · Generates audit evidence supporting EU AI Act Article 53 documentation obligations — evaluates model card completeness, license compliance, and training data risk for AI components in your stack.

bashpip install license-compliance-checker
DocsGitHub
02
Article 9

RiskForge

Guided 8-dimension risk assessment CLI with 37 questions drawn from EU AI Act Article 9 requirements, Annex III pattern matching, and SHA-256 hash-chained audit trail. Produces a Risk Management File (JSON + PDF) suitable for inclusion in your Annex IV technical documentation pack — not a substitute for notified-body conformity assessment. Approximately 30 minutes per assessment instead of weeks of consulting work.

Regulatory relevance

Risk Management · Produces structured Article 9 Risk Management Files for high-risk AI systems suitable for inclusion in your Annex IV technical documentation pack. Organises the assessment across 8 risk dimensions derived across Articles 9, 10, 13, 14 and 15 — health & safety, fundamental rights, discrimination, privacy, transparency, human oversight, robustness, and data governance — with cross-maps to NIST AI RMF and ISO/IEC 42001. Not a substitute for notified-body conformity assessment.

bashpip install riskforge
DocsGitHub
03
Article 15

RAG Benchmarking

Plug in any RAG system — LangChain, LlamaIndex, or custom — and benchmark it against classic and agentic-era metrics. Faithfulness, answer relevancy, retrieval precision, and four agentic metrics for multi-step agents. Measured faithfulness of 0.958 on the 50-sample golden dataset.

Regulatory relevance

Accuracy Requirements · Provides systematic accuracy testing and documentation for high-risk AI systems under Article 15.

bashpip install rag-benchmarking
DocsGitHub
04
Article 5

LitmusAI

Screens any AI system description against the eight Article 5 prohibitions and returns per-category Red / Amber / Clear verdicts with regulatory citations, confidence levels, and remediation guidance. Conservative-by-default: prefers Amber over Clear on ambiguity. UNREVIEWED reference ruleset; signed BYO rulesets supported. Apache 2.0, zero network calls, runs entirely offline. The PyPI distribution is `litmus-screener` (the brand is "LitmusAI"; an unrelated `litmus-ai` package already exists on PyPI).

Regulatory relevance

Prohibited Practices · Screens AI systems against the eight prohibited-practice categories of EU AI Act Article 5(1)(a)–(h). Conservative-by-default verdicts; UNREVIEWED reference ruleset (no external lawyer review yet); BYO signed-ruleset path for customers who need lawyer-reviewed output today. Article 5 has been applicable since 2 February 2025 (Art. 113(a)); sanctionable since 2 August 2025 (Art. 113(b)).

bashpip install litmus-screener
DocsGitHub

Infrastructure Layer · 4 alpha tools

Evidence processing utilities

Cross-cutting tooling that feeds the flagships. Alpha stage — not marketed as standalone governance tools. Docker deployment.

Agentic Document Analyser

Articles 11 + 19

Converts unstructured compliance documents — risk assessments, model cards, contracts, audit logs — into structured JSON using Vision-Language Models. Acts as the evidence processing layer for the AI Exponent compliance toolchain. Feeds Article 11 technical documentation and Article 19 automatically-generated-log preservation workflows.

Infrastructure
Docs →GitHub →

TraceForge

Article 10

TraceForge addresses EU AI Act Article 10 training-data governance: lineage tracking, dataset risk registry, opt-out signal detection, and provenance evidence for high-risk AI systems. In development; targeted for Q2 2026 release.

In development
Docs →GitHub →

TransparencyDeck

Article 13

TransparencyDeck addresses EU AI Act Article 13 transparency obligations: deployer-facing documentation, instructions for use, capability and limitation disclosure. In development; targeted for Q3 2026.

In development
Docs →GitHub →

RMFMapper

NIST AI RMF ↔ EU AI Act

RMFMapper produces a cross-map between NIST AI RMF (GOVERN/MAP/MEASURE/MANAGE) and EU AI Act articles, enabling US-and-EU-dual-compliance evidence. In development; targeted for Q4 2026.

In development
Docs →GitHub →

Cross-Framework Coverage

One evidence workflow. Many jurisdictions.

Our tools cross-map to the major AI regulations worldwide, so one evidence artefact can satisfy obligations in multiple jurisdictions.

PrimaryEnforced

EU AI Act

The world's first comprehensive AI regulation. Phased enforcement 2024–2027.

Articles 4, 5, 9, 10, 13, 15, 53, 72

Up to €35M or 7% of global annual turnover (whichever is higher)

US FederalMandatory

NIST AI RMF

Mandatory for US federal contractors. De facto standard for US enterprise AI.

Govern · Map · Measure · Manage

EO 14110 · OMB M-24-10

InternationalProcurement gate

ISO/IEC 42001:2023

AI Management System standard. Certification increasingly required for enterprise procurement.

39 Annex A controls

Maps to EU AI Act Annex C

CanadaPending 2026

Canada AIDA

Bill C-27 modelled on EU AI Act. Expected passage mid-2026 with 2-year implementation.

High-impact AI risk assessments

Up to $25M penalties

In Development · Early Access Open

Sigil — Runtime Governance Platform

Commercial AI agent governance platform in active development. Real-time policy enforcement, tamper-evident audit logs, and compliance reporting across EU AI Act Articles 14/17 (human oversight + quality management), NIST AI RMF, and ISO/IEC 42001. Early access available on request.

Articles 14, 17Runtime GovernanceNIST AI RMFISO/IEC 42001

What you'll get at launch

Real-time policy enforcement

Block or amend AI agent actions at runtime before they reach users or downstream systems.

Tamper-evident audit log

SHA-256 hash-chained, append-only. Verifiable with a single command. Article 12/17 ready.

Article 14 human oversight

Configurable human-in-the-loop gates on high-impact actions with structured reviewer evidence.

Cross-framework reporting

One evidence layer, multiple compliance outputs — EU AI Act, NIST AI RMF, ISO/IEC 42001.

Pricing. We're finalising pricing with design-partner customers. Early-access participants help shape the tiers and get founding-customer terms.

Want Sigil before launch?

We're working with a small number of design-partner teams before general availability. If you're building high-risk AI systems and want runtime governance aligned to EU AI Act Articles 14 & 17, get in touch.

Request Early Access

These tools answer specific obligations. For programme-level regulatory design across an AI portfolio, the sister practice is at askajay.ai →