EU AI Act readiness assessment tool with gap analysis, documentation generation, and remediation roadmaps.
+------------------------------------------------------------------+
| ComplianceBot |
| |
| +------------------+ +-------------------+ |
| | CLI (Click) | | Rich Console | |
| +--------+---------+ +--------+----------+ |
| | | |
| +--------v-----------------------v----------+ |
| | Core Engine | |
| | | |
| | +-------------+ +------------------+ | |
| | | Registry | | Classification | | |
| | | (register, | | (EU AI Act risk | | |
| | | list, get) | | tiers + NIST) | | |
| | +------+------+ +--------+---------+ | |
| | | | | |
| | +------v-------------------v---------+ | |
| | | Gap Analysis Engine | | |
| | | (requirements DB, per-req check, | | |
| | | compliance scoring, findings) | | |
| | +------+-------------------+---------+ | |
| | | | | |
| | +------v------+ +--------v---------+ | |
| | | Document | | Remediation | | |
| | | Generator | | Roadmap | | |
| | | (Jinja2 | | (prioritized | | |
| | | templates) | | actions, deps) | | |
| | +-------------+ +------------------+ | |
| | | |
| | +---------------------------------------+ | |
| | | Audit Tracker | | |
| | | (trail, evidence checklist, trends) | | |
| | +---------------------------------------+ | |
| +-------------------------------------------+ |
| | |
| +--------v---------+ |
| | JSON Store | |
| | (~/.compliancebot)| |
| +------------------+ |
+------------------------------------------------------------------+
| Feature | Description |
|---|---|
| AI System Registry | Register AI systems with metadata: purpose, risk level, data types, deployment model, user impact |
| Risk Classification | EU AI Act risk tiers: unacceptable, high-risk, limited, minimal. Auto-classify based on system attributes. NIST AI RMF mapping |
| Gap Analysis | Check systems against 22 EU AI Act requirements per risk tier. Per-requirement status tracking with findings and recommendations |
| Documentation Generator | Generate compliance templates: data governance plan, risk management plan, transparency notice, human oversight plan |
| Remediation Roadmap | Prioritized action items with effort estimates, dependency ordering, and category-based priority levels |
| Audit Support | Evidence collection checklists, audit trail of assessment changes, compliance score trend tracking |
- Python 3.11+
- No external services required (pure Python, JSON file storage)
pip install .Or for development:
pip install -e .
pip install pytest ruffcompliancebot register \
--name "HR Screening AI" \
--description "Automated resume screening and candidate ranking" \
--purpose "Screen job applications and rank candidates" \
--data-types personal \
--data-types employment \
--deployment saas \
--impact high \
--employment \
--auto-classifycompliancebot assess <system-id>With existing controls mapped:
compliancebot assess <system-id> --controls controls.jsonWhere controls.json maps requirement IDs to status:
{
"REQ-RM-001": "met",
"REQ-RM-002": "partial",
"REQ-DG-001": "met"
}compliancebot gaps <system-id># Generate all documents
compliancebot docs <system-id> --output-dir ./compliance-docs
# Generate specific document
compliancebot docs <system-id> --type risk_management_plancompliancebot roadmap <system-id># View audit summary and trail
compliancebot audit <system-id> --trail --trend
# Evidence checklist for high-risk systems
compliancebot audit <system-id> --checklist high| Command | Description |
|---|---|
compliancebot register |
Register a new AI system |
compliancebot list |
List all registered systems |
compliancebot classify <id> |
Classify system risk level |
compliancebot assess <id> |
Run gap analysis assessment |
compliancebot gaps <id> |
Show compliance gaps |
compliancebot docs <id> |
Generate compliance documents |
compliancebot roadmap <id> |
Generate remediation roadmap |
compliancebot audit <id> |
View audit trail and trends |
| Tier | Article | Description |
|---|---|---|
| Unacceptable | Art. 5 | Prohibited: social scoring, subliminal manipulation, real-time public biometric ID |
| High Risk | Art. 6, Annex III | Mandatory requirements: biometric ID, critical infrastructure, employment, credit, education, law enforcement, immigration |
| Limited | Art. 52 | Transparency obligations: chatbots, emotion recognition, synthetic media |
| Minimal | Art. 95 | Voluntary codes of conduct |
Each requirement maps to NIST AI Risk Management Framework functions:
- GOVERN: Organizational governance and accountability
- MAP: Context and risk framing
- MEASURE: Risk assessment and analysis
- MANAGE: Risk treatment and monitoring
# Build
docker compose build
# Run assessment engine
docker compose run assessment-engine assess <system-id>
# List registered systems
docker compose run registry# Run tests
pytest -v
# Lint
ruff check src/ tests/
# Format
ruff format src/ tests/compliancebot/
pyproject.toml
Dockerfile
docker-compose.yml
LICENSE
README.md
.github/workflows/ci.yml
src/compliancebot/
__init__.py
cli.py # Click CLI interface
models.py # Pydantic data models
store.py # JSON file persistence
registry/
service.py # AI system registration
classification/
classifier.py # EU AI Act risk classification
analysis/
engine.py # Gap analysis engine
requirements.py # Requirements database (22 requirements)
documents/
generator.py # Jinja2 document generator
templates.py # Compliance document templates
roadmap/
planner.py # Remediation roadmap planner
audit/
tracker.py # Audit trail and compliance trends
tests/
conftest.py # Shared fixtures
test_models.py
test_store.py
test_registry.py
test_classification.py
test_analysis.py
test_documents.py
test_roadmap.py
test_audit.py
test_cli.py
MIT License (c) 2026 Corey Wade