SkillAgentSearch skills...

MCP Eu AI Act

MCP EU AI Act Compliance Scanner - Open source tool to detect EU AI Act violations in codebases

GenerateConvertImprove

Install / Use

/learn @ark-forge/MCP Eu AI Act
About this skill

Quality Score

0/100

Supported Platforms

Claude Code
Claude Desktop
Cursor

README

EU AI Act Compliance Toolkit — MCP Server

GitHub Stars PyPI version Works with Claude Works with Cursor

If this tool helps your compliance work, a ⭐ on GitHub helps others discover it.

EU AI Act compliance toolkit for developers. Scan your codebase, get a deadline-aware action plan, and generate an auditor-ready evidence package — certifiable with ArkForge Trust Layer.

August 2, 2026 enforcement deadline — 117 days remaining.

Need audit-grade proof? Certify every scan with ArkForge Trust Layer — tamper-proof, timestamped compliance evidence. 500 free proofs/month.

What's New in v2

| Feature | Description | |---------|-------------| | generate_compliance_roadmap | Week-by-week action plan to reach compliance before your deadline | | generate_annex4_package | Auditor-ready ZIP with all 8 Annex IV sections populated from your code | | certify_compliance_report | Cryptographic proof via Trust Layer (EU AI Act Art. 12) | | Content scoring | check_compliance now scores document content (0-100), not just existence | | Article mapping | Every finding mapped to specific EU AI Act article |

Quick Start

git clone https://github.com/ark-forge/mcp-eu-ai-act.git
cd mcp-eu-ai-act
pip install mcp
python3 server.py

Runs on Python 3.10+.

Full install

git clone https://github.com/ark-forge/mcp-eu-ai-act.git
cd mcp-eu-ai-act
python3 -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
python3 server.py

Run tests

pip install pytest
pytest tests/ -v

MCP Integration

Claude Desktop

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "eu-ai-act": {
      "command": "python3",
      "args": ["/path/to/mcp-eu-ai-act/server.py"]
    }
  }
}

Claude Code

claude mcp add eu-ai-act python3 /path/to/mcp-eu-ai-act/server.py

Cursor

Add to .cursor/mcp.json:

{
  "mcpServers": {
    "eu-ai-act": {
      "command": "python3",
      "args": ["/path/to/mcp-eu-ai-act/server.py"]
    }
  }
}

HTTP mode (for CI/CD or remote clients)

pip install uvicorn
python3 server.py --http
# Listening on 0.0.0.0:8089

Tools Reference

1. scan_project

Detects AI framework usage in source code and config/manifest files. Supports 16 frameworks across Python, JS, TS, Go, Java, and Rust.

Key parameters: project_path (string, required)

Example output:

{
  "files_scanned": 42,
  "ai_files": [
    {"file": "src/chat.py", "frameworks": ["openai"]},
    {"file": "requirements.txt", "frameworks": ["openai"], "source": "config"}
  ],
  "detected_models": {"openai": ["src/chat.py", "requirements.txt"]}
}

2. check_compliance

Scores document content quality (0-100) and maps each finding to a specific EU AI Act article. Score ≥40 = pass. Fully backward compatible with v1.

Key parameters: project_path (string, required), risk_category (string, default: limited)

Example output (v2):

{
  "risk_category": "high",
  "compliance_score": "4/6",
  "compliance_percentage": 66.7,
  "content_scores": {
    "RISK_MANAGEMENT.md": 82,
    "TRANSPARENCY.md": 45,
    "DATA_GOVERNANCE.md": 12
  },
  "article_map": {
    "art_9": {"status": "pass", "score": 82},
    "art_10": {"status": "fail", "score": 12},
    "art_13": {"status": "pass", "score": 45}
  }
}

3. generate_compliance_roadmap — NEW in v2

Deadline-aware, week-by-week action plan to reach EU AI Act compliance before August 2, 2026. Sequences quick wins first using a criticality × 1/effort algorithm.

Key parameters: project_path (string, required), risk_category (string), target_date (string, ISO format, default: 2026-08-02)

Example output:

{
  "weeks_remaining": 16,
  "phases": [
    {
      "week": 1,
      "action": "Add TRANSPARENCY.md with user disclosure statement",
      "article": "Art. 13",
      "effort_days": 1,
      "priority": "critical"
    },
    {
      "week": 2,
      "action": "Draft risk management procedure covering Art. 9 requirements",
      "article": "Art. 9",
      "effort_days": 3,
      "priority": "high"
    }
  ],
  "estimated_completion_week": 8
}

4. generate_report

Runs scan + compliance check, returns a combined report with two-level output: executive summary for DPO/legal and technical breakdown for developers. Article-by-article citations included.

Key parameters: project_path (string, required), risk_category (string, default: limited)

Example output:

{
  "executive_summary": {
    "compliance_percentage": 67,
    "deadline": "2026-08-02",
    "days_remaining": 117,
    "gap_count": 3,
    "verdict": "Action required — 3 gaps must be addressed before deadline"
  },
  "technical_breakdown": {
    "art_9": {"status": "fail", "missing": ["hazard identification section", "residual risk log"]},
    "art_13": {"status": "pass", "score": 78}
  },
  "recommendations": [
    {"article": "Art. 9", "action": "Add hazard identification section to RISK_MANAGEMENT.md", "effort": "2 days"}
  ]
}

5. suggest_risk_category

Classifies your AI system into an EU AI Act risk category from a plain-text description. Matches against Art. 5 (prohibited), Annex III (high-risk), Art. 52 (limited), and minimal.

Key parameters: system_description (string, required)

Example output:

{
  "suggested_category": "high",
  "confidence": "high",
  "matched_criteria": ["Annex III, Category 4 — AI in employment decisions"],
  "obligations_summary": "Technical documentation, risk management, human oversight, data governance, transparency"
}

6. generate_compliance_templates

Returns starter markdown templates for each required compliance document. Save them in docs/ and fill in the bracketed sections.

Key parameters: risk_category (string, default: high)

For high risk: Risk Management (Art. 9), Technical Documentation (Art. 11), Data Governance (Art. 10), Human Oversight (Art. 14), Robustness (Art. 15), Transparency (Art. 13).

7. generate_annex4_package — NEW in v2

Generates an auditor-ready ZIP with all 8 Annex IV sections populated from your actual project files. Optionally certifies with Trust Layer for cryptographic proof.

Key parameters: project_path (string, required), sign_with_trust_layer (bool, default: false), trust_layer_key (string, optional)

Example output:

{
  "package_path": "/tmp/annex4_myproject_20260407.zip",
  "sha256": "a3f8c2d1...",
  "sections_populated": 8,
  "sections_missing_data": ["section_6_accuracy_metrics"],
  "proof_id": "prf_01j9z8x7w6v5u4t3s2r1",
  "verification_url": "https://trust.arkforge.tech/verify/prf_01j9z8x7w6v5u4t3s2r1"
}

8. certify_compliance_report — NEW in v2

Certifies any compliance report with ArkForge Trust Layer. Returns a tamper-proof proof_id and public verification URL for your auditor (EU AI Act Art. 12 audit trail).

Key parameters: report_data (string, JSON-serialized report), trust_layer_key (string, required)

Example output:

{
  "proof_id": "prf_01j9z8x7w6v5u4t3s2r1",
  "timestamp": "2026-04-07T14:32:00Z",
  "sha256": "a3f8c2d1e4b5...",
  "verification_url": "https://trust.arkforge.tech/verify/prf_01j9z8x7w6v5u4t3s2r1",
  "article": "EU AI Act Art. 12"
}

9. gdpr_scan_project

Scans for personal data processing patterns: PII fields, tracking pixels, geolocation, file uploads, cookie patterns. Maps to GDPR Art. 22/35 requirements.

Key parameters: project_path (string, required)

10. combined_compliance_report

Runs GDPR + EU AI Act scans simultaneously and identifies dual-compliance hotspots — files where both regulations apply at once.

Key parameters: project_path (string, required), risk_category (string, default: limited)

Example output:

{
  "hotspots": [
    {
      "file": "src/hiring_model.py",
      "eu_ai_act_risk": "high",
      "gdpr_risk": "high",
      "overlap_patterns": ["AI+PII", "AI+automated_decision"],
      "combined_articles": ["EU AI Act Art. 14", "GDPR Art. 22"],
      "priority": "critical"
    }
  ],
  "key_insight": "2 files require simultaneous GDPR + EU AI Act remediation"
}

Certify Your Compliance (EU AI Act Art. 12)

The only MCP that generates cryptographically certified compliance evidence.

# Step 1: Generate Annex IV package and certify it
generate_annex4_package(
    project_path="/path/to/project",
    sign_with_trust_layer=True,
    trust_layer_key="your_trust_layer_key"
)
# → Returns proof_id + public verification URL for your auditor

# Step 2: Or certify any compliance report directly
certify_compliance_report(
    report_data='{"compliance_percentage": 87, "risk_category": "high"}',
    trust_layer_key="your_trust_layer_key"
)

Free Trust Layer account: 500 certified proofs/month → arkforge.tech

Pricing

| Plan | Price | Includes | |------|-------|---------| | Free | €0 | 5 scans/day · scan_project + suggest_risk_category | | Pro | €29/month | Unlimited scans · all 10 tools · compliance roadmap · Annex IV package | | Certified | €99/month | Everything in Pro + Trust Layer certification on every report |

Get your API key →

REST API

A separate HTTP API (paywall_api.py) provides rate-limited REST endpoints for CI/CD and external

ark-forge

View profile

View on GitHub
GitHub Stars3
CategoryDevelopment
Updated13h ago
Forks1
ark-forge/mcp-eu-ai-act

Languages

Python

Security Score

90/100

Audited on Apr 7, 2026

No findings