Runtime compliance enforcement for AI agents. Not a scanner — runs in production, on every request.
Article 5 is already law. GPAI fines start August 2, 2026. Your AI is either compliant right now, or it isn't.
What does your compliance tool tell a regulator when it blocks a request? A probability score?
ComplyEdge says:
Article 5(1)(a), rule EU_AI_ACT_ARTICLE5_SUBLIMINAL_001, timestamp, input hash.One is an audit trail. One is a guess.
pip install complyedge
python
from complyedge import compliance_check
@compliance_check(jurisdiction="EU", agent_id="my-agent")
def my_agent(prompt):
return llm.generate(prompt) # every input and output checked
Three lines. Every AI input and output evaluated against the EU AI Act rule corpus (Article 5, Article 50, GPAI). Violations blocked before they reach the user — with article citation, rule ID, and timestamp on every decision.
Set COMPLYEDGE_API_KEY
to your key. The decorator activates by default; to disable without removing the key (e.g., in CI), set COMPLYEDGE_ENABLED=false
.
from complyedge import is_safe, check
import os
api_key = os.environ["COMPLYEDGE_API_KEY"]
if not is_safe(prompt, api_key=api_key, jurisdiction="EU"):
raise ValueError("Prompt violates EU AI Act")
result = check(prompt, api_key=api_key, jurisdiction="EU")
if not result.allowed:
for v in result.violations:
print(v.rule_id, v.citation)
Jurisdiction maps to the rule corpus: EU
evaluates against EU AI Act Article 5, Article 50, and GPAI obligations. US
evaluates against HIPAA, SOX, COPPA, TCPA, BIPA.
No API key required. Scans text against the rule corpus using regex patterns.
pip install trustlint
trustlint check --text "We use social credit scoring to evaluate applicants"
Exit codes: 0
= pass, 1
= violations found. Designed for CI/CD pipelines.
sdks/python/ Python SDK (@compliance_check decorator, CLI)
rules/regulations/ 53 YAML rules (EU AI Act, GDPR, HIPAA, SOX, PCI DSS, and more)
rules/rego/ 19 OPA/Rego policies (EU AI Act Article 5, 50, GPAI)
rules/schemas/ Rule validation schema
examples/ Usage examples (decorators, OpenAI Agents)
tests/ Rule validation tests
53 YAML rules + 19 OPA/Rego policies across 4 jurisdictions:
| Jurisdiction | Rules | Regulations |
|---|---|---|
| EU | ||
| 36 YAML + 19 Rego | EU AI Act Articles 4–6, 9–10, 12–16, 26–27, 50, 53, GPAI, GDPR | |
| US | ||
| 13 YAML | HIPAA, SOX, COPPA, TCPA, BIPA, CCPA, Colorado AI Act, NYC LL144, ECPA | |
| Global | ||
| 1 YAML | PCI DSS | |
| Universal | ||
| 3 YAML | PII detection, prompt injection (direct + indirect) |
Each rule specifies conditions, severity, detection scope, and remediation with legal citations. See the rule schema for the format.
id: MY_CUSTOM_RULE_001
jurisdiction: EU
effective_date: "2025-02-02"
description: "Detect prohibited practice X under Article Y"
severity: critical
conditions:
- type: regex
value: "prohibited pattern"
description: "Matches prohibited practice X"
source:
regulation: "EU AI Act"
article: "Article Y(1)(z)"
Validate: cd rules && python scripts/validate_rules.py
Layer 1 — Deterministic (hot path, <100ms p99): 19 OPA/Rego policies + TrustLint regex engine fire on every request. Binary pass/block. Legal citation attached to every decision. No LLM on the hot path.
Layer 2 — Interpretive (synchronous, opt-in): When called with use_semantic_fallback=True
, an LLM evaluates the request and blocks if a violation is found. Off by default since v0.2.2. Adds 2–5s latency per request.
Security products protect AI from bad actors. ComplyEdge protects companies from their own AI's legal violations during normal operations.
We welcome rule contributions. See CONTRIBUTING.md for details.
Every rule must include: article + paragraph citation, verifiable detection condition, and test cases.
Apache License 2.0 — see LICENSE.
Website:complyedge.io** PyPI**:pypi.org/project/complyedge** Rule Schema**:rules/schemas/rule-schema.json