{"slug": "show-hn-complyedge-runtime-eu-ai-act-enforcement-for-python", "title": "Show HN: ComplyEdge – Runtime EU AI Act Enforcement for Python", "summary": "ComplyEdge, a runtime compliance enforcement tool for AI agents, launched to enforce the EU AI Act in production. The Python SDK blocks prohibited AI outputs on every request with legal citations, addressing Article 5 which is already law and GPAI fines starting August 2, 2026. The tool provides deterministic rule-based checks and optional semantic fallback, targeting companies needing real-time compliance for their AI systems.", "body_md": "Runtime compliance enforcement for AI agents. Not a scanner — runs in production, on every request.\n\n**Article 5 is already law.** GPAI fines start August 2, 2026. Your AI is either compliant right now, or it isn't.\n\nWhat does your compliance tool tell a regulator when it blocks a request? A probability score?\n\nComplyEdge says:\n\nArticle 5(1)(a), rule EU_AI_ACT_ARTICLE5_SUBLIMINAL_001, timestamp, input hash.One is an audit trail. One is a guess.\n\n```\npip install complyedge\npython\nfrom complyedge import compliance_check\n\n@compliance_check(jurisdiction=\"EU\", agent_id=\"my-agent\")\ndef my_agent(prompt):\n return llm.generate(prompt) # every input and output checked\n```\n\nThree lines. Every AI input and output evaluated against the EU AI Act rule corpus (Article 5, Article 50, GPAI). Violations blocked before they reach the user — with article citation, rule ID, and timestamp on every decision.\n\nSet `COMPLYEDGE_API_KEY`\n\nto your key. The decorator activates by default; to disable without removing the key (e.g., in CI), set `COMPLYEDGE_ENABLED=false`\n\n.\n\n``` python\nfrom complyedge import is_safe, check\nimport os\n\napi_key = os.environ[\"COMPLYEDGE_API_KEY\"]\n\n# Boolean check — returns True if no violations\nif not is_safe(prompt, api_key=api_key, jurisdiction=\"EU\"):\n raise ValueError(\"Prompt violates EU AI Act\")\n\n# Full result — returns ComplianceResult with violations + citations\nresult = check(prompt, api_key=api_key, jurisdiction=\"EU\")\nif not result.allowed:\n for v in result.violations:\n print(v.rule_id, v.citation)\n```\n\nJurisdiction maps to the rule corpus: `EU`\n\nevaluates against EU AI Act Article 5, Article 50, and GPAI obligations. `US`\n\nevaluates against HIPAA, SOX, COPPA, TCPA, BIPA.\n\nNo API key required. Scans text against the rule corpus using regex patterns.\n\n```\npip install trustlint\n\ntrustlint check --text \"We use social credit scoring to evaluate applicants\"\n# → CRITICAL: EU_AI_ACT_ARTICLE5_SOCIAL_SCORING_001 — Article 5(1)(c)\n```\n\nExit codes: `0`\n\n= pass, `1`\n\n= violations found. Designed for CI/CD pipelines.\n\n```\nsdks/python/ Python SDK (@compliance_check decorator, CLI)\nrules/regulations/ 53 YAML rules (EU AI Act, GDPR, HIPAA, SOX, PCI DSS, and more)\nrules/rego/ 19 OPA/Rego policies (EU AI Act Article 5, 50, GPAI)\nrules/schemas/ Rule validation schema\nexamples/ Usage examples (decorators, OpenAI Agents)\ntests/ Rule validation tests\n```\n\n53 YAML rules + 19 OPA/Rego policies across 4 jurisdictions:\n\n| Jurisdiction | Rules | Regulations |\n|---|---|---|\nEU |\n36 YAML + 19 Rego | EU AI Act Articles 4–6, 9–10, 12–16, 26–27, 50, 53, GPAI, GDPR |\nUS |\n13 YAML | HIPAA, SOX, COPPA, TCPA, BIPA, CCPA, Colorado AI Act, NYC LL144, ECPA |\nGlobal |\n1 YAML | PCI DSS |\nUniversal |\n3 YAML | PII detection, prompt injection (direct + indirect) |\n\nEach rule specifies conditions, severity, detection scope, and remediation with legal citations. See the [rule schema](/ComplyEdge/complyedge/blob/main/rules/schemas/rule-schema.json) for the format.\n\n```\nid: MY_CUSTOM_RULE_001\njurisdiction: EU\neffective_date: \"2025-02-02\"\ndescription: \"Detect prohibited practice X under Article Y\"\nseverity: critical\nconditions:\n - type: regex\n value: \"prohibited pattern\"\n description: \"Matches prohibited practice X\"\nsource:\n regulation: \"EU AI Act\"\n article: \"Article Y(1)(z)\"\n```\n\nValidate: `cd rules && python scripts/validate_rules.py`\n\n**Layer 1 — Deterministic (hot path, <100ms p99):** 19 OPA/Rego policies + TrustLint regex engine fire on every request. Binary pass/block. Legal citation attached to every decision. No LLM on the hot path.\n\n**Layer 2 — Interpretive (synchronous, opt-in):** When called with `use_semantic_fallback=True`\n\n, an LLM evaluates the request and blocks if a violation is found. Off by default since v0.2.2. Adds 2–5s latency per request.\n\nSecurity products protect AI from bad actors. **ComplyEdge protects companies from their own AI's legal violations during normal operations.**\n\nWe welcome rule contributions. See [CONTRIBUTING.md](/ComplyEdge/complyedge/blob/main/CONTRIBUTING.md) for details.\n\nEvery rule must include: article + paragraph citation, verifiable detection condition, and test cases.\n\nApache License 2.0 — see [LICENSE](/ComplyEdge/complyedge/blob/main/LICENSE).\n\n**Website**:[complyedge.io](https://complyedge.io)** PyPI**:[pypi.org/project/complyedge](https://pypi.org/project/complyedge/)** Rule Schema**:[rules/schemas/rule-schema.json](/ComplyEdge/complyedge/blob/main/rules/schemas/rule-schema.json)", "url": "https://wpnews.pro/news/show-hn-complyedge-runtime-eu-ai-act-enforcement-for-python", "canonical_source": "https://github.com/ComplyEdge/complyedge", "published_at": "2026-06-14 15:57:06+00:00", "updated_at": "2026-06-14 16:12:48.874327+00:00", "lang": "en", "topics": ["ai-policy", "ai-safety", "ai-tools", "developer-tools", "large-language-models"], "entities": ["ComplyEdge", "EU AI Act", "Python", "OpenAI", "HIPAA", "SOX", "COPPA", "GDPR"], "alternates": {"html": "https://wpnews.pro/news/show-hn-complyedge-runtime-eu-ai-act-enforcement-for-python", "markdown": "https://wpnews.pro/news/show-hn-complyedge-runtime-eu-ai-act-enforcement-for-python.md", "text": "https://wpnews.pro/news/show-hn-complyedge-runtime-eu-ai-act-enforcement-for-python.txt", "jsonld": "https://wpnews.pro/news/show-hn-complyedge-runtime-eu-ai-act-enforcement-for-python.jsonld"}}