Show HN: ComplyEdge – Runtime EU AI Act Enforcement for Python

ComplyEdge, a runtime compliance enforcement tool for AI agents, launched to enforce the EU AI Act in production. The Python SDK blocks prohibited AI outputs on every request with legal citations, addressing Article 5 which is already law and GPAI fines starting August 2, 2026. The tool provides deterministic rule-based checks and optional semantic fallback, targeting companies needing real-time compliance for their AI systems.

Runtime compliance enforcement for AI agents. Not a scanner — runs in production, on every request. Article 5 is already law. GPAI fines start August 2, 2026. Your AI is either compliant right now, or it isn't. What does your compliance tool tell a regulator when it blocks a request? A probability score? ComplyEdge says: Article 5 1 a , rule EU AI ACT ARTICLE5 SUBLIMINAL 001, timestamp, input hash.One is an audit trail. One is a guess. pip install complyedge python from complyedge import compliance check @compliance check jurisdiction="EU", agent id="my-agent" def my agent prompt : return llm.generate prompt every input and output checked Three lines. Every AI input and output evaluated against the EU AI Act rule corpus Article 5, Article 50, GPAI . Violations blocked before they reach the user — with article citation, rule ID, and timestamp on every decision. Set COMPLYEDGE API KEY to your key. The decorator activates by default; to disable without removing the key e.g., in CI , set COMPLYEDGE ENABLED=false . python from complyedge import is safe, check import os api key = os.environ "COMPLYEDGE API KEY" Boolean check — returns True if no violations if not is safe prompt, api key=api key, jurisdiction="EU" : raise ValueError "Prompt violates EU AI Act" Full result — returns ComplianceResult with violations + citations result = check prompt, api key=api key, jurisdiction="EU" if not result.allowed: for v in result.violations: print v.rule id, v.citation Jurisdiction maps to the rule corpus: EU evaluates against EU AI Act Article 5, Article 50, and GPAI obligations. US evaluates against HIPAA, SOX, COPPA, TCPA, BIPA. No API key required. Scans text against the rule corpus using regex patterns. pip install trustlint trustlint check --text "We use social credit scoring to evaluate applicants" → CRITICAL: EU AI ACT ARTICLE5 SOCIAL SCORING 001 — Article 5 1 c Exit codes: 0 = pass, 1 = violations found. Designed for CI/CD pipelines. sdks/python/ Python SDK @compliance check decorator, CLI rules/regulations/ 53 YAML rules EU AI Act, GDPR, HIPAA, SOX, PCI DSS, and more rules/rego/ 19 OPA/Rego policies EU AI Act Article 5, 50, GPAI rules/schemas/ Rule validation schema examples/ Usage examples decorators, OpenAI Agents tests/ Rule validation tests 53 YAML rules + 19 OPA/Rego policies across 4 jurisdictions: | Jurisdiction | Rules | Regulations | |---|---|---| EU | 36 YAML + 19 Rego | EU AI Act Articles 4–6, 9–10, 12–16, 26–27, 50, 53, GPAI, GDPR | US | 13 YAML | HIPAA, SOX, COPPA, TCPA, BIPA, CCPA, Colorado AI Act, NYC LL144, ECPA | Global | 1 YAML | PCI DSS | Universal | 3 YAML | PII detection, prompt injection direct + indirect | Each rule specifies conditions, severity, detection scope, and remediation with legal citations. See the rule schema /ComplyEdge/complyedge/blob/main/rules/schemas/rule-schema.json for the format. id: MY CUSTOM RULE 001 jurisdiction: EU effective date: "2025-02-02" description: "Detect prohibited practice X under Article Y" severity: critical conditions: - type: regex value: "prohibited pattern" description: "Matches prohibited practice X" source: regulation: "EU AI Act" article: "Article Y 1 z " Validate: cd rules && python scripts/validate rules.py Layer 1 — Deterministic hot path, <100ms p99 : 19 OPA/Rego policies + TrustLint regex engine fire on every request. Binary pass/block. Legal citation attached to every decision. No LLM on the hot path. Layer 2 — Interpretive synchronous, opt-in : When called with use semantic fallback=True , an LLM evaluates the request and blocks if a violation is found. Off by default since v0.2.2. Adds 2–5s latency per request. Security products protect AI from bad actors. ComplyEdge protects companies from their own AI's legal violations during normal operations. We welcome rule contributions. See CONTRIBUTING.md /ComplyEdge/complyedge/blob/main/CONTRIBUTING.md for details. Every rule must include: article + paragraph citation, verifiable detection condition, and test cases. Apache License 2.0 — see LICENSE /ComplyEdge/complyedge/blob/main/LICENSE . Website : complyedge.io https://complyedge.io PyPI : pypi.org/project/complyedge https://pypi.org/project/complyedge/ Rule Schema : rules/schemas/rule-schema.json /ComplyEdge/complyedge/blob/main/rules/schemas/rule-schema.json