EU AI Act Compliance MCP

EU AI Act risk classification, 42-point audit, documentation generation, penalties and deadlines by MEOK AI Labs

GitHub

eu-ai-act-compliance-mcp MCP server MCP Registry PyPI

eu-ai-act-compliance-mcp MCP server

MCPize GitHub stars

EU AI Act + Multi-Regulation Compliance MCP Server

Buy Starter — £29/mo

Signed attestations + unlimited audits + email support. 👉 Subscribe at meok.ai — instant HMAC signing key + Stripe-managed billing.

Free tier remains MIT-licensed and zero-config. Upgrade only when you need signed compliance artefacts for audit.

Six EU regulations, one MCP. Verbatim text + active compliance scanning + cryptographic attestations.

Covers EU AI Act · DORA · NIS2 · Cyber Resilience Act · CSRD · GDPR — 400+ articles indexed for FTS5 search, every quote auditor-defensible, every citation linked back to the canonical EUR-Lex URL.

🆕 v1.4 — Verbatim EU regulation text from publications.europa.eu Cellar SPARQL, in SQLite FTS5. Daily sync.

Search regulation text · Quote full articles · Classify AI risk levels · Run 42-point audits · Generate Annex IV docs · Assess penalties · Track deadlines · Sign attestations

npm version MCPize License: MIT MEOK AI Labs

Installation · Tools · Docs · Report Bug

Quick Install

ClientInstall
Claude DesktopInstall in Claude
CursorInstall in Cursor
VS CodeInstall in VS Code
WindsurfInstall in Windsurf
Dockerdocker run -p 8000:8000 eu-ai-act-compliance-mcp
pippip install eu-ai-act-compliance-mcp

Connect via MCPize

Use this MCP server instantly with no local installation:

npx -y mcpize connect @meok-ai-labs/eu-ai-act-compliance --client claude

Or connect at: https://mcpize.com/mcp/eu-ai-act-compliance

Quick Start

pip install eu-ai-act-compliance-mcp
# or
npm install -g @meok-ai/eu-ai-act-compliance-mcp

Why This Exists

The EU AI Act (Reg 2024/1689) is now in force. Following the March 2026 Digital Omnibus vote, the timeline shifted:

  • Article 50 transparency obligations: 2 November 2026 (was August 2026)
  • Annex III high-risk systems: 2 December 2027 (was August 2026)
  • Annex I high-risk systems: 2 August 2028 (was August 2027)

Penalties remain unchanged: up to €35M or 7% of global turnover.

Most teams are using PDF binders and Word checklists to track Article 6 risk classifications, Article 26(9) FRIA artifacts, and Article 50 disclosures. When a regulator asks "how do we know this artifact wasn't fabricated last week?", the answer today is "trust us".

This MCP turns Article 6 / 26(9) / 50 obligations into a single AI-agent-callable tool, signs each artifact with HMAC-SHA256, and gives you a verifiable URL the auditor can curl independently.

Real Usage Example

A German Mittelstand HR-tech firm needed to dry-run their Article 6 classification + Article 26(9) FRIA for a CV-screening AI. Their compliance lead installed this MCP into Claude Code:

pip install eu-ai-act-compliance-mcp

Then prompted Claude:

"Classify our CV-scoring product against EU AI Act Article 6. Treat it as Annex III (employment). Generate the risk-tier rationale and the high-risk obligations checklist. Then produce the Article 26(9) FRIA. Sign with the attestation API."

Result: 49-page audit pack with cryptographically verifiable HMAC-signed sections in ~14 hours of review time.

Traditional consulting estimate: 230 hours / £42-62K.

Saved: ~£40K and 4-5 weeks.

Tools

🆕 v1.4 — EUR-Lex Search (free tier)

ToolDescription
search_regulationFull-text FTS5 search across verbatim EU regulation text (EU AI Act, DORA, NIS2, CRA, CSRD, GDPR). Returns 64-token snippets with relevance scores and a canonical EUR-Lex URL for every hit.
get_article_textReturn the full verbatim text of a single article (e.g. GDPR Article 33) plus its canonical EUR-Lex URL. Drop straight into audit evidence packs.
list_regulations_in_dbList all regulations in the local DB with article counts + last-sync date.

Core compliance tools

ToolDescription
quick_scanOne-sentence AI system description → instant risk classification (no API key)
deadline_checkAll EU AI Act enforcement deadlines with days remaining (zero params)
classify_ai_riskDetailed Article 5/6/50 risk classification
check_compliance42-point compliance audit against Annex I-IX
generate_annex_iv_docsArticle 11 technical documentation generator
assess_penaltiesPenalty exposure calculator (up to €35M or 7% global turnover)
multi_jurisdiction_mapCross-border compliance mapping
predict_risk_neuralNeural-net risk prediction (Pro tier)
neural_insightsCompliance pattern insights from training data (Pro tier)

Example: search the EU AI Act for "biometric"

result = search_regulation(query="biometric", regulation="eu-ai-act", limit=3)

Returns matched snippets from Article 3 (definitions), Article 5 (prohibitions), Article 26 (deployer duties), with relevance scores and >>>highlight<<< markers.

Why FTS5?

  • Verbatim text — no LLM summarization, every quote is auditor-defensible
  • Token-safe — 64-token snippets fit in any context window
  • Daily sync — GitHub Actions polls EUR-Lex Atom feed at 06:00 UTC
  • Stdlib only — no Postgres, no external deps

x402 Payment Deployment

Deploy this server with x402 micropayments so AI agents can pay per-call in USDC on Base L2 — no API keys, no subscriptions, no accounts. The x402_server.ts wrapper gates high-value tools behind USDC payments while keeping discovery tools free.

Quick Start

# 1. Install the x402 wrapper dependencies
npm install x402-mcp zod

# 2. Start the underlying Python MCP server
pip install -r requirements.txt
python server.py &  # runs on :8000

# 3. Start the x402 payment wrapper
USDC_WALLET_ADDRESS=0xYourBaseWalletAddress npx tsx x402_server.ts

Environment Variables

VariableRequiredDescription
USDC_WALLET_ADDRESSYesYour Base L2 USDC receiving address (0x...)
EU_AI_ACT_MCP_URLNoURL of the Python MCP server (default: http://localhost:8000)

Pricing Tiers (x402 per-call)

ToolPriceDescription
quick_scanFreeOne-sentence → instant risk classification
deadline_checkFreeAll enforcement deadlines with days remaining
search_regulationFreeFTS5 search across 410 EU regulation articles
list_regulations_in_dbFreeList regulations in the database
assess_penaltiesFreePenalty calculator (Article 99)
get_timelineFreeImplementation timeline
multi_jurisdiction_mapFreeCross-border compliance mapping
classify_ai_risk$0.01Detailed Article 5/6/Annex III risk classification
check_compliance$0.0542-point Articles 9-15 compliance audit
generate_documentation$0.25Annex IV technical documentation template
audit_report$0.50Full compliance audit report (all-in-one)

How Agents Connect and Pay

Agents using x402-compatible MCP clients (e.g. Claude, Cursor, custom agents with x402 wallets) connect to this server over HTTP. When an agent calls a paid tool:

  1. The server responds with HTTP 402 Payment Required and an x402 payment challenge
  2. The agent's wallet signs a USDC transfer on Base L2 for the tool's price
  3. The server verifies the payment and executes the tool
  4. USDC arrives in your USDC_WALLET_ADDRESS — no intermediary

Free tools (quick_scan, deadline_check, etc.) respond immediately without any payment challenge.

Docker Deployment

FROM node:22-slim AS wrapper
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci
COPY x402_server.ts .
ENV USDC_WALLET_ADDRESS=0xYourBaseWalletAddress
ENV EU_AI_ACT_MCP_URL=http://python-server:8000
CMD ["npx", "tsx", "x402_server.ts"]

Architecture

┌─────────────────────┐     ┌──────────────────────┐     ┌─────────────────────┐
│   AI Agent / LLM    │────▶│  x402_server.ts      │────▶│  server.py (Python)  │
│  (x402 wallet)      │◀────│  (payment gate)       │◀────│  EU AI Act tools     │
│                     │ 402 │                       │     │                     │
│  Pays USDC on call  │     │  Verifies payment     │     │  Runs compliance    │
│                     │     │  Proxies to Python    │     │  analysis            │
└─────────────────────┘     └──────────────────────┘     └─────────────────────┘
                                    │
                                    ▼
                            USDC → your wallet

Pricing

TierPriceWhat you get
Free£0/forever10 calls/day — quick_scan, deadline_check, risk classification (summary)
Starter£29/mo100 calls/day — full detailed analysis + Annex IV docs + audit reports
Professional£79/mo1,000 calls/day — multi-jurisdiction mapping + neural predictions + attestations
EnterpriseCustomUnlimited — on-premise + custom models + SLA + SSO

Get your API key →

If this tool helps your compliance workflow, please star this repo — it helps other compliance teams find it and keeps it maintained.

Subscribe to Pro · Enterprise · Book assessment

Attestation API

Every Pro/Enterprise audit produces a cryptographically signed certificate:

POST https://meok-attestation-api.vercel.app/sign
→ { cert_id, verify_url, hmac_sha256, valid_until }

Verify any certificate: https://meok-attestation-api.vercel.app/verify/{cert_id}

Or install the zero-dep verifier: pip install meok-attestation-verify

Star History

Star History Chart

Need Full EU AI Act Compliance?

This MCP gives you the tools — councilof.ai gives you the full platform.

TierPriceWhat You Get
Starter£29/moAutomated risk classification + deadline tracking
Pro£79/moFull audit packs + HMAC-signed attestations
Enterprise£1,499/moDedicated compliance support + Notified Body prep
Gap Analysis£5,00048-hour expert assessment with signed report

Get started at councilof.ai — 100x cheaper than traditional compliance consulting.

Support & Enterprise

License

MIT © MEOK AI Labs

相關伺服器