The EU AI Act is not coming. It is here.

Most engineering teams cannot produce the required documentation. AiExponent builds the tools that change that — in 30 minutes, not 30 weeks.

Three production-ready tools. Each maps to an active enforcement obligation. Each produces a concrete artefact your legal team can file.

"Which licenses govern every component in my AI stack — including the models?"

pip install license-compliance-checker
lcc scan . --policy eu-ai-act-compliance --format json

The only open-source scanner that combines dependency license detection, AI model license analysis (HuggingFace Hub API, GGUF, ONNX), and EU AI Act Article 53 compliance — in a single command.

Output: Article 53 compliance pack — eu_ai_act_report.json + CycloneDX SBOM + training data risk summary.

"Can I prove my RAG system is accurate enough to deploy? Can I show regulators the evidence?"

pip install rag-benchmarking
# Plug in your LangChain, LlamaIndex, or custom pipeline

Framework-agnostic evaluation harness for RAG and agentic AI systems. 12 metrics across classic RAG, retrieval quality, and agentic-era evaluation. Measured faithfulness of 0.958 on the 50-sample golden dataset.

Output: BenchmarkReport JSON — audit-ready accuracy evidence for Article 15 compliance.

"Where is my Article 9 risk management file? How do I produce one before August 2026?"

pip install riskforge
riskforge init --name "My AI System" --sys-version "1.0" \
  --purpose "..." --provider "MyOrg" --category essential_services
riskforge assess <system-id> --assessor-name "..." --assessor-role "..."
riskforge export <system-id> --format pdf

Guided 8-dimension risk assessment CLI with 50+ questions, Annex III pattern matching, SHA-256 hash-chained audit trail. Article 9 documentation in ~30 minutes.

Output: Signed PDF + rmf.json — Article 9 / Annex IV Risk Management File for regulator submission.

Each tool produces structured evidence consumed by the next. Together they cover the complete technical documentation chain required for high-risk AI system compliance.

graph LR
    LCC["📦 license-compliance-checker\nArt. 53 — What licenses\ngovern it?"]
    RAG["📊 rag-benchmarking\nArt. 15 — How\naccurate is it?"]
    RF["🔐 riskforge\nArt. 9 — What are the\nrisks and mitigations?"]
    TD["TransparencyDeck\nArt. 13 — Documents\nall of the above"]
    CB["ConformityBot\nArt. 43 — Certifies\nthe package"]
    SIG["Sigil\nArt. 14 · 17 — Governs\nit at runtime"]

    LCC -->|"license evidence"| RF
    RAG -->|"accuracy evidence"| RF
    RF -->|"rmf.json"| TD
    TD -->|"transparency docs"| CB
    CB -.->|"enterprise"| SIG

    style LCC fill:#0D5463,color:#FCFCFA,stroke:#0D5463,stroke-width:2px
    style RAG fill:#0D5463,color:#FCFCFA,stroke:#0D5463,stroke-width:2px
    style RF fill:#0D5463,color:#FCFCFA,stroke:#0D5463,stroke-width:3px
    style TD fill:#F5F4EF,color:#0F1419,stroke:#E4E2DC
    style CB fill:#F5F4EF,color:#0F1419,stroke:#E4E2DC
    style SIG fill:#0F1419,color:#FCFCFA,stroke:#0D5463,stroke-dasharray:5 5

Solid teal fill = open source, available now. Dashed = enterprise roadmap.

Designed for the EU AI Act. Cross-mapped to every active framework:

Commercial AI agent governance platform. Real-time policy enforcement, audit logging, and compliance reporting for AI agents in production.

→ aiexponent.com/products#sigil

All tools are Apache 2.0 licensed. Contributions welcome.

The easiest contribution requires zero Python — add a risk question, a license pattern, or a benchmark metric by editing a YAML file. See CONTRIBUTING.md in each repository.