ai-act-mcp

ai-act-mcp

Enables EU AI Act compliance assessment by classifying AI systems, listing obligations, computing deadlines, and scanning repos for required documentation, all running locally.

Category
访问服务器

README

<div align="center">

ai-act-mcp

Lint your AI system for EU AI Act compliance — before the regulators do.

CI npm License: MIT Node ≥18 Ruleset

A local Model Context Protocol server that classifies any AI system under the EU AI Act, lists the obligations that apply to you with article citations, tells you your actual deadline, and scans your repo for missing compliance artifacts.

Runs entirely on your machine. Supports fully offline classification via a local small model — your system description never leaves your laptop.

Quick start · Offline with Ollama · All four tools · Contributing

</div>


ai-act-mcp demo


Why this exists

The EU AI Act is live and has teeth:

  • Feb 2025 — prohibited practices enforceable. €35M or 7% of global turnover.
  • Aug 2025 — GPAI model obligations active.
  • Aug 2026 — transparency requirements apply.
  • Dec 2027 — high-risk (Annex III) obligations due.

Most teams have no idea which tier they're in. This gives you a grounded first pass in seconds, inside the agent you already use — with a citation for every claim so you can verify it.

⚠️ Informational triage, not legal advice. Confirm classifications with qualified counsel.


Tools

Four tools exposed to any MCP-compatible agent (Claude Code, Cursor, Claude Desktop, Windsurf, Cline, …):

Tool What it answers
classify_risk "Is my system prohibited / high-risk / limited / minimal?" — with Annex III category + article citations
check_obligations "Given my tier and role (provider or deployer), what must I do?" — obligation by obligation, with the specific deadline
next_deadlines "When does this apply to me?" — the staggered 2025–2028 enforcement timeline
scan_repo "Which compliance artifacts am I missing?" — pass / warn / fail checklist against your actual repo

The rules live in a single versioned, citation-backed file: rules/ruleset.json. It reflects Regulation (EU) 2024/1689 as amended by the May 2026 Digital Omnibus agreement, and is date-stamped so you always know how current it is.


Install

Option A — npx (zero install, once published to npm)

{
  "mcpServers": {
    "ai-act": {
      "command": "npx",
      "args": ["-y", "ai-act-mcp"]
    }
  }
}

Option B — clone and build

git clone https://github.com/a2welt/ai-act-mcp
cd ai-act-mcp
npm install && npm run build
{
  "mcpServers": {
    "ai-act": {
      "command": "node",
      "args": ["/absolute/path/to/ai-act-mcp/dist/index.js"]
    }
  }
}

Client config locations:

Client File
Claude Desktop ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) · %APPDATA%\Claude\claude_desktop_config.json (Windows)
Claude Code .mcp.json in project root, or claude mcp add ai-act node /path/to/dist/index.js
Cursor .cursor/mcp.json
Windsurf ~/.codeium/windsurf/mcp_config.json

Restart your agent and ask: "Classify my hiring tool under the EU AI Act."


Fully offline — Ollama

Your AI-system description is exactly the kind of proprietary text you should not send to a cloud service. Run classification on a small local model instead — nothing leaves your machine:

# 1. Pull a model (any small instruct model works)
ollama pull llama3.2

# 2. Test it from your terminal (builds a vivid picture of what the tool does)
node demo/test-local.mjs

# 3. Register with your agent using the local backend
{
  "mcpServers": {
    "ai-act": {
      "command": "node",
      "args": ["/absolute/path/to/ai-act-mcp/dist/index.js"],
      "env": {
        "AI_ACT_CLASSIFIER": "local",
        "AI_ACT_SLM_MODEL": "llama3.2"
      }
    }
  }
}

The model only ever picks among the ruleset's enumerated, cited categories — it never invents law. This is what makes a small model reliable: you've constrained its job to classification-against-known-rules, not open-ended legal reasoning. If the model is unreachable for any reason, the server falls back to the deterministic keyword screen automatically.

Backend options

AI_ACT_CLASSIFIER Where the description goes Quality Notes
keyword (default) Nowhere — pure local logic Good Instant, zero dependencies, deterministic
local Stays on your machine (Ollama) Better Privacy-first; requires Ollama running
host Your agent's model via MCP sampling Best Requires client sampling support

Extra env vars for local mode:

Variable Default Description
AI_ACT_SLM_MODEL llama3.2 Any model name Ollama has pulled
AI_ACT_OLLAMA_URL http://localhost:11434 Ollama server URL
AI_ACT_SLM_TIMEOUT_MS 30000 Timeout before falling back to keyword

Example

Prompt: I'm building a tool that screens job applicants' CVs and ranks them. Classify it under the EU AI Act.

# AI Act risk classification

**Likely tier: High-risk** (Art. 6 + Annex I / Annex III)

Permitted but subject to the heaviest obligations (risk management, data
governance, logging, human oversight, conformity assessment, registration).

## ⚠️ Possible high-risk categories (Annex III)
- **Employment**: recruitment, screening, filtering applications, evaluating
  candidates, or decisions on promotion/termination/task allocation — Annex III(4)

> Check the Art. 6(3) exemption: system does NOT pose a significant risk of harm
  to health, safety or fundamental rights…

## What to do next
Run `check_obligations` with tier "high" and your role (provider or deployer)
for the full obligation list, and `next_deadlines` for your timeline.

---
Ruleset 2026.06 (current as of 2026-06-09). Informational triage only.
Not legal advice. Verify against the official text and consult qualified counsel.

Run the tests

npm test

15 tests covering classification, obligations, deadlines, repo scanning, all three classifier backends, and the offline fallback path.


Roadmap

  • [x] Four core tools — classify, obligations, deadlines, repo scan
  • [x] Versioned, citation-backed ruleset (rules/ruleset.json)
  • [x] Pass / warn / fail repo artifact checklist
  • [x] Per-tier deadlines in obligation output
  • [x] Pluggable classifier backends — keyword (default), local SLM (fully offline via Ollama), host-model sampling
  • [ ] npm publish — zero-install npx setup
  • [ ] FRIA (fundamental rights impact assessment) scaffold generator
  • [ ] GPAI Code of Practice checklist
  • [ ] Ruleset auto-update workflow as Omnibus amendments are adopted

Contributing

Corrections to the ruleset — with article citations — are the most valuable contributions. See CONTRIBUTING.md for the full guide.

Quick ways to help:


License

MIT — see LICENSE

推荐服务器

Baidu Map

Baidu Map

百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。

官方
精选
JavaScript
Playwright MCP Server

Playwright MCP Server

一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。

官方
精选
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。

官方
精选
本地
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。

官方
精选
本地
TypeScript
VeyraX

VeyraX

一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。

官方
精选
本地
graphlit-mcp-server

graphlit-mcp-server

模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。

官方
精选
TypeScript
Kagi MCP Server

Kagi MCP Server

一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。

官方
精选
Python
e2b-mcp-server

e2b-mcp-server

使用 MCP 通过 e2b 运行代码。

官方
精选
Neon MCP Server

Neon MCP Server

用于与 Neon 管理 API 和数据库交互的 MCP 服务器

官方
精选
Exa MCP Server

Exa MCP Server

模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。

官方
精选