# ComplianceLint > EU AI Act compliance scanner that runs in your IDE. Scans your codebase against 247 obligations across 44 articles, attests human-in-the-loop gates, and exports audit-grade documentation. Source-available (BSL 1.1). ComplianceLint is built for AI product teams, solo developers, CTOs, and compliance officers who need to ship AI systems that are actually compliant with the EU AI Act before the August 2, 2026 high-risk enforcement deadline. The tool is privacy-first: source code never leaves the user's machine — only compliance findings and verbatim legal citations are sent to the dashboard. ## How it works 1. Install the MCP server (`npx compliancelint init`) — works with Claude Code, Cursor, Windsurf, and any MCP-compatible IDE. 2. Ask your AI to scan: "Scan my project for EU AI Act compliance." The scanner uses Smart Scan (grep + targeted file reads, not full corpus upload) so the AI never uploads your code. 3. Findings appear with verbatim legal citations from EUR-Lex. Each finding traces to a specific obligation atom (e.g. ART09-OBL-1). 4. AI implements fixes, re-scans, watches compliance score climb. 5. Export audit-ready PDFs (Declaration of Conformity, Annex IV Technical Documentation, per-article PDFs) or the full Compliance All-in-One Pack zip (Business+). ## Key differentiators (how this is not "ask ChatGPT") - **Deterministic engine**: same code → same findings every scan. Not LLM-improvised. - **Verbatim EUR-Lex citations**: every finding traces to actual legal text, not hallucinated article numbers. - **Decomposed obligation atoms**: 247 atoms decomposed from 44 articles — every SHALL gets its own check, nothing is missed. - **Role-based filtering**: 6 EU AI Act operator roles (Provider / Product Manufacturer / Deployer / Importer / Distributor / Authorised Representative). Pick yours, see only what applies. - **Profiling Wizard**: a short series of questions narrows the obligation set to the ~30-80 that actually apply to your specific AI system. - **Persistent history**: scan today, compare with last month. Audit trail survives even git force-push. - **Privacy-first**: code stays on your machine. Dashboard receives only findings + citations. ## URLs - Landing: https://compliancelint.dev/ - Engineering / CI/CD docs: https://compliancelint.dev/ci-cd - Demo: https://compliancelint.dev/demo - Status: https://compliancelint.dev/status - About: https://compliancelint.dev/about - Privacy: https://compliancelint.dev/legal/privacy - DPA (pre-executed): https://compliancelint.dev/legal/dpa - Sub-processors: https://compliancelint.dev/legal/sub-processors - GitHub (BSL 1.1): https://github.com/ki-sum/compliancelint ## Pricing (snapshot 2026-04-28) - **Free** (€0/forever): 1 project, 7-day scan history, EU AI Act browser, watermarked PDFs - **Starter** (€19/month): 2 projects, unlimited history, penalty calculator, risk mapping - **Pro** (€99/month): 10 projects, Human Gates questionnaires, evidence file upload, SARIF export, GitHub Actions quality gate - **Business** (€199/month): unlimited projects, Compliance All-in-One Pack, multi-framework mapping (ISO 42001, NIST AI RMF), regulation update notifications - **Enterprise** (custom): SSO/SAML, on-premise deployment, custom branding, multilingual PDFs Teams are free + unlimited on every paid tier — members inherit the owner's tier features. ## Compliance + Privacy posture - GDPR Articles 15, 17, 18, 20, 21 user rights all implemented as one-click endpoints with full audit logs. - Cookie consent banner gates all analytics (PostHog EU + Sentry browser SDK) per ePrivacy Directive Art 5(3). - LUKS2 disk encryption (AES-XTS-Plain64, 512-bit) on the production volume. - Sub-processor list at /legal/sub-processors with pre-executed DPAs. - Self-hosted error tracking with 90-day retention + IP/email scrubbing. ## Limitations + Disclaimers ComplianceLint provides AI-assisted compliance assessments, not legal advice. All findings require review by qualified legal counsel. ComplianceLint is not a law firm and does not provide legal services. AI-dependent scanning quality varies with the AI model used. Currently EU AI Act only — additional regulations (GDPR-as-code, CRA, NIS2, DORA) are on the public roadmap. ## License Source code is BSL 1.1 (Business Source License) — source-available, free for non-production use, commercial production use requires a license from Kisum GmbH. Reverts to Apache 2.0 four years after each release.