@conformy/mcp-server

EU AI Act & NIS2 compliance from your AI assistant. Classify AI systems by risk level, check NIS2 cybersecurity obligations, and draft structured compliance documentation — without leaving your editor or chat.

Documents created via MCP are synced with conformy.io — view, edit, and export from either place.

Quick start

Claude Desktop

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "conformy": {
      "command": "npx",
      "args": ["-y", "@conformy/mcp-server"]
    }
  }
}

Classification and reference tools work without an API key. For document generation, add your key:

{
  "mcpServers": {
    "conformy": {
      "command": "npx",
      "args": ["-y", "@conformy/mcp-server"],
      "env": {
        "CONFORMY_API_KEY": "your-api-key"
      }
    }
  }
}

Get an API key: Sign up at conformy.io, buy credits, then create a key in your dashboard under API Keys.

Self-hosted API

{
  "mcpServers": {
    "conformy": {
      "command": "npx",
      "args": ["-y", "@conformy/mcp-server"],
      "env": {
        "CONFORMY_API_URL": "http://localhost:5202"
      }
    }
  }
}

Tools

EU AI Act — Classification & Reference

| Tool | What it does | |------|-------------| | classify_ai_system | Classify an AI system by risk level (prohibited / high / limited / minimal) with Annex III mapping | | check_deadline | EU AI Act enforcement timeline — days remaining until each deadline | | get_requirements | Required compliance documents by risk level and role (provider / deployer) | | list_annex_iii_categories | All 8 Annex III high-risk categories |

EU AI Act — Document Workflow

| Tool | What it does | |------|-------------| | get_document_template | Full question template for a document type — start here to see what info is needed | | create_document | Create a new compliance document with answers, optionally start AI generation | | list_documents | List all your documents | | get_document | Get a document with all answers and generated sections | | update_document_answers | Update specific answers on an existing document (only send what changed) | | generate_document | Start AI generation — only regenerates sections whose answers changed (smart diffing) | | get_generation_status | Poll generation progress | | generate_document_section | Generate a single section independently | | export_document | Export to PDF or DOCX, saved to ~/Downloads |

NIS2 Directive

| Tool | What it does | |------|-------------| | classify_nis2_entity | Classify an organization as essential, important, or not in scope based on sector and size | | list_nis2_sectors | All Annex I (highly critical) and Annex II (other critical) sectors | | check_nis2_obligations | Article 21 risk measures, Article 23 incident reporting, supervision details |

Account

| Tool | What it does | |------|-------------| | check_credits | Check your remaining document generation credits |

How credits work

Document generation uses prepaid credits. 1 credit = 1 AI-generated section.

| Action | Cost | |--------|------| | Full Annex IV document (9 sections) | 9 credits | | Edit one answer + regenerate | 1 credit (only changed section) | | Classification, templates, exports | Free |

Credits work across both the MCP server and conformy.io.

Buy credits at conformy.io/sv/pricing (SEK) or conformy.io/en/pricing (EUR).

Example prompts

Classify an AI system:

"Classify our facial recognition system used for employee access control"

Check NIS2 scope:

"Is our energy company subject to NIS2? We have 300 employees and €80M turnover"

Draft a document:

"Get the Annex IV template, then create a document for our medical imaging AI"

Continue work:

"List my documents and show me the latest Annex IV — I want to update section 3"

Export:

"Export my Annex IV document as PDF"

Environment variables

| Variable | Default | Description | |----------|---------|-------------| | CONFORMY_API_URL | https://api.conformy.io | API base URL | | CONFORMY_API_KEY | — | API key for document generation and account features |

License

MIT