disclos-eu-ai-act

v0.2.0

Published

8 days ago

MCP server that classifies AI systems under the EU AI Act (Regulation (EU) 2024/1689) — risk tier, obligations, deadlines, EUR-Lex citations, and a crosswalk to ISO 42001 / NIST AI RMF / GDPR — for AI assistants like Claude and Cursor. By Disclos.

Downloads

166

0High
0Medium
0Low

disclosai

mcp model-context-protocol eu-ai-act ai-act compliance regulation-2024-1689 annex-iii article-50 gpai risk-classification

disclos-eu-ai-act

An MCP server that lets AI assistants (Claude Desktop, Claude Code, Cursor, Windsurf, and any MCP-compatible client) classify an AI system under the EU AI Act — Regulation (EU) 2024/1689.

Ask your assistant a plain-English question and it returns a structured scope finding: the risk tier, the obligations, and the deadlines.

Built and maintained by Disclos — fixed-price EU AI Act audits for SaaS companies.

What it does

Four tools:

| Tool | What it returns | |------|-----------------| | classify_ai_system | A full scope finding — tier, obligations, deadline, and the exact EUR-Lex article — from a description of the product. | | eu_ai_act_timeline | The enforcement timeline (Feb 2025 → Aug 2028) and what takes effect on each date. | | explain_tier | A detailed explanation of one risk tier and its duties. | | framework_crosswalk | Maps an EU AI Act tier to the equivalent controls in ISO/IEC 42001, NIST AI RMF, and GDPR. |

It tests every tier the Act defines: prohibited (Art 5), high-risk (Annex III), GPAI provider (Art 53), transparency (Art 50), minimal, and out of scope — flags the common mistake of over-classifying as high-risk, and links every finding to the official EUR-Lex text.

TL;DR — 60-second install (Claude Desktop)

Add this to your Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "disclos-eu-ai-act": {
      "command": "npx",
      "args": ["-y", "github:GatisOzols/disclos-eu-ai-act"]
    }
  }
}

Restart Claude Desktop, then ask:

"We run a B2B SaaS with an AI chatbot and some EU customers. Are we in scope under the EU AI Act, and at what tier?"

Claude calls classify_ai_system and returns a finding with the tier, obligations, and the relevant deadline.

Run from source

git clone https://github.com/GatisOzols/disclos-eu-ai-act
cd disclos-eu-ai-act
npm install
npm start            # starts the server on stdio

Then point any MCP client at node /path/to/src/index.js.

How it works

A small, deterministic classifier maps six yes/no facts about your product to the Act's tiers. No network calls, no data collection, no tracking — everything runs locally on stdio.

Accuracy & limits

The logic follows the public text of Articles 5, 6, 50, 53 and Annex III.
It's a screening aid, accurate for most straightforward SaaS products.
Edge cases (multi-modal systems, mixed provider/deployer roles, biometric inference) need a human review.
This is general information, not legal advice.

Published

Vulnerabilities

Links

Maintainers

Keywords

Readme

disclos-eu-ai-act

What it does

TL;DR — 60-second install (Claude Desktop)

Run from source

How it works

Accuracy & limits

License