Products

The toolchain.

Every AiExponent open source tool, the regulatory articles they answer, and Sigil, our exploration into runtime governance. Free tools are Apache 2.0, run locally, and install in 60 seconds. Sigil design-partner pilots are recruiting.

Free · Apache 2.0 · Runs locally

Four flagship tools. Each one stands alone. Together they cover the whole compliance file.

Each tool maps to a specific EU AI Act obligation and produces a named regulatory artefact: an SBOM, a Risk Management File, a benchmark report, a prohibited-practice verdict. Install via pip, run locally.

Art. 53 · in forceLive · v1.0.0

License Compliance Checker

Article 53 requires model documentation. Scan the repo; the licence and training-data report comes out.

Regulatory relevance

GPAI Compliance · Generates audit evidence supporting EU AI Act Article 53 documentation obligations: evaluates model card completeness, license compliance, and training data risk for AI components in your stack.

licence + model reportJSONSBOM
bashpip install license-compliance-checker
Art. 9 · applies Dec 2027 · pending OJEULive · v1.0.0

RiskForge

Article 9 requires a documented risk management system. 37 guided questions produce the file, no consultants, ~30 minutes.

Regulatory relevance

Risk Management · Produces structured Article 9 Risk Management Files for high-risk AI systems suitable for inclusion in your Annex IV technical documentation pack. Organises the assessment across 8 risk dimensions derived across Articles 9, 10, 13, 14 and 15 (health & safety, fundamental rights, discrimination, privacy, transparency, human oversight, robustness, and data governance), with cross-maps to NIST AI RMF and ISO/IEC 42001. Not a substitute for notified-body conformity assessment.

Risk Management FileJSONPDF
bashpip install riskforge
Art. 15 · applies Dec 2027 · pending OJEULive · v1.0.0

RAG Benchmarking

Article 15 requires declared accuracy and robustness. Benchmark the system; the metrics report comes out.

Regulatory relevance

Accuracy Requirements · Provides systematic accuracy testing and documentation for high-risk AI systems under Article 15.

accuracy + robustness reportJSON
bashpip install rag-benchmarking
Art. 5 · in forceLive · v1.0.0

LitmusAI

Article 5 prohibits eight AI practices. Screen the system; a per-prohibition verdict comes out.

Regulatory relevance

Prohibited Practices · Screens AI systems against the eight prohibited-practice categories of EU AI Act Article 5(1)(a)–(h). Conservative-by-default verdicts; UNREVIEWED reference ruleset (no external lawyer review yet); BYO signed-ruleset path for customers who need lawyer-reviewed output today. Article 5 has been applicable since 2 February 2025 (Art. 113(a)); sanctionable since 2 August 2025 (Art. 113(b)).

prohibited-practices verdictSARIF
bashpip install litmus-screener

How the tools chain

One tool per article. The artefact is the proof.

Conformity assessment is a paper trail across roughly a dozen EU AI Act articles. We ship one tool per article, each producing the file the assessor opens next.

Four open-source tools live today: License Compliance Checker, RiskForge, RAG Benchmarking, LitmusAI. Each maps to one EU AI Act obligation. Install any of them in under 60 seconds. The rest of the chain ships through 2026–2027, with HealthAI-Comply in 2028.

Infrastructure Layer · 4 alpha tools

Evidence processing utilities

Cross-cutting tooling that feeds the flagships. Alpha stage, not marketed as standalone governance tools. Docker deployment.

Agentic Document Analyser

Articles 11 + 19

Converts unstructured compliance documents (risk assessments, model cards, contracts, audit logs) into structured JSON using Vision-Language Models. Acts as the evidence processing layer for the AiExponent compliance toolchain. Feeds Article 11 technical documentation and Article 19 automatically-generated-log preservation workflows.

Infrastructure

TraceForge

Article 10

TraceForge addresses EU AI Act Article 10 training-data governance: lineage tracking, dataset risk registry, opt-out signal detection, and provenance evidence for high-risk AI systems. A conditional 2027 build, gated on adoption evidence from the shipped tools.

In development

TransparencyDeck

Article 13

TransparencyDeck addresses EU AI Act Article 13 transparency obligations: deployer-facing documentation, instructions for use, capability and limitation disclosure. Building October 2026.

In development

RMFMapper

NIST AI RMF ↔ EU AI Act

RMFMapper produces a cross-map between NIST AI RMF (GOVERN/MAP/MEASURE/MANAGE) and EU AI Act articles, enabling US-and-EU dual-compliance evidence. Demand-gated: it gets built when a named user asks for it. No scheduled date.

In development

Cross-Framework Coverage

One evidence workflow. Many jurisdictions.

Our tools cross-map to the major AI regulations worldwide, so one evidence artefact can satisfy obligations in multiple jurisdictions.

PrimaryEnforced

EU AI Act

The world's first comprehensive AI regulation. Phased enforcement 2024–2028.

Articles 4, 5, 9, 10, 13, 15, 53, 72

Up to €35M or 7% of global annual turnover (whichever is higher)

US FederalVoluntary

NIST AI RMF

Voluntary framework; US federal agency AI use is governed by OMB M-25-21. De facto standard for US enterprise AI.

Govern · Map · Measure · Manage

EO 14179 · OMB M-25-21

InternationalProcurement gate

ISO/IEC 42001:2023

AI Management System standard. Certification increasingly required for enterprise procurement.

38 Annex A controls

Supports EU AI Act Art. 17 (QMS)

CanadaNo active law

Canada AIDA

Bill C-27 (which contained AIDA) died at the January 2025 prorogation of Parliament. No active federal AI statute as of July 2026.

Watch for reintroduction

Status verified 2026-07-11

Design-Partner Pilots

Sigil: runtime governance, built with design partners

An exploration into runtime AI agent governance: policy enforcement, tamper-evident audit logs, and compliance evidence for EU AI Act Articles 14 and 17, cross-mapped to NIST AI RMF and ISO/IEC 42001. Runs as fixed-scope design-partner pilots; the pilots decide the delivery model. Early access by enquiry.

Articles 14, 17Runtime GovernanceNIST AI RMFISO/IEC 42001

We are exploring runtime governance for EU AI Act Articles 14 and 17: human-oversight controls in operation, and quality management evidence generated from real system behaviour. The work runs as fixed-scope pilots with a small number of design partners. Those pilots decide what Sigil becomes, including whether it runs in your infrastructure or as a managed service.

Pricing. We're finalising pricing with design-partner customers. Early-access participants help shape the tiers and get founding-customer terms.

Want to shape Sigil?

We are recruiting a small number of design-partner teams. If you are building high-risk AI systems and want runtime governance aligned to EU AI Act Articles 14 & 17, get in touch about a fixed-scope pilot.

Request Early Access

These tools answer specific obligations. For programme-level regulatory design across an AI portfolio, the sister practice is at askajay.ai →