RiskForge
Guided 8-dimension risk assessment CLI with 50+ questions drawn from EU AI Act Article 9 requirements, Annex III pattern matching, and SHA-256 hash-chained audit trail. Produces a legally-defensible Risk Management File (JSON + PDF) that satisfies Annex IV documentation requirements, in approximately 30 minutes instead of weeks of consulting work.
RiskForge is Apache 2.0, free to use commercially, with zero telemetry. Source: Regulation (EU) 2024/1689 (Article 9).
Why RiskForge exists
Risk management system
Article 9 becomes enforceable on 2 August 2026 for high-risk AI systems and requires a documented, lifecycle-long risk management system — not a one-time assessment. Failure to maintain it routes through the Article 16 provider obligations and is sanctionable up to €15M or 3% of global annual turnover under Article 99(4). The operational consequence is that risk management must produce versioned, reviewable artefacts mapped to identified hazards, with testing evidence sufficient to defend the residual-risk judgement.
When the findings land on a governance desk
Tools surface problems. Programmes solve them.
RiskForge produces audit-ready evidence. The next step — programme design, board narrative, regulator engagement — is the surface AskAjay covers, the advisory arm of AI Exponent LLC.
Explore advisory at AskAjay.ai →Other AiExponent flagship tools