report
euconform.report.v1
verified
7 compliance areasok
5 gapsok
4 open questionsok
EC
EuConform
Evidence infrastructure
Open specification for AI Act evidence
European AI compliance deserves infrastructure, not black boxes.
EuConform builds structured evidence for European AI systems. Scan a real codebase, verify the bundle, and inspect the same artifacts in the browser. The EuConform format is the open specification that makes those artifacts portable, machine-readable, and verifiable.
Offline-first evidence for local and sensitive AI systems
Open specification instead of compliance black boxes
Integrity-aware bundles that can be verified before handoff
EuConform Assembly
aibom
euconform.aibom.v1
verified
3 inference modesok
components + capabilitiesok
inventory layerok
ci
euconform.ci.v1
verified
fail thresholdsok
top gapsok
automation-friendlyok
bundle
euconform.bundle.v1
verified
sha256 hashesok
transport manifestok
verify-readyok
Why this exists
PDFs, screenshots, and proprietary dashboards are a weak foundation for AI Act evidence.
We think AI compliance work should be inspectable, versionable, and shareable across tools. EuConform is built for teams that run local models, sensitive workflows, or European deployments and want technical evidence that stays legible outside of one vendor UI.
Mission
Built in Europe, for the teams the AI Act actually touches.
EuConform exists because serious AI governance should not be locked behind enterprise consulting contracts. We are building open, inspectable evidence infrastructure so European teams of any size can meet the AI Act with clarity instead of fear — and so independent auditors, regulators, and communities can verify what was actually built.
For European teams
Sovereign evidence that stays on your infrastructure. No telemetry, no vendor lock-in, no data leaving the systems under review.
For the long tail
Startups, public sector, Mittelstand — the AI Act applies to you too. The EuConform format is designed to be adoptable without a Big-Four compliance budget.
For the ecosystem
An open spec means other tools, auditors, and researchers can build on top. Evidence should travel across vendors, not be owned by one.
How it works
A builder workflow, not a brochure workflow.
EuConform is organized around one path: scan implementation evidence, verify the artifact set, then review it in context. The result is a protocol for structured AI evidence, not a polished spreadsheet hidden behind a marketing page.
Scan a real codebase
Generate structured artifacts from implementation evidence instead of relying on questionnaires alone.
Verify the bundle
Check hashes, schemas, and metadata consistency before handing evidence to CI, auditors, or collaborators.
Review in context
Inspect the same artifacts in the browser and continue with human classification where legal interpretation still matters.
Bias Testing
The open-source bias testing pipeline built for the AI Act.
EuConform includes a CrowS-Pairs bias testing pipeline that runs entirely offline. Measure social bias in language models with log-probability scoring — no proprietary tool, no cloud dependency, auditable results.
CrowS-Pairs
Scientifically grounded methodology (Nangia et al., 2020) for measuring stereotypical bias in language models.
~100 German Pairs
Culturally adapted for the German and European context — filling a gap that US-centric benchmarks leave open.
Log-Probability Scoring
Gold-standard metric comparing token probabilities between stereotypical and anti-stereotypical sentences.
The Format
A protocol stack for AI Act evidence, not just an AI BOM.
AI BOM matters, but it is only one layer. The EuConform format ties inventory, compliance evidence, CI enforcement, and integrity-aware transport into one format family that can move between scanners, pipelines, viewers, and downstream tools.
Inventory
AI BOM
Maps models, runtimes, providers, retrieval layers, and technical capabilities into one machine-readable AI inventory.
- components, sources, and runtime hintsactive
- capability flags for bias evaluation, exports, logging, and incidentsactive
Evidence
Report
Turns scanner findings into compliance signals, gaps, open questions, and prioritized recommendations for human review.
- 7 compliance areasactive
- gaps, confidence levels, and assessment hintsactive
Gate
CI
Adds a lightweight enforcement layer so repositories can fail or warn on evidence thresholds in automation.
- gap counts and thresholdsactive
- builder-friendly CI summariesactive
Transport
Bundle
Packages artifact sets into a verifiable manifest with SHA-256 hashes so evidence stays portable and integrity-aware.
- manifest plus ZIP wrapperactive
- hashes and metadata consistency checksactive
AI Act context
What the AI Act asks for — and where the EuConform format plugs in.
The EU AI Act stages obligations across several years and distinguishes between Providers, Deployers, Importers, and Distributors. Most of those obligations eventually need technical evidence: inventories, documentation, logs, incident records, and proof of oversight. The EuConform format focuses on the parts that can be generated from code, configuration, and runtime signals — so the human interpretation can start from something concrete.
Provider
Develops or places an AI system on the EU market under its own name. Bears most of the documentation, risk-management, and conformity obligations.
EuConform — AI BOM + Report carry the inventory and implementation evidence. Bundle makes handoff to notified bodies verifiable.
Deployer
Uses an AI system under its own authority — e.g. a company integrating a third-party model. Responsible for oversight, record-keeping, and use-context disclosure.
EuConform — Report flags transparency, logging, and oversight signals. CI enforces evidence thresholds in internal pipelines.
Importer / Distributor
Places AI systems from outside the EU onto the market or makes them available. Must verify that providers have documented the system adequately.
EuConform — Verifiable Bundle with SHA-256 integrity lets partners audit what was actually shipped, without trusting a PDF.
the EuConform format does not replace legal advice. It structures technical evidence so that humans — engineering, compliance, legal — can review AI systems with less guesswork.
Principles
Open-source evidence infrastructure needs an explicit point of view.
EuConform is not trying to automate legal judgment away. It tries to make technical evidence clearer, more portable, and harder to fake. That distinction matters for trust, especially in Europe.
Human review should be strengthened by evidence, not replaced by a confident dashboard.
Machine-readable over PDF-first
Evidence should be versioned, diffable, and inspectable by tools before it turns into a document for humans.
Open by construction
the EuConform format is an open specification, not a walled garden. Artifacts are meant to travel beyond one product.
Human review stays in the loop
EuConform produces technical evidence, not automated legal verdicts. Ambiguity remains visible instead of being hidden.
Try the format
A clear golden path for OSS builders and early adopters.
The shortest serious path today is to run the CLI locally, generate a bundle, verify it, and inspect the artifacts in the viewer. No cloud account and no hidden pipeline required.
# Scan your project (no install needed) npx @euconform/cli scan ./your-project \ --scope production \ --output ./.euconform \ --zip # Verify the bundle integrity npx @euconform/cli verify ./.euconform/euconform.bundle.json # Or install globally npm install -g @euconform/cli euconform scan ./your-project --zip
What this demonstrates
- Real codebase scan instead of synthetic example JSON.
- Bundle generation plus integrity verification.
- Direct bridge into the EuConform web viewer.
Where to go next
Reference projects
Small enough to understand, real enough to prove the workflow.
These examples are not decorative demos. They exist to prove that the EuConform format is usable outside the EuConform internals and to give builders a fast path into `scan → verify → view`.
Example
Ollama Chatbot
Local inference, disclosure hooks, export flows, and verify-ready bundles for a compact but realistic chat surface.
Example
RAG Assistant
Retrieval workflows, vector storage, and local inference in a project that demonstrates how the EuConform format handles AI systems with memory.