Back to Browse
Free
Server data from the Official MCP Registry
EU AI Act compliance — risk classification, audit, documentation, penalties by MEOK AI Labs
About
EU AI Act compliance — risk classification, audit, documentation, penalties by MEOK AI Labs
Security Report
3.2
Use Caution3.2High RiskThis MCP server provides EU AI Act compliance tools with reasonable authentication (optional API key with free tier), but has several moderate security concerns. The server makes unauthenticated HTTP calls to an external attestation API without validation, implements a simple in-memory rate limiter vulnerable to bypass, and attempts to import from a hard-coded local path that may not exist. The code lacks input validation on user-supplied descriptions and contains some error handling gaps. Permissions align with the server's compliance-checking purpose (network, environment variables, file I/O), but the missing API validation and external service calls introduce risk. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.
4 files analyzed · 13 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
How to Install
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-csoai-org-eu-ai-act-compliance-mcp": {
"args": [
"-y",
"eu-ai-act-compliance-mcp"
],
"command": "npx"
}
}
}Documentation
View on GitHubFrom the project's GitHub README.
EU AI Act Compliance MCP Server
The only MCP server that automates EU AI Act compliance checking.
Classify AI risk levels · Run 42-point compliance audits · Generate Article 11 documentation · Assess penalties · Track deadlines
Installation · Tools · Docs · Report Bug
Connect via MCPize
Use this MCP server instantly with no local installation:
npx -y mcpize connect @CSOAI-ORG/eu-ai-act-compliance --client claude
Or connect at: https://mcpize.com/mcp/eu-ai-act-compliance
Quick Start
pip install eu-ai-act-compliance-mcp
# or
npm install -g @meok-ai/eu-ai-act-compliance-mcp
Why This Exists
The EU AI Act (Reg 2024/1689) is now in force. Following the March 2026 Digital Omnibus vote, the timeline shifted:
- Article 50 transparency obligations: 2 November 2026 (was August 2026)
- Annex III high-risk systems: 2 December 2027 (was August 2026)
- Annex I high-risk systems: 2 August 2028 (was August 2027)
Penalties remain unchanged: up to €35M or 7% of global turnover.
Most teams are using PDF binders and Word checklists to track Article 6 risk classifications, Article 26(9) FRIA artifacts, and Article 50 disclosures. When a regulator asks "how do we know this artifact wasn't fabricated last week?", the answer today is "trust us".
This MCP turns Article 6 / 26(9) / 50 obligations into a single AI-agent-callable tool, signs each artifact with HMAC-SHA256, and gives you a verifiable URL the auditor can curl independently.
Real Usage Example
A German Mittelstand HR-tech firm needed to dry-run their Article 6 classification + Article 26(9) FRIA for a CV-screening AI. Their compliance lead installed this MCP into Claude Code:
pip install eu-ai-act-compliance-mcp
Then prompted Claude:
"Classify our CV-scoring product against EU AI Act Article 6. Treat it as Annex III (employment). Generate the risk-tier rationale and the high-risk obligations checklist. Then produce the Article 26(9) FRIA. Sign with the attestation API."
Result: 49-page audit pack with cryptographically verifiable HMAC-signed sections in ~14 hours of review time.
Traditional consulting estimate: 230 hours / £42-62K.
Saved: ~£40K and 4-5 weeks.
Tools
| Tool | Description |
|---|---|
classify_risk | Article 6 risk classification (minimal / limited / high / unacceptable) |
run_audit | 42-point compliance checklist against Annex I-IX |
generate_article_11 | Technical documentation template generator |
assess_penalties | Penalty exposure calculator (up to €35M or 7% global turnover) |
track_deadlines | Deadline tracker with countdown to key dates |
sign_artifact | HMAC-SHA256 attestation signing |
Pricing
| Tier | Price | What you get |
|---|---|---|
| Free | £0 | 10 calls/day — risk classification + audit |
| Pro | £199/mo | Unlimited calls + HMAC-signed attestations + public verify URLs |
| Enterprise | £1,499/mo | Multi-tenant + co-branded PDF reports + Trust Center webhooks |
| One-off assessment | £5,000 | 48h bespoke audit + signed deliverable |
→ Subscribe to Pro · Enterprise · Book assessment
Attestation API
Every Pro/Enterprise audit produces a cryptographically signed certificate:
POST https://meok-attestation-api.vercel.app/sign
→ { cert_id, verify_url, hmac_sha256, valid_until }
Verify any certificate: https://meok-attestation-api.vercel.app/verify/{cert_id}
Or install the zero-dep verifier: pip install meok-attestation-verify
Star History
Support & Enterprise
- GitHub Discussions
- Report Issues
- Enterprise support: nicholas@csoai.org
- Website: meok.ai
- All MCP servers: meok.ai/labs/mcp/servers
- Attestation API: meok-attestation-api.vercel.app
License
MIT © CSOAI
Reviews
No reviews yet
Be the first to review this server!
More Security MCP Servers
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
137
Stars
435
Installs
8.0
Security
4.8
Local
mcp-creator-python
Freeby mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
-
Stars
59
Installs
10.0
Security
5.0
Local
MarkItDown
Freeby Microsoft · Content & Media
Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption
120.0K
Stars
17
Installs
6.0
Security
5.0
Local