ai-act-skill
AI製品チームやエンジニアが、EU AI法に基づくAIシステムのリスクレベル(禁止、高リスク、限定、最小、GPAI)を迅速に分類し、対応するコンプライアンス義務を明確にするのに役立ちます。法律条項を手動で確認する時間を大幅に節約し、違反により最大3500万ユーロまたは全世界年間売上高の7%の罰金に直面するリスクを軽減します。特に、AIシステムをEU市場に投入する必要がある提供者、展開者、コンプライアンスアドバイザーに適しています。
git clone https://github.com/morellid/ai-act-skill.gitBefore / After 効果比較
1 组EU AI法の200ページ以上のテキストを手動でめくり、システムの特徴を一つ一つ比較するのに約30分かかり、重要な条項を見逃しやすい。
このスキルを使用してリスク分類ロジックを自動的に一致させると、5分以内に予備的な分類結果と義務リストが得られ、精度が大幅に向上します。
name: ai-act-compliance description: Supports compliance with the EU Artificial Intelligence Act (Regulation (EU) 2024/1689). Use when the user needs to classify an AI system under the AI Act risk categories (prohibited, high-risk, limited, minimal, GPAI), check provider or deployer obligations for high-risk systems, evaluate GPAI model obligations including systemic risk thresholds, verify transparency obligations under Article 50, or run a fundamental rights impact assessment (FRIA) under Article 27. Target users are AI system providers, deployers, importers, distributors, EU consultants on AI compliance, and engineers building AI products for the EU market. license: MIT
AI Act Compliance
EU Regulation 2024/1689 — practical compliance support for AI providers, deployers, and consultants.
When to use this skill
Use when someone needs to:
- Classify an AI system or model under the AI Act (in scope? prohibited? high-risk? limited risk? minimal? GPAI? GPAI with systemic risk?)
- Identify the role(s) the organisation plays (provider, deployer, importer, distributor)
- Check obligations applicable to a high-risk system as provider (Articles 8–22)
- Check obligations applicable to a high-risk system as deployer (Articles 26–27, including FRIA)
- Check obligations applicable to a GPAI model provider (Articles 51–55)
- Verify transparency obligations under Article 50 (chatbots, synthetic content, emotion recognition, biometric categorisation, deepfakes)
- Map applicable dates of application for the specific system or role
Do not use when the user asks for:
- Legal advice on a specific case (this needs an EU AI lawyer with case-specific knowledge)
- Pre-existing legal opinions on national implementation in a specific Member State (rules will be added by national supervisory authorities; not yet finalised in many countries as of 2026)
- Drafting of EU-AI-Act-conformity declarations (CE marking) — the skill structures the documentation but does not produce the final signed document
- Compliance with sector-specific regimes that interact with the AI Act (e.g., Medical Devices Regulation, automotive type-approval) — these need dedicated skills
Disclaimer
This skill is a support tool for compliance work, not a substitute for qualified legal or technical counsel. The AI Act is recent legislation with phased application (most obligations between 2 February 2025 and 2 August 2027) and the harmonised standards under preparation by CEN-CENELEC JTC 21 are not yet published. Outputs require review by competent counsel and, for high-risk systems, by a notified body where applicable. Penalties under Article 99 reach EUR 35 million or 7% of total worldwide annual turnover for prohibited-practice violations.
Pending: Digital Omnibus on AI. Provisional political agreement reached on 7 May 2026 between the European Parliament and the Council on the Commission's 19 November 2025 proposal. The agreement: (i) shifts high-risk obligations to 2 December 2027 (Annex III stand-alone systems and Article 50 transparency) and 2 August 2028 (Annex I embedded safety components); (ii) adds a new Article 5 prohibition on AI systems generating non-consensual intimate imagery ("nudifier apps") and CSAM, with 2 December 2026 compliance once in force; (iii) narrows the "safety component" definition (excludes assistive or performance-optimising AI from Annex I high-risk); (iv) extends SME exemptions to small mid-cap enterprises; (v) streamlines GPAI enforcement through the EU AI Office. Formal adoption and OJ publication are pending (co-legislator target: before 2 August 2026). Until OJ publication, the binding deadlines remain the original Article 113 calendar and the new Article 5 prohibition is not yet in force. Article 4 (AI literacy) and the existing Article 5 prohibitions — in force since 2 February 2025 — and Chapter V GPAI obligations — in force since 2 August 2025 — are not affected. Skill outputs should mention the pending change whenever 2 August 2026 high-risk or Article 50 deadlines are cited, and flag systems that may fall under the future nudifier/CSAM prohibition.
Sub-tasks
Based on the user's request, load the relevant task file:
- System classification: user asks "is my system in scope? what category? am I a provider or deployer?" — read
tasks/classify-system.md. Always start here unless classification is already established. - Prohibited practices check: user wants to verify no Article 5 prohibition is triggered — read
tasks/check-prohibited-practices.md - High-risk provider obligations: classified high-risk + role is provider — read
tasks/check-high-risk-provider.md - High-risk deployer obligations: classified high-risk + role is deployer (incl. FRIA) — read
tasks/check-deployer-obligations.md - GPAI provider obligations: providing a general-purpose AI model — read
tasks/check-gpai-provider.md - Transparency obligations (Article 50): any AI system interacting with humans / generating synthetic content — read
tasks/check-transparency.md
If the request is generic ("help me with the AI Act"), start with classification.
General process
- Identify the user's role(s) and system(s).
- Run classification first (
classify-system.md) unless explicitly stated. - Based on classification, route to the relevant obligations task.
- For each obligation, capture: applicable? met? gap analysis? remediation steps?
- Always include applicable dates of application (the AI Act phases obligations; some rules already in force, others up to August 2027). Where the cited deadline is one that the Digital Omnibus on AI (provisional political agreement 7 May 2026, formal adoption pending) would shift — i.e., 2 August 2026 high-risk Annex III and Article 50 transparency, and 2 August 2027 Annex I embedded — flag the pending move to 2 December 2027 / 2 August 2028 in the output. If the system might fall under the agreed-but-not-yet-in-force prohibition on non-consensual intimate imagery / CSAM (compliance deadline 2 December 2026 once published in the OJ), flag that too.
- Conclude with the appropriate disclaimer and a call to legal review.
Sources
Authoritative references in references/sources.yaml. Primary:
- Regulation (EU) 2024/1689 (the AI Act) — Articles cited: 3, 5, 6, 9, 10, 14, 15, 16, 22, 26, 27, 50, 51, 53, 55, 99; Annex III
- GPAI Code of Practice (final version July 2025) — voluntary tool to demonstrate compliance with Article 53
- Commission Guidelines on the scope of obligations for providers of GPAI models (July 2025)
- CEN-CENELEC JTC 21 — harmonised standards under preparation (track the published list at https://digital-strategy.ec.europa.eu/en/policies/ai-act-standardisation)
Pending (track, treat as indicative until finalised):
- Commission draft Article 50 transparency guidelines (8 May 2026, public consultation until 3 June 2026) —
sources.yamlidec-art50-transparency-guidelines-draft-2026. Will become the authoritative Commission interpretation of Article 50 once final; promote to a primary source with a textual extract at that point. - Commission draft guidelines on the classification of high-risk AI systems (19 May 2026, public consultation until 23 June 2026) —
sources.yamlidec-high-risk-classification-guidelines-draft-2026. Required by Article 96 AI Act. Will become the authoritative Commission interpretation of Article 6 and Annex III (safety-component test, Annex III use-case examples, Art. 6(3) derogation) once final; promote to a primary source with a textual extract at that point.
Textual extracts of the cited articles in references/extracts/.
Limits
This skill does NOT:
- Replace legal counsel or notified body conformity assessment.
- Produce signed conformity declarations or CE marking documentation ready for submission.
- Cover Member State-specific national implementing measures (e.g., national AI authorities' guidance, where relevant).
- Cover sector regimes interacting with the AI Act (medical devices, automotive type-approval, financial services AI use cases under existing sectoral regulation).
- Track post-2026 jurisprudence and Commission delegated/implementing acts in real time — the user must verify the date of last update of
references/sources.yaml. - Replicate the EU Commission's official Compliance Checker at the AI Act Service Desk (https://ai-act-service-desk.ec.europa.eu/) — for authoritative self-assessment, use that tool.
Every output requires review by qualified counsel before adoption or filing.
--- README.md ---
AI Act Compliance Skill
An agent skill for compliance work on Regulation (EU) 2024/1689 — the EU Artificial Intelligence Act. Compatible with Anthropic Claude Code, OpenAI Codex, and any AGENTS.md-aware coding agent (Cursor, Windsurf, GitHub Copilot, Devin, Amp).
Status: v0.1.0-alpha — public, usable, seeking validators. The content is grounded in the Official Journal text and the 2025 Commission guidelines, but external review is wide open. If you are a compliance officer, EU AI law expert, or engineering lead with hands-on AI Act experience: please open issues, suggest corrections, or email
ai@davidemorelli.it. Acknowledged contributors get credit in the README and a citation when the skill ships v0.1.0 stable.Pending: Digital Omnibus on AI. A provisional political agreement between the European Parliament and the Council was reached on 7 May 2026 on the Commission's 19 November 2025 proposal. The agreement confirms 2 December 2027 for stand-alone high-risk (Annex III) systems and Article 50 transparency, and 2 August 2028 for high-risk safety components of Annex I products. It also adds a new Article 5 prohibition on AI systems generating non-consensual intimate imagery (so-called "nudifier apps") and child sexual abuse material, with a compliance deadline of 2 December 2026 once in force. Co-legislators target formal adoption before 2 August 2026. Until publication in the Official Journal, the legally binding deadlines remain the original Article 113 calendar and the new prohibition is not yet in force. Article 4 (AI literacy) and the existing Article 5 prohibitions — in force since 2 February 2025 — and Chapter V GPAI obligations — in force since 2 August 2025 — are not affected.
Looking for validators
Specifically, we are interested in feedback on:
- Article 5 borderlines: workplace emotion recognition, biometric categorisation carve-outs, real-time RBI law-enforcement exceptions
- Annex III scope edges: where high-risk classification is ambiguous in real systems
- Article 27 FRIA: who has actually drafted one for a public-sector deployer; what worked, what did not
- GPAI thresholds: how the 10²⁵ FLOPs criterion is being interpreted for fine-tuned and downstream-adapted models
- Article 50 transparency: implementation patterns for chatbot disclosure, synthetic-content marking, deep-fake notices
Open an issue at https://github.com/morellid/ai-act-skill/issues, or send a private note to ai@davidemorelli.it.
What is this?
A self-contained agent skill that helps compliance teams, AI engineers, and consultants run common tasks on the EU AI Act:
- Classify an AI system or model (in scope? prohibited? high-risk? limited? GPAI? systemic risk?)
- Identify roles (provider, deployer, importer, distributor)
- Check provider obligations for high-risk systems (Articles 8–22)
- Check deployer obligations including the Fundamental Rights Impact Assessment / FRIA (Articles 26–27)
- Check GPAI provider obligations (Articles 51–55)
- Verify transparency obligations under Article 50 (chatbots, synthetic content, deepfakes)
Installation
The repository is the skill. Drop it into your agent's skills directory. The skill follows the SKILL.md + frontmatter convention used by both Claude Code and Codex.
| Agent | Skills directory |
|---|---|
| Anthropic Claude Code | ~/.claude/skills/ai-act-compliance/ |
| OpenAI Codex | ~/.agents/skills/ai-act-compliance/ |
Option A — install via the helper script (Claude Code / Codex only)
git clone https://github.com/morellid/ai-act-skill.git
cd ai-act-skill
./install.sh # default: Claude Code
./install.sh --target codex # Codex only
./install.sh --target both # both agents
./install.sh --force --target both # replace existing installs without prompting
The script symlinks the repository into the chosen native target(s) by default (so git pull upgrades the installed skill in place). Set INSTALL_MODE=copy for a snapshot copy.
This helper is for native Claude Code / Codex skill installs. If you want to vendor the repo into a project for Cursor, Windsurf, GitHub Copilot, Devin, Amp, or another AGENTS.md-aware harness, use Option D. A custom-path run such as ./install.sh /path/to/project/.vendor/ai-act-skill only copies/symlinks the repo; it does not create the project-local AGENTS.md pointer or per-agent adapter files.
Option B — clone directly into the skills directory
# Claude Code
git clone https://github.com/morellid/ai-act-skill.git ~/.claude/skills/ai-act-compliance
# Codex
git clone https://github.com/morellid/ai-act-skill.git ~/.agents/skills/ai-act-compliance
Option C — Codex $skill-installer
Inside a Codex session:
$skill-installer https://github.com/morellid/ai-act-skill
Option D — use from another agent (Cursor, Windsurf, GitHub Copilot, Devin, Amp, …)
Many agents read AGENTS.md natively (60 000+ repositories already do; the format is governed by the Linux Foundation Agentic AI Foundation). For those agents, vendor this skill into your own project and add a short pointer in your project's AGENTS.md:
# In YOUR project repository:
git submodule add https://github.com/morellid/ai-act-skill.git .vendor/ai-act-skill
Then add to your project's AGENTS.md:
## EU AI Act compliance
When the user asks AI Act questions, walk through the tasks at
`.vendor/ai-act-skill/tasks/` (classify first, then check prohibitions,
then route to provider/deployer/GPAI/transparency). Source extracts at
`.vendor/ai-act-skill/references/extracts/`. Cite articles precisely;
always close with the "support tool, not legal advice" disclaimer.
For per-agent adapters (Cursor MDC rule, GitHub Copilot instructions), see adapters/ in this repository.
Option E — download a release zip
mkdir -p ~/.claude/skills # or ~/.agents/skills for Codex
curl -L https://github.com/m
...
ユーザーレビュー (0)
レビューを書く
レビューなし
統計データ
ユーザー評価
この Skill を評価