A

ai-act-skill

by @morellidv
4.0(20)

帮助AI产品团队和工程师快速分类AI系统在欧盟AI法案下的风险等级(禁止、高风险、有限、最小、GPAI)并明确相应合规义务。节省大量人工查阅法条的时间,降低因违规面临的最高3500万欧元或7%全球年营业额罚款风险,尤其适合需要将AI系统投放欧盟市场的提供者、部署者及合规顾问。

euaiactcomplianceai-regulationrisk-classificationlegal-techGitHub
安装方式
git clone https://github.com/morellid/ai-act-skill.git
compare_arrows

Before / After 效果对比

1
使用前

手动翻阅欧盟AI法案200+页文本,逐条对比系统特征,耗时约30分钟,容易遗漏关键条款。

使用后

使用该技能自动匹配风险分类逻辑,5分钟内获得初步分类结果及义务清单,准确率大幅提升。

SKILL.md

name: ai-act-compliance description: Supports compliance with the EU Artificial Intelligence Act (Regulation (EU) 2024/1689). Use when the user needs to classify an AI system under the AI Act risk categories (prohibited, high-risk, limited, minimal, GPAI), check provider or deployer obligations for high-risk systems, evaluate GPAI model obligations including systemic risk thresholds, verify transparency obligations under Article 50, or run a fundamental rights impact assessment (FRIA) under Article 27. Target users are AI system providers, deployers, importers, distributors, EU consultants on AI compliance, and engineers building AI products for the EU market. license: MIT

AI Act Compliance

EU Regulation 2024/1689 — practical compliance support for AI providers, deployers, and consultants.

When to use this skill

Use when someone needs to:

  • Classify an AI system or model under the AI Act (in scope? prohibited? high-risk? limited risk? minimal? GPAI? GPAI with systemic risk?)
  • Identify the role(s) the organisation plays (provider, deployer, importer, distributor)
  • Check obligations applicable to a high-risk system as provider (Articles 8–22)
  • Check obligations applicable to a high-risk system as deployer (Articles 26–27, including FRIA)
  • Check obligations applicable to a GPAI model provider (Articles 51–55)
  • Verify transparency obligations under Article 50 (chatbots, synthetic content, emotion recognition, biometric categorisation, deepfakes)
  • Map applicable dates of application for the specific system or role

Do not use when the user asks for:

  • Legal advice on a specific case (this needs an EU AI lawyer with case-specific knowledge)
  • Pre-existing legal opinions on national implementation in a specific Member State (rules will be added by national supervisory authorities; not yet finalised in many countries as of 2026)
  • Drafting of EU-AI-Act-conformity declarations (CE marking) — the skill structures the documentation but does not produce the final signed document
  • Compliance with sector-specific regimes that interact with the AI Act (e.g., Medical Devices Regulation, automotive type-approval) — these need dedicated skills

Disclaimer

This skill is a support tool for compliance work, not a substitute for qualified legal or technical counsel. The AI Act is recent legislation with phased application (most obligations between 2 February 2025 and 2 August 2027) and the harmonised standards under preparation by CEN-CENELEC JTC 21 are not yet published. Outputs require review by competent counsel and, for high-risk systems, by a notified body where applicable. Penalties under Article 99 reach EUR 35 million or 7% of total worldwide annual turnover for prohibited-practice violations.

Pending: Digital Omnibus on AI. Provisional political agreement reached on 7 May 2026 between the European Parliament and the Council on the Commission's 19 November 2025 proposal. The agreement: (i) shifts high-risk obligations to 2 December 2027 (Annex III stand-alone systems and Article 50 transparency) and 2 August 2028 (Annex I embedded safety components); (ii) adds a new Article 5 prohibition on AI systems generating non-consensual intimate imagery ("nudifier apps") and CSAM, with 2 December 2026 compliance once in force; (iii) narrows the "safety component" definition (excludes assistive or performance-optimising AI from Annex I high-risk); (iv) extends SME exemptions to small mid-cap enterprises; (v) streamlines GPAI enforcement through the EU AI Office. Formal adoption and OJ publication are pending (co-legislator target: before 2 August 2026). Until OJ publication, the binding deadlines remain the original Article 113 calendar and the new Article 5 prohibition is not yet in force. Article 4 (AI literacy) and the existing Article 5 prohibitions — in force since 2 February 2025 — and Chapter V GPAI obligations — in force since 2 August 2025 — are not affected. Skill outputs should mention the pending change whenever 2 August 2026 high-risk or Article 50 deadlines are cited, and flag systems that may fall under the future nudifier/CSAM prohibition.

Sub-tasks

Based on the user's request, load the relevant task file:

If the request is generic ("help me with the AI Act"), start with classification.

General process

  1. Identify the user's role(s) and system(s).
  2. Run classification first (classify-system.md) unless explicitly stated.
  3. Based on classification, route to the relevant obligations task.
  4. For each obligation, capture: applicable? met? gap analysis? remediation steps?
  5. Always include applicable dates of application (the AI Act phases obligations; some rules already in force, others up to August 2027). Where the cited deadline is one that the Digital Omnibus on AI (provisional political agreement 7 May 2026, formal adoption pending) would shift — i.e., 2 August 2026 high-risk Annex III and Article 50 transparency, and 2 August 2027 Annex I embedded — flag the pending move to 2 December 2027 / 2 August 2028 in the output. If the system might fall under the agreed-but-not-yet-in-force prohibition on non-consensual intimate imagery / CSAM (compliance deadline 2 December 2026 once published in the OJ), flag that too.
  6. Conclude with the appropriate disclaimer and a call to legal review.

Sources

Authoritative references in references/sources.yaml. Primary:

  • Regulation (EU) 2024/1689 (the AI Act) — Articles cited: 3, 5, 6, 9, 10, 14, 15, 16, 22, 26, 27, 50, 51, 53, 55, 99; Annex III
  • GPAI Code of Practice (final version July 2025) — voluntary tool to demonstrate compliance with Article 53
  • Commission Guidelines on the scope of obligations for providers of GPAI models (July 2025)
  • CEN-CENELEC JTC 21 — harmonised standards under preparation (track the published list at https://digital-strategy.ec.europa.eu/en/policies/ai-act-standardisation)

Pending (track, treat as indicative until finalised):

  • Commission draft Article 50 transparency guidelines (8 May 2026, public consultation until 3 June 2026) — sources.yaml id ec-art50-transparency-guidelines-draft-2026. Will become the authoritative Commission interpretation of Article 50 once final; promote to a primary source with a textual extract at that point.
  • Commission draft guidelines on the classification of high-risk AI systems (19 May 2026, public consultation until 23 June 2026) — sources.yaml id ec-high-risk-classification-guidelines-draft-2026. Required by Article 96 AI Act. Will become the authoritative Commission interpretation of Article 6 and Annex III (safety-component test, Annex III use-case examples, Art. 6(3) derogation) once final; promote to a primary source with a textual extract at that point.

Textual extracts of the cited articles in references/extracts/.

Limits

This skill does NOT:

  • Replace legal counsel or notified body conformity assessment.
  • Produce signed conformity declarations or CE marking documentation ready for submission.
  • Cover Member State-specific national implementing measures (e.g., national AI authorities' guidance, where relevant).
  • Cover sector regimes interacting with the AI Act (medical devices, automotive type-approval, financial services AI use cases under existing sectoral regulation).
  • Track post-2026 jurisprudence and Commission delegated/implementing acts in real time — the user must verify the date of last update of references/sources.yaml.
  • Replicate the EU Commission's official Compliance Checker at the AI Act Service Desk (https://ai-act-service-desk.ec.europa.eu/) — for authoritative self-assessment, use that tool.

Every output requires review by qualified counsel before adoption or filing.

--- README.md ---

AI Act Compliance Skill

An agent skill for compliance work on Regulation (EU) 2024/1689 — the EU Artificial Intelligence Act. Compatible with Anthropic Claude Code, OpenAI Codex, and any AGENTS.md-aware coding agent (Cursor, Windsurf, GitHub Copilot, Devin, Amp).

Status: v0.1.0-alpha — public, usable, seeking validators. The content is grounded in the Official Journal text and the 2025 Commission guidelines, but external review is wide open. If you are a compliance officer, EU AI law expert, or engineering lead with hands-on AI Act experience: please open issues, suggest corrections, or email ai@davidemorelli.it. Acknowledged contributors get credit in the README and a citation when the skill ships v0.1.0 stable.

Pending: Digital Omnibus on AI. A provisional political agreement between the European Parliament and the Council was reached on 7 May 2026 on the Commission's 19 November 2025 proposal. The agreement confirms 2 December 2027 for stand-alone high-risk (Annex III) systems and Article 50 transparency, and 2 August 2028 for high-risk safety components of Annex I products. It also adds a new Article 5 prohibition on AI systems generating non-consensual intimate imagery (so-called "nudifier apps") and child sexual abuse material, with a compliance deadline of 2 December 2026 once in force. Co-legislators target formal adoption before 2 August 2026. Until publication in the Official Journal, the legally binding deadlines remain the original Article 113 calendar and the new prohibition is not yet in force. Article 4 (AI literacy) and the existing Article 5 prohibitions — in force since 2 February 2025 — and Chapter V GPAI obligations — in force since 2 August 2025 — are not affected.

Looking for validators

Specifically, we are interested in feedback on:

  • Article 5 borderlines: workplace emotion recognition, biometric categorisation carve-outs, real-time RBI law-enforcement exceptions
  • Annex III scope edges: where high-risk classification is ambiguous in real systems
  • Article 27 FRIA: who has actually drafted one for a public-sector deployer; what worked, what did not
  • GPAI thresholds: how the 10²⁵ FLOPs criterion is being interpreted for fine-tuned and downstream-adapted models
  • Article 50 transparency: implementation patterns for chatbot disclosure, synthetic-content marking, deep-fake notices

Open an issue at https://github.com/morellid/ai-act-skill/issues, or send a private note to ai@davidemorelli.it.

What is this?

A self-contained agent skill that helps compliance teams, AI engineers, and consultants run common tasks on the EU AI Act:

  • Classify an AI system or model (in scope? prohibited? high-risk? limited? GPAI? systemic risk?)
  • Identify roles (provider, deployer, importer, distributor)
  • Check provider obligations for high-risk systems (Articles 8–22)
  • Check deployer obligations including the Fundamental Rights Impact Assessment / FRIA (Articles 26–27)
  • Check GPAI provider obligations (Articles 51–55)
  • Verify transparency obligations under Article 50 (chatbots, synthetic content, deepfakes)

Installation

The repository is the skill. Drop it into your agent's skills directory. The skill follows the SKILL.md + frontmatter convention used by both Claude Code and Codex.

AgentSkills directory
Anthropic Claude Code~/.claude/skills/ai-act-compliance/
OpenAI Codex~/.agents/skills/ai-act-compliance/

Option A — install via the helper script (Claude Code / Codex only)

git clone https://github.com/morellid/ai-act-skill.git
cd ai-act-skill
./install.sh                       # default: Claude Code
./install.sh --target codex        # Codex only
./install.sh --target both         # both agents
./install.sh --force --target both # replace existing installs without prompting

The script symlinks the repository into the chosen native target(s) by default (so git pull upgrades the installed skill in place). Set INSTALL_MODE=copy for a snapshot copy.

This helper is for native Claude Code / Codex skill installs. If you want to vendor the repo into a project for Cursor, Windsurf, GitHub Copilot, Devin, Amp, or another AGENTS.md-aware harness, use Option D. A custom-path run such as ./install.sh /path/to/project/.vendor/ai-act-skill only copies/symlinks the repo; it does not create the project-local AGENTS.md pointer or per-agent adapter files.

Option B — clone directly into the skills directory

# Claude Code
git clone https://github.com/morellid/ai-act-skill.git ~/.claude/skills/ai-act-compliance

# Codex
git clone https://github.com/morellid/ai-act-skill.git ~/.agents/skills/ai-act-compliance

Option C — Codex $skill-installer

Inside a Codex session:

$skill-installer https://github.com/morellid/ai-act-skill

Option D — use from another agent (Cursor, Windsurf, GitHub Copilot, Devin, Amp, …)

Many agents read AGENTS.md natively (60 000+ repositories already do; the format is governed by the Linux Foundation Agentic AI Foundation). For those agents, vendor this skill into your own project and add a short pointer in your project's AGENTS.md:

# In YOUR project repository:
git submodule add https://github.com/morellid/ai-act-skill.git .vendor/ai-act-skill

Then add to your project's AGENTS.md:

## EU AI Act compliance

When the user asks AI Act questions, walk through the tasks at
`.vendor/ai-act-skill/tasks/` (classify first, then check prohibitions,
then route to provider/deployer/GPAI/transparency). Source extracts at
`.vendor/ai-act-skill/references/extracts/`. Cite articles precisely;
always close with the "support tool, not legal advice" disclaimer.

For per-agent adapters (Cursor MDC rule, GitHub Copilot instructions), see adapters/ in this repository.

Option E — download a release zip

mkdir -p ~/.claude/skills    # or ~/.agents/skills for Codex
curl -L https://github.com/m

...

用户评价 (0)

发表评价

效果
易用性
文档
兼容性

暂无评价

统计数据

安装量3
评分4.0 / 5.0
版本
更新日期2026年7月3日
对比案例1 组

用户评分

4.0(20)
5
35%
4
35%
3
15%
2
10%
1
5%

为此 Skill 评分

0.0

兼容平台

🔧Manual

时间线

创建2026年7月3日
最后更新2026年7月3日
🎁 Agent 知识卡片
调研问卷