Metadata-Version: 2.4
Name: ai-regulation-scanner
Version: 1.0.0
Summary: Scan AI systems for EU/UK/NIST AI regulation compliance
Author-email: Ogulcan Aydogan <ogulcan@example.com>
License-Expression: Apache-2.0
Project-URL: Homepage, https://github.com/ogulcanaydogan/AI-Regulation-Compliance-Scanner
Project-URL: Documentation, https://github.com/ogulcanaydogan/AI-Regulation-Compliance-Scanner#readme
Project-URL: Repository, https://github.com/ogulcanaydogan/AI-Regulation-Compliance-Scanner
Project-URL: Issues, https://github.com/ogulcanaydogan/AI-Regulation-Compliance-Scanner/issues
Keywords: ai,compliance,eu-ai-act,regulation,governance,risk-management,fairness,explainability
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Legal Industry
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
Classifier: Topic :: Software Development :: Quality Assurance
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: pyyaml>=6.0
Requires-Dist: jinja2>=3.0
Requires-Dist: rich>=13.0
Provides-Extra: fairness
Requires-Dist: fairlearn>=0.9; extra == "fairness"
Requires-Dist: aif360>=0.6; extra == "fairness"
Provides-Extra: explainability
Requires-Dist: shap>=0.44; extra == "explainability"
Requires-Dist: lime>=0.2; extra == "explainability"
Provides-Extra: reports
Requires-Dist: weasyprint>=60.0; extra == "reports"
Requires-Dist: markdown>=3.5; extra == "reports"
Provides-Extra: all
Requires-Dist: ai-regulation-scanner[explainability,fairness,reports]; extra == "all"
Provides-Extra: dev
Requires-Dist: build>=1.2; extra == "dev"
Requires-Dist: pytest>=7.0; extra == "dev"
Requires-Dist: pytest-cov>=4.0; extra == "dev"
Requires-Dist: ruff>=0.1; extra == "dev"
Requires-Dist: mypy>=1.0; extra == "dev"
Dynamic: license-file

# AI Regulation Compliance Scanner

Open-source CLI to evaluate AI systems against **EU AI Act**, **UK AI principles**, and **NIST AI RMF**.

## v1.0 Scope

### Implemented

- Multi-regulation rule evaluation via YAML rule packs (`eu-ai-act`, `uk-ai`, `nist-rmf`)
- Structured system profile input (`--input` JSON/YAML)
- Compliance statuses per requirement: `pass`, `partial`, `fail`, `not_applicable`
- Gap scoring and recommendation generation
- Report outputs:
  - `text`
  - `json` (canonical machine-readable schema)
  - `html`
  - `pdf`
- CI quality gates:
  - `pytest -q`
  - `ruff check .`
  - `mypy scanner`
  - `python -m build`

### Out of Scope

- Automatic legal interpretation beyond rule-based checks
- Fairlearn/AIF360 and SHAP/LIME runtime integrations

## Install

```bash
pip install ai-regulation-scanner
```

For local development:

```bash
pip install -e '.[dev]'
```

## Quick Start

```bash
# Evaluate all supported regulations from a structured profile
ai-scan --input ./profile.yaml --regulation eu-ai-act,uk-ai,nist-rmf --format json --output ./report.json

# Render HTML report
ai-scan --input ./profile.yaml --regulation eu-ai-act,uk-ai --format html --output ./report.html

# Render PDF report
ai-scan --input ./profile.yaml --regulation eu-ai-act,uk-ai,nist-rmf --format pdf --output ./report.pdf
```

## Input Model (`--input`)

Supported extensions: `.json`, `.yaml`, `.yml`.

```yaml
metadata:
  system_name: "Example AI System"
  owner: "AI Governance"
description: "Clinical triage assistant"
use_case: "medical diagnosis support"
domain: "healthcare"
controls:
  risk_management_system: true
  data_governance: true
  technical_documentation: true
  human_oversight: false
evidence:
  - id: "ev-1"
    description: "Risk management plan and risk register"
    tags: ["risk management"]
  - "model card and technical documentation"
```

## CLI Contract

- `--regulation`: comma-separated values from `eu-ai-act,uk-ai,nist-rmf`
- `--format`: `text|json|html|pdf`
- `--output`: optional for text/json/html, required for pdf

### Exit Codes

- `0`: Minimal/limited risk category
- `1`: High-risk category
- `2`: Prohibited category
- `3`: Validation/runtime error (input/args/output)

## Canonical JSON Report Shape

Top-level keys:

- `metadata`
- `generated_at`
- `risk_assessment`
- `regulations`
- `summary_scores`
- `findings`
- `recommendations`
- `evidence_gaps`

## Release & Publishing

- GitHub Actions `CI` workflow enforces quality gates on PR/main.
- GitHub Actions `Release` workflow runs on `v*` tags.
- PyPI publish uses **Trusted Publishing** (`id-token: write`).
- Setup guide: [docs/pypi-trusted-publishing.md](docs/pypi-trusted-publishing.md)

## License

Apache 2.0 - See [LICENSE](LICENSE)

## Disclaimer

This tool provides compliance guidance only and does not constitute legal advice.
Always consult qualified legal counsel for regulatory decisions.
