● EU AI Act enforcement begins August 2, 2026● Fines up to €35M or 7% of global revenue● 78% of EU SaaS companies are non-compliant22 projects scanned● Scan your codebase in minutes
● EU AI Act enforcement begins August 2, 2026● Fines up to €35M or 7% of global revenue● 78% of EU SaaS companies are non-compliant22 projects scanned● Scan your codebase in minutes
01
EU AI Act compliance, automated

Ship AI
without the lawyers.

Upload your codebase or connect GitHub. Conformis scans every AI feature, classifies its risk under the EU AI Act, and generates audit-ready documentation — in minutes, not months.

━━ Free plan availableNo credit card3 scans/month free
conformis-report.pdf● ready
Article 11 · Technical Documentation
Risk Assessment
Report
System scannedpayments-api
AI features detected12
High-risk2
Limited-risk5
Generation time3m 14s
Audit-ready · GDPR compliant
€35M
Max fine — prohibited practices
Feb 2025
Prohibited practices already banned
22+
Projects scanned
5 min
Average scan time
The problem

Compliance is strangling your roadmap.

01

Manual audits cost €15,000 — and take six weeks.

By the time the consultant emails you the PDF, your AI feature has shipped twice and the doc is stale.

02

Enterprise procurement is a wall.

Every B2B deal now demands AI Act documentation. We've seen €200k contracts die over a missing checklist.

03

Regulations don't sit still.

AI Act, GDPR, NIS-2, DSA. One-shot compliance is obsolete the day you sign it. You need a system, not a document.

How Conformis works

Four steps. From codebase to regulator-ready.

01

Upload or connect

Zip your codebase and upload, or connect GitHub directly. Conformis runs inside an isolated EU-based container. No code leaves the EU.

python · typescript · javascript
02

Detection layer scans every line

AST parsing identifies every call to OpenAI, Anthropic, Google, HuggingFace, or your own ML models.

import analysis · inference detection
03

AI classifies the risk

Each detected feature is mapped against EU AI Act Annex III categories with plain-English rationale.

high-risk · limited-risk · minimal-risk
04

Documents generate themselves

Article 11 technical documentation with obligations, evidence, and next steps. Exportable as PDF.

ready for procurement · ready for audit
Local scan · zero upload

Your code never leaves your machine.

Would rather not upload a zip or grant repo access? conformis is a lightweight CLI that scans locally and transmits only the findings — never your source. Perfect for CI pipelines, regulated environments, or founders who'd rather keep everything on disk.

01

Install the CLI

One dependency, no config. Works anywhere Python 3.9+ runs — laptop, CI runner, air-gapped box.

$pip install conformis
02

Set your user id

Find your user id in the dashboard (top-right, under your name). Set it once as an environment variable.

$export CONFORMIS_USER_ID=user_xxxxxxxx
03

Scan your codebase

conformis walks your project locally with the same AST-based detector the platform uses — Python, JS/TS, package.json.

$conformis scan .
04

View results at your dashboard

The CLI prints a link straight to your readiness dashboard — same risk classification and gap analysis as a ZIP upload.

Full report: https://conformis.tech/readiness/482
✓ What's transmitted
  • File path (relative to scan root)
  • Line number and library name
  • A one-line code snippet and short description
✕ Never transmitted
  • Full source files or file contents
  • .env files or secrets
  • Git history or metadata, absolute paths

--privacy-mode strips every code snippet client-side before anything is sent. --dry-run prints the exact JSON payload that would be sent — nothing transmitted — so you can verify before you trust it.

What's inside

Built for founders who'd rather be shipping.

🔍

Automated scanning

AST-level analysis of Python and JS/TS detects AI/ML imports, inference calls, and risk patterns automatically.

⚖️

EU AI Act classification

Prohibited, High Risk, Limited Risk, or Minimal Risk — per Annex III. With evidence and rationale.

📄

Article 11 PDF

Technical documentation with obligations, evidence snippets, and next steps. Audit-ready in seconds.

🛡️

EU-resident infrastructure

Your code never leaves the EU. Scanned in isolated infrastructure, retained only with your scan, gone the moment you delete it.

🐙

GitHub integration

Connect your repos directly. Scan without downloading. Supports public and private repositories.

API-first

Embed compliance checks in your CI/CD. Block risky merges before they hit main.

A real scan

What Conformis finds
in a real codebase.

Scan the public openai/openai-quickstart-node repo yourself — deterministic classification means you get exactly this result.

Open Source · Node.js
openai-quickstart-node
44
1 CRITICAL8 HIGH5 LIMITED

15 files scanned, all containing AI. The vision feature is flagged as a prohibited-practice risk under Article 5 (biometric / emotion processing); transparency and oversight gaps follow across the chat, assistants, and fine-tuning features.

Top Gap
Article 5 — vision.js processes images with no biometric/emotion guardrails
Pricing

Less than your last legal invoice.

Free
For founders exploring compliance
Free
No credit card required
  • Compliance score only
  • 3 scans/month
  • ZIP upload & GitHub integration
  • No gap details or guidance
Start free
Most popular
Pro
For startups serious about compliance
€99/mo
Billed monthly
  • Full gap analysis per article
  • Unlimited scans
  • PDF compliance report
  • GitHub integration
  • Remediation guidance
  • Compliance checklist & executive summary
  • Priority support
Get started
Pro Plus
For teams that want AI-powered guidance
€199/mo
Billed monthly

The jump over Pro buys the AI Compliance Copilot — a reasoning advisor over your specific gaps, not just more scans.

  • Everything in Pro
  • Compliance Copilot (AI advisor)
  • Annex IV doc generation
  • Developer / Legal / Executive modes
  • Conversation history per scan
  • Early access to new features
Get Pro Plus
Questions you'll ask

We've thought about it.

Does my code leave my infrastructure?+

No. Conformis runs read-only scans inside an isolated EU-based container, deletes the working copy after each scan, and stores only the analysis output. No model training on your code. Ever.

Does it work with JavaScript and TypeScript?+

Yes. Conformis scans Python, JavaScript, TypeScript, JSX, and TSX. It detects AI libraries like OpenAI, Anthropic, LangChain, Vercel AI SDK, and HuggingFace — including package.json dependencies, React hooks, and API route patterns.

How long does a scan take?+

Under 60 seconds for most codebases. Upload a ZIP or connect GitHub — Conformis scans your files, classifies risk tiers, and generates a PDF report with gap analysis and remediation steps in one shot.

Will this replace our legal counsel?+

No — and that's the point. Conformis handles the 80% of repetitive documentation work. Your legal team focuses on the 20% that actually needs judgment.

What if the AI Act changes?+

It will — it already has: the EU's 2026 Digital Omnibus pushed the main high-risk deadline from Aug 2026 to Dec 2027. We track EUR-Lex and the AI Office for changes like this and update our classification logic and this page when the rules move. Article 5's prohibited-practice bans weren't part of that delay and have applied since Feb 2025.

How accurate is the risk classification?+

Our classifier uses Claude AI benchmarked against published EU Commission guidance. We show you the reasoning and evidence behind every classification — including which exact function or line of code triggered the finding. It's a starting point for your compliance work, not a legal opinion — see our next answer.

Is GitHub integration secure?+

We request read-only access to your repositories. Your code is cloned into an isolated container to run the scan. For ZIP and GitHub scans, we keep the uploaded code alongside the scan record — that's what powers features like Auto-Fix, which needs your real source to generate a patch. Delete a scan and its source is permanently deleted with it. If you'd rather your code never touch our servers at all, use the conformis CLI: it scans locally and only ever transmits findings (file path, line, library, one-line snippet) — never source.

What is the EU AI Act deadline?+

High-risk AI systems must comply by August 2, 2026. Prohibited practices were banned from February 2, 2025. Fines for non-compliance can reach €35 million or 7% of global annual turnover — whichever is higher.

August 2, 2026 — the deadline

Don't wait for the
first fine.

Free plan · No credit card · 3 scans/month