Regula is a powerful command-line interface (CLI) tool designed to assist AI projects in achieving compliance with the EU AI Act. By combining static code analysis with governance questionnaires, Regula provides a comprehensive examination of codebases for risk indicators associated with AI applications. Regardless of development size or geographical location, Regula aims to streamline compliance for all AI product developers targeting EU users.

Key Features

• Risk Classification: Automatically classifies AI systems into one of the EU AI Act's four risk tiers:

  • Prohibited (e.g., social scoring, subliminal manipulation)
  • High-risk (e.g., CV screening, credit scoring)
  • Limited-risk (e.g., chatbots, emotion recognition)
  • Minimal-risk (e.g., spam filters, recommendations)

• Code Scanning: Scans codebases for 389 patterns across 8 programming languages, generating insights in approximately 30 seconds.

• Governance Questionnaires: Supplies structured self-assessment questionnaires for obligations that cannot be verified through code alone, ensuring comprehensive compliance coverage related to risk management and quality management.

• Local Execution: Operates entirely on the development machine with zero dependencies, ensuring data privacy and security—no code or findings are sent to external servers.

Usage Examples

Check AI compliance with interactive assessments:

regula assess

Perform a detailed code scan:

regula check .  # Scans current directory for risk patterns

Generate auditor-ready documentation:

regula evidence-pack --sign .  # Creates signed, timestamped evidence

Target Audience

• Solo Founders: Ideal for solo developers and indie hackers who require clarity on compliance implications for their AI products in the EU.
• Small Teams: Suitable for teams seeking to identify compliance risks and obligations before they impact business operations, such as sales engagements with enterprise clients.
• Engineering Teams: Provides options to integrate compliance checks within CI/CD pipelines, enhancing assurance that high-risk code does not enter production.

Ethical Considerations

Regula includes a bias evaluation feature that runs benchmarks to assess model behavior concerning social bias, aiding in documentation requirements under Article 10 of the EU AI Act. The tool takes a conscientious approach to ethical considerations, ensuring that any biases identified during analysis are addressed appropriately.

Limitations

While Regula is a valuable asset in compliance efforts, it is important to note that it provides risk indications based on pattern recognition rather than legal classifications. Human judgment is essential when interpreting results, as false positives or negatives might occur.

For a detailed overview of the capabilities and methodology of Regula, including in-depth documentation and examples, please refer to the project's official repository.