An agent skill for compliance work on Regulation (EU) 2024/1689 — the EU Artificial Intelligence Act. Compatible with Anthropic Claude Code, OpenAI Codex, and any AGENTS.md-aware coding agent (Cursor, Windsurf, GitHub Copilot, Devin, Amp).
Status: v0.1.0-alpha — public, usable, seeking validators. The content is grounded in the Official Journal text and the 2025 Commission guidelines, but external review is wide open. If you are a compliance officer, EU AI law expert, or engineering lead with hands-on AI Act experience: please open issues, suggest corrections, or email
ai@davidemorelli.it. Acknowledged contributors get credit in the README and a citation when the skill ships v0.1.0 stable.Pending: Digital Omnibus on AI. A provisional political agreement between the European Parliament and the Council was reached on 7 May 2026 on the Commission's 19 November 2025 proposal. The agreement confirms 2 December 2027 for stand-alone high-risk (Annex III) systems and Article 50 transparency, and 2 August 2028 for high-risk safety components of Annex I products. It also adds a new Article 5 prohibition on AI systems generating non-consensual intimate imagery (so-called "nudifier apps") and child sexual abuse material, with a compliance deadline of 2 December 2026 once in force. Co-legislators target formal adoption before 2 August 2026. Until publication in the Official Journal, the legally binding deadlines remain the original Article 113 calendar and the new prohibition is not yet in force. Article 4 (AI literacy) and the existing Article 5 prohibitions — in force since 2 February 2025 — and Chapter V GPAI obligations — in force since 2 August 2025 — are not affected.
Specifically, we are interested in feedback on:
- Article 5 borderlines: workplace emotion recognition, biometric categorisation carve-outs, real-time RBI law-enforcement exceptions
- Annex III scope edges: where high-risk classification is ambiguous in real systems
- Article 27 FRIA: who has actually drafted one for a public-sector deployer; what worked, what did not
- GPAI thresholds: how the 10²⁵ FLOPs criterion is being interpreted for fine-tuned and downstream-adapted models
- Article 50 transparency: implementation patterns for chatbot disclosure, synthetic-content marking, deep-fake notices
Open an issue at https://github.com/morellid/ai-act-skill/issues, or send a private note to ai@davidemorelli.it.
A self-contained agent skill that helps compliance teams, AI engineers, and consultants run common tasks on the EU AI Act:
- Classify an AI system or model (in scope? prohibited? high-risk? limited? GPAI? systemic risk?)
- Identify roles (provider, deployer, importer, distributor)
- Check provider obligations for high-risk systems (Articles 8–22)
- Check deployer obligations including the Fundamental Rights Impact Assessment / FRIA (Articles 26–27)
- Check GPAI provider obligations (Articles 51–55)
- Verify transparency obligations under Article 50 (chatbots, synthetic content, deepfakes)
The repository is the skill. Drop it into your agent's skills directory. The skill follows the SKILL.md + frontmatter convention used by both Claude Code and Codex.
| Agent | Skills directory |
|---|---|
| Anthropic Claude Code | ~/.claude/skills/ai-act-compliance/ |
| OpenAI Codex | ~/.agents/skills/ai-act-compliance/ |
git clone https://github.com/morellid/ai-act-skill.git
cd ai-act-skill
./install.sh # default: Claude Code
./install.sh --target codex # Codex only
./install.sh --target both # both agents
./install.sh --force --target both # replace existing installs without promptingThe script symlinks the repository into the chosen native target(s) by default (so git pull upgrades the installed skill in place). Set INSTALL_MODE=copy for a snapshot copy.
This helper is for native Claude Code / Codex skill installs. If you want to vendor the repo into a project for Cursor, Windsurf, GitHub Copilot, Devin, Amp, or another AGENTS.md-aware harness, use Option D. A custom-path run such as ./install.sh /path/to/project/.vendor/ai-act-skill only copies/symlinks the repo; it does not create the project-local AGENTS.md pointer or per-agent adapter files.
# Claude Code
git clone https://github.com/morellid/ai-act-skill.git ~/.claude/skills/ai-act-compliance
# Codex
git clone https://github.com/morellid/ai-act-skill.git ~/.agents/skills/ai-act-complianceInside a Codex session:
$skill-installer https://github.com/morellid/ai-act-skill
Many agents read AGENTS.md natively (60 000+ repositories already do; the format is governed by the Linux Foundation Agentic AI Foundation). For those agents, vendor this skill into your own project and add a short pointer in your project's AGENTS.md:
# In YOUR project repository:
git submodule add https://github.com/morellid/ai-act-skill.git .vendor/ai-act-skillThen add to your project's AGENTS.md:
## EU AI Act compliance
When the user asks AI Act questions, walk through the tasks at
`.vendor/ai-act-skill/tasks/` (classify first, then check prohibitions,
then route to provider/deployer/GPAI/transparency). Source extracts at
`.vendor/ai-act-skill/references/extracts/`. Cite articles precisely;
always close with the "support tool, not legal advice" disclaimer.For per-agent adapters (Cursor MDC rule, GitHub Copilot instructions), see adapters/ in this repository.
mkdir -p ~/.claude/skills # or ~/.agents/skills for Codex
curl -L https://github.com/morellid/ai-act-skill/archive/refs/tags/v0.1.0.zip \
-o /tmp/ai-act-skill.zip
unzip -d ~/.claude/skills /tmp/ai-act-skill.zip
mv ~/.claude/skills/ai-act-skill-* ~/.claude/skills/ai-act-complianceThe vercel-labs/skills CLI auto-detects the SKILL.md at the repo root and installs it into your agent's skills directory.
npx skills add morellid/ai-act-skillBy default the CLI installs into ~/.claude/skills/. Use --list to preview, or pass an explicit target with the CLI's flags (see npx skills add --help).
If you use Claude only via the web (claude.ai, no Claude Code), grab the prebuilt skill zip from the GitHub Releases and upload it.
- Open the latest release: https://github.com/morellid/ai-act-skill/releases/latest
- Download
ai-act-compliance.zip. - Go to https://claude.ai/customize/skills and upload (or drag-and-drop) the file.
The zip contains the skill in a single top-level directory (ai-act-compliance/ with SKILL.md, tasks/, references/, examples/, LICENSE). Do not extract it before upload.
After installation, restart your agent (Claude Code or Codex) so the new skill is discovered.
./uninstall.sh # default: Claude Code
./uninstall.sh --target codex # Codex only
./uninstall.sh --target both # both agents
# or manually:
rm -rf ~/.claude/skills/ai-act-compliance
rm -rf ~/.agents/skills/ai-act-complianceIn any Claude Code or Codex session, ask questions or give tasks that touch the AI Act:
"Classify this system under the AI Act: it's a CV-screening tool for HR..."
"Run a FRIA on this high-risk deployment of an emotion-recognition system."
"Check our GPAI model obligations — we're at 5×10²⁵ FLOPs of training compute."
The agent will load this skill, route to the right sub-task, and produce a structured analysis with citations.
In Codex you can also invoke it explicitly:
/skills ai-act-compliance
ai-act-skill/
├── SKILL.md ← the skill entry point (agent reads this)
├── README.md ← this file (humans read this)
├── LICENSE ← MIT
├── CHANGELOG.md
├── install.sh ← installer (Claude Code / Codex / both)
├── uninstall.sh
├── .gitignore
├── AGENTS.md ← cross-agent guidance (Codex, Cursor, Windsurf, Copilot, …)
├── agents/ ← agent-specific UI metadata
│ └── openai.yaml ← Codex display name + default prompt
├── adapters/ ← drop-in adapters for non-skill formats
│ ├── copilot-instructions.md ← GitHub Copilot
│ ├── cursor-rule.mdc ← Cursor IDE rule
│ └── README.md ← how to vendor + adapt
├── tasks/ ← detailed sub-task instructions
│ ├── classify-system.md
│ ├── check-prohibited-practices.md
│ ├── check-high-risk-provider.md
│ ├── check-deployer-obligations.md
│ ├── check-gpai-provider.md
│ └── check-transparency.md
├── references/ ← official-source metadata + textual extracts
│ ├── sources.yaml
│ └── extracts/
│ ├── ai-act-art-3-definitions.md
│ ├── ai-act-art-5-prohibited.md
│ ├── ai-act-art-6-9-high-risk-classification.md
│ ├── ai-act-annex-iii-high-risk-list.md
│ ├── ai-act-art-26-27-deployer-fria.md
│ ├── ai-act-art-50-transparency.md
│ └── ai-act-art-51-55-gpai.md
├── examples/ ← test fixtures
│ ├── classify-customer-service-chatbot/
│ └── classify-hr-emotion-recognition/
└── scripts/
├── validate.sh ← skill self-check
├── fetch-references.sh ← downloads source PDFs and verifies hashes
└── build_releases.sh ← builds dist/ai-act-compliance.zip for claude.ai drag-and-drop
Semantic versioning, tagged in git (git tag v0.1.0). GitHub auto-generates downloadable zips for each tag at https://github.com/.../archive/refs/tags/<tag>.zip.
The skill ships with two example fixtures (HR emotion recognition, customer service chatbot) under examples/, each with a synthetic input and the expected output. To run a structural self-check:
./scripts/validate.shFor external validation resources (the AI Act is not amenable to fully automated test suites — compliance is fact-specific), see references/sources.yaml for:
- The Commission's official Compliance Checker at the AI Act Service Desk
- The artificialintelligenceact.eu open-source tracker
- Harmonised standards under preparation by CEN-CENELEC JTC 21 (publication expected from 2026)
Issues and PRs welcome. Two non-negotiable principles:
- Only official sources — every normative claim must trace back to the Regulation, an EU Commission delegated/implementing act, an EU AI Office guideline, an EDPB joint guideline, or a published harmonised standard. Hashes in
references/sources.yaml. - Disclaimer always present — the skill is a support tool, never a substitute for legal counsel or notified body assessment.
- Richard B. (LinkedIn) — flagged the Digital Omnibus on AI timeline change (Commission proposal 19 November 2025; Council and Parliament alignment in March 2026) before v0.1.0 stable, prompting the pending-delay disclosure pass across the skill and the landing page.
MIT — see LICENSE.
This skill is provided for informational and compliance-support purposes. It does not constitute legal advice, does not replace assessment by a qualified lawyer, and does not replace conformity assessment by a notified body where required. Penalties under Article 99 of the AI Act reach EUR 35 million or 7% of total worldwide annual turnover for the most serious violations. Use at your own risk.