📋 eu-ai-act × ai-system

EU AI Act for ai system, automated.

European Union Artificial Intelligence Act. Applies to ai system by default.

$ npx great-cto init 🧠 ai-system archetype →
What EU AI Act requires

Concretely, line by line.

How GreatCTO wires it

Detection → overlay → reviewer.

In your ai system project, GreatCTO detects the archetype and overlays the ai-system reviewer agent. EU AI Act gates auto-attach. The reviewer reads the regulation text, your code, your tests, and emits a verdict per requirement — with a diff if anything's missing.

DETECT

Archetype + scope

Stack signals + manifests + README keywords identify ai-system as the project type. EU AI Act is in the default gate set for this archetype.

OVERLAY

ai-security-reviewer + archetype-specific gates fire per Article 6 high-risk classification

The reviewer agent prompt encodes each requirement above as a check. When a PR touches relevant code paths, the reviewer fires with the specific check that matters.

EVIDENCE

Audit trail per gate

Each gate decision is logged to .great_cto/gates.log with timestamp, reviewer, verdict, and rationale. Auditors get a tidy CSV; no scrambling at audit time.

MEMORY

Lessons across audits

When an auditor flags something in one project, the lesson promotes to ~/.great_cto/decisions.md after the 3rd similar finding. Next project's first run includes the lesson in Step 0.

Caveats

What GreatCTO does not do.

It does not certify you. EU AI Act compliance requires human accountability — a CISO sign-off, a DPO review, in some cases an external auditor. GreatCTO ships the evidence; you still own the attestation.

It does not substitute legal review. The reviewer agent encodes commonly accepted readings of the regulation, not your specific jurisdictional interpretation. For high-stakes cases, lawyer involvement is still load-bearing.

It does not eliminate gaps in the requirements list. The list above is the surface area we cover programmatically. EU AI Act has more (Annex II's, sub-clauses, jurisdictional carve-outs). Override the reviewer prompt in agents/ai-system-reviewer.md for your specifics.

Receipts

Don't take my word for it.

01 · ARCHITECTURE

Live state machine

Every box on the diagram is a clickable link to the agent's source on GitHub.
02 · PROOF

One real compliance run

Voice-AI pack rollout: TCPA + STIR/SHAKEN + state recording consent gates auto-wired. Timeline, costs, artifacts.
03 · AGENTS

All 34 agents on GitHub

The ai-system-reviewer prompt is auditable. Read it, override it, fork it.
Install

Wire EU AI Act gates in one command.

$ npx great-cto init

Free, MIT, runs locally. The reviewer agent ships with the npm package — no SaaS portal, no compliance vendor lock-in.