When does the EU AI Act come into force?

Article 50 transparency + watermarking obligations become enforceable 2 August 2026 — NOT delayed by the 7 May 2026 Digital Omnibus, which only pushed Annex III high-risk to 2 December 2027 and Annex I product-safety to 2 August 2028. Prohibited-practice rules have been in force since 2 February 2025; general-purpose AI (GPAI) obligations started 2 August 2025, with the grandfather window for pre-Aug-2025 models closing 2 August 2027.

What are the penalties for EU AI Act non-compliance?

Up to €35 million or 7% of global turnover for prohibited practices. Up to €15M or 3% for high-risk violations.

What is a signed attestation?

A cryptographically signed (HMAC-SHA256) JSON document proving you ran a specific regulatory audit with a specific score. Carries a public verify URL so auditors and procurement teams can validate authenticity without contacting MEOK.

Why not build this internally?

Article-by-article mapping of EU AI Act + DORA + NIS2 + CRA + CSRD takes a compliance team 6-12 months. MEOK gives you 15 MCPs on day one with signed attestations Article-11 auditors accept.

Can I cancel anytime?

Yes. Stripe handles billing. Cancel in one click from your email receipt. No contracts.

⏰ Calculating days to the 2 Aug 2026 Article 50 watermarking + transparency cliff…

Your AI compliance, signed and verified,
in 48 hours.

We audit your AI systems against EU AI Act, DORA, NIS2, CRA, CSRD and 10 more regulations — then emit cryptographically signed attestations your auditor validates at a public URL.

See pricing → Try free on PyPI

No card needed for free tier. Cancel anytime. 365-day attestation validity.

15compliance MCPs live

320+monthly installs on flagship

HMAC-SHA256cryptographic binding

Public verify URLauditor-accepted

Your Article 11 technical documentation pack is probably incomplete.

14 mandatory fields per EU AI Act Annex IV. Most teams I talk to cover 3-4. The rest get flagged by the notified body. You don't find out until your conformity assessment fails — and you're stuck scrambling within 4-week deadlines.

€35M

or 7% of global turnover — max penalty for prohibited-practice breaches

mandatory Annex IV documentation fields most teams miss

the tightest reporting clock — DORA major ICT incidents

…

days until the 2 Aug 2026 Article 50 watermarking + transparency cliff (NOT delayed by the Omnibus — Annex III/I were delayed, Article 50 was not)

Install → audit → share signed attestation. Three steps.

No sign-up for free tier. No seat licenses. No minimum commitment.

Install

pip install eu-ai-act-compliance-mcp (or any of 15 regulation-specific packages). Free tier runs locally. No data leaves your machine.

Audit

Call from Claude Desktop, Cursor, Cline, VS Code. Article-by-article audits produce a score + gap list. Upgrade to Pro for signing.

Sign + share

Pro tier emits a HMAC-signed attestation. You share the public verify_url. Your auditor validates signature + expiry without contacting us.

Sample signed cert

{
  "cert_id": "MEOK-DORA-A1B2C3D4E5F6",
  "regulation": "DORA (Regulation (EU) 2022/2554)",
  "entity": "Acme Bank PLC",
  "score_percent": 82.5,
  "assessment": "COMPLIANT",
  "findings": ["Article 9: PASS", "Article 28: GAP"],
  "issued_utc": "2026-04-23T12:00:00Z",
  "expires_utc": "2027-04-23T12:00:00Z",
  "signature_sha256_hmac": "7e4b8...",
  "verify_url": "https://meok-attestation-api.vercel.app/verify/MEOK-DORA-A1B2C3D4E5F6"
}

Start free. Sign when you need evidence.

Every tier includes all 15 MCPs. Pro unlocks signed attestations — the artefact your auditor accepts.

Free

For evaluation and small teams

£0

10 audits per day per MCP
All 15 regulations covered
Every tool available
No signed attestations
No credit card required

Browse on PyPI

Install from PyPI · Use in Claude, Cursor, Cline

Pro

For teams shipping AI into regulated markets

£199/mo

Unlimited audits across all 15 MCPs
Signed HMAC attestations with public verify URL
365-day attestation validity
Priority email support
Cancel anytime — one click

Start Pro — £199/mo

Secure checkout via Stripe · UK VAT inc. where applicable

Enterprise

For multi-entity AI + financial services

£1,499/mo

Everything in Pro
Multi-tenant deployments
Co-branded PDF certificates
Trust Center webhook integration
Custom Care Membrane policies

Start Enterprise

Invoice on request · Contact for multi-seat or annual

48-Hour Compliance Assessment — £5,000

Bespoke written report + signed deliverable. Full article-by-article audit for EU AI Act, DORA, NIS2, CRA, CSRD — whichever applies to your entity. 48-hour turnaround. Discount for Pro subscribers.

Book 48h assessment — £5,000

15 regulations. One subscription.

Each MCP is a dedicated compliance automator for a specific framework. All included in Pro.

EU AI Act

eu-ai-act-compliance-mcp · Regulation (EU) 2024/1689

DORA

dora-compliance-mcp · Regulation (EU) 2022/2554

NIS2

nis2-compliance-mcp · Directive (EU) 2022/2555

CRA

cra-compliance-mcp · Regulation (EU) 2024/2847

CSRD

csrd-compliance-mcp · Directive (EU) 2022/2464

GDPR

gdpr-compliance-mcp · Regulation (EU) 2016/679

UK AI Regulation

uk-ai-bill-compliance-mcp · White Paper + AI Bill

HIPAA

hipaa-compliance-mcp · US healthcare privacy

SOC 2

soc2-compliance-mcp · Trust Services Criteria

ISO/IEC 42001

iso-42001-compliance-mcp · AI Management System

NIST AI RMF

nist-rmf-ai-mcp · Govern/Map/Measure/Manage

AI-BOM

ai-bom-mcp · CycloneDX ML-BOM + SPDX 3.0 AI

DORA × NIS2

dora-nis2-crosswalk-mcp · Dual-compliance scoring

Incident Reporting

ai-incident-reporting-mcp · 6-regime clock unifier

Gods Eye Geospatial

gods-eye-geospatial-mcp · Open-licence + ethics gate

Questions people ask before subscribing.

Can I verify a cert without signing up?

Yes. Run pip install meok-attestation-verify, pipe the cert JSON on stdin, get VALID or INVALID back. Zero dependencies. Anyone auditing a cert — your procurement team, your external auditor, your board — can validate without an account.

Does my data leave my machine?

Free tier: no. MCPs run 100% locally via the Model Context Protocol. Pro tier: only the signed-attestation payload is sent to our Vercel signing API (regulation name, entity, score, findings, articles). Raw data stays local.

What happens if I cancel?

Your existing attestations stay valid for their full 365 days. You lose ability to issue NEW signed attestations. Free tier of all MCPs keeps working. Cancel anytime from the Stripe receipt email.

Is this a substitute for legal advice or a notified body?

No. Signed attestations are automated self-assessments — the legal notice on every cert says so explicitly. They speed up the preparation work your legal team or notified body still signs off on. Think of it as the Vanta Trust Center pattern, for AI compliance.

Why should I trust a 15-MCP startup vs Big 4?

You shouldn't trust — you should verify. Every cert has a cryptographic signature anyone can validate. The signing key stays on our server. If we ever went offline, your existing certs remain verifiable via the independent meok-attestation-verify tool. Big 4 invoices don't come with cryptographic binding.

Do you offer invoice billing?

Enterprise tier billing can be invoiced on request. Pro is card-only via Stripe. For the 48h assessment (£5k) we can issue a PO on request before payment.

Your AI compliance, signed and verified,in 48 hours.