ComplianceLint
Summary
Compliance reviews that live in spreadsheets, Confluence pages, and biweekly meetings never catch the obligation your developer quietly shipped past them. ComplianceLint moves EU AI Act checks into the IDE itself, where the code actually lives.
The tool installs as an MCP server in Cursor, Windsurf, Claude Code, or any MCP-compatible IDE, then scans a codebase locally against all 247 obligations across 44 EU AI Act articles — the vendor states no code is uploaded. Findings land in a dashboard broken out by article, with prioritized remediation tasks generated in the same IDE session. Evidence recording ties each resolved finding to a named change, and exports produce audit-ready PDFs. Where the workflow strains is at the 'needs review' boundary: a significant portion of findings — 103 of 191 in the vendor's own demo — require human attestation, which means the structured forms and manual attestation gates become the real compliance workload, not the scan.
Bottom line: Pick this if your team is shipping a high-risk AI system and wants compliance checks running locally in the IDE before anything goes to legal — but plan for the attestation and human-oversight forms to consume more sprint time than the automated scan.
Pricing Plans
Subscription- Price
- €0 to start
- Free Tier
- Basic scanning and overview features
Free
Basic scanning and dashboard
- Core scans
- Findings view
- Basic reports
Pro+
Advanced exports
- Per-article PDFs
- Human Gates evidence
Business+
Full audit packs
- All-in-one ZIP exports
- Audit trail
- Embedded HTML viewer
View full pricing on compliancelint.dev →
Pricing may have changed since last verified. Check the official site for current plans.
Community Performance Report Card
No community ratings yet. Be the first to rate this tool!
Community Benchmarks Community
Sign in to submit a benchmarkNo community benchmarks yet. Be the first to share a real-world data point.
Pros
Sign in to edit- Local-only code scanning, which means teams in regulated sectors — AI medical, AI finance — can run compliance checks without uploading proprietary code to a third-party service, removing a class of data-handling risk that typically blocks security review of SaaS compliance tools.
- Zero-config MCP server setup across Claude Code, Cursor, Windsurf, and Zed, so compliance checks enter the development workflow without requiring a separate tool context switch or a dedicated compliance engineer to operate the interface.
- Remediation tasks are generated and prioritized by article in the same IDE session as the scan, so developers get a specific action list rather than a raw findings report they have to interpret against the regulation themselves.
- Audit trail records each resolved finding with the attesting party and timestamp, which means the evidence package for a formal EU AI Act audit is assembled incrementally during development rather than reconstructed after the fact under deadline.
- Dashboard aggregates compliance scores across multiple repositories by article, so engineering leads can see which specific obligations are failing across an entire AI product portfolio rather than repo-by-repo.
Cons
Sign in to edit- A large share of findings land in 'needs review' — the vendor's own demo shows 103 of 191 results in this state — and none of those resolve automatically. Each requires a human to work through an attestation form, which means the scan is the fast part and the real compliance workload begins after it finishes. Teams underestimating this scope will miss sprint estimates.
- The tool covers EU AI Act obligations only. Teams operating under multiple frameworks — GDPR, ISO 42001, NIST AI RMF — get no coverage for those obligations here, which means a parallel compliance process still runs alongside ComplianceLint. Organizations that need consolidated multi-framework coverage will switch to a broader GRC platform and treat EU AI Act as one module within it.
- The BSL 1.1 license means the source is readable but not freely forkable for commercial use. Teams that require a fully open-source compliance tool they can modify and redistribute will not be able to use ComplianceLint on those terms and will look to open-licensed alternatives.
Community Reviews
Sign in to write a reviewNo reviews yet. Be the first to share your experience.
About
- Platforms
- IDE integrations (Claude Code, Cursor, Windsurf, Copilot, Codex, Zed, MCP IDES)
- API Available
- No
- Self-Hosted
- Yes
- Last Updated
- 2026-06-20T03:32:56.905Z
Best For
Who it's for
- AI product teams building high-risk systems
- Developers needing local EU AI Act compliance checks
- Organizations preparing for regulatory audits
- Teams using supported IDEs like Cursor, Windsurf, or VS Code variants
What it does well
- Scanning AI system code for EU AI Act obligations in the IDE
- Generating remediation tasks mapped to specific articles
- Producing audit-ready compliance documentation and exports
- Handling human oversight and role-specific obligations via guided forms
Integrations
Discussion Community
Sign in to commentNo discussion yet. Sign in to start the conversation.
Compare ComplianceLint
Spotted incorrect or missing data? Join our community of contributors.
Sign Up to ContributeCommunity Notes & Tips Community
Sign in to contributeBe the first to contribute. General notes, observations, gotchas, and tips from people who use this tool day-to-day.
Frequently Asked Questions
- Is ComplianceLint free?
- ComplianceLint is a paid tool (€0 to start). No permanent free tier is offered.
- Is ComplianceLint open source?
- No — ComplianceLint is a closed-source tool. Source code is not publicly available.
- Can I self-host ComplianceLint?
- Yes. ComplianceLint supports self-hosting on your own infrastructure.
- What platforms does ComplianceLint support?
- ComplianceLint is available on: IDE integrations (Claude Code, Cursor, Windsurf, Copilot, Codex, Zed, MCP IDES).
Hours Saved & ROI Stories Community
Sign in to contributeBe the first to contribute. Concrete time/cost savings, with context. e.g. "Cut my code review backlog from 4h to 45m per week."
Curated lists that include this category
ComplianceLint runs EU AI Act compliance scans directly inside supported IDEs — Cursor, Windsurf, Claude Code, Zed, Copilot, Codex, and any MCP-compatible environment. Setup is a single command (`npx compliancelint init`) or a Python CLI alternative. From there, a developer asks their AI assistant to scan the project; the tool reads files locally, maps results against 247 legal obligations across 44 articles, and returns a finding breakdown — compliant, non-compliant, and needs-review — in seconds. Remediation tasks are generated in the same session, prioritized by article, and tracked across re-scans so the team can watch their compliance score move as fixes land.
The differentiating constraint is local execution. The vendor states explicitly that code never leaves the machine, which matters for teams building in regulated sectors — AI finance, AI medical — where uploading source to a third-party SaaS for compliance review creates its own legal exposure. Findings sync to a cloud dashboard only as structured metadata, not raw code. The audit trail records who attested each finding and when, which is the artifact auditors under the EU AI Act will actually ask for.
The tool fits AI product teams that need to start compliance work before they have a legal team engaged, and organizations preparing for a formal audit who need something other than a manually maintained checklist. Where it breaks: the ‘needs review’ category is not a machine-resolvable state. Human oversight obligations, role-specific attestations, and Article 14 requirements around human control require the team to work through guided forms — the scan surfaces the obligation, but the compliance work is still a human decision. Teams with complex multi-repo architectures will also find the dashboard’s cross-repo scoring useful but will need to manage attestation consistency across repositories manually.
License is BSL 1.1 (source-available, not open-source), and the tool is scoped to B2B use — the vendor’s terms exclude individual consumer use. Self-hosted operation is supported via the local scan model. A paid-only tier exists beyond the free starting point, though feature gating between tiers is not detailed on the public page.