51 production-grade rules across EU AI Act, GDPR, SOX, HIPAA, Colorado SB 205, NYC LL 144 and more. Every blocked request carries a verbatim legal citation, rule ID, timestamp, and input hash. Not a probability score — an audit trail.
"The AI did it" is no longer a defense in federal court. UnitedHealthcare, Humana, and Garcia v. Google establish that AI decisions carry discoverable, organizational liability. ComplyEdge gives you the reasoning record.
Each rule carries a verbatim citation from the official source. Audit-ready out of the box.
| Regulation | Rules | Status |
|---|---|---|
|
EU AI Act
Articles 4, 5 (×8 prohibited practices), 6, 9, 10, 12, 13, 14, 15, 16, 26, 27, 50 (×4 transparency), 51–55 GPAI |
30 | ✓ |
|
GDPR
Consent (Art 7), breach notification (Art 33), DPIA (Art 35), right to erasure (Art 17), cross-border transfer (Art 44–49), data minimization (Art 5) |
6 | ✓ |
|
US Federal
SOX §§404/802, HIPAA minimum necessary, ECPA electronic surveillance, TCPA SMS opt-in |
5 | ✓ |
|
US State
CCPA / CPRA opt-out, Colorado AI Act SB 205, Illinois BIPA, NYC Local Law 144 (AEDT) |
4 | ✓ |
|
Universal · PCI DSS · COPPA
PII detection patterns, payment card data exposure, child-data input sensitivity |
6 | ✓ |
| Total | 51 | ✓ |
Sources: eur-lex.europa.eu · leg.colorado.gov · leginfo.legislature.ca.gov · law.cornell.edu · nyc.gov
TrustLint + OPA evaluation engine. No LLM in the enforcement path. Every decision is reproducible, explainable, and fast enough for real-time traffic.
Regulator-ready evidence packages. Export every enforcement decision with timestamps, rule versions, and input hashes. Enterprise-only feature.
Community tier covers PII + PCI. Enterprise unlocks the full EU AI Act corpus — Articles 5, 50, GPAI 51–55, plus GDPR and US regulations.
From startups to regulated enterprises
Start enforcing EU AI Act rules today. No vendor lock-in. No rebuild.