EU compliance skills
for every AI agent.
Open-source skill suite that makes AI agents self-aware about EU compliance. They learn what data is sensitive, log what they do, and stop when they should.
Paste this into your first message:
Read https://raw.githubusercontent.com/eyesecurity/complisec-skill/main/SKILL.md and follow its instructions.
AI agents are powerful. But they weren't built for EU regulation.
Agents touch regulated data
AI agents process personal data, national IDs, and health records daily — without knowing what's sensitive.
Compliance is a moving target
27 member states transposing NIS2 at different speeds. Hardcoded knowledge in language models goes stale instantly.
No audit trail
When an agent makes a decision, who logged it? Most setups leave no trace of what happened or why.
Ten skills that enforce compliance on every prompt.
Org profile & enforcement
Captures your critical assets, risk appetite, data residency, and suppliers. Enforces these rules on every prompt.
NIS2 gap analysis
Structured questionnaire your agent works through section by section. Know where you stand before anything changes.
Data sensitivity & secrets
Scans for credentials, API keys, national IDs, and health records. Blocks them from output and guides rotation.
Audit logging
Every agent action gets a structured, timestamped log entry aligned with the standards your auditor expects.
Incident management
Breach reported? Starts the incident lifecycle and calculates notification deadlines per your obligations.
Vendor risk
Flags unknown vendors, verifies DPAs, and validates hosting locations against your allowed regions.
Data residency
Cloud services and APIs checked against your allowed regions. Violations flagged before data leaves your jurisdiction.
Change management
Critical asset changes require impact assessment and rollback plan. Every change gets a structured record.
Built for teams that take EU compliance seriously.
SME and SME+ organisations in the EU that use AI agents in their day-to-day operations and need to stay compliant without a dedicated legal team.
Security teams integrating AI agents into existing workflows who need guardrails that work without slowing them down.
Compliance officers who need audit trails for every decision an agent makes — not just the ones someone remembered to log.
MSPs and MSSPs serving EU clients who want to offer AI-assisted services with built-in compliance, not bolt-on promises.
Read the source, run it yourself, own your compliance.
MIT-licensed. Plain markdown skills — no runtime, no dependencies, no vendor lock-in. Works with any LLM that can read a file.