EU AI Footprint Scanner

EU AI Act readiness,
checked on every PR.

Continuous static analysis for AI/ML library use across your codebase. Catches high-risk imports before they hit main. Built for EU SMEs ahead of the 2 August 2026 GPAI deadline.

Get Scanner Read docs 
# .github/workflows/ai-scan.yml
name: AI Footprint Scan
on: [pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: argus-intelligence/ai-footprint-scanner@v1
        with:
          license: ${{ secrets.AI_FOOTPRINT_LICENSE }}

How it works

Three steps, no infra to host.

01

Install the GitHub App

One-click install. Grant read access to the repos you want scanned. No secrets to manage; OAuth handles it.

02

Push a PR

The Scanner runs against the PR diff. AST-based — no string matching, no false positives from comments or docstrings.

03

See findings in the PR

New high-risk imports surface as a PR comment. Approve, request changes, or roll your team's risk register from the result.

What it catches

Three risk tiers, mapped to library categories, configurable via YAML.

High

Generative LLMs and direct AI APIs.

openai · anthropic · cohere · gemini · mistral · ollama

Limited

Foundation-model frameworks and orchestration.

langchain · transformers · tensorflow · pytorch

Minimal

Classical ML and numerical computing.

scikit-learn · numpy · pandas · scipy

Pricing

Flat fees. EU VAT handled by Lemon Squeezy.

Starter
€49 /month

Single repository. Perfect for solo teams or focused services.

  • One private or public repository
  • Unlimited PR scans
  • Monthly risk-definition updates
  • Email support
Subscribe
Business
€149 /month

Whole organisation. For teams with multiple services.

  • Up to 25 repositories per org
  • Unlimited PR scans
  • Org-level dashboard (coming in v1.1)
  • Priority email support
  • Custom risk-definition policies
Subscribe

Need more than 25 repos, on-prem deployment, or a perpetual license? See Enterprise.

FAQ

Does this replace legal review for the EU AI Act? +
No. The Scanner is a technical risk discovery and mapping tool. It identifies AI library use in your code; it does not certify compliance or replace qualified legal counsel. Most customers use Scanner output as input to their internal compliance review.
What data does the Scanner collect from my code? +
The Scanner reads code metadata only — file paths, line numbers, library names, function calls. It does not store your source code, does not transmit code to our servers, and does not retain scan history beyond what's needed to post the PR comment. Full detail in the Privacy Policy.
Can I run this self-hosted or air-gapped? +
Self-hosted is on the roadmap as part of Aegis-RAG Vault's deployment offering. The current Scanner runs as a managed GitHub App. For on-prem requirements today, see Enterprise.
What's the refund window? +
14 days, no questions asked. Refunds are processed by Lemon Squeezy per the Refund Policy.
Can I pause my subscription? +
Yes. Cancel anytime through Lemon Squeezy; access continues until the end of the current billing period. Re-subscribe whenever you're ready.
Why is the risk classification simplified? +
The three-tier model (high / limited / minimal) is a pragmatic engineering shorthand inspired by the EU AI Act, not a literal Annex I/II mapping. The goal is to surface AI use clearly so your compliance review can focus on the right systems. Risk definitions are configurable per project.

Also from Argus

Two more products in the pipeline.

Aegis-RAG Vault

Coming soon

Private, on-prem RAG for EU SMEs. Sovereign-deployable. Join the waitlist for early access.

Join waitlist →

Enterprise

Contact

Perpetual licenses, on-prem deployment, custom risk policies, and SLAs for regulated industries and government buyers.

Get in touch →