dingdawg-compliance
Colorado SB 205 AI Act compliance scanner. Run it in 60 seconds. Get your score. Know your gaps before June 30, 2026.
pip install dingdawg-compliance
python3 -m dingdawg_compliance scan
What it does
Colorado SB 205 requires any company using AI for consequential decisions (employment, housing, credit, insurance, healthcare, education) to:
- Conduct impact assessments before deployment
- Disclose AI use to consumers at point of decision
- Provide appeal and human review mechanisms
- Designate a Responsible AI Officer
- Test for discriminatory bias
- Maintain a 3-year audit trail
This tool scores your readiness across all 25 SB 205 controls. Free. No signup. Runs locally.
Install
pip install dingdawg-compliance
Requires Python 3.9+. No external dependencies — stdlib only.
Usage
Interactive scan (recommended)
python3 -m dingdawg_compliance scan
Walk through all 25 controls. Answer y/n/skip for each. Get your score at the end.
Example output:
──────────────────────────────────────────────────────
Overall Score: 44/100 [████████░░░░░░░░░░░░] NEEDS WORK
──────────────────────────────────────────────────────
Category Scores:
~ scope 100%
✗ impact_assessment 0%
✗ transparency 33%
✗ appeal 0%
~ governance 50%
✗ bias_testing 0%
✗ data_governance 0%
✗ incident_response 50%
✓ audit 100%
⚠ Critical gaps (2) — mandatory under SB 205:
• CO-3 Pre-Deployment Impact Assessment
• CO-6 Consumer Disclosure at Point of Decision
Need the full remediation report?
→ dingdawg.com/compliance (CO SB 205 gap report — $199)
Score from a JSON file
python3 -m dingdawg_compliance score responses.json
Format for responses.json:
{
"CO-1": true,
"CO-2": true,
"CO-3": false,
"CO-4": null
}
true = implemented, false = not implemented, null = unknown (scored as not implemented).
List all 25 controls
python3 -m dingdawg_compliance controls
Use as a library
from dingdawg_compliance import calculate_co_sb205_score, CO_SB_205_CONTROLS
# Score a self-assessment
responses = {
"CO-1": True, # scope: identified consequential decisions
"CO-3": False, # impact_assessment: no pre-deployment assessment yet
"CO-6": True, # transparency: consumer disclosure implemented
# ... rest of controls
}
result = calculate_co_sb205_score(responses)
print(result["score"]) # 0-100
print(result["gaps"]) # list of unimplemented controls
print(result["critical_gaps"]) # CO-3, CO-6, CO-10, CO-14 if missing
Track assessments in SQLite
from dingdawg_compliance import ComplianceStore, ComplianceScorer, ComplianceFramework
store = ComplianceStore() # stored at ~/.dingdawg/compliance/compliance.db
# Register and assess a control
store.assess_control("CO-3", status="COMPLIANT", assessor="legal-team", notes="Completed Q1 2026")
# Score
scorer = ComplianceScorer(store)
print(scorer.overall_posture_score()) # e.g. 72.0
print(scorer.per_framework_score()) # per-framework breakdown
print(scorer.gap_analysis()) # prioritized gap list
Automated checks (read-only)
from dingdawg_compliance import AutoAssessor
from pathlib import Path
assessor = AutoAssessor(
base_dir=Path("./src"),
db_paths=[Path("./data/app.db")]
)
results = assessor.run_all_checks()
print(results["checks"]["access_controls"]["summary"])
print(results["checks"]["audit_logging"]["summary"])
The 25 CO SB 205 Controls
| ID | Category | Control | Critical |
|---|
| CO-1 | scope | Consequential Decision Identification | |
| CO-2 | scope | High-Risk AI System Classification | |
| CO-3 | impact_assessment | Pre-Deplo | |
... View full README on GitHub