Tamper-evident audit trail MCP server for EU AI Act & GDPR compliance.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"eu-audit": {
"env": {
"AUDIT_CONFIG": "./audit_config.yaml"
},
"args": [
"-m",
"eu_audit_mcp.server"
],
"command": "python"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Tamper-evident audit trail MCP server for EU AI Act and GDPR compliance. Designed to be integrated into a local desktop application via stdio transport.
No automated test available for this server. Check the GitHub README for setup instructions.
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
No package registry to scan.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in security / legal
AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).
Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.
Model Context Protocol for WinDBG
MCP Security Weekly
Get CVE alerts and security updates for Eu Audit MCP Server and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Tamper-evident audit trail MCP server for EU AI Act and GDPR compliance. Designed to be integrated into a local desktop application via stdio transport.
This server implements technical measures for the following EU regulations:
| Regulation | Articles | What it requires |
|---|---|---|
| EU AI Act (2024/1689) | Art. 12 | Automatic recording of events (logs) for high-risk AI systems |
| Art. 19 | Retention of automatically generated logs for at least 6 months | |
| GDPR (2016/679) | Art. 17 | Right to erasure of personal data ("right to be forgotten") |
| Art. 30 | Records of processing activities, including purposes and data categories |
The EU AI Act high-risk obligations enter into force on 2 August 2026.
See LEGAL_REFERENCES.md for the full article texts and a detailed mapping of how each tool addresses each requirement.
Disclaimer: This tool provides a technical checklist, not legal advice. Consult qualified legal counsel for compliance decisions.
pip install -e ".[dev]"
python -m eu_audit_mcp.server
{
"mcpServers": {
"eu-audit": {
"command": "python",
"args": ["-m", "eu_audit_mcp.server"],
"env": {
"AUDIT_CONFIG": "./audit_config.yaml"
}
}
}
}
pytest tests/
| Tool | Description |
|---|---|
log_event | Record an audit event with automatic PII scanning |
log_inference | Log an LLM inference call (model, tokens, cost) |
log_data_access | Log a document/data access event |
query_log | Search events by time range, type, session |
get_session_trace | Full ordered trace of a session |
get_stats | Summary statistics over a time period |
compliance_check | Check against EU AI Act Art. 12/19 and GDPR Art. 30 |
execute_erasure | GDPR Article 17 right-to-erasure |
get_pii_summary | Summary of detected PII types (counts only) |
verify_chain | Verify hash chain integrity |
Copy the example config and customize:
cp audit_config.example.yaml audit_config.yaml
Set the AUDIT_CONFIG environment variable to point to your config file. Do not commit audit_config.yaml if it contains a chain_secret — it is in .gitignore by default.
See SECURITY.md for the threat model, security measures, and vulnerability reporting.
Apache-2.0