quirgs-compliance

Generates ready-to-publish transparency notices, model cards, and AI system disclosures. Use whenever someone says "write a transparency notice", "draft a model card", "create a system disclosure", "Article 13 notice", "what do I need to disclose about my AI", "transparency documentation", "AI system card", "document my AI for compliance", or "how do I tell users about my AI". Also trigger when preparing EU AI Act compliance disclosures or NIST AI RMF Govern function documentation. Two modes: (1) EU AI Act Article 13 notice for high-risk AI deployers, (2) NIST AI RMF-aligned model card. Produces actual draft document text the user can edit and publish — not checklists. Suggest eu-ai-act-classifier first if risk tier is unconfirmed. Offer hitl-compliance-gate after drafting before the notice is published.

Classify an AI system's risk tier under the EU AI Act and surface the specific legal obligations that apply. Use this skill whenever someone asks about EU AI Act compliance, risk classification, "is this high-risk AI", "what category does my AI fall into", "do I need a conformity assessment", "what are my EU AI Act obligations", "does the AI Act apply to me", or "how do I comply with the EU AI Act". Also trigger when someone describes an AI system and needs to understand their regulatory exposure in the EU — even if they don't use the phrase "EU AI Act". Outputs a definitive risk tier, the legal basis for that classification, and a tailored obligations checklist scoped to that tier and deployment role (provider, deployer, importer, distributor). Do not use hitl-compliance-gate for this — use this skill when the EU AI Act classification and obligations are the primary need.

Insert a structured compliance review checkpoint into any AI workflow. Use this skill whenever a human-in-the-loop (HITL) review moment occurs and there is any concern about regulatory or standards compliance — even if the user doesn't use the word "compliance." Trigger on phrases like: "check this against NIST", "is this EU AI Act compliant", "ISO 42001 review", "compliance gate", "run a compliance check", "is this safe to proceed", "review before we ship", "flag any risks", or any workflow step where a human is asked to approve AI-generated output before it moves forward. Also trigger when the user is mid-workflow and asks "should we add a compliance check here?" — always say yes and invoke this skill. Covers: EU AI Act, NIST AI RMF, ISO 42001. Outputs a structured sign-off checklist the human reviewer can work through before approving.

Structures AI incident reports aligned to NIST SP 800-61 incident response phases and EU AI Act Article 62 serious incident reporting obligations. Use whenever someone says "log an AI incident", "report an AI failure", "document this incident", "file an incident report", "something went wrong with our AI", "we had an AI bias incident", "our model produced harmful output", "Article 62 report", "serious incident report", "EU AI Act incident", "post-incident review", or "AI incident debrief". Also trigger when someone describes an AI system failure, unexpected output, harm to a user, or regulatory notification requirement — even if they don't use the word "incident". Produces a structured, pre-filled incident report ready for internal review, legal sign-off, and where required, submission to a national market surveillance authority. Identifies whether the incident meets the Article 62 serious incident threshold and routes to the right stakeholders automatically.

Guide teams through ISO/IEC 42001:2023 (AI Management System) clause-by-clause audit readiness checks. Use this skill whenever someone mentions ISO 42001, AIMS, AI management system, AI certification, ISO audit, "are we ISO compliant", "prepare for our audit", "gap analysis for ISO", or asks to evaluate AI governance against an international standard. Also trigger when someone says "what clauses are we missing", "help us get certified", "check our AIMS", "ISO 42001 readiness", or "what do auditors look for". Produces clause- scoped gap analysis reports, assigns control owners, flags audit evidence requirements, and generates audit-ready documentation stubs. Use this for deep ISO 42001 work; use hitl-compliance-gate for a quick multi-framework sign-off check instead.