
EU compliance - complisec
โ 6from eyesecurity
EU NIS2/GDPR compliance skill for agents
complisec
EU compliance enforcement for AI agents.
skills.eye.security/eu-compliance
What is complisec?
One skill that onboards your organisation, builds a compliance profile, and enforces EU compliance when it matters โ code generation, cloud integrations, deployments, data handling, and regulatory discussions.
What to expect
You don't need to know complisec exists โ it activates when your prompt carries compliance risk.
| You say | complisec does |
|---|---|
| "Write an API endpoint that stores customer records" | Flags personal data handling, enforces audit logging, checks data residency against your profile |
| "Add Stripe integration to the checkout flow" | Detects new supplier not in your profile, asks about DPA status and data hosting region |
| "Our monitoring detected unauthorized access last night" | Starts incident lifecycle, calculates NIS2 24h/72h notification deadlines, identifies affected critical assets |
| "Deploy the new database migration to production" | Triggers change management for critical asset, requires impact assessment and rollback plan |
| "Here's the config: DB_PASSWORD=hunter2" | Blocks immediately, never echoes the secret, warns to rotate credentials |
| "Are we compliant with NIS2?" | Runs applicability check, offers 39-control gap analysis with 5-level maturity scoring |
| "We're switching from AWS to Azure for hosting" | Checks data residency constraints, flags affected critical assets, validates new supplier |
Profile example
See .compliance/profile.example.json for what an org profile looks like โ a compact ~25-line JSON block capturing your critical assets, data residency, risk appetite, suppliers, and legal obligations.
Python requirement
Only the nis2-gap-analysis sub-skill needs Python 3.10+ (for the NIS2 applicability checker). Everything else is pure markdown โ no dependencies.
Skills
| Skill | What it does |
|---|---|
| complisec (root) | Onboarding questionnaire + profile-aware enforcement on compliance-relevant actions |
| org-profile | Questionnaire to capture critical assets, data residency, risk appetite, suppliers, legal obligations |
| nis2-gap-analysis | 5-level maturity NIS2/Cbw assessment with consultant field methodology |
| risk-assessment-writer | ISO 27001 risk entry generator with L/M/H scoring, guided likelihood/impact questions, measure library |
| incident-management | Structured incident lifecycle with NIS2 24/72h/30d + GDPR 72h deadline tracking and EU reporting directory |
| vendor-risk | Vendor assessment, DPA tracking, data residency checks, NIS2 Art. 21(2)(d) supply chain |
| change-management | Change records for critical assets with impact classification, approval workflow, rollback plans |
| audit-logging | Structured audit logging for agent actions + enforce logging in AI-generated code |
| data-sensitivity | Data classification, prompt secret interception, scanning, blocking โ patterns mapped to GDPR/NIS2 |
| compliance-hub | Central collection for all compliance records โ cloud storage, immutability, observability |
| security-compliance-tools | Critical asset methodology, CISO workflow, EU compliance tooling index |
| eu-compliance-directives | Curated index of authoritative EU and national compliance sources โ look up, don't hardcode |
Plugin structure
complisec/
โโโ SKILL.md # Root skill โ onboarding + enforcement
โโโ README.md # This file
โโโ .claude-plugin/
โ โโโ plugin.json # Claude Code plugin manifest
โโโ skills/
โ โโโ complisec/ # Entry skill (for plugin convention)
โ โโโ nis2-gap-analysis/ # NIS2 gap analysis + nis2_check.py
โ โโโ incident-management/ # Incident lifecycle + EU reporting directory
โ โโโ vendor-risk/ # Supply chain risk management
โ โโโ change-management/ # Change records for critical assets
โ โโโ audit-logging/ # Audit logging + schemas
โ โโโ data-sensitivity/ # Classification + scanning + blocking
โ โโโ compliance-hub/ # Central log collection + observability
โ โโโ org-profile/ # Organisation profile builder
โ โโโ security-compliance-tools/# Critical asset methodology + compliance tools
โ โโโ eu-compliance-directives/ # EU + national source index
โโโ .compliance/
โโโ profile.example.json # Example org profileInstall
See the eyesecurity/skills README for installation instructions across all platforms.
No common issues documented yet. If you hit a problem, the repository's GitHub Issues page is the best place to look.
Licensed under GPL-3.0โ you can use, modify, and redistribute it under that license's terms.
License
See LICENSE.