Case study · A product Paput built

EUCompli: a 14-agent GDPR & EU AI Act compliance scanner

EUCompli is an AI compliance platform Paput designed and built. Connect a GitHub repository and a system of specialized AI agents scans the code for GDPR and EU AI Act gaps, then generates code fixes and legal documents. It is the same agentic-security approach Paput brings to client work, shipped as a live product.

Book an AI audit

What EUCompli does

EUCompli is a developer-first compliance platform: instead of a 200-page report, it scans your actual source code and returns fixes you can commit. It connects to a GitHub repository, analyzes the code against EU data and AI regulation, and produces both the engineering changes and the legal paperwork that compliance normally requires.

  • Scans repositories for GDPR and EU AI Act gaps, plus ePrivacy cookie and consent checks.
  • Generates production-ready code: consent managers, cookie banners, audit logging, data-subject-rights endpoints.
  • Drafts the legal layer too — Privacy Policy, DPA, DPIA, ROPA — in English and Spanish.
  • Covers regional rules: LOPDGDD (Spain), CNIL (France), BDSG (Germany), GPDP (Italy).

A multi-agent system, not a single prompt

The product runs on a set of specialized AI agents — a classifier, regulation-specific analyzers, a code generator, a documentation generator, validators, and a monitor — that hand work to each other. This is the custom-agent engineering Paput does for clients, applied to a hard, regulated domain.

  • Fourteen specialized agents, each owning one step of the compliance pipeline.
  • Agents act on real code and open GitHub pull requests with their fixes.
  • Forty-seven automated tests validate the result, with browser and API evidence.
  • Built on Ruby on Rails and the Anthropic Claude API, with a React front end.

Agentic security by design

An agent that reads a codebase and opens pull requests is exactly the kind of system Paput hardens. EUCompli is built with the same production controls Paput applies elsewhere: the agents propose changes a human merges, every run is traceable, and the output is validated before it is trusted.

  • Agents propose; a person reviews and merges the pull request.
  • Each scan is logged and reproducible, not a black box.
  • Automated tests gate the output so a bad fix does not ship silently.
  • The design maps to the frameworks Paput works from — NIST AI RMF, OWASP Top 10 for LLM Apps, CSA AI Controls Matrix.

Who it is for

EUCompli is aimed at software teams that need to meet EU rules without hiring a full legal team — and especially at companies outside Europe, such as Latin American businesses, entering the European market. It is free to try with a Quick Scan and moves to a paid Full Scan for the complete pipeline.

  • Free Quick Scan for an instant overview; Full Scan from €49/month for the full 14-agent analysis.
  • Documentation support in English and Spanish for teams new to EU regulation.
  • A working example of what Paput can design and build as a product, not just a project.

Visit EUCompli

Questions buyers ask

Did Paput build EUCompli?

Yes. EUCompli is designed and built by Paput. It is a live example of the custom AI agents and agentic-security work Paput does for clients, turned into a standalone product.

Where can I try EUCompli?

EUCompli is online at www.eucompli.ai, with a free Quick Scan that needs no credit card.

Can Paput build something like this for us?

Yes — building multi-agent products that act on real systems safely is exactly what Paput does. The fastest start is an AI audit, where we map your workflow and where agents fit.

AI operator field notes

illmethinks.io publishes source-transparent notes on AI agents, tools, and operational risk monitored by Paput.ai.