dingdawg-compliance

Colorado SB 205 AI Act compliance scanner. Run it in 60 seconds. Get your score. Know your gaps before June 30, 2026.

pip install dingdawg-compliance
python3 -m dingdawg_compliance scan

---

What it does

Colorado SB 205 requires any company using AI for consequential decisions (employment, housing, credit, insurance, healthcare, education) to:

• Conduct impact assessments before deployment
• Disclose AI use to consumers at point of decision
• Provide appeal and human review mechanisms
• Designate a Responsible AI Officer
• Test for discriminatory bias
• Maintain a 3-year audit trail

This tool scores your readiness across all 25 SB 205 controls. Free. No signup. Runs locally.

---

Install

pip install dingdawg-compliance

Requires Python 3.9+. No external dependencies — stdlib only.

---

Usage

Interactive scan (recommended)

python3 -m dingdawg_compliance scan

Walk through all 25 controls. Answer y/n/skip for each. Get your score at the end.

Example output: ``` ────────────────────────────────────────────────────── Overall Score: 44/100 [████████░░░░░░░░░░░░] NEEDS WORK ──────────────────────────────────────────────────────

Category Scores: ~ scope 100% ✗ impact_assessment 0% ✗ transparency 33% ✗ appeal 0% ~ governance 50% ✗ bias_testing 0% ✗ data_governance 0% ✗ incident_response 50% ✓ audit 100%

⚠ Critical gaps (2) — mandatory under SB 205: • CO-3 Pre-Deployment Impact Assessment • CO-6 Consumer Disclosure at Point of Decision

Need the full remediation report? → dingdawg.com/compliance (CO SB 205 gap report — $199) ```

Score from a JSON file

python3 -m dingdawg_compliance score responses.json

Format for responses.json: ``json { "CO-1": true, "CO-2": true, "CO-3": false, "CO-4": null } ``

true = implemented, false = not implemented, null = unknown (scored as not implemented).

List all 25 controls

python3 -m dingdawg_compliance controls

---

Use as a library

from dingdawg_compliance import calculate_co_sb205_score, CO_SB_205_CONTROLS

# Score a self-assessment
responses = {
    "CO-1": True,   # scope: identified consequential decisions
    "CO-3": False,  # impact_assessment: no pre-deployment assessment yet
    "CO-6": True,   # transparency: consumer disclosure implemented
    # ... rest of controls
}

result = calculate_co_sb205_score(responses)
print(result["score"])           # 0-100
print(result["gaps"])            # list of unimplemented controls
print(result["critical_gaps"])   # CO-3, CO-6, CO-10, CO-14 if missing

Track assessments in SQLite

from dingdawg_compliance import ComplianceStore, ComplianceScorer, ComplianceFramework

store = ComplianceStore()  # stored at ~/.dingdawg/compliance/compliance.db

# Register and assess a control
store.assess_control("CO-3", status="COMPLIANT", assessor="legal-team", notes="Completed Q1 2026")

# Score
scorer = ComplianceScorer(store)
print(scorer.overall_posture_score())   # e.g. 72.0
print(scorer.per_framework_score())     # per-framework breakdown
print(scorer.gap_analysis())            # prioritized gap list

Automated checks (read-only)

from dingdawg_compliance import AutoAssessor
from pathlib import Path

assessor = AutoAssessor(
    base_dir=Path("./src"),
    db_paths=[Path("./data/app.db")]
)

results = assessor.run_all_checks()
print(results["checks"]["access_controls"]["summary"])
print(results["checks"]["audit_logging"]["summary"])

---

The 25 CO SB 205 Controls

| ID | Category | Control | Critical | |----|----------|---------|---------| | CO-1 | scope | Consequential Decision Identification | | | CO-2 | scope | High-Risk AI System Classification | | | CO-3 | impact_assessment | Pre-Deployment Impact Assessment | ★ | | CO-4 | impact_assessment | Annual Impact Assessment Review | | | CO-5 | impact_assessment | Impact Assessment Documentation | | | CO-6 | transparency | Consumer Disclosure at Point of Decision | ★ | | CO-7 | transparency | Disclosure Timing | | | CO-8 | transparency | Disclosure Content — AI Role | | | CO-9 | transparency | Disclosure Content — Data Used | | | CO-10 | appeal | Appeal Mechanism | ★ | | CO-11 | appeal | Human Review Option | | | CO-12 | appeal | Opt-Out Mechanism | | | CO-13 | appeal | Appeal Response Timeline | | | CO-14 | governance | Responsible AI Officer Designation | ★ | | CO-15 | governance | AI Inventory | | | CO-16 | governance | Vendor Due Diligence | | | CO-17 | governance | Policy Documentation | | | CO-18 | bias_testing | Pre-Deployment Bias Testing | | | CO-19 | bias_testing | Ongoing Bias Monitoring | | | CO-20 | bias_testing | Protected Class Analysis | | | CO-21 | data_governance | Training Data Documentation | | | CO-22 | data_governance | Data Minimization | | | CO-23 | incident_response | AI Incident Response Plan | | | CO-24 | incident_response | Error Notification | | | CO-25 | audit | Third-Party Audit Trail | |

★ Critical — mandatory remediation required before June 30, 2026.

---

What this doesn't include

This scanner shows what to check and where your gaps are. It does not generate remediation plans, regulatory citations, evidence templates, or audit-ready documentation.

For the full gap report with remediation guidance → dingdawg.com/compliance

---

License

Apache 2.0 — free to use, fork, and contribute.

Contributing

PRs welcome for new indicators, additional frameworks, or CLI improvements. Open an issue first for anything structural.