dingdawg-compliance

Colorado SB 205 AI Act compliance scanner. Run it in 60 seconds. Get your score. Know your gaps before June 30, 2026.

pip install dingdawg-compliance
python3 -m dingdawg_compliance scan

---

What it does

Colorado SB 205 requires any company using AI for consequential decisions (employment, housing, credit, insurance, healthcare, education) to:

• Conduct impact assessments before deployment
• Disclose AI use to consumers at point of decision
• Provide appeal and human review mechanisms
• Designate a Responsible AI Officer
• Test for discriminatory bias
• Maintain a 3-year audit trail

This tool scores your readiness across all 25 SB 205 controls. Free. No signup. Runs locally.

---

Install

pip install dingdawg-compliance

Requires Python 3.9+. No external dependencies — stdlib only.

---

Usage

Interactive scan (recommended)

python3 -m dingdawg_compliance scan

Walk through all 25 controls. Answer y/n/skip for each. Get your score at the end.

Example output:

──────────────────────────────────────────────────────
  Overall Score: 44/100  [████████░░░░░░░░░░░░]  NEEDS WORK
──────────────────────────────────────────────────────

  Category Scores:
    ~ scope                  100%
    ✗ impact_assessment        0%
    ✗ transparency            33%
    ✗ appeal                   0%
    ~ governance              50%
    ✗ bias_testing             0%
    ✗ data_governance          0%
    ✗ incident_response       50%
    ✓ audit                  100%

  ⚠ Critical gaps (2) — mandatory under SB 205:
    • CO-3   Pre-Deployment Impact Assessment
    • CO-6   Consumer Disclosure at Point of Decision

  Need the full remediation report?
  → dingdawg.com/compliance  (CO SB 205 gap report — $199)

Score from a JSON file

python3 -m dingdawg_compliance score responses.json

Format for responses.json:

{
  "CO-1": true,
  "CO-2": true,
  "CO-3": false,
  "CO-4": null
}

true = implemented, false = not implemented, null = unknown (scored as not implemented).

List all 25 controls

python3 -m dingdawg_compliance controls

---

Use as a library

from dingdawg_compliance import calculate_co_sb205_score, CO_SB_205_CONTROLS

# Score a self-assessment
responses = {
    "CO-1": True,   # scope: identified consequential decisions
    "CO-3": False,  # impact_assessment: no pre-deployment assessment yet
    "CO-6": True,   # transparency: consumer disclosure implemented
    # ... rest of controls
}

result = calculate_co_sb205_score(responses)
print(result["score"])           # 0-100
print(result["gaps"])            # list of unimplemented controls
print(result["critical_gaps"])   # CO-3, CO-6, CO-10, CO-14 if missing

Track assessments in SQLite

from dingdawg_compliance import ComplianceStore, ComplianceScorer, ComplianceFramework

store = ComplianceStore()  # stored at ~/.dingdawg/compliance/compliance.db

# Register and assess a control
store.assess_control("CO-3", status="COMPLIANT", assessor="legal-team", notes="Completed Q1 2026")

# Score
scorer = ComplianceScorer(store)
print(scorer.overall_posture_score())   # e.g. 72.0
print(scorer.per_framework_score())     # per-framework breakdown
print(scorer.gap_analysis())            # prioritized gap list

Automated checks (read-only)

from dingdawg_compliance import AutoAssessor
from pathlib import Path

assessor = AutoAssessor(
    base_dir=Path("./src"),
    db_paths=[Path("./data/app.db")]
)

results = assessor.run_all_checks()
print(results["checks"]["access_controls"]["summary"])
print(results["checks"]["audit_logging"]["summary"])

---

The 25 CO SB 205 Controls

ID	Category	Control	Critical
CO-1	scope	Consequential Decision Identification
CO-2	scope	High-Risk AI System Classification
CO-3	impact_assessment	Pre-Deployment Impact Assessment	★
CO-4	impact_assessment	Annual Impact Assessment Review
CO-5	impact_assessment	Impact Assessment Documentation
CO-6	transparency	Consumer Disclosure at Point of Decision	★
CO-7	transparency	Disclosure Timing
CO-8	transparency	Disclosure Content — AI Role
CO-9	transparency	Disclosure Content — Data Used
CO-10	appeal	Appeal Mechanism	★
CO-11	appeal	Human Review Option
CO-12	appeal	Opt-Out Mechanism
CO-13	appeal	Appeal Response Timeline
CO-14	governance	Responsible AI Officer Designation	★
CO-15	governance	AI Inventory
CO-16	governance	Vendor Due Diligence
CO-17	governance	Policy Documentation
CO-18	bias_testing	Pre-Deployment Bias Testing
CO-19	bias_testing	Ongoing Bias Monitoring
CO-20	bias_testing	Protected Class Analysis
CO-21	data_governance	Training Data Documentation
CO-22	data_governance	Data Minimization
CO-23	incident_response	AI Incident Response Plan
CO-24	incident_response	Error Notification
CO-25	audit	Third-Party Audit Trail

★ Critical — mandatory remediation required before June 30, 2026.

---

What this doesn't include

This scanner shows what to check and where your gaps are. It does not generate remediation plans, regulatory citations, evidence templates, or audit-ready documentation.

For the full gap report with remediation guidance → dingdawg.com/compliance

---

License

Apache 2.0 — free to use, fork, and contribute.

Contributing

PRs welcome for new indicators, additional frameworks, or CLI improvements. Open an issue first for anything structural.