An open-source, audit-native agent runtime for UK public sector.
UK councils, NHS Trusts and housing associations deserve the same AI tools as central government — open source, auditable, Cyber Essentials ready, and designed from line one to pass an EU AI Act audit. civiclaw is a sovereign, on-prem agent runtime that ships with compliance as the core primitive, not an afterthought.
UK public-sector organisations are under binding regulatory pressure:
- UK GDPR Article 15 — Subject Access Requests must be answered in 30 days. A typical DSAR costs a council 20–40 staff hours.
- EU AI Act Article 12 — automatic logging with ≥6-month retention, kicking in 2 August 2026 for high-risk systems. Annex IV technical documentation required on demand.
- Freedom of Information Act — ~5,000 requests per council per year, each with a 20-working-day clock.
- Procurement Act 2023 / G-Cloud 15 — social-value reporting, transparency registers, connected-persons declarations.
The market is buying "AI transformation" slide decks. It is not buying auditable, sovereign runtimes that answer to regulators. civiclaw is that runtime.
A skill-based agent runtime, MIT-friendly (Apache 2.0), designed to:
- Run on-premise or in a UK-sovereign cloud, not a US lab's cloud
- Produce EU AI Act Article 12 logs as a first-class output, not a bolt-on
- Expose every agent action to a cryptographic append-only audit log
- Support any LLM backend — Claude, OpenAI, Gemini, Ollama/Qwen — without vendor lock-in
- Extend via a simple
SKILL.mdformat so each compliance domain (DSAR, FOI, AI Act, social-value, transparency register, NHS DSPT, CAFCASS) is a module, not a fork
| Skill | Status | What it does |
|---|---|---|
dsar |
v0.1 working | Intake, search, redact, and respond to UK GDPR Article 15 requests |
foi |
v0.1 working | Intake, s.12 fee check, search, and respond under FOIA 2000 |
eir |
v0.1 working | Intake, Reg 12 / Reg 13 exception check, search, and respond under the Environmental Information Regulations 2004 |
aiact |
v0.1 working | EU AI Act risk classification, Annex IV technical documentation, and Article 27 Fundamental Rights Impact Assessment for UK public-sector deployers |
Here's the tail from real DSAR and FOI round-trips run against the sample data — recorded as committed evidence in docs/sample-audit.jsonl:
2026-04-21T16:22:52Z dsar intake.parsed ref=REQ-ccf78468
2026-04-21T16:23:50Z dsar search.planned ref=SUB-e6b05c15
2026-04-21T16:24:38Z dsar response.drafted ref=REQ001
2026-04-21T16:24:39Z core oversight.approved ref=REQ001
2026-04-21T16:34:51Z foi intake.parsed ref=FOI-2ea58015
2026-04-21T16:34:58Z foi fee_limit.assessed ref=FOI-2ea58015
2026-04-21T16:35:43Z foi response.drafted ref=FOI-2026-001
2026-04-21T16:35:43Z core oversight.approved ref=FOI-2026-001
Every row is SHA-256 hash-chained to the previous. The chain verifies with civiclaw audit verify. Edit or delete any entry and the verification fails at the tampered row — that's the primitive EU AI Act Article 12 wants and nobody else ships.
Most agentic-AI products have to construct synthetic training data to improve their models. Civiclaw does not.
Every DSAR, FOI, EIR, and AI-Act case civiclaw runs ships a labelled trajectory: the regulatory mapping declared in the skill's YAML frontmatter, the agent's reasoning at each stage, the human officer's sign-off (or rejection) decision under Article 14, and the outcome. That is a supervised-learning dataset of real council-grade compliance ground truth, generated automatically as a by-product of normal use.
Each civiclaw skill ships a quarterly model card: accuracy on real (de-identified) cases, regression versus the previous prompt revision, distribution of human-override reasons. Run with DSPy / GEPA optimisation against the same audit-log-as-corpus and the skill prompts compile into something demonstrably better than a hand-written instruction.
Other vendors in this space cannot make this claim. They do not have the audit primitive — so they cannot have the corpus.
civiclaw/
├── core/
│ ├── audit.py cryptographic append-only audit log
│ ├── runtime.py skill loader, agent router
│ └── policy.py Art. 14 human-oversight hooks
├── skills/
│ ├── dsar/ first shipped skill
│ │ ├── SKILL.md skill manifest
│ │ ├── skill.py agent logic
│ │ └── samples/ demo data
│ └── foi/ second skill (in progress)
├── ui/ minimal Next.js admin
└── docs/
├── architecture.md
└── compliance-mapping.md UK GDPR / EU AI Act article mapping
- Auditable by default. Every agent decision writes to a Sigstore-compatible append-only log. No action is invisible.
- Human-in-the-loop where the law says so. Article 14 of the EU AI Act requires human oversight on high-risk outputs —
civiclawenforces it structurally, not optionally. - Model-agnostic. Claude is the dev-time default; Ollama/Qwen is the sovereign-fallback primitive. Never locked to one US lab.
- Skill-based, not monolithic. Each compliance obligation is a separate skill. Councils add skills they need; they don't pay for ones they don't.
- Cyber Essentials posture from line one. Hardened defaults. No secrets in code. No telemetry home. No third-party data sharing.
git clone https://gitlab.com/Alfpl/civiclaw.git
cd civiclaw
python3 -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
export ANTHROPIC_API_KEY="sk-ant-..." # or OPENAI_API_KEY, or run Ollama locally
export CIVICLAW_ACTOR="your.name@council.gov.uk"
# Top-level CLI
./civiclaw list
./civiclaw model # which backend will be used
./civiclaw dsar intake skills/dsar/samples/sample_request.txt
./civiclaw dsar search "James Wilson"
./civiclaw dsar redact skills/dsar/samples/sample_document.txt --subject "James Wilson" --requester "Sarah Wilson"
./civiclaw dsar respond --request-id REQ001
./civiclaw approve --ref REQ001 --note "Reviewed, cleared for disclosure."
./civiclaw audit verify
./civiclaw audit tail 10
./civiclaw audit demo-tamper # tampers one entry, shows the verifier catch it, restoresSee skills/dsar/SKILL.md for the full DSAR walkthrough, ui/ for the admin UI, and docs/architecture.md for the design brief.
Because UK councils and NHS Trusts cannot verify what a US-hosted closed-source AI tool does with their data. An open, sovereign, auditable runtime is the only honest answer.
- May 2026 — FOI skill, Microsoft 365 + Google Workspace integrations, Next.js admin UI
- June 2026 — Cryptographic audit log (Sigstore-compatible), human-oversight UI, first Local Authority pilot
- July 2026 — AI Act conformity pack (Annex IV generator, FRIA wizard)
- September 2026 — G-Cloud 15 framework listing
- Q4 2026 — NHS DSPT compliance pack, housing-association skill
The runtime is free and Apache 2.0. For councils that want a hosted Cyber Essentials Plus environment, SLA, and support — see workloft.ai for paid tiers.
Workloft.ai — UK-registered (ICO C1912528), London-based.
Apache License 2.0 — see LICENSE.