A2WF EU Governance Readiness Checker

Enter the URL of a site. The checker fetches the site's published A2WF policy, validates it against the v1.1 specification, and produces a technical report mapping the declarations to EU AI Act and GDPR anchors. This is a readiness check on declarations, not a compliance audit or legal certificate.

Site URL

The checker looks for /.well-known/a2wf/siteai.json and falls back to /siteai.json (v1.0 legacy).

CORS-blocked? Show how the site operator can enable cross-origin access

If the check fails with a CORS error, the target site does not yet allow cross-origin access to its A2WF endpoint. Most sites can fix this by adding the following header to the response for /.well-known/a2wf/siteai.json:

Access-Control-Allow-Origin: *

nginx (in the location block for the well-known path):

location = /.well-known/a2wf/siteai.json {
    add_header Access-Control-Allow-Origin "*" always;
    add_header Content-Type "application/json";
    try_files $uri =404;
}

Apache (in .htaccess in the docroot):

<FilesMatch "^siteai\.json$">
    Header set Access-Control-Allow-Origin "*"
    Header set Content-Type "application/json"
</FilesMatch>

Cloudflare (Workers or Page Rules): set Response header Access-Control-Allow-Origin: * on the path /.well-known/a2wf/siteai.json.

Alternative: download the file yourself, then validate it with the A2WF Validator instead.

Validator running in degraded mode. The JSON Schema bundle could not be loaded. Only semantic checks were performed; the Score is capped at 29. Reload the page or check the browser console for details.

Legacy A2WF v1.0 document detected. The site uses the older v1.0 shape and the v1.1 EU Governance modules (dataHandling, agentIdentification, auditTrail, incidentReporting, jurisdictions, discoverabilityHints) are not present. The Recommendations below include migration guidance.

A2WF Declaration Coverage Score by Reference Tool. NOT an A2WF conformance metric, NOT a compliance score, NOT legal advice. Capped at 59 when the document fails validation.

Site checked

URL
Discovery path
Spec version
Conformance level
Profile claimed
Modules declared
Last updated

Validation findings

Severity	Path	Section	Message

EU AI Act anchors

Heuristic mapping of the published document to a small set of EU AI Act articles. Each finding is typed as support (declaration backs a relevant practice), gap (declaration missing where it would help), or risk (declaration may signal a problem). Educational only; not legal advice.

No EU AI Act anchors triggered for this document.

GDPR anchors

Heuristic mapping to a small set of GDPR articles, typed as support / gap / risk. Educational only; not legal advice. Many GDPR articles (6/9/22/28/30/32/35/44ff) are NOT covered.

No GDPR anchors triggered for this document.

Recommendations

Each example below shows the property to add or change at the top level of your siteai.json document.

No specific recommendations. Re-run the check after any document update.

Disclaimer. This report checks machine-readable A2WF declarations only. It does NOT assess actual operations, does NOT establish legal applicability of any regulation, does NOT verify contractual duties, and does NOT certify regulatory compliance. The A2WF Declaration Coverage Score is a vendor metric defined by this tool and is NOT an A2WF conformance metric. The EU AI Act and GDPR anchor mappings are heuristic orientation, not legal subsumption. Operators are responsible for their own legal review.

Vendor wrapper notice. This page is shown under the brand "" via URL parameters. The underlying tool is the neutral A2WF reference checker and is NOT endorsed by, certified by, or operated by . The vendor is responsible for any additional claims it makes around this report.

What this checker does

Fetches the site's A2WF policy from /.well-known/a2wf/siteai.json with fallback to /siteai.json.
Validates against the A2WF v1.1 JSON Schema and the EU Governance Starter Profile.
Maps declarations to a small set of EU AI Act articles (5, 6, 13, 14, 26, 50) and GDPR articles (5, 13/14, 25, 33) as orientation. Many other articles are NOT covered.
Produces a vendor "A2WF Declaration Coverage Score" 0-100 with bands and recommendations.
Allows operator branding via URL parameters (?brand=&logo=) for vendors wrapping this tool.

What this checker does NOT do

It does NOT certify legal compliance with any regulation (EU AI Act, GDPR, sector-specific law).
It does NOT assess the operator's actual practices, processes, or technical controls.
It does NOT cover all relevant articles. EU AI Act Annex III sector gating, Articles 4/12/15/16/17/25/27/72/73 and GDPR Articles 6/9/22/28/30/32/35/44ff are NOT covered.
It does NOT crawl the site beyond the A2WF discovery path.
It does NOT store URLs or results anywhere; everything happens in your browser.
The Score is NOT an A2WF conformance metric and NOT a regulatory readiness number.

Privacy notes

The checker has no backend and does not store results.
Your browser sends a GET request to the target site. The target site sees your IP address, User-Agent, timestamp, and the requested A2WF path.
If a logo is configured via ?logo=, your browser fetches the image from the logo host, which sees the same request metadata. Only HTTPS logo URLs are honoured.
Standard HTTP access logs may be produced by the host serving this page.

CORS note

The browser fetches the policy directly from the target site. Many real sites do not yet return Access-Control-Allow-Origin on their A2WF endpoint, in which case the browser blocks the fetch with a CORS error. This does not mean the A2WF document is absent - it means cross-origin browser access is blocked. Site operators who want third-party tools to reach their A2WF endpoint should add Access-Control-Allow-Origin: * to the response for /.well-known/a2wf/siteai.json. Alternatively, run this checker from the same origin as the target site (e.g. by hosting the tool yourself).