Glossary
What is EU AI Act Article 12 (Record-keeping)?
Last updated: 2026-05-26
Definition
Article 12 of the EU AI Act requires high-risk AI systems to automatically record events ("logs") throughout their lifecycle, in a form that enables traceability of the system's functioning. Logs must capture timestamps, inputs, outputs, tools invoked, and human decisions — enough that an inspector can reconstruct what happened on any given run.
Why EU AI Act Article 12 (Record-keeping) matters
Article 12 is the single most operational obligation in the Act: without compliant logging, an organisation cannot prove anything else (risk management, human oversight, accuracy monitoring). Logs are the first thing requested in a market-surveillance inspection. Retention is at least 6 months unless other Union or national law requires longer.
How EU AI Act Article 12 (Record-keeping) works
- 1The system records each "event" relevant to risk identification (Article 9), system operation, and post-market monitoring (Article 72).
- 2Logs must be tamper-evident, time-stamped, and structured so they can be queried after the fact.
- 3Retention is at least 6 months. Financial services, healthcare, and HR contexts often extend this to 5+ years under sectoral law.
- 4Operators must be able to provide logs to national competent authorities and notified bodies on request — usually within days.
- 5Logs of personal data must respect GDPR Article 5 storage limitation; pseudonymisation at log-write time is the standard pattern.
Examples
- A loan-approval AI logs: timestamp, applicant pseudonym, model version, input features hash, prediction, confidence, human reviewer ID, override flag, final decision.
- A radiology AI logs: scan ID, model version, region-of-interest detected, confidence, radiologist agreement flag, time-to-review.
- A recruitment AI logs: job ID, candidate pseudonym, model version, rank, reasons cited, recruiter override, hire/no-hire outcome.
References
Related concepts
Human-in-the-loop (HITL)
Human-in-the-loop (HITL) is a design pattern where a human reviewer must approve, edit, or veto an AI agent's output before it executes a consequential action. The agent pauses, surfaces what it is about to do, waits for the human, and then proceeds — a deliberate brake to keep autonomy bounded.
Role-Based Access Control (RBAC)
Role-Based Access Control (RBAC) for AI is a security model that grants permissions to AI agents and AI users based on roles rather than individuals. A "marketing analyst" role can run a defined set of agents, read certain knowledge bases, and call approved tools — and changes to the role propagate to everyone who holds it.
AI agent management
AI agent management is the discipline of operating AI agents at scale — covering deployment, role-based access, budget allocation, performance monitoring, audit logging, and lifecycle (retire, refresh, replace). It is to AI agents what fleet management is to vehicles or what DevOps is to software services.
Agent observability
Agent observability is the practice of capturing what an AI agent did, why it did it, and how well it did it, in a form that engineers can search and reviewers can audit. It combines three pillars: logs (the steps), traces (the causal chain across LLM calls and tools), and evals (continuous scoring of output quality).
FAQ
EU AI Act Article 12 (Record-keeping) — common questions
- Does Article 12 apply to limited-risk or minimal-risk AI?
- No. Article 12 applies to high-risk AI systems listed in Annex III plus AI used as safety components of regulated products. For minimal-risk systems, logging is recommended best practice but not legally required.
- Can we log to a third-party SaaS or must logs stay in-house?
- Third-party SaaS is allowed if the provider acts as a processor under GDPR Article 28 and the contract guarantees authority access on request. Most European deployers prefer EU-hosted logging providers to keep the data-transfer story simple.
- What format do logs need to be in?
- The Act does not mandate a format. Structured JSON or OpenTelemetry traces are the industry default. The bar is "automatic, traceable, queryable by an inspector" — PDF or unstructured text logs would fail an audit.