Does Article 12 apply to my AI deployment?

Article 12 applies to high-risk AI systems as defined in Annex III of the EU AI Act. High-risk categories include credit scoring, employment screening, education access, biometric identification, critical infrastructure operations, law enforcement uses, migration and border control, and several others. If your AI deployment falls into one of those categories and serves users in the EU, Article 12 applies. The classification turns on the use case, not on where the model runs or where the company is headquartered. Many B2B SaaS companies discover Article 12 applies to them indirectly, because their customers use the SaaS product in a high-risk function. In that arrangement, the customer is the deployer and inherits the Article 12 obligation, but the vendor's architecture determines whether the customer can actually satisfy it.

What counts as "automatic" logging under Article 12?

The regulation's language requires that the recording be automatic at the system level. A configuration that can be disabled by an operator, an extension that is optional, or a logging mode that depends on the user clicking enable does not satisfy the requirement. The recording must be structural to the system's operation. In practice, this rules out application-layer logging that depends on the application code being correct, since application code can be modified, disabled, or bypassed. An external enforcement proxy that records every request that passes through it satisfies the automatic requirement structurally.

Are six months of retention enough for our records?

Six months is the floor in Article 19. The retention period that actually applies to a specific deployer is the longer of six months and any other applicable law. Financial institutions in most EU jurisdictions face record-keeping obligations of five to ten years under existing financial regulation. Healthcare deployers face HIPAA-style retention obligations that depend on the data type. The practical answer for most regulated organizations is that six months is the minimum exposure and the operational retention period is much longer. Architectures should be designed to support retention of seven years as a reasonable upper bound, with the option to extend.

What happens if a vendor we use runs AI on our behalf and we cannot produce the log?

The disclosure obligation under Article 12 and adjacent provisions sits with the deployer, not the vendor. If a third-party tool runs AI on your data and you cannot produce the records, the regulator rejects the response "our vendor did not give us those logs." The lender is liable for AI mistakes by subcontractors. The same principle applies under the EU AI Act. Procurement contracts with AI-using vendors need to require vendor-side logs that the deployer can request on demand. In the absence of that, the deployer faces the disclosure gap directly. This is one of the under-reported exposures of embedded-AI vendor usage.

How does this differ from GDPR record-keeping requirements?

GDPR requires records of processing activities at a controller and processor level. The records cover what data is processed, why, by whom, for how long, and under what legal basis. Article 12 of the AI Act sits underneath that. It requires per-decision records of how AI systems handled specific requests, including the input data, the identity of the natural person, and the operational outcome. GDPR records describe what data the organization processes; Article 12 records describe what an AI system did with a specific request at a specific moment. GDPR compliance leaves the Article 12 obligation unmet. The Article 12 records are a higher-resolution, per-event evidence layer at a granularity GDPR never required.

Will Article 12 records protect us in litigation, not just regulation?

Per-decision records with verified identity, policy version, and tamper-evident signatures are admissible as evidence in civil and regulatory proceedings under EU evidentiary rules. The protection is in two directions. If a user disputes a decision made by the AI system, the deployer can produce the record showing the policy that was in effect, the data classification that applied, and the outcome. If a regulator investigates a breach or incident, the same records show what was authorized, by whom, under what policy. Without those records, the deployer is unable to produce evidence and faces the legal presumption that the supervisory obligation was

← Blog

May 13, 2026

EU AI Act Article 12: What the Logging Mandate Requires from Your AI Architecture

Article 12 of the EU AI Act mandates that high-risk AI systems automatically record events over the system lifetime. The logs must reconstruct what happened, who initiated it, and what data was involved. Penalties reach 15M EUR. Most AI deployments produce zero compliant records today.

ByParminder Singh· Founder & CEO, DeepInspect Inc.

Compliance & Regulationeu-ai-actai-governancecomplianceauditai-securityregulation

EU AI Act Article 12: What the Logging Mandate Requires from Your AI Architecture

On August 2, 2026, the EU AI Act high-risk system requirements take effect. Article 12 mandates that high-risk AI systems automatically record events over the lifetime of the system. The logs must include timestamps, input data, identification of natural persons involved, and enough detail to reconstruct what happened. Penalties reach €15 million or 3% of global annual turnover. Most AI deployments today produce zero compliant records. Closing the gap requires architectural changes at the AI request layer, and the August deadline leaves little room to retrofit application-layer logic.

The implementation runs to dozens of decisions across identity, data classification, policy state, and audit infrastructure.

I want to walk through what Article 12 actually requires, where the companion provisions in Article 19 raise the bar, and how standard application logs fall short. Then the architecture that satisfies it.

Mandate

Article 12 reads at one level of abstraction above implementation. The text says high-risk AI systems must "technically allow for the automatic recording of events (logs) over the lifetime of the system." The recording must enable identification of risk-creating situations, facilitate post-market monitoring, and enable monitoring of the system's operation.

Three architectural requirements collapse out of that text. First, the recording is automatic, which means it cannot depend on operator discretion or a configuration toggle. Second, it covers the lifetime of the system, which means logs must persist regardless of the application's runtime state. Third, the records must be detailed enough to reconstruct risk situations, which means application-level "request processed" entries are insufficient.

Article 19 specifies what goes in the log

Article 19 is where the regulation gets specific about what gets recorded. For high-risk systems, the automatically generated logs must include the period of use (start and end timestamps), the reference databases checked, the input data leading to a match, and the identity of natural persons involved in result verification.

That last item is the one most deployments fail. AI systems running on shared service credentials cannot identify the natural person behind a request. The credential identifies the application, not the human or agent on whose behalf the application is acting.

Retention is at least six months

Article 19 also sets the retention floor. Deployers must keep the automatically generated logs for at least six months, unless other Union or national law requires longer. Financial institutions are explicitly covered by their existing record-keeping obligations, which extend the retention well beyond six months in most jurisdictions.

Penalties under Article 99

Article 99 sets the penalty tier for high-risk non-compliance at €15 million or 3% of global annual turnover, whichever is higher. The supplying-misleading-information tier sits at €7.5 million or 1%. The prohibited-practices tier, which does not apply to most enterprise deployments, sits at €35 million or 7%.

For most enterprise AI deployments, the relevant exposure is the €15 million / 3% tier.

Compliance gap

Most AI deployments today have no compliant logging architecture. The gaps are structural.

Application-controlled audit logs fail under three conditions

When the application that generates the AI decision also writes the compliance log, the audit record has three failure modes. Selective logging: the application logs successes and "misses" edge-case failures. Suppression: logs can be wiped or modified by the same system that failed. Loss on crash: the application crashes after the AI model responds but before the log commits, so the action was taken but the evidence is gone.

I walked through this in detail in the context of vendor liability. The same principle applies to Article 12. Self-attestation by the system under audit fails the traceability test.

Identity context is missing at the request layer

Article 19 requires the log to identify the natural persons involved. Most enterprise AI deployments call model APIs using static service credentials or API keys issued to the application. The credential identifies the calling service, not the human or agent acting through it. Without identity context attached at the request layer, the log either omits the natural person or fabricates one from session-cookie heuristics.

I covered the architecture required to satisfy this requirement in the NIST identity and authorization breakdown. Pillar 1 of that framework is exactly this: identity context must travel with every AI request. Without it, neither Article 12 nor the NIST framework can be satisfied at the enforcement layer.

Tampering is uncontrolled

The regulation expects the records to be admissible as evidence in regulatory review. Standard application logs are mutable, often stored in the same database the application controls, and routinely rotated, truncated, or overwritten. A log that the application can modify is not a system of record for an auditor. It is a convenience artifact.

Vendor and embedded-AI usage is invisible

A material share of AI usage in enterprises flows through vendor SaaS tools that embed model calls under the hood. The lender's quality-control vendor uses ML to flag loan defects. The customer-service platform uses an LLM to summarize tickets. The pricing engine uses a model to score risk. The lender's environment never sees the prompt, the response, or the data classification. The mandate's recording requirement applies regardless of where the AI ran. The lender owns the disclosure obligation.

Mandate vs. Compliance

Article 12's text reads at one level of abstraction. The infrastructure to satisfy it operates several levels lower. The gap between the two is where most organizations are exposed.

Letter of Article 12

The letter says automatic recording, lifetime of the system, traceability sufficient to identify risk situations. A reasonable reading might conclude that a JSON log file, rotated nightly, in an S3 bucket, would satisfy the requirement. That reading holds until a regulator shows up and starts asking questions.

The questions a regulator will ask

The questions that follow a regulatory inquiry into a high-risk AI system are specific. Which model decisions touched this loan file? Who initiated each request? What was in the prompt? What data classification applied? What policy governed the decision at the moment it was made? Can you produce, in writing, an immutable record showing all of the above?

An application-controlled log collapses under those questions. The log lacks identity context that was never attached. The log lacks data classification that was never evaluated. The log omits policy state at the moment of decision because the application records only its own state.

What surviving a review actually requires

An architecture that satisfies Article 12 produces, for every AI request, a record containing:

A verified identity for the natural person behind the request
The role and authorization context that was in effect
The data classification applied to the prompt
The policy version that governed the decision
The decision outcome (permit, redact, deny)
A timestamp with sufficient precision to correlate across systems
A cryptographic signature or equivalent integrity mechanism that prevents post-hoc modification

That record is independent of the application that made the request. It is committed before the model response returns to the application. It persists regardless of the application's runtime state.

This is the architectural pattern the EU AI Act requires. The regulation does not name the architecture. The pattern emerges from the requirements.

DeepInspect

This is the architecture DeepInspect was built to provide. DeepInspect sits at the AI request boundary as an external enforcement layer that operates as a stateless proxy between the application and any LLM. Every request that passes through it is evaluated against per-route, per-role policies using the identity context the application supplies. PII is detected and redacted or blocked based on data classification rules.

Every decision produces a per-decision audit record containing identity, role, policy version, data sensitivity, decision outcome, and timestamp. The record is signed and tamper-evident. The record is committed before the application receives the model's response, which means the application cannot suppress it.

For Article 12, this is the missing infrastructure. The recording is automatic because it is structural to the proxy's design. The recording covers the lifetime of the deployment because the proxy is the gate every request passes through. The records are detailed enough to reconstruct decisions because they capture identity, policy, and classification at the moment of evaluation.

If you are running AI in a regulated environment and your Article 12 readiness depends on application logs that the application controls, that readiness is incomplete.

Book a demo today.

Beyond Article 12

Article 12 is not the only framework asking for this infrastructure. The same architectural pattern appears across the regulatory landscape that is taking effect in 2026 and beyond.

Fannie Mae LL-2026-04, effective August 6 for mortgage lenders, requires audit trails for AI-assisted decisions and disclosure of tools, providers, and safeguards on demand. The infrastructure that satisfies LL-2026-04 is the same infrastructure that satisfies Article 12.

The NIST AI agent identity and authorization framework makes the same architectural argument from the controls side. Pillars 2 and 3 of that framework require per-request policy evaluation and action lineage records. Both are what Article 12 calls for under different vocabulary.

DORA, NIS2, HIPAA-with-AI, ISO 42001, and the US state laws (Texas TRAIGA, California AI Transparency Act) converge on the same set of architectural requirements. Identity-bound records. Per-decision evaluation. Independent audit trails. Each regime uses different vocabulary for the same infrastructure requirements.

The August 2 deadline for Article 12 is the closest. The pattern that satisfies it will satisfy the others.

Frequently asked questions

Does Article 12 apply to my AI deployment?: Article 12 applies to high-risk AI systems as defined in Annex III of the EU AI Act. High-risk categories include credit scoring, employment screening, education access, biometric identification, critical infrastructure operations, law enforcement uses, migration and border control, and several others. If your AI deployment falls into one of those categories and serves users in the EU, Article 12 applies. The classification turns on the use case, not on where the model runs or where the company is headquartered. Many B2B SaaS companies discover Article 12 applies to them indirectly, because their customers use the SaaS product in a high-risk function. In that arrangement, the customer is the deployer and inherits the Article 12 obligation, but the vendor's architecture determines whether the customer can actually satisfy it.
What counts as "automatic" logging under Article 12?: The regulation's language requires that the recording be automatic at the system level. A configuration that can be disabled by an operator, an extension that is optional, or a logging mode that depends on the user clicking enable does not satisfy the requirement. The recording must be structural to the system's operation. In practice, this rules out application-layer logging that depends on the application code being correct, since application code can be modified, disabled, or bypassed. An external enforcement proxy that records every request that passes through it satisfies the automatic requirement structurally.
Are six months of retention enough for our records?: Six months is the floor in Article 19. The retention period that actually applies to a specific deployer is the longer of six months and any other applicable law. Financial institutions in most EU jurisdictions face record-keeping obligations of five to ten years under existing financial regulation. Healthcare deployers face HIPAA-style retention obligations that depend on the data type. The practical answer for most regulated organizations is that six months is the minimum exposure and the operational retention period is much longer. Architectures should be designed to support retention of seven years as a reasonable upper bound, with the option to extend.
What happens if a vendor we use runs AI on our behalf and we cannot produce the log?: The disclosure obligation under Article 12 and adjacent provisions sits with the deployer, not the vendor. If a third-party tool runs AI on your data and you cannot produce the records, the regulator rejects the response "our vendor did not give us those logs." The lender is liable for AI mistakes by subcontractors. The same principle applies under the EU AI Act. Procurement contracts with AI-using vendors need to require vendor-side logs that the deployer can request on demand. In the absence of that, the deployer faces the disclosure gap directly. This is one of the under-reported exposures of embedded-AI vendor usage.
How does this differ from GDPR record-keeping requirements?: GDPR requires records of processing activities at a controller and processor level. The records cover what data is processed, why, by whom, for how long, and under what legal basis. Article 12 of the AI Act sits underneath that. It requires per-decision records of how AI systems handled specific requests, including the input data, the identity of the natural person, and the operational outcome. GDPR records describe what data the organization processes; Article 12 records describe what an AI system did with a specific request at a specific moment. GDPR compliance leaves the Article 12 obligation unmet. The Article 12 records are a higher-resolution, per-event evidence layer at a granularity GDPR never required.
Will Article 12 records protect us in litigation, not just regulation?: Per-decision records with verified identity, policy version, and tamper-evident signatures are admissible as evidence in civil and regulatory proceedings under EU evidentiary rules. The protection is in two directions. If a user disputes a decision made by the AI system, the deployer can produce the record showing the policy that was in effect, the data classification that applied, and the outcome. If a regulator investigates a breach or incident, the same records show what was authorized, by whom, under what policy. Without those records, the deployer is unable to produce evidence and faces the legal presumption that the supervisory obligation was

← All posts