Audit log integrity

Audit log integrity is the property that an audit record, once written, can be replayed at audit time and verified to match its original state byte-for-byte. The property combines three primitives: an append-only store the writer cannot rewrite, a cryptographic chain that binds each entry to the prior entry, and a signing key the application that produced the event cannot access. EU AI Act Article 12, NIST AI RMF MANAGE 1.3, and HIPAA 164.312(b) all assume audit log integrity at the moment a regulator opens a review. A log without it answers the question "how do you know this record was not edited after the decision?" with silence.

How audit log integrity is established at write time

The enforcement layer serializes each per-decision record (subject, route, classification verdict, policy version hash, outcome, latency) into a canonical byte form. It computes a SHA-256 hash over the prior entry's hash plus the current entry's bytes. A key held in an HSM or KMS service signs the new hash. The trusted timestamp comes from an external time source, not the application clock. The signature, the chain hash, and the timestamp travel with the entry into the append-only store.

How audit log integrity is verified at read time

The forensic investigator or the regulator replays the chain from a known anchor point: a periodic checkpoint published to an external store, an inclusion proof to a notarization service, or a counter-signed root. Any later mutation, deletion, or reordering produces a hash mismatch the verifier detects. The verification step is reproducible. Two independent verifiers run the same algorithm against the same chain and get the same result, which is the property that makes the log defensible under cross-examination.

Related reading

  • Tamper-Evident Audit Logs for AI: What Cryptographic Integrity Brings to Compliance Records

    Tamper-evident audit logs make any post-hoc modification of a record detectable through cryptographic integrity. For AI compliance records, the property closes the self-attestation gap that application-controlled logs cannot. The technique combines per-record signing, hash chaining, and external anchoring. EU AI Act Article 12, Fannie Mae LL-2026-04, HIPAA, DORA, and NIST AI RMF all expect records that an auditor can rely on as evidence. Application logs that the application can modify do not meet that standard. This piece walks through the cryptographic mechanisms, the operational characteristics, and the architectural placement.

  • Signed Audit Logs for AI Requests: Per-Decision Signing and What Regulators Will Accept

    A signed audit log binds a cryptographic signature to each record at the moment the record is committed. For AI requests, the signature ties the record to the inspection layer that produced it and lets a verifier confirm authenticity without trusting the storage layer. The technique is the cryptographic foundation under tamper-evident audit trails the EU AI Act Article 12, Fannie Mae LL-2026-04, HIPAA, DORA, and NIST AI agent identity framework all expect. This piece walks through the signing schemes, the key management, and the verification flow that auditors and regulators will accept.

  • AI Audit Logs: The Format Spec That Survives EU AI Act, DORA, and Fannie Mae Review

    AI audit logs that survive regulatory review carry a specific set of fields the EU AI Act Article 12, DORA Article 19, Fannie Mae LL-2026-04, NIST AI RMF, and HIPAA all expect on the same record. The fields cover identity, decision provenance, model identity, policy state, and integrity metadata. The format has to support per-record retrieval and per-series replay. The write path has to sit outside the application so the application cannot modify the record. This piece walks through the field-level format specification, the integrity model, the storage characteristics, and the deployment pattern that produces records the regulator and the customer auditor will accept.

← Back to glossary