EU AI Act Article 12
EU AI Act Article 12 is the record-keeping clause inside the Act. Providers and deployers of high-risk AI systems must maintain "automatic recording of events (logs) over the lifetime of the system" so a competent authority can reconstruct what the system did with each request. Logs must capture period of use (start and end timestamps), input data presented to the system, and identification of the natural persons involved in the decision. The obligation runs from August 2, 2026, the date high-risk system requirements take effect.
How Article 12 reads inside the broader Act
Article 12 sits in Chapter III, Section 2, alongside the other high-risk system obligations: risk management (Article 9), data governance (Article 10), technical documentation (Article 11), transparency (Article 13), human oversight (Article 14), accuracy and robustness (Article 15). The logging clause is the evidence layer the other obligations depend on. A high-risk classification under Annex III triggers all of them at once, and Article 99 attaches penalties of up to 15 million euro or 3 percent of global turnover when the obligations go unmet.
What Article 12 evidence has to contain in practice
The competent authority opens a review and asks who issued the AI request, what data was inside the prompt, which model handled it, what the policy state was at that moment, and what the outcome was. An application-side log written by the same service that called the model collapses under cross-examination because the service is attesting to its own behavior. Article 12 evidence holds up when the record is written by a layer that sits outside the application, binds each entry to a verified identity claim, captures the policy version hash, and is tamper-evident after the fact.
Related reading
- EU AI Act Article 12: What the Logging Mandate Requires from Your AI Architecture
Article 12 of the EU AI Act mandates that high-risk AI systems automatically record events over the system lifetime. The logs must reconstruct what happened, who initiated it, and what data was involved. Penalties reach 15M EUR. Most AI deployments produce zero compliant records today.
- EU AI Act Article 19: What the Six-Month Log Retention Mandate Requires
Article 19 of the EU AI Act sets the operational floor for log retention from high-risk AI systems at six months and specifies what the automatically generated logs must contain. The mandate takes effect August 2, 2026. Application logs fail the structural test.
- EU AI Act Compliance Checklist: The 23 Items Your Deployment Must Pass
A 23-item operational checklist for EU AI Act high-risk compliance, organized across scope, documentation, evidence, monitoring, and incident reporting. The mandate takes effect August 2, 2026. Items 12 to 18 are where most deployments fail.