EU AI Act Article 12 explained — what record-keeping actually means.

7 June 2026 · 12 min read · By the Agent Audit team

The text of Article 12 is short. Three paragraphs. The operational implications are enormous, and most firms reading the text the first time underestimate the engineering work required to comply. Below is what Article 12 actually says, what regulators have signalled they expect to see, and what production AI systems need to do between now and 2 August 2026.

What the text says.

Article 12 of Regulation (EU) 2024/1689 covers "Record-keeping". It applies to all high-risk AI systems as defined in Annex III and to certain general-purpose models. It requires three things:

1. The system shall technically allow for the automatic recording of events over the lifetime of the system.
2. The logging capabilities shall ensure a level of traceability of the system's functioning that is appropriate to the intended purpose.
3. Logs shall in particular enable the monitoring of operation of the high-risk AI system with regard to situations that may result in the AI system presenting a risk within the meaning of Article 79 or undergoing substantial modification.

In plain English: the system must log its own behaviour, automatically, in a way that supports both routine monitoring and incident investigation.

What "automatic" means in practice.

The AI Office has emphasised that records cannot be reconstructed after the fact from disparate sources. The logging must be a property of the system itself, captured at the time of action, not assembled later from multiple inputs.

This rules out most current approaches in production. Datadog and Splunk capture HTTP-level events but do not capture the agent-internal state — which tool was selected, what decision was made, what data class was touched. Custom logging written by engineers tends to be incomplete and inconsistent across services. Compliance automation platforms like Drata and Vanta address static controls and don't capture runtime activity at all.

What "appropriate to the intended purpose" means.

The regulation gives operators flexibility on the format and depth of logging, scaled to the intended use of the system. A high-risk system affecting consumer creditworthiness will face higher scrutiny than one automating internal process tasks. But the threshold is not zero — any Annex III system must log enough to allow an authority to reconstruct operational behaviour during a defined period.

The specific things logs must enable.

Article 12 paragraph 3 lists the situations the logs must support identification of:

• Situations where the system may present a risk under Article 79 (the post-market monitoring regime)
• Situations where the system has undergone substantial modification (which may require re-conformity assessment)
• For systems used at the workplace, where natural persons interact with them, the operational period and the natural persons involved in verifying the output

Retention.

Logs must be kept for a period appropriate to the intended purpose of the AI system, and at minimum six months unless Union or Member State law requires otherwise. For most regulated UK firms, the practical minimum will be seven years — driven by FCA SYSC retention requirements that apply in parallel to the AI Act.

Availability to authorities.

Logs must be made available to national competent authorities on request. In the UK, this means the supervisory authority designated to oversee AI under the forthcoming UK AI regulatory framework — currently the ICO, FCA and relevant sector regulators. In the EU, the national market surveillance authority. The form of the disclosure is not prescribed, but the AI Office has indicated that they expect to receive evidence in a format that supports independent analysis — not raw log files.

The penalty regime.

Article 99 sets the administrative fine framework:

• Up to €35 million or 7% of global annual turnover for non-compliance with the Article 5 prohibitions
• Up to €15 million or 3% for non-compliance with provider obligations including Article 12
• Up to €7.5 million or 1% for supplying incorrect or misleading information to authorities

Member States can apply higher amounts in specific circumstances. For UK firms in scope of the AI Act extraterritorially, the enforcement mechanism will be cooperation between EU market surveillance authorities and UK supervisors.

What an operational answer looks like.

A defensible Article 12 implementation has five properties:

1. Automatic capture at the agent runtime layer. Not assembled from HTTP logs after the fact. Captured at the point of decision, tool invocation, or data access.
2. Cryptographic integrity. The log must be tamper-evident. Hash-chain or equivalent that makes retroactive editing mathematically detectable.
3. Sufficient granularity. Per-action, with input/output fingerprints, data classification, decision metadata, and tool identification.
4. Retention with cryptographic continuity. Cold storage that does not break the chain. Verification reproducible from any read-only copy.
5. Regulator-acceptable output format. A pack the authority can read, indexed and signed, with a verification methodology independent of the system operator.

What firms should do now.

If you're a UK firm preparing for the deadline:

• Inventory every AI agent in production. Most firms underestimate their count by 2–3x.
• Classify each against Annex III. Be honest — claims triage at an insurer or credit decisioning at a lender are in scope.
• Assess your current logging against the five operational properties above. Most firms will fail at properties 1, 2, and 5.
• Decide build vs buy. The build cost for the SDK alone is two engineering quarters; the pack format catalogue is a permanent commitment because regulations evolve.
• Engage your auditor early. The format they accept is the format you need to produce. Get them in the room before you commit to a platform.

Start free → install in 5 minutes →