Record-Keeping and Logging
Article 12 automatic logging capabilities.
Record-Keeping and Logging (Article 12)
Learning Objectives
By the end of this chapter, you will be able to:
- Design AI logging systems that meet Article 12 requirements
- Determine appropriate log retention periods for different contexts
- Implement technical controls for log integrity and accessibility
- Establish logging procedures for different actor types
- Integrate logging with incident investigation and post-market monitoring
Article 12 mandates automatic logging capabilities for high-risk AI systems. Logs serve as the "flight recorder" for AI—enabling traceability, accountability, incident investigation, and regulatory oversight throughout the system's operational life.
Why Logging Matters
Traceability
Logs provide an audit trail of AI system operations, enabling reconstruction of what happened, when, and why.
Accountability
When issues arise, logs identify who was involved and what decisions were made.
Regulatory Compliance
Authorities use logs to investigate incidents and verify ongoing compliance.
Continuous Improvement
Post-market monitoring relies on log data to identify performance issues.
Article 12 Requirements
Core Logging Obligation
High-risk AI systems shall technically allow for automatic recording of events (logs) over the lifetime of the system.
Key elements:
- Automatic: Logging must be built into the system, not manual
- Events: System activities and decisions must be captured
- Lifetime: From deployment through decommissioning
Traceability Standard
Logging capabilities must ensure traceability appropriate to the intended purpose:
| Intended Purpose | Traceability Level | Example Logs |
|---|---|---|
| Medical diagnosis | High | All inputs, outputs, confidence scores, clinician interactions |
| Credit decisions | High | Application data, model outputs, human overrides |
| Recruitment screening | Medium-High | Candidate data processed, decisions, human review |
| Critical infrastructure | High | All operational decisions, alerts, interventions |
What Must Be Logged
Article 12(3) Specific Requirements
For remote biometric identification systems referred to in Annex III, point 1(a), logs must specifically enable monitoring of:
| Log Element | Description |
|---|---|
| Period of use | Start and end time of each use session |
| Reference database | Which database was used for matching |
| Matching inputs | Input data that resulted in matches |
| Human verifiers | Natural persons who verified results |
General Logging Requirements
For all high-risk AI systems, capture:
| Category | Log Elements |
|---|---|
| Inputs | Data submitted to the system |
| Outputs | Decisions, predictions, recommendations made |
| Confidence | Certainty levels of outputs |
| Context | Environmental and operational conditions |
| Users | Who used the system and when |
| Interventions | Human overrides or modifications |
| Errors | System errors and anomalies |
| Performance | Accuracy and reliability metrics |
Technical Implementation
Logging Architecture
| Component | Requirements |
|---|---|
| Log Generation | Automatic capture at system level |
| Log Storage | Secure, scalable, searchable storage |
| Log Integrity | Tamper-evident, immutable records |
| Log Access | Controlled access with audit trails |
| Log Retention | Configurable retention periods |
Log Integrity Controls
| Control | Purpose |
|---|---|
| Append-only storage | Prevent deletion or modification |
| Cryptographic hashing | Detect tampering |
| Digital signatures | Authenticate log entries |
| Secure timestamps | Establish reliable chronology |
| Access logging | Track who accessed logs |
Expert Insight
Consider blockchain-based or immutable database solutions for high-stakes AI systems. These provide cryptographic proof of log integrity that can withstand regulatory scrutiny.
Log Format Standards
Structure logs for machine readability and human analysis:
Recommended elements per log entry:
- Timestamp (ISO 8601 format)
- Event type
- System component
- User identifier (where applicable)
- Input summary/hash
- Output details
- Confidence score
- Decision rationale (if available)
- Session identifier
Retention Requirements
Retention Period Determination
Article 19(1) (providers) and Article 26(6) (deployers) require log retention of at least 6 months. Article 12 itself does not specify a retention period. Retention considerations by context:
| Context | Minimum Retention | Rationale |
|---|---|---|
| Medical/health decisions | Duration of clinical relevance + legal retention | Patient safety, medical records law |
| Employment decisions | Duration of employment + limitation period | Employment tribunal claims |
| Credit/financial | Duration of relationship + regulatory period | Financial services requirements |
| Law enforcement | Per national requirements | Criminal justice needs |
| Critical infrastructure | Operational lifetime + investigation period | Safety investigations |
Deployer Retention Obligations
Article 26(6) specifically requires deployers to:
- Keep logs generated automatically (while under their control)
- Retain for period appropriate to the intended purpose
- Retain for at least 6 months unless otherwise provided
Provider Retention Obligations
Providers must retain logs:
- While under their control, for at least 6 months per Article 19(1). Technical documentation (not logs) must be retained for 10 years per Article 18(1).
Access and Availability
Who Can Access Logs
| Actor | Access Right | Purpose |
|---|---|---|
| Provider | Full access | Development, monitoring, compliance |
| Deployer | Operational access | Use monitoring, incident response |
| Market surveillance authorities | On request | Enforcement, investigations |
| Notified bodies | During assessment | Conformity verification |
| Affected individuals | Subject access rights | GDPR/fundamental rights |
Facilitating Regulatory Access
Implement mechanisms for:
- Rapid log retrieval upon authority request
- Log export in standard formats
- Secure transmission to authorities
- Query and filtering capabilities
Integration with Other Requirements
| Requirement | Logging Connection |
|---|---|
| Risk Management (Art. 9) | Logs feed continuous risk monitoring |
| Technical Documentation (Art. 11) | Logging capabilities documented |
| Human Oversight (Art. 14) | Log human interventions and overrides |
| Post-Market Monitoring (Art. 72) | Logs are primary monitoring data source |
| Incident Reporting (Art. 73) | Logs support incident investigation |
Logging Compliance Checklist
Technical Requirements:
- Automatic logging capability implemented
- All required events captured
- Appropriate traceability level achieved
- Log integrity controls in place
- Secure storage implemented
Operational Requirements:
- Retention periods defined and enforced
- Access controls implemented
- Regulatory access mechanisms ready
- Log monitoring procedures established
- Incident investigation procedures using logs
Documentation:
- Logging architecture documented
- Retention policy documented
- Access procedures documented
What You Learned
Key concepts from this chapter
**Automatic logging is mandatory** for all high-risk AI systems
Logs must enable **traceability appropriate to intended purpose**
Capture **inputs, outputs, users, interventions, and performance**
Implement **integrity controls** to prevent tampering
**Retention periods** depend on context but minimum 6 months for deployers
Chapter Complete
High-Risk AI Compliance
4/14
chapters