EU AI Act — Article 12 (Automatic Logging)
Article 12 of the EU AI Act requires high-risk AI systems to automatically log events throughout their lifetime so that operation can be traced, with logs protected against unauthorised modification and supporting conformity assessment. Ledgix's append-only ledger, Merkle checkpoint chain, and signed export are the direct technical control for this article.
Status: Full — every clause resolves to a signed artifact Ledgix produces today. This is the core Ledgix primitive.
Scope
Article 12 applies to high-risk AI systems as defined in Annex III of the EU AI Act, and becomes applicable 2026-08-02 alongside the other high-risk system provisions. Logs must identify the system and reference period, capture input data, record human-oversight decisions, be protected from tampering, and support the Article 43 conformity assessment.
Controls covered
| Field | Type | Required | Description |
|---|---|---|---|
| Art12(1) | events_jsonl / checkpoint_chain | Automatic Recording of Events | Automatic per-decision log plus Merkle-chained checkpoint sequence proving append-only property. |
| Art12(2a) | events_jsonl | System Identity and Reference Period | agent_id, policy_id, policy_version_id, and accepted_at identify the AI system and its temporal reference. |
| Art12(2b) | events_jsonl | Input Data Traceability | tool_name and tool_args capture the full input presented to the AI decision engine. |
| Art12(2c) | events_jsonl | Human Oversight — Review Decisions | approved, reason, and evidence_chunks capture human-in-the-loop review rationale. |
| Art12(3) | key_history / signatures / proof_index | Log Integrity and Retention | Signing-key history, manifest signature, and Merkle inclusion proof per event support tamper-evidence. |
| Art12(4) | policy_snapshots / framework_mapping | Conformity Assessment Support | Policy version snapshots and framework mapping document supply the Article 43 conformity evidence. |
Evidence types referenced
- events_jsonl — automatic per-decision log with timestamps, tool names, agent IDs, and outcomes.
- checkpoint_chain — Merkle-chained checkpoint sequence proving append-only property.
- key_history — signing-key history enabling re-verification after rotation.
- signatures — Ed25519 signature proving integrity at time of export.
- proof_index — Merkle leaf index proving each event's inclusion.
- policy_snapshots — policy version snapshots with content hashes for conformity assessment.
- framework_mapping — mapping document linking controls to evidence locators.
Known gaps (if any)
None — every clause resolves to an artifact Ledgix produces today. Article 16(g)'s six-month retention is configurable on the storage bucket via the retention policy; pair with the EU AI Act Extended mapping when you need Art. 13–16, 43, 52, or 61 coverage.
Audit pack workflow
Export an evidence ZIP for this framework from the admin console's Evidence Exports panel by selecting EU AI Act — Article 12 (Automatic Logging) and a time window. Each control's evidence_locators[] in the included framework_mapping.json points to the corresponding file in the ZIP.
References
- Framework mapping JSON:
vault/internal/compliance/frameworks/eu_ai_act_article_12.json - Canonical source: EU AI Act, Article 12 — EUR-Lex