Article 12 · record-keeping

Audit evidence the regulator can verify in one click.

Article 12 requires automatic event logging for high-risk AI systems, with tamper-evident retention. We hash-chain every write — every classification, document approval, integration sync, incident filing — with SHA-256 over canonical JSON. Show the auditor; they verify the chain themselves.

Show me the chain See the platform

Tamper-evident

SHA-256 chain · canonical JSON

How it works

SHA-256, canonical JSON, prev_hash on every row.

Each audit entry includes the SHA-256 of the previous row plus a canonicalised JSON of the current event. Mutate a row and the chain breaks at the next-row boundary. Verifying is O(n) and runs in under a second for a year of activity.

Book a demo

// AuditEntry row

{

id: "a8e1…f2",

org_id: "ad32…1c",

user_id: "7a9e…03",

action: "Approved classification HIGH_RISK",

resource: "Credit Risk Scorer · classification",

prev_hash: "7f3a91c8…",

self_hash: "c4e2b59d…",

created_at: "2026-05-20T14:43:18.5Z"

}

What the auditor gets

Submission-ready, on day one.

One-click verify

Auditor hits /audit/verify and sees: all N entries verified, last_hash recorded, zero broken entries. They can replay the chain locally.

CSV + PDF export

Full audit trail exports to CSV for forensic analysis and to a branded PDF for regulator submission. Both include the hash columns.

Article 12 + 72

Satisfies both Article 12 record-keeping AND Article 72 post-market monitoring evidence in one log — no separate compliance ledger needed.

Ready to ship EU AI Act compliance?

Join compliance leaders at regulated companies across the EU who use TrustWays AI to turn the AI Act from existential risk into a competitive advantage.

Book a demo Explore the platform