EU AI Act
Audit Trails.
Mandatory Logging for High-Risk Agents
Understanding Article 12
Article 12 of the EU AI Act mandates that high-risk AI systems must be designed and developed with capabilities enabling the **automatic recording of events ('logs')** while the system is operating. For autonomous agents, this isn't just about console logs—it's about a verifiable record of every decision and action taken by the model.
Traceability
Logs must enable the tracking of the system's operation and results during its entire lifecycle.
Auditability
Competent authorities must be able to use these logs to verify compliance with legal requirements.
The Article 12 Checklist
Recording of identification and duration
Record each period of use and the identity of the person/agent responsible.
Recording of input data
Log the prompt or data context that triggered the decision process.
Recording of output data
Log the specific tool calls and responses returned by the system.
Tamper-resistance
Logs must be stored in a way that prevents retroactive modification or deletion.
Technical Implementation
For most LangChain or Vercel AI SDK deployments, developers rely on local logging (console.log) or simple database rows. These do not satisfy Article 12's requirement for a tamper-evident chain of custody.
SupraWall Cryptographic Audit Log
{
"event_id": "evt_8f29c...",
"timestamp": "2026-03-29T09:15:01Z",
"agent_id": "support-bot-v2",
"action": "DATABASE_FETCH",
"arguments": { "query": "SELECT * FROM users WHERE..." },
"policy_evaluation": "ALLOW",
"context": "Customer requested PII check",
"integrity_hash": "sha256:d8a1c9e3..." // Verifiable signature
}The Compliance Gap
Simply storing logs in your own PostgreSQL database is often insufficient for Article 12 audits because the data can be manually altered by anyone with DB access. SupraWall provides a **Cryptographically Signed Audit Rail** that proves to auditors exactly what happened, when, and by whom.
Get Audit-Ready
In Minutes.
SupraWall satisfies Articles 9, 12, and 14 of the EU AI Act out of the box. No manual logging infrastructure required.