AxioRankZero-Trust for AI Agents
Open the console

EU AI Act · Regulation (EU) 2024/1689

Evidence for the EU AI Act's logging and human-oversight obligations.

For high-risk AI systems, the EU AI Act expects automatic record-keeping (Article 12) and meaningful human oversight (Article 14). AxioRank's runtime produces evidence supporting both, generated live from your control plane and verifiable offline. The August 2, 2026 milestone makes runtime evidence of these obligations a near-term need.

Open the consoleSee the article mapping

Evidence supporting a deployer's obligations. Not a conformity assessment, and AxioRank is not a notified body.

EU AI Act | obligations AxioRank evidences
  1. Article 12. Record-keeping and automatic logging
  2. Article 14. Human oversight
backed by an append-only signed ledger and approver-signed receipts, verifiable offline
Art 12 + 14
Obligations directly evidenced
Aug 2, 2026
High-risk obligations enforceable
Offline
Verifiable with no trust in AxioRank
EU 2024/1689
The Regulation

The mapping

Each obligation, tied to a control that is actually running.

Below, each Article 12 and Article 14 obligation is paired with the AxioRank control that evidences it. This is the same wording you get in the downloaded MAPPING, generated from the live configuration and the signed audit ledger, so a reviewer can check your posture rather than take our word for it.

Article 12

Record-keeping and automatic logging

A high-risk system must automatically record events over its lifetime so its functioning is traceable.

  • Art 12(1)Automatic recording of events over the system's lifetimeFully addressed

    What the Act asks: The system automatically records events (logs) over its lifetime so its operation can be reconstructed.

    How AxioRank addresses it: Every governed tool call is logged before the decision is returned, across the SDK, MCP, and inbound paths, per agent.

  • Art 12(2)Traceability of the system's functioningFully addressed

    What the Act asks: Logging enables the functioning of the system to be traced through its lifecycle.

    How AxioRank addresses it: An append-only, hash-chained, signed Merkle ledger: any altered, deleted, reordered, or inserted record breaks the chain.

  • Art 12Independent verifiability of the recordsFully addressed

    What the Act asks: The records can be relied on as an accurate account of what the system did.

    How AxioRank addresses it: The records verify offline against a published public key, with no trust in AxioRank, using the open-source verifier.

  • Art 12(1)Retention of logs for the appropriate periodFully addressed

    What the Act asks: Logs are kept for a period appropriate to the intended purpose of the system.

    How AxioRank addresses it: The configured retention window is attested, and the signed integrity proof is designed to outlive purged personal data.

  • Art 12Decisions recorded over the periodFully addressed

    What the Act asks: The record reflects the events and outcomes the system produced.

    How AxioRank addresses it: Counts of allow, deny, and hold decisions over the activity period, drawn from the same governed log.

Article 14

Human oversight

A person must be able to oversee the system, intervene in its operation, and stop it.

  • Art 14Oversight measures built into the systemFully addressed

    What the Act asks: Oversight measures are built in so a natural person can effectively oversee the system in use.

    How AxioRank addresses it: Approval policies hold an action for a person, including a two-person dual-control threshold and hold timeouts.

  • Art 14(4)A human can disregard, reverse, or stop the outputFully addressed

    What the Act asks: A person can decide not to use the system, or to override, reverse, or stop its output.

    How AxioRank addresses it: A supervisor can hold, deny, quarantine the agent, and revoke its keys, intervening before an action lands.

  • Art 14Evidence that human oversight actually occurredFully addressed

    What the Act asks: The deployer can show that meaningful human oversight took place in practice.

    How AxioRank addresses it: Real per-action receipts record who resolved the held call, the decision, and when, bound into a signed receipt and verifiable offline.

Evidence, not conformity

This is evidence supporting a deployer’s Article 12 and Article 14 obligations. It is not, and does not claim to be, a conformity assessment or a CE marking, and AxioRank is not a notified body. It is not the Article 11 or Annex IV technical documentation, a classification of your system’s risk tier, or coverage of the provider obligations in Articles 9 to 15 as a whole. Your own counsel should confirm its sufficiency for your role (provider or deployer) and your system’s classification.

Provable, not just stated

Download the technical evidence pack and verify it offline.

A workspace admin on the Team plan or above exports a point-in-time pack assembled live from the control plane. It carries the clause-by-clause mapping, the logging coverage and retention attestations, the approval policies and oversight capabilities, real approver-signed receipts, and the tamper-evident ledger, so an assessor can verify it without trusting our word.

one governed agent tool call
Logged before the decision returned
Held for a human, approved by alex@

Every governed tool call is logged before its decision returns, into an append-only, hash-chained signed ledger. Any altered, deleted, or reordered record breaks the chain.

@axiorank/audit-verify
leaf hashtree inclusionsigned tree headapprover signature
Verified. No trust in AxioRank required.
GET /api/compliance/evidence-bundle?profile=eu-ai-act

Evidence, not assertions

The pack does not declare you compliant. It gives an assessor the live control mapping and the signed record to check your Article 12 and Article 14 posture for themselves.

Sources

Straight from the Regulation and the Commission.

The Act itself, the Commission's framework, and the application timeline, in the publishers' own words.

Keep exploring

Continue across the control plane.

Compliance evidence

The one-click, offline-verifiable evidence bundle the EU AI Act pack is built on.

Open

Audit integrity

The Merkle log and signed tree heads behind the Article 12 record-keeping evidence.

Open

Australia AI6

Our alignment page for Australia's six essential practices for safe AI.

Open

Provable security

Information-flow control plus an offline-verifiable receipt for every governed action.

Open

Show your assessor evidence, not assertions.

Map your live AxioRank configuration onto Article 12 and Article 14, then hand your reviewer a pack they can verify offline.

Open the consoleRead the EU AI Act docs