CertifiedData.io
EU AI Act · Article 12

EU AI Act Article 12 — Record-Keeping Requirements

Article 12 of the EU AI Act requires high-risk AI systems to maintain automatic logging capabilities that enable traceability, monitoring, and post-hoc analysis of system behavior. Logs must be time-stamped, tamper-evident, and retained for compliance review.

CertifiedData provides a cryptographic implementation of Article 12-compliant record-keeping — machine-verifiable evidence that can be independently audited without platform access.

Definition

EU AI Act Article 12 (Record-Keeping) requires providers of high-risk AI systems to design their systems with automatic logging capabilities. These logs must capture sufficient detail to reconstruct system decisions, support compliance audits, and enable risk investigation. Records must be time-stamped, protected from unauthorized modification, and retained for a period appropriate to the system's risk profile.

What Article 12 Requires

Article 12(1)

High-risk AI systems must be designed with logging capabilities enabling monitoring during operation.

CertifiedData: CertifiedData workflow runs create a certified artifact record per execution — including input fingerprint, generation parameters, and completion timestamp.

Article 12(2)

Logs must be kept for a period appropriate to the system's purpose. Traceability must be maintained.

CertifiedData: Certified artifacts are stored indefinitely in the artifact registry. Certificates include the cert ID as a stable persistent identifier for AIBOM and compliance filing.

Article 12(3)

For certain high-risk systems, logs must be retained for at minimum the lifetime of the system.

CertifiedData: Production certificates (cert.v1+) have no TTL. The Ed25519 signature and SHA-256 fingerprint are verifiable without any platform access — ensuring long-term archival validity.

The verification gap

Most AI systems log decisions in mutable application databases — internal-only records that cannot be independently verified. A regulator or auditor must take the operator's word that the logs are accurate, complete, and unaltered.

Article 12 formalizes the requirement to close this gap. Logs must be tamper-evident — not just stored, but provably unmodified. CertifiedData's cryptographic model satisfies this requirement: each record is SHA-256 fingerprinted, Ed25519-signed, and verifiable by any party without issuer contact.

CertifiedData mapping to Article 12

Each certified artifact contains the fields required for Article 12 compliance, bound together in a signed, immutable certificate:

Certificate Field
Article 12 Relevance
artifact_hash
SHA-256 fingerprint — tamper-evident input/output record
timestamp
ISO-8601 generation time, embedded in signed payload
algorithm
Generation method — CTGAN, gaussian, light, dp-ctgan
issuer
Certified Data LLC — independent third-party issuer
signature
Ed25519 — independently verifiable without contacting the issuer
schema_version
cert.v1 through cert.v4 — capability-graded certificates

From logs → certified records

Traditional logging

  • • Mutable — records can be altered
  • • Internal-only — not independently auditable
  • • Inconsistent schemas across systems
  • • Difficult to verify after the fact

CertifiedData records

  • • Tamper-evident — SHA-256 + Ed25519 signed
  • • Independently verifiable — no issuer contact
  • • Structured schema — cert.v1 through cert.v4
  • • Archival-safe — verifiable offline indefinitely

Example certificate (Article 12 record)

{
  "cert_id": "cert_a7b3c9...",
  "timestamp": "2026-04-16T18:00:00Z",
  "issuer": "Certified Data LLC",
  "artifact_hash": "sha256:8f3a...",
  "artifact_type": "synthetic_dataset",
  "algorithm": "CTGAN",
  "rows": 105000,
  "columns": 25,
  "schema_version": "cert.v2",
  "signature": "ed25519:base64..."
}

Related

AI Artifact Certification

Cryptographic certificates for AI datasets, models, and outputs.

Verify a Certificate

Independent verification — no account or API required.

Decision Log Spec

Schema reference for AI decision log records.

EU AI Act Article 12 · Enforcement begins August 2026

Start logging AI decisions today.

If your AI system makes decisions, you will need an audit log that holds up in front of a regulator. CertifiedData gives you a cryptographically signed, hash-chained record. Free tier includes 1,000 records/month — no credit card.

  1. 1
    Create a free account
    No credit card. Two minutes.
  2. 2
    Get your API key
    One key. Scoped, revocable, rotateable.
  3. 3
    Send your first decision
    One curl. Appears in the public ledger within seconds.
Start logging decisions →Read the quickstartTalk to compliance

Generate Article 12-compliant records

Certified artifacts satisfy Article 12 record-keeping requirements — tamper-evident, independently verifiable, and archival-safe.

Certify an artifact →Verify a certificate