EU AI Act Logging Requirements

Article 12 of the EU AI Act requires that high-risk AI systems automatically generate logs capturing the operating periods, reference database, input data, and any foreseeable circumstances that may affect system performance. These logs must be retained for a minimum period and be accessible to national competent authorities upon request.

The regulation distinguishes between logging at the system level (operator responsibility) and logging at the provider level (documentation of training datasets, algorithm choices, and evaluation benchmarks). Both layers must be tamper-evident and independently verifiable.

For AI systems that use synthetic training data, the logging requirement includes evidence that the data was generated synthetically and documentation of the generation process — precisely what a cryptographic certification artifact provides.

CertifiedData acts as a certificate authority for AI datasets. When a synthetic dataset is generated, the platform computes a SHA-256 fingerprint of the output, signs it with an Ed25519 private key, and issues a structured certification artifact containing the algorithm, timestamp, row count, and issuer identity.

The certificate is appended to a public transparency log — an append-only, hash-chained ledger of every certification event. This log is publicly verifiable without authentication, satisfying the EU AI Act requirement that audit records be independently verifiable by competent authorities.

Because the hash is cryptographically bound to the exact dataset bytes, any modification of the training data after certification would invalidate the hash — making the record tamper-evident by design, not policy.