EU AI Actmediumv1.0.0 · System

EU AI Act Art. 15 Audit Log

Mandatory audit logging for High-Risk AI systems. Captures every input, output, and policy decision with cryptographic chain-of-custody.

📘Clone & start observing

Creates a Guideline policy. Observation only — nothing is blocked until you promote to Strict.

Mode on clone: log

Policy name

Defaults to template name. Customise to distinguish multiple instances of the same template.

Leave empty to apply broadly via the template's default data-classification / risk-tier filters.

Rationale

EU AI Act Art. 12 requires automatic recording of events ('logs') for High-Risk AI systems. Art. 15 requires accuracy, robustness and cybersecurity records. This is a Log-mode policy — it never blocks, only records.

Example violation

(This policy never blocks — it produces evidence.)

Triggers (2)

inputLog every input
outputLog every output

Detectors (1)

regexalways-on
Always-on logger (matches everything)

Actions (1)

logPersist to immutable audit store

Tunable parameters (3)

Fields to capture

advancedlist

Hashed fields are recommended for privacy; full fields needed for some investigations.

Default: ["timestamp","user_hash","prompt_hash","model_id","policy_decisions"]

Retention period (days)

basicnumber

EU AI Act minimum is 6 months. 2 years is recommended for High-Risk systems.

Default: 730

Use immutable storage

expertboolean🔒 locked

Required by Art. 12 — cannot be disabled.

Default: true

Regulatory references

EU AI Act Art. 15EU AI Act Art. 12

Template defaults (suggested target after promotion)

Suggested mode

log

Risk tiers

High-Risk, Unacceptable Risk

Data classifications

—

Departments

—

Cloned policies start in Guideline mode. Use the promotion wizard to flip to Strict once you trust the false-positive rate.