Agent accountability under AI Act Article 12.
Abstract
Article 12 of the AI Act requires that high-risk systems automatically generate logs. The requirement is short. Its implications are not. This note argues that the obligation should be read as a structural requirement on the runtime, not a documentation one, and sets out three properties of a record produced under that reading.
Article 12 of the AI Act requires that high-risk AI systems automatically generate logs of their operation. The requirement is short. Its implications are not.
A log is not, in itself, an accountability mechanism. It is a raw material. What a regulator, an auditor, or a court needs is something stronger. A decision record states what the system intended, what scope it was granted, what it did, and what outcome it produced; and it does so in a form a non-implementer can read.
Prospective and retrospective.
Most existing observability tooling is retrospective. Traces, spans, and telemetry are gathered after the fact, to debug. Retrospective tooling tells you what happened. It does not tell you whether what happened was permitted.
Prospective governance inverts the relationship. Intent is declared before execution. Scope is bound before access. The decision is signed in the same motion as it is taken. The log is not a separate artefact. It is a byproduct of a runtime that could only have acted within the scope it declared.
The ledger is the evidential record. Not a translation of one.
What follows for record-keeping.
Three properties follow. The record is contemporaneous. It is complete by construction; an action that was not recorded could not have been taken. And it is legible: the fields a regulator will ask about are the fields the runtime already tracks.
References
- Regulation (EU) 2024/1689 on Artificial Intelligence, Article 12.
- Regulation (EU) 2024/1689, Article 14.
- NIST AI Risk Management Framework 1.0, January 2023.