EU AI Act Article 12 Compliance for Agentic AI Systems
August 2, 2026. EU AI Act Annex III obligations come into force. High-risk AI systems must automatically record tamper-evident logs — or face penalties up to €15M or 3% of global turnover.
AgentLair already does what Article 12 requires. This page makes that explicit.
What Article 12 Requires
Article 12(1): Automatic Recording
“High-risk AI systems shall technically allow for the automatic recording of events (‘logs’) over the lifetime of the system.”
Logging must be architectural, not optional. An agent that controls its own logs does not satisfy Article 12 — it’s a diary, not a compliance record. The regulation requires logging that is independent of the AI system itself.
Article 12(2): Traceability of Functioning
Logs must capture the causal chain of agent decisions:
| Requirement | What it means |
|---|---|
| Identity of actors | Who performed the action (agent, sub-agent, system) |
| Temporal precision | When, with millisecond accuracy |
| Action taken | What the agent did (email sent, credential accessed, API called) |
| Resource affected | What was touched |
| Outcome | Success, failure, denied, rate-limited |
| Sequential ordering | Reconstructable causal sequence |
Article 12(3): Post-Market Monitoring
Logs must support querying by time range, actor, category, and outcome. Machine-readable export is required for investigation and supervisory review.
Article 12(4): Minimum Retention
“The logs shall be kept for a period appropriate to the intended purpose […] at least six months.”
Six months is the floor. Penalties under Article 73 apply when logs cannot support forensic reconstruction.
Adjacent obligations (Articles 15, 26, 73)
Article 15 (cybersecurity) creates pressure for tamper-evidence, not just tamper-resistance. Article 26(5) makes deployers responsible for preserving “logs automatically generated by that system.” Article 73 requires forensic preservability.
The key phrase in Article 26(5): automatically generated by that system. Logs the agent writes itself don’t qualify — the requirement is structural independence.
How AgentLair Satisfies Each Requirement
Middleware-Level Automatic Recording ✅
AgentLair intercepts every authenticated API call at the middleware layer using ctx.waitUntil() — logging is not invoked by the agent, it cannot be suppressed by the agent, and it does not add latency to agent responses.
Every action the agent takes through AgentLair — email sent, credential stored, API called — generates a structured audit entry automatically.
Complete Traceability Fields ✅
| Article 12(2) requirement | AgentLair field |
|---|---|
| Actor identity | actor_type, actor_id, account_id |
| Temporal precision | timestamp — ISO 8601 UTC, millisecond precision |
| Action taken | category, action, method, path |
| Resource affected | resource_type, resource_id |
| Outcome | status, result, error_code |
| Causal ordering | prev_hash — SHA-256 hash chain |
Seven event categories — auth, email, vault, pod, calendar, webhook, system — cover the full surface of high-risk agentic operations.
SHA-256 Hash Chain — Tamper-Evident by Design ✅
Every log entry includes the SHA-256 hash of the previous entry. Any modification to any entry — retroactive deletion, timestamp alteration, outcome change — breaks the chain detectably. There is no way to tamper with a log entry without producing a verifiable inconsistency.
This satisfies the spirit of Articles 12 and 15: the log is not just stored, it is verifiably intact.
Ed25519 Signatures — Cryptographic Authentication ✅
Every entry carries an Ed25519 signature over the entry content. Signing happens on AgentLair’s infrastructure, outside the agent’s control boundary. The agent cannot forge, modify, or suppress its own audit entries.
This is the critical architectural distinction: the agent is the subject of the log, not the author.
Querying and Export ✅
| Monitoring capability | AgentLair endpoint |
|---|---|
| Query by time range | GET /v1/audit/log?from=&to= |
| Query by category | GET /v1/audit/log?category=auth |
| Query by outcome | GET /v1/audit/log?result=failure |
| Query by resource | GET /v1/audit/log?resource_id= |
| Machine-readable export | JSONL + CSV |
| Attestation format | GET /v1/attestations (CAF format) |
Tiered Retention — Six Months Minimum on Pro ✅
| Tier | Retention | Article 12(4) status |
|---|---|---|
| Free | 30 days | ❌ Below the 6-month minimum |
| Starter ($29/mo) | 1 year | ✅ Exceeds minimum |
| Enterprise | Up to 7 years | ✅ Far exceeds minimum |
The free tier is below the Article 12 minimum by design — this creates a natural upgrade path for compliance-motivated organizations.
Independence from the Logged System ✅
AgentLair’s audit trail is generated by the platform, not by the agent. The agent has no write access to the audit log, no ability to delete entries, and no ability to alter its own record.
Article 26(5) requires logs “automatically generated by that system” — AgentLair’s architecture makes the audit trail structurally independent, satisfying this requirement literally and in spirit.
Three-Line Integration
import { AgentLair } from '@agentlair/sdk';
const lair = new AgentLair(process.env.AGENTLAIR_API_KEY);
await lair.events.emit({ category: 'tool', action: 'email_send', result: 'success' });
// Logged. Ed25519-signed. Hash-chained. Retained for 1 year on Pro.Every action taken through AgentLair is logged automatically — the emit call adds explicit behavioral events for actions outside the platform (inference calls, tool use, external API calls). Both streams are signed and chained together into a single verifiable audit trail.
Emerging Standards Alignment
prEN 18229-1 (CEN-CENELEC JTC 21 WG4, public enquiry since January 2026) and ISO/IEC DIS 24970 define the emerging harmonised standards for AI system logging. Neither will be finalized as a harmonised standard before the August 2026 enforcement deadline — but AgentLair’s implementation aligns with the draft principles:
| Draft principle | AgentLair implementation |
|---|---|
| Structured event records | JSON entries with fixed schema |
| Temporal ordering guarantees | SHA-256 hash chain |
| Actor attribution | actor_type + actor_id + account_id |
| Independence from logged system | Middleware layer, outside agent control |
| Machine-readable export | JSONL/CSV + attestation endpoints |
Organizations building now are working ahead of the harmonised standard. AgentLair’s format is designed to map cleanly to both prEN 18229-1 and ISO/IEC DIS 24970 when finalized.
Compliance is the Architecture
Most logging solutions are additive — a plugin you bolt on, a sink you pipe to, a database you query after the fact. Article 12 requires something different: logging that is intrinsic, independent, and tamper-evident.
AgentLair’s audit trail was designed as infrastructure, not instrumentation. It exists because every agent using the platform needs a verifiable record of what it did — regardless of regulation. Article 12 just makes that record mandatory.
The logging isn’t a feature bolt-on. It’s the architecture.
7 questions. 3 minutes. Instant gap analysis with per-requirement RAG indicators.
Start free compliance logging → — Starter ($29/mo) meets the 6-month minimum.
References: EU AI Act (Regulation 2024/1689), Articles 12, 15, 26, 73; Annex III; CEN-CENELEC JTC 21 WG4 prEN 18229-1 (public enquiry January 2026); ISO/IEC DIS 24970. For technical questions: security@agentlair.dev