EU AI Act Article 12 enforcement begins August 2, 2026 — 92 days away

AI Decision Audit Trail: Requirements and Implementation

Under the EU AI Act, every high-risk AI system must maintain a verifiable audit trail of automated decisions. This is not optional — enforcement begins August 2, 2026.

What is an AI Decision Audit Trail?

An AI decision audit trail is a tamper-evident, chronological record of every automated decision made by an AI system — including the inputs that led to the decision, the policy or model that evaluated it, the verdict reached, and the timestamp of inscription.

Unlike a simple log file, a proper audit trail must be cryptographically verifiable — meaning any tampering is immediately detectable. This is what distinguishes compliance-grade audit trails from standard application logging.

What EU AI Act Article 12 Requires

✓ Log every automated decision

Every decision made by a high-risk AI system must be recorded — not sampled, not summarised.

✓ Record the inputs that led to the decision

The data and parameters used to reach each decision must be stored alongside the verdict.

✓ Maintain logs for a minimum of 6 months

Records must be retained and available for inspection for at least 6 months after the decision.

✓ Ensure logs are available to authorities on request

National supervisory authorities must be able to access and verify the audit trail.

✓ Provide a human oversight mechanism

The system must allow human review and override of automated decisions — not just logging.

How Krapheno Implements the Audit Trail

Requirement

Automated decision logging

Krapheno Implementation

SmritiTree append-only ledger — every decision inscribed at the moment it occurs, not in batch.

Requirement

Input recording

Krapheno Implementation

Full decision payload stored with each inscription — sample size, confidence, segment concentration, policy version.

Requirement

6-month retention

Krapheno Implementation

Hash-chained ledger is permanent and tamper-evident — records cannot be deleted without breaking the chain.

Requirement

Authority access

Krapheno Implementation

Public trace endpoint per decision — any record verifiable independently via cryptographic proof.

Requirement

Human oversight

Krapheno Implementation

ESCALATE verdict triggers human review — approve or reject directly from the governance portal.

Technical Architecture

Krapheno uses a SHA-256 hash-chained ledger called SmritiTree. Each record contains the decision payload, the policy verdict, and a cryptographic link to the previous record. Any attempt to modify or delete a record breaks the chain — immediately detectable by any independent verifier.

Decision inscribed
→ payload + verdict + timestamp
→ SHA-256(prev_hash + payload) = record_hash
→ stored append-only in SmritiTree
→ verifiable via GET /v1/decisions/verify

See a live governed decision

Krapheno has been logging real AI decisions since day one. Every record cryptographically signed and independently verifiable.

See live demo →EU AI Act Article 12 guide

Governed by Krapheno SmritiTree · Cryptographic audit trail enabled