Home/ Security/ AI Audit Logging
Compliance & Audit Evidence

AI Audit Logging: EU AI Act Article 12, ISO 42001, GDPR Accountability, and FedRAMP AU-2 Requirements for Enterprise AI Systems

Updated February 2026 14 min read EU AI Act • ISO 42001 • GDPR • NIST AI RMF • SOC 2 • FedRAMP

AI Audit Logging Reference

EU AI Act Article 12
Record-Keeping Obligation
FedRAMP AU-2/AU-12
Audit Event Requirements
GDPR Article 5(2)
Accountability Principle
SOC 2 CC7.2
System Monitoring
EU AI Act Article 12 mandates automatic logging for all high-risk AI systems — enforcement begins August 2026 for most regulated industries The EU AI Act (Regulation 2024/1689), which entered into force August 1, 2024, requires that high-risk AI systems be designed to automatically generate logs of their operation throughout their lifecycle. Article 12 specifies that logs must enable monitoring of operation in a way that is appropriate to the intended purpose of the system. For AI systems in healthcare, financial services, insurance, HR, critical infrastructure, and law enforcement, this is a mandatory obligation. Organizations that deploy AI without structured logging infrastructure face both regulatory exposure and the inability to demonstrate compliance when regulators or customers ask for evidence of responsible AI operation.
Section 01

EU AI Act Article 12: Record-Keeping Requirements for High-Risk AI

EU AI Act Article 12 "Record-keeping" establishes logging obligations for providers of high-risk AI systems (those listed in Annex III of the regulation). The requirements are technology-neutral but specific in scope: high-risk AI systems must be designed to automatically generate logs that capture the events relevant to identifying risks to health, safety, and fundamental rights, or material changes to the system's performance throughout its lifetime.

Article 12 specifies that logs must, at minimum, record: the period of each use of the system (start/end timestamps); the reference database against which input data was checked; the input data that led to the system's output when this is technically feasible; and the identity of the natural persons involved in the verification of the results, where applicable. For AI systems like Claire operating in regulated industries, this translates to logging every AI interaction with: timestamp, user identity, input data used (including RAG-retrieved documents), AI output, model version, and any human review steps.

The EU AI Act distinguishes between log retention obligations for providers (AI system developers) and deployers (organizations using AI systems). Providers must retain logs generated during testing and validation. Deployers of high-risk AI systems must retain logs generated during operation for a period appropriate to the intended purpose — the Regulation specifies at minimum six months, with sector-specific rules taking precedence where stricter. Financial services deployers should default to seven years (MiFID II record-keeping standard), healthcare to six years from last patient contact (EU medical records baseline), and employment context to the duration of the employment relationship plus applicable statute of limitations.

High-Risk AI Categories Under Annex III

Article 12 applies to AI systems used in: biometric identification, critical infrastructure management, education and vocational training, employment and worker management, access to essential private services (credit scoring, insurance), law enforcement, migration and border control, and administration of justice. AI deployed in these sectors must implement compliant logging.

Logging for GPAI Model Providers

EU AI Act Chapter V (General Purpose AI Models) imposes additional obligations on GPAI model providers with systemic risk, including maintaining documentation of training data, evaluation procedures, and safety incidents. This creates a parallel logging obligation for organizations that develop or fine-tune foundation models for deployment in regulated contexts.

Enforcement Timeline and Penalties

High-risk AI system obligations under the EU AI Act apply from August 2, 2026 (two years after entry into force). Penalties for non-compliance: up to EUR 30 million or 6% of global annual turnover for violations of prohibited AI practices; up to EUR 20 million or 4% of global turnover for non-compliance with high-risk AI requirements including Article 12 logging.

Section 02

ISO 42001 Audit Evidence Categories for AI Management Systems

ISO/IEC 42001:2023, the first international standard for AI management systems, defines a comprehensive framework for demonstrating responsible AI governance through documented evidence. Published in December 2023, the standard follows the Annex SL high-level structure common to ISO 27001 and ISO 9001, making it compatible with existing management system certifications. Clause 9 (Performance Evaluation) and Clause 10 (Improvement) are particularly relevant for AI audit logging — they define the types of documented information an organization must maintain to demonstrate conformance with the standard.

ISO 42001 Annex A evidence categories for AI audit logging: A.3 (AI risk management) requires documented evidence of risk identification, assessment, and treatment for AI systems — including logs of AI-related incidents. A.4 (documentation) requires maintaining records of AI system specifications, intended use cases, and operational constraints. A.6 (AI system lifecycle) requires documentation throughout AI system development, deployment, and decommissioning. A.9 (transparency and explainability) requires maintaining records that support explaining AI system behavior to affected parties — which requires detailed operation logs. A.10 (security) requires maintaining records demonstrating that security controls for AI systems are operational — overlapping directly with SOC 2 CC7.2 evidence requirements.

ISO 42001 and audit log retention: The standard does not specify log retention periods but requires that documented information be controlled and retained for periods sufficient to demonstrate conformance during certification audits (typically 3-year certification cycles) and to support incident investigation. Organizations pursuing ISO 42001 certification alongside SOC 2 or FedRAMP authorizations should align log retention policies across all frameworks, defaulting to the most stringent retention requirement applicable.

EUR 30M
Maximum EU AI Act fine for violations of prohibited AI practices — logging failures support enforcement actions
6 months
Minimum EU AI Act log retention period for high-risk AI deployers — sector rules often require longer
7 years
MiFID II audit log retention requirement for financial services AI — the de facto enterprise standard for financial AI logs
Section 03

GDPR Article 5(2) Accountability and NIST AI RMF Govern Function

GDPR Article 5(2) — Accountability Principle: The General Data Protection Regulation's accountability principle requires that data controllers be able to demonstrate compliance with GDPR's data protection principles. For AI systems that process personal data, this accountability obligation directly drives logging requirements: you cannot demonstrate that your AI system processes data lawfully, fairly, and transparently (Article 5(1)(a)) without logs that capture what data was processed, why, and how the AI used it. You cannot demonstrate purpose limitation (5(1)(b)) without logs showing which data was used for which AI function. You cannot demonstrate data minimization (5(1)(c)) without logs showing what data the AI actually accessed during each interaction.

GDPR Article 30 (Records of Processing Activities, ROPA) requires controllers to maintain records documenting AI processing activities, including the purposes of processing, categories of data subjects and personal data, and recipients. For AI systems, this requires structured metadata logging that maps each AI interaction to: the legal basis for processing, the data categories involved, the retention schedule for the interaction data, and any third-country transfers (e.g., if the AI uses a model API hosted outside the EU). Supervisory authorities — including the Irish Data Protection Commission, which oversees many major tech companies — have specifically cited inadequate ROPA documentation of AI processing as a compliance gap in enforcement investigations.

NIST AI RMF Govern Function: The NIST AI Risk Management Framework (AI RMF 1.0, January 2023) defines four functions: Govern, Map, Measure, and Manage. The Govern function — covering organizational practices, culture, and accountability — includes specific requirements for audit evidence. GOVERN 1.7 requires that "processes and procedures are in place for conducting regular assessments and reviews of AI system behavior" — which depends on comprehensive operation logs. GOVERN 6.1 requires that "policies, processes, procedures, and practices across the organization related to the mapping, measuring, and managing of AI risks are in place, transparent, and implemented effectively" — requiring documented evidence of AI governance controls in operation.

Section 04

FedRAMP AU-2/AU-12 and SOC 2 CC7.2: Technical Logging Requirements

FedRAMP AU-2 (Audit Events) and AU-12 (Audit Record Generation): FedRAMP — the Federal Risk and Authorization Management Program — adapts NIST SP 800-53 security controls for cloud services used by US federal agencies. The AU (Audit and Accountability) control family defines the technical requirements for audit logging. AU-2 requires that cloud providers define the types of events that the system is capable of auditing — for AI systems, this means explicitly documenting the audit events generated by AI interactions, model API calls, tool invocations, and administrative actions. AU-12 requires that the information system generates audit records for events defined in AU-2, that audit records contain sufficient information to establish what events occurred, and that audit trail records are protected from unauthorized access, modification, and deletion.

For AI systems seeking FedRAMP authorization, audit events must include at minimum: authentication and authorization events (user login, MFA events, access denials), AI session lifecycle events (session start, session end, session timeout), AI interaction events (query submitted, model response generated, tool invocation requested/completed/failed), administrative events (configuration changes, model updates, policy modifications), and security-relevant events (anomalous query patterns, policy violations, error conditions). FedRAMP High baseline (required for AI systems accessing Controlled Unclassified Information) requires significantly more granular logging than FedRAMP Moderate.

SOC 2 CC7.2 (System Monitoring): AICPA Trust Service Criteria CC7.2 requires that organizations monitor their systems to detect potential security events, evaluate system performance, and identify unexpected behavior. For AI systems, CC7.2 controls must demonstrate: automated monitoring of AI system behavior for anomalies, alerting on AI security events (unauthorized access attempts, unusual query patterns, potential data exfiltration via AI outputs), and documented procedures for investigating and responding to AI monitoring alerts. SOC 2 auditors increasingly evaluate AI-specific CC7.2 controls — the presence or absence of AI operation logging is a key differentiator between SOC 2 reports with AI system scope versus traditional SaaS application scope.

SIEM Integration for AI Audit Logs: Security Information and Event Management (SIEM) platforms — Splunk, Microsoft Sentinel, IBM QRadar, and Google Chronicle — provide the centralized log collection, correlation, and alerting capabilities required to operationalize AI audit logging at enterprise scale. AI logs should be forwarded to the enterprise SIEM in real time using structured formats (JSON, CEF, or LEEF) to enable automated correlation with other security events. A prompt injection attack, for example, might appear as an anomalous AI query pattern in AI logs, correlate with a network anomaly in firewall logs, and trigger an alert in the SIEM before the AI agent takes an unauthorized action — but only if AI logs are integrated into the SIEM and the correlation rules are configured.

Section 05

Immutable Log Storage and Retention Requirements by Regulation

Immutability requirements: Multiple regulatory frameworks require that audit logs be tamper-evident or immutable — meaning that once written, log records cannot be modified or deleted without leaving an auditable trail. FedRAMP AU-9 (Protection of Audit Information) requires that audit records be protected from unauthorized access, modification, and deletion. SOC 2 CC7.2 evidence requires that monitoring logs cannot be altered by the parties being monitored. GDPR accountability requires that processing records accurately reflect actual processing activities, implying that records cannot be retroactively modified to cover up compliance failures. Technically, immutability can be achieved through: write-once storage (AWS S3 Object Lock, Azure Immutable Blob Storage), append-only log stores (Amazon CloudWatch Logs, Splunk with log integrity), or cryptographic hash chaining (each log record includes the hash of the previous record, so any modification breaks the chain).

Log retention requirements by regulation (enterprise AI reference):

  • EU AI Act (high-risk AI deployers): 6 months minimum; sector-specific rules take precedence
  • GDPR (data processing records under Article 30): Duration of processing activity plus applicable statute of limitations (typically 3-6 years in EU member states)
  • HIPAA (audit logs for ePHI access): 6 years from creation or last effective date
  • SOX (IT audit trails supporting financial reporting): 7 years
  • MiFID II (financial services transaction records): 7 years; some categories 5 years
  • FedRAMP (AU control family): Audit records retained online for 90 days minimum; offline archival per agency data retention policy (typically 3-7 years)
  • FINRA Rule 4511 (broker-dealer records): 6 years for most records; 3 years for daily records accessible for first 2 years
  • PCI DSS v4.0 (cardholder data environment): 12 months; 3 months must be immediately available for analysis

Meta GDPR Fine — EUR 1.2B (2023)

The Irish DPC's record fine against Meta for inadequate documentation of data transfers highlighted that accountability failures — the inability to produce evidence of compliant processing — are as prosecutable as the underlying compliance violation. AI systems that cannot produce processing logs face the same accountability exposure as Meta's documented transfer failures.

Goldman Sachs WhatsApp Fine — $125M (2022)

The SEC fined Goldman Sachs $125 million for failures in recordkeeping — specifically for using ephemeral messaging channels that did not preserve business communications. The same logic applies directly to AI systems: if AI-assisted business communications and decisions are not logged and retained, they represent a recordkeeping violation under SEC Rule 17a-4 for broker-dealers.

FTC AI Governance Enforcement — 2024

The FTC's 2024 enforcement actions against AI companies that could not document how their systems made decisions signal the accountability principle in action: regulators expect organizations to be able to produce logs demonstrating what their AI systems did, why, and what safeguards were in place. The "black box" defense — we cannot reconstruct what our AI did — is not accepted as a compliance defense.

Implementation Checklist

AI Audit Logging Implementation Checklist

  • Define AI audit event taxonomyDocument all AI audit events per FedRAMP AU-2: authentication events, session lifecycle, AI interactions (query/response), tool invocations, administrative changes, model updates, policy violations, and error conditions
  • Implement structured logging for all AI interactionsLog every AI query and response with: timestamp (UTC, millisecond precision), user identity, session ID, model version, input tokens, output tokens, retrieved documents (RAG), tool calls, and response latency
  • Enable immutable log storageWrite AI audit logs to tamper-evident storage: AWS S3 Object Lock (WORM), Azure Immutable Blob Storage, or Splunk with log integrity; implement cryptographic hash chaining for highest-assurance environments
  • Integrate AI logs with enterprise SIEMForward AI audit logs to Splunk, Microsoft Sentinel, or equivalent SIEM in structured format (JSON/CEF) in real time; configure AI-specific correlation rules for anomaly detection and alerting
  • Implement EU AI Act Article 12 logging for high-risk AIEnsure logs capture: usage period timestamps, reference databases used, input data used for outputs (where technically feasible), identity of human reviewers involved in verification; retain for minimum 6 months
  • Maintain GDPR Article 30 Records of Processing ActivitiesDocument all AI processing activities in ROPA: legal basis, data categories, purposes, retention periods, third-country transfers; update ROPA when AI processing activities change
  • Implement log retention policies by regulationApply per-regulation retention: HIPAA 6 years, SOX/MiFID II 7 years, FedRAMP 90 days online + archival, PCI DSS 12 months; tag logs with applicable regulatory classification for automated lifecycle management
  • Configure SOC 2 CC7.2 monitoring and alertingImplement automated monitoring for AI anomalies: unusual query volumes, off-hours access, potential PII in outputs, repeated failed tool invocations; document alert procedures and response times for SOC 2 evidence
  • Test log completeness and integrityConduct quarterly log completeness tests: confirm no gaps in AI interaction logs, verify hash chain integrity for immutable logs, test SIEM alert firing for simulated AI anomalies, document test results as ISO 42001 audit evidence
  • Document AI logging controls for NIST AI RMF Govern functionMap AI logging controls to NIST AI RMF GOVERN 1.7 and GOVERN 6.1 requirements; include logging evidence in AI risk management documentation; review logging coverage when AI capabilities are updated
FAQ

Frequently Asked Questions

What does EU AI Act Article 12 specifically require AI systems to log?

EU AI Act Article 12 requires high-risk AI systems to automatically generate logs that capture: (1) the period of each use (start and end timestamps for each operational session); (2) the reference database against which input data was checked — for AI systems using RAG, this means documenting which knowledge base or vector database was queried; (3) the input data that led to the system's output, where technically feasible — meaning AI inputs should be logged to the extent possible without creating excessive storage burden; and (4) the identity of persons involved in verifying the results, where human review steps exist. The Regulation further requires that logs enable monitoring of the system's operation and identification of risks. Providers have flexibility in implementation, but must demonstrate that their logging is fit for purpose during conformity assessments.

How does GDPR Article 5(2) accountability create an AI logging obligation?

GDPR Article 5(2) requires that controllers be able to demonstrate compliance with the principles in Article 5(1). Those principles — lawfulness, fairness, transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality — all require evidence to demonstrate. For AI systems processing personal data, you cannot demonstrate purpose limitation without logs showing what data the AI used for which purpose. You cannot demonstrate data minimization without logs showing the AI only accessed necessary data. You cannot demonstrate storage limitation without logs enabling you to enforce data deletion schedules. In short, the accountability principle converts GDPR compliance aspirations into audit evidence requirements that can only be met through comprehensive AI operation logging. Supervisory authority investigations increasingly begin with demands for ROPA documentation and audit logs that prove the controller operated as documented.

What is the difference between FedRAMP AU-2 and AU-12, and which applies to AI systems?

FedRAMP AU-2 (Audit Events) requires the organization to identify the types of events the system is capable of auditing and to coordinate with other entities requiring audit information to enhance mutual support. For AI systems, AU-2 means explicitly documenting — in the System Security Plan — the specific AI events that generate audit records: query submissions, model responses, tool invocations, session events, and administrative changes. AU-12 (Audit Record Generation) requires that the information system generates audit records for events defined in AU-2, that audit records contain sufficient information, and that the system provides centralized management of audit record generation. AU-12 is the technical control requiring the AI logging infrastructure to actually function. Both apply to any AI system within FedRAMP authorization scope — together, they require both the policy definition (AU-2) and the technical implementation (AU-12) of AI audit logging.

How should AI logs be integrated with Splunk or Microsoft Sentinel?

AI audit logs should be forwarded to Splunk or Microsoft Sentinel via structured data pipelines in near-real time. For Splunk: configure the AI application to emit structured JSON logs via HTTP Event Collector (HEC) or to write to a log file consumed by a Splunk Universal Forwarder; create a custom TA (Technology Add-on) that defines field extractions for AI-specific fields (session_id, user_identity, model_version, prompt_tokens, completion_tokens, tool_calls). For Microsoft Sentinel: use the Azure Monitor Agent or a custom Log Analytics workspace connector to ingest AI logs; configure Sentinel Analytics Rules to detect AI-specific anomalies (unusual session volumes, off-hours AI access, potential prompt injection patterns). In both cases, AI logs should be tagged with a source identifier (e.g., source=claire_ai_platform) for filtering, and correlation rules should join AI events with authentication and network logs to detect multi-stage attack patterns involving AI components.

Do AI audit logs qualify as personal data under GDPR, and how does this affect retention?

Yes, AI audit logs frequently contain personal data and are subject to GDPR: logs contain user identities (directly identifying), session activity that may reveal behavioral patterns (indirectly identifying), and AI query contents that may include personal information the user shared. This creates a tension between audit retention requirements (which push toward longer retention) and GDPR storage limitation (which requires deletion when no longer necessary). Organizations should resolve this by: (1) identifying the legal basis for processing audit logs as personal data — typically legitimate interests for security and compliance monitoring; (2) establishing purpose-specific retention periods for different log categories (security logs shorter than compliance records); (3) pseudonymizing audit logs after the active investigation period by replacing user identifiers with hashed values; and (4) documenting the balancing test for the legitimate interests legal basis in the ROPA. Some EU DPAs have issued guidance on this topic; the French CNIL has published a recommendation on log retention that serves as a practical reference for many EU organizations.

How Claire Addresses AI Audit Logging

Claire generates structured, immutable audit logs for every AI interaction — query, response, tool invocation, model version, user identity, and retrieved documents — stored in write-once infrastructure with configurable per-regulation retention policies. Our logs integrate natively with Splunk, Microsoft Sentinel, and AWS CloudWatch; support EU AI Act Article 12 record-keeping; and are formatted as SOC 2 CC7.2 audit evidence. Compliance teams can export AI interaction reports for GDPR data subject access requests, FedRAMP AU control evidence packages, and SOX audit files in a single workflow.

Book a Demo See How It Works
C
Chat with Claire →