Writing on the
obligation to evidence.

What audit-ready evidence for an autonomous agent must contain and be: a per-action record that names the governing obligation, captures the authorisation for each action, retains automatically over the lifetime of the system, and is independently verifiable without contacting Warrant. Framed as the requirement, mapped to EU AI Act Article 12 and the six-month retention floor.

The record set a deployer must retain: Article 12(1) automatic event recording over the lifetime of the system, the Article 19 and Article 26(6) six-month retention floor, the NYDFS 23 NYCRR 500.6(a)(2) audit trail, and SR 11-7 documentation. The regulator's questions mapped to the artefact and the clause that demands it.

The definition: a record that states, for each action an AI agent took, which regulatory obligation governed it and whether the action satisfied it — independently verifiable without contacting Warrant. The deliverable layer a regulator reads in place of telemetry, mapped across EU AI Act Article 12, Annex III, NYDFS, SR 11-7, FCA, RBI, MAS, and India DPDP.

Standard inference and LLM API logs do not satisfy a NYDFS 23 NYCRR 500.6(a)(2) audit trail or SR 11-7 ongoing monitoring. The five questions a regulator asks — what the agent accessed, when, under what authority, under what constraints, with what result — mapped to the per-action record and the clause that demands it, with EU AI Act Annex III creditworthiness as the cross-over.

Article 12 of Regulation (EU) 2024/1689 binds high-risk AI systems to the automatic recording of events over the lifetime of the system. An autonomous agent does not act once. It chains actions, each a separate event. Read against Article 12(1) and the Annex III high-risk determination, the recording unit is the action, not the session. What that means for retention, traceability under Article 12(2), and the penalty exposure under Article 99(4).

The Commission's 19 May 2026 draft guidelines on the classification of high-risk AI systems under Article 6, open for stakeholder consultation until 23 June 2026, 22:00 CET. Paragraph 75 of the Annex III chapter names agentic AI directly: where linked actions in conjunction serve an intended high-risk purpose, the unit of assessment is the system, not the step. Two routes in, one filter mechanism with a profiling floor, an intended-purpose deeming rule, and a deployer-becomes-provider trigger. Calendar moved to 2 December 2027 under the Omnibus, content unchanged.

CFPB Circular 2022-03 on ECOA adverse-action notices when AI is used. 2023 chatbot supervisory highlights. 2024 interagency AVM rule. CFPB Circular 2024-06 on algorithmic scores. The US Federal consumer-finance regulator's position on AI explainability and UDAAP exposure for lending, mortgage, and chatbot agents.

China Personal Information Protection Law (PIPL, effective 2021-11-01) + CAC Generative AI Measures (2023-08-15) + Deep Synthesis Provisions (2023-01-10). Article 24 automated decision-making. Articles 38-43 cross-border transfer. Articles 55-56 PIPIA. The APAC privacy stack with extraterritorial reach and RMB 50M / 5% turnover penalty ceiling.

The OWASP Top 10 for Large Language Model Applications (2025 edition). Ten applied security categories from prompt injection through unbounded consumption. Cross-references to NIST AI 100-2 attack taxonomy and EU AI Act Article 15(5) cybersecurity obligation. The engineering checklist that translates the taxonomy into a build-time audit.

NIST AI 100-2e2025 — Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. Four top-level attack classes (Evasion, Poisoning, Privacy, Abuse) plus mitigation taxonomy. The engineering vocabulary that EU AI Act Article 15(5) cybersecurity obligation reads against.

Article 27 of Regulation (EU) 2024/1689 sets the fundamental rights impact assessment obligation for high-risk AI deployers. Article 26(9) is the trigger. Six contents elements under 27(1)(a)-(f). The AI Office template under 27(5). Notification to market surveillance authority under 27(3). Sister piece to Article 26 deployer obligations.

Article 15 of Regulation (EU) 2024/1689 binds providers of high-risk AI systems to design and develop the system to achieve an appropriate level of accuracy, robustness, and cybersecurity, and to perform consistently across the lifecycle. Accuracy levels declared in the Article 13 instructions for use. Resilience covers errors, faults, inconsistencies, fail-safe and redundancy. Cybersecurity covers data poisoning, model poisoning, model evasion, confidentiality attacks. The technical-quality bar of the EU AI Act.

Article 9 of Regulation (EU) 2024/1689 binds providers of high-risk AI systems to establish, implement, document, and maintain a risk management system as a continuous iterative process planned and run throughout the entire lifecycle. Ten paragraphs covering the four-step process, residual-risk acceptability, real-world testing under Article 60, minors and vulnerable groups, and integration with the Article 17 quality management system.

Article 26 of Regulation (EU) 2024/1689 binds deployers of high-risk AI systems. Twelve paragraphs covering use per the Article 13 instructions for use, competent staff for human oversight under Article 14(3)(b), input data relevance, monitoring and serious-incident reporting, log retention floor of six months, workplace-AI worker notification, data-subject notification, public-authority registration under Annex VIII, the DPIA cross-reference, and the Article 27 fundamental-rights impact assessment trigger.

Article 14 of Regulation (EU) 2024/1689 binds providers of high-risk AI systems to design and develop the system so it can be effectively overseen by natural persons. The five oversight capabilities the natural person must have, listed verbatim. The four-eyes principle in Article 14(5) for biometric identification under Annex III(1). Sister piece to the Article 12 / Article 13 / Annex IV reads.

Colorado AI Act (SB24-205, signed 17 May 2024) and California CCPA ADMT regulations (CPPA, finalised 24 July 2025). Two state-level frameworks for automated decision-making technology in 2026. Reasonable-care duty, consumer notice obligations, opt-out rights, and risk-assessment requirements.

Article 11 of Regulation (EU) 2024/1689 obliges every provider of a high-risk AI system to draw up technical documentation before placing the system on the Union market. Annex IV defines, in nine sections, what the documentation must contain. Application 2026-08-02 (subject to provisional deferral to 2027-12-02 under May 2026 Omnibus).

Regulation (EU) 2016/679 Article 22. The data subject's right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects the data subject. Read against AI agents in production.

HIPAA Privacy Rule (45 CFR Part 164 Subpart E) and Security Rule (Subpart C) read against AI agents handling protected health information. Minimum-necessary, business-associate-agreement, audit-control, and breach-notification obligations applied to the AI deployment perimeter.

Singapore MAS FEAT (12 Nov 2018) plus AIRM Information Paper (Dec 2024). 14 sub-principles · 8 AIRM sections · Veritas Toolkit v2.0. The supervisory expectation tier for Singapore-licensed financial institutions.

Digital Personal Data Protection Act 2023. Section 8 obligations · DPDP Rules 2025 (notified 13 Nov 2025) · Rule 7 breach-notification 72 hours. DPB constituted under § 18 (Chapter V). Substantive obligations effective 13 May 2027.

SEBI/HO/MIRSD/MIRSD-PoD/P/CIR/2025/0000013 (4 Feb 2025) + extension CIR/P/2025/132 (30 Sep 2025). Universal applicability to all stock brokers wef 1 April 2026. Glide-path milestones verbatim from SEBI PDFs.

RBI Framework for Responsible and Ethical Enablement of AI (13 August 2025). Committee chaired by Dr Pushpak Bhattacharyya. 7 sutras · 6 pillars · 26 recommendations. The Indian banking + financial-services AI baseline.

Three references compliance officers reach for before opening any binding regulator. OECD AI Principles (2019/2024) · ISO/IEC 24028:2020 trustworthiness vocabulary · IAPP AIGP body of knowledge (since March 2024).

Four functions: GOVERN · MAP · MEASURE · MANAGE. NIST AI 100-1 (Jan 2023) + NIST AI 600-1 GenAI Profile (Jul 2024). Cited in Executive Order 14110 and OMB M-24-10. Crosswalks with ISO/IEC 42001 and OECD.

First international AI management system standard. Published 18 Dec 2023. AIMS analogous to ISO 27001 for infosec. 38 controls in Annex A. Likely backbone of CEN-CENELEC harmonised standards for EU AI Act conformity.

Article 12 binds the provider to log. Article 13 binds the same provider to give the deployer instructions sufficient to interpret those logs. The two articles are paired obligations: the artefact and the manual to read it. General application 2026-08-02 (subject to provisional deferral to 2027-12-02 under May 2026 Omnibus).

Federal Reserve / OCC / FDIC interagency guidance on model risk management. Originally 2011-04-04. Carried forward through SR 26-2 with explicit AI/ML scope. Read against an AI agent inside a US bank, the four pillars become per-decision evidence obligations.

Five sub-principles of PRIN 2A. One Handbook chapter. Principle 12 binds every UK retail-facing firm to deliver good outcomes; PRIN 2A breaks the principle into operative duties. Read against an AI agent making customer-facing decisions, the four outcomes become evidence-of-record obligations.

Velocity reading on the 2026-05-07 provisional Council + Parliament agreement on the Digital Omnibus on AI. Annex III standalone high-risk application moves from 2 August 2026 to 2 December 2027. Annex I embedded high-risk to 2 August 2028. Article 50 transparency to 2 December 2026. Provisional pending OJEU publication; until then the AI Act as enacted continues to govern.

observability is not the same as runtime. runtime is not the same as evidence. evidence is not the same as attestation. why splitting the perimeter into four layers is what makes the regulator accept the artefact.

a citation-precision benchmark cross-checks every sub-clause we cite against canonical regulator text. how three real bugs got caught, a model-upgrade citation regression, prompt injection inside trace data, FCA-vs-SR-11-7 cross-jurisdictional drift.

the same trace evaluated against EU AI Act, FCA Consumer Duty, NYDFS Part 500, SR 11-7, RBI FREE-AI, SEBI Retail Algorithmic Trading Framework, India DPDP, MAS FEAT, simultaneously. nine regimes. six jurisdictions. one evidence package, independently verifiable without contacting Warrant.

On 16 October 2024 NYDFS issued an Industry Letter on AI cybersecurity. The letter imposes no new rules. It applies 23 NYCRR Part 500 to AI, including § 500.6(a)(2) audit trails. Read against that rule, standard API call logs and LLM inference logs do not satisfy.

A piece on Hacker News this week framed AI agents as already-inside-the-perimeter actors. The metaphor is right. The perimeter has stopped being a network boundary and started being a logging boundary.

Article 12(1) of Regulation (EU) 2024/1689 requires high-risk AI systems to technically allow for the automatic recording of events over the lifetime of the system. Enforcement begins 2 August 2026. The verbatim text, the in-scope determination under Annex III, the retention rules, the penalty exposure under Article 99(4).