WARRANT
[email protected] Open the demo →
ENTRY № 41 · HOW-TO · EU AI ACT, ART. 12 + ART. 19 + ART. 26
PUBLISHED 2026-06-04 · ~11-MIN READ · WARRANT COMPLIANCE

How to produce audit-ready evidence for an autonomous AI agent.

Audit-ready evidence for an autonomous agent is a per-action record that names the governing obligation, captures the authorisation for each action, retains automatically over the system lifetime, and is independently verifiable without contacting the vendor. This is what the evidence must contain and be, written as requirements a deployer can hold a stack to. It is not a description of any one vendor's internal process.

Warrant is regulator-grade evidence infrastructure for AI agents in regulated industries: drop an agent's execution trace, get a record mapped to a specific EU AI Act obligation, independently verifiable without contacting Warrant.

UNIT OF RECORD
Per action
One addressable record for each autonomous action, not one running log per system.
RETENTION FLOOR
6 mo· min
Article 19(1) sets at least six months, appropriate to the intended purpose, unless other law requires longer.
VERIFIABILITY
No vendor
An auditor confirms the record is unchanged since the action without contacting the vendor.
01 · WHAT AUDIT-READY MEANS

What audit-ready evidence actually is.

An autonomous agent in a high-risk deployment takes many consequential actions in a single run. When an auditor opens an inquiry in 2027 about an action from 2026, the question is never "show me uptime that day". The question is narrower: show me what the agent did at this moment, under what authorisation, against which obligation, and prove the record has not been edited since. Evidence is audit-ready when it can answer that question without the deployer scrambling to reconstruct behaviour after the fact.

That resolves into four requirements the evidence must satisfy. It is a per-action record. Each record names the governing obligation. Each record captures the authorisation. The record retains automatically over the system lifetime and is independently verifiable. The rest of this note works each requirement against the EU AI Act text, so a deployer can read the spec against any candidate stack. The architecture behind these properties is set out in the four-layer evidence stack; this note is the requirements view a deployer holds a vendor to.

High-risk AI systems shall technically allow for the automatic recording of events (logs) over the lifetime of the system. Regulation (EU) 2024/1689 · Article 12(1) · 13 June 2024

Article 12(1) is the dated, penalty-backed obligation underneath all of this. The application date is 2 August 2026, subject to a provisional deferral to 2 December 2027 for Annex III standalone systems under the May 2026 Digital Omnibus. Non-compliance is reachable under Article 99(4) at up to EUR 15 million or 3 percent of global annual turnover. What the sentence does not do is fix the shape of the record. The four requirements below are what turn a bare logging obligation into evidence an auditor accepts.

02 · REQUIREMENT 1 · PER-ACTION

It is a record per action.

The first requirement is granularity. Article 12(1) requires recording of events over the lifetime of the system, but it does not say whether a record means one running log per system or a discrete record for each autonomous action. For a single-pass model the distinction is academic. For an agent that takes a chain of consequential actions in one run, it is the whole question. An auditor cannot grade an action the deployer can only show buried inside a system-wide log.

So audit-ready evidence makes each action an addressable record. The per-action unit carries, at minimum, the actor, the action, the subject, the inputs, the outputs, and the timestamp, expressed in the schema as trace.actions[*]. That is the smallest unit a regulator's question maps onto. Whether the draft classification Guidelines treat the agent or the step as the unit of assessment is still an open boundary, examined in the per-action records question; either way, evidence built per action survives both readings.

"An auditor's question is per action. The evidence has to be too."Warrant Compliance · 2026-06-04
03 · REQUIREMENT 2 · NAMES THE OBLIGATION

Each record names the governing obligation.

The second requirement is that the record cites the specific obligation it answers to, down to the sub-clause, not the regulation in the abstract. "EU AI Act compliant" is not evidence. "Article 12(2)(c), monitoring under Article 26(5)" is. An audit-ready record names the article, the paragraph, and the sub-paragraph, so an auditor traces the record to the canonical text rather than to the vendor's interpretation of it.

The mapping is concrete. The per-action record under trace.actions[*] answers Article 12(1). The risk-situation events under Article 12(2)(a) map to the per-action risk assessment. The post-market monitoring events under Article 12(2)(b) map to the per-action outcome roll-up. The human-oversight monitoring events under Article 12(2)(c) map to the per-action oversight fields and resolve against Article 26(5). The line-by-line field-to-clause map is set out in Article 12, line by line.

12(1)
Automatic recording over the lifetime of the system. FIELD · trace.actions[*] — per-action actor, subject, inputs, outputs, timestamp.
12(2)(a)
Identifying situations that may present a risk, under Article 79(1). FIELD · trace.actions[*].risk_assessment — deviation from intended purpose, drift indicators.
12(2)(c)
Monitoring of operation under Article 26(5). FIELD · trace.actions[*].oversight — reviewer, review outcome, intervention record, justification.
04 · REQUIREMENT 3 · CAPTURES AUTHORISATION

Each record captures the authorisation.

The third requirement is that the record does not just say what the agent did; it says whether the agent was allowed to do it. For each action the record carries the authorisation: whether the action sat within the system's intended purpose, expressed as within_purpose, and whether the required human oversight was present, carried in the authorization_envelope.* fields. An action that fell outside the intended purpose, or that should have had a human in the loop and did not, is exactly what an auditor is looking for.

This is where the record-keeping obligation meets the deployer's standing duties. A deployer that runs a high-risk agentic system carries the Article 26 obligations and signs its name to what leaves the building, including the human oversight measures under Article 26(2) and the monitoring under Article 26(5). The authorisation fields are what let a record demonstrate those duties were met for each action rather than asserted at the system level. The full deployer duty set is in the Article 26 deployer obligations, line by line.

within_purpose
Whether the action sat within the system's intended purpose. FIELD · the per-action gate that maps to deployer use within the intended purpose.
authorization_envelope.*
Whether the required human oversight was present and within the permitted envelope. FIELD · resolves against Article 26(2) oversight and Article 26(5) monitoring.
05 · REQUIREMENT 4 · RETAINS SIX MONTHS

It retains over the system lifetime.

The fourth requirement is retention, and it is the one a general-purpose telemetry stack quietly fails. Article 12(1) scopes recording to the lifetime of the system. Article 19(1) puts a floor under it: logs must be kept for at least six months, appropriate to the intended purpose, unless other Union or national law requires longer. Sectoral law frequently requires far longer. MiFID II runs five to seven years. The Medical Device Regulation runs ten to fifteen years for implantable devices.

6 months
ARTICLE 19(1) FLOOR
At least six months, appropriate to the intended purpose, unless other law requires longer.
7–30 days
DEFAULT TELEMETRY
A general-purpose observability tier rotates logs out well before the floor. Retention is automatic, not a plan.

The practical test is whether retention is a property of the evidence system or a retention plan bolted onto a telemetry tool. Audit-ready evidence retains automatically over the system lifetime; it does not depend on someone remembering to extend a retention window before logs rotate. A record that was rotated out cannot be reconstructed after the fact, and a record reconstructed after the fact cannot be made audit-ready retroactively.

06 · REQUIREMENT 5 · VERIFIABLE

It is independently verifiable.

The fifth requirement is the one that separates a record from a claim. Audit-ready evidence is independently verifiable: an auditor can confirm the record is unchanged since the action on their own machine, without contacting the vendor and without trusting the vendor's storage. The property lives in the record itself and resolves against an external public reference the vendor does not operate. None of it depends on the vendor being honest, present, or even still in business.

The failure mode this requirement closes is the deposition question. A record held only in the vendor's database, presented as the vendor presents it today, has a known weakness: staff turnover, data migration, a deliberate edit by an insider. A regulator who asks "who attests this is unchanged?" gets one answer, the vendor, and that answer collapses on chain of custody. An independently verifiable record inverts the trust assumption: the auditor checks the record, not the vendor. An audit-ready record is one a court can trust without trusting the company that produced it.

W
Per-action evidence record · Warrant registerRECORD MAPPED TO A SPECIFIC EU AI ACT OBLIGATION · INDEPENDENTLY VERIFIABLE
→ /verify
07 · THE RECORD SHAPE

The record shape, read against the text.

Put the five requirements together and the shape of an audit-ready record is exact. It is a per-action unit. Each unit carries the field that names its obligation, the fields that capture its authorisation, and the events Article 12(2) calls relevant. The whole set retains over the system lifetime to the Article 19(1) floor. And the set is independently verifiable. A deployer can score any candidate evidence stack against this shape line by line.

per action
trace.actions[*] is the addressable unit. Actor, action, subject, inputs, outputs, timestamp. REQUIREMENT 1 · the record is per action, not a system-wide running log.
obligation
Each action maps to a sub-clause: Article 12 read with Article 19(1), Article 26(5), Article 26. REQUIREMENT 2 · a record mapped to a specific EU AI Act obligation, down to the sub-paragraph.
authorisation
within_purpose plus authorization_envelope.* carry whether the action was allowed and overseen. REQUIREMENT 3 · the authorisation for each action, resolving against Article 26(2) and 26(5).
retention
Retained automatically over the system lifetime, floor of six months under Article 19(1). REQUIREMENT 4 · retention is a property of the system, not a plan that can lapse.
verify
Independently verifiable without contacting the vendor, against an external public reference. REQUIREMENT 5 · the auditor checks the record, not the company that produced it.
08 · FAQ

Questions a deployer asks first.

What makes evidence for an AI agent audit-ready under the EU AI Act?

Four properties together. The evidence is a per-action record, not a system-level summary. Each record names the specific EU AI Act obligation it answers to, down to the sub-clause. Each record captures the authorisation for that action: whether it sat within the system's intended purpose and whether the required human oversight was present. The record retains over the lifetime of the system, with a floor of at least six months under Article 19(1). And the record is independently verifiable, meaning an auditor can confirm it is unchanged since the action without contacting the vendor.

Does audit-ready evidence have to be per action, or is one running log enough?

Article 12(1) of Regulation (EU) 2024/1689 requires automatic recording of events over the lifetime of the system but does not fix the granularity. For an autonomous agent that takes many consequential actions in one run, an auditor's question is per action: what did the agent do on this date, under what authorisation, against which obligation. A running log that cannot answer at the level of a single action leaves the deployer reconstructing behaviour after the fact. Audit-ready evidence is structured so each action is an addressable record.

Which obligation should an evidence record cite for an agent action?

The specific sub-clause the action answers to, not the regulation in the abstract. For record-keeping the citation is Article 12 read with the six-month retention floor in Article 19(1). For monitoring of human oversight in deployment it is Article 26(5). For the deployer's standing duties it is Article 26 generally. An audit-ready record names the article, paragraph, and sub-paragraph, so an auditor can trace the record back to the canonical text rather than to the vendor's interpretation.

How long must audit-ready evidence for an AI agent be retained?

Article 19(1) of the EU AI Act sets a floor of at least six months, appropriate to the intended purpose, unless other Union or national law requires longer. Sectoral law frequently requires longer: MiFID II runs five to seven years, and the Medical Device Regulation runs ten to fifteen years for implantable devices. A general-purpose telemetry stack that rotates logs out at seven to thirty days fails the six-month floor on its own. Audit-ready evidence retains automatically over the system lifetime.

What does independently verifiable mean for AI agent evidence?

It means an auditor can confirm the record is unchanged since the action on their own machine, without contacting the vendor and without trusting the vendor's storage. The record carries the property within itself. The verification resolves against an external public reference the vendor does not operate, so the answer does not depend on the vendor being honest or even online. A record held only in the vendor's database, presented as the vendor presents it today, is not independently verifiable.

When do these requirements apply to a high-risk agentic system?

The application date is 2 August 2026, subject to a provisional deferral to 2 December 2027 for Annex III standalone systems under the May 2026 Digital Omnibus. The provisional deferral is pending OJEU publication. Until it is published, the AI Act as enacted continues to govern. Non-compliance with the record-keeping obligation is reachable under Article 99(4) at up to EUR 15 million or 3 percent of total worldwide annual turnover, whichever is higher.

09 · READ THE SOURCE

Read the source directly.

Authored by Warrant Compliance, the regulatory-analysis function at Warrant. [email protected]. Editorial commentary on regulatory text and the shape of audit-ready evidence. Not legal advice. The verbatim quotation of Article 12(1) reflects the official English-language text of Regulation (EU) 2024/1689 as published in the Official Journal of the European Union on 12 July 2024. Retention references are to Article 19(1); deployer references are to Article 26.

FILED ALONGSIDE
ENTRY № 07 · 2026-05-08
The four-layer evidence stack.
Observability, runtime, evidence, attestation. The architecture that produces an audit-ready record.
ENTRY № 01 · 2026-05-07
Article 12, line by line.
The verbatim logging obligation, the Article 19 retention floor, and the field-to-clause map.
ENTRY № 27 · 2026-05-11
Article 26 deployer obligations.
Who signs their name to what the agent does once it is in service.