WARRANT
[email protected] Open the demo →
ENTRY № 40 · COMPLIANCE CHECKLIST · EU AI ACT · NYDFS · SR 11-7
PUBLISHED 2026-06-04 · ~12-MIN READ · WARRANT COMPLIANCE

What records must an AI agent keep to satisfy a regulator?

An AI agent in a regulated industry must keep an automatic event record of what it did, retained for a hard floor of at least six months. Under the EU AI Act, Article 12(1) of Regulation (EU) 2024/1689 requires automatic recording of events over the lifetime of a high-risk system; Article 19(1) sets the provider retention floor and Article 26(6) the matching deployer floor, both at least six months. NYDFS 23 NYCRR 500.6(a)(2) demands an audit trail designed to detect cybersecurity events. SR 11-7 demands comprehensive documentation of the model. This is the record set, mapped clause by clause to what a deployer can act on this quarter.

Warrant is regulator-grade evidence infrastructure for AI agents in regulated industries: drop an agent's execution trace, get a record mapped to a specific EU AI Act obligation, independently verifiable without contacting Warrant.

RECORD SET
Art. 12· § 1
Automatic event recording over the lifetime of a high-risk AI system.
RETENTION FLOOR
≥ 6months
Article 19(1) provider floor and Article 26(6) deployer floor. Sectoral law often runs longer.
US AUDIT TRAIL
§ 500.6(a)(2)
NYDFS 23 NYCRR audit trail to detect and respond to cybersecurity events.
01 · THE RECORD SET

The record set, in one paragraph.

The regulator's question is narrow. Show me what the agent did, prove the record is intact, and prove you kept it long enough. Three regimes ask it three ways. The EU AI Act asks for an automatic event record over the lifetime of the high-risk system. NYDFS asks for an audit trail that detects cybersecurity events at the operation level. US bank model risk guidance asks for comprehensive documentation of the model and its decisions. Across all three, the unit that satisfies is the same: a record mapped to a specific obligation, kept for at least the retention floor, independently verifiable without contacting Warrant.

This entry is structured as the regulator's question, the record artifact that answers it, and the article that demands it. Run the list against a production agent and the gaps are the gaps an inspection finds first.

EU
An automatic event record of every relevant action, over the lifetime of the high-risk system, retained at least six months. DEMANDED BY · Article 12(1) record-keeping; Article 19(1) and Article 26(6) retention.
NY
An audit trail designed to detect and respond to cybersecurity events, showing what was accessed, by which agent, under what authorization, and when. DEMANDED BY · 23 NYCRR 500.6(a)(2), applied to AI by the 16 October 2024 Industry Letter.
US
Comprehensive documentation that allows informed parties to understand the model and reconstruct its decisions. DEMANDED BY · SR 11-7 documentation pillar, carried forward with AI/ML scope by SR 26-2.
02 · EU AI ACT ARTICLE 12

EU AI Act Article 12 · the event record over the lifetime.

High-risk AI systems shall technically allow for the automatic recording of events (logs) over the lifetime of the system. Regulation (EU) 2024/1689 · Article 12(1) · 13 June 2024

Article 12(1) binds providers of high-risk AI systems to automatic event recording over the lifetime of the system. The application date is 2 August 2026, subject to a provisional deferral to 2 December 2027 for Annex III standalone systems under the May 2026 Digital Omnibus, pending OJEU publication. Non-compliance is reachable under Article 99(4) at up to EUR 15 million or 3 percent of global annual turnover. The line-by-line read is in Article 12, line by line.

What the record has to capture is set by Article 12(2). Paragraph 2(a) covers situations that may result in the system presenting a risk under Article 79(1) or a substantial modification. Paragraph 2(b) covers facilitation of post-market monitoring under Article 72. Paragraph 2(c) covers monitoring of the operation under Article 26(5). The record is event-shaped, not request-shaped: it must be addressable by deployment, by version, and by the action the agent took, not just by the HTTP call that carried it.

For an autonomous agent that takes many consequential actions in one run, whether the record is one running log or a discrete record per action is the open boundary. That question is read in full at does Article 12 require a record per agent action.

03 · THE SIX-MONTH FLOOR

The retention floor · at least six months, on two sides.

The providers of high-risk AI systems shall keep the logs referred to in Article 12(1), automatically generated by their high-risk AI systems, to the extent such logs are under their control. Without prejudice to applicable Union or national law, the logs shall be kept for a period appropriate to the intended purpose of the high-risk AI system, of at least six months, unless provided otherwise in the applicable Union or national law, in particular in Union law on the protection of personal data. Regulation (EU) 2024/1689 · Article 19(1) · 13 June 2024

Article 19(1) is the provider floor. The provider keeps the Article 12 logs for a period appropriate to the intended purpose, of at least six months, unless Union or national law requires longer. Article 26(6) is the deployer mirror. The deployer keeps the logs that come under its control, for the same appropriate period, of at least six months. The two floors run in parallel. The detail of the deployer side is in the Article 26 deployer obligations, line by line.

19(1)
PROVIDER FLOOR
Provider keeps the Article 12 logs under its control for at least six months, appropriate to the intended purpose.
26(6)
DEPLOYER FLOOR
Deployer keeps the logs under its control for at least six months, the deployer-side mirror of Article 19(1).

Six months is a floor, not a ceiling. Sectoral law pushes the actual horizon longer wherever it speaks. MiFID II Article 16(7) runs five years for orders and decisions to deal. The Medical Device Regulation Article 10(8) runs ten years, fifteen for implantable devices. A six-month rolling window destroyed twelve months ago is not an answer to a regulator's request twelve months and one day after the event. The phrase in particular in Union law on the protection of personal data is the GDPR carve-back: where logs contain personal data, storage-limitation under GDPR caps the upper bound, and the deployer settles on a per-use-case number that satisfies both regimes.

04 · NYDFS 500.6(a)(2)

NYDFS · the audit trail at the operation level.

Each covered entity shall securely maintain systems that, to the extent applicable and based on its risk assessment ... include audit trails designed to detect and respond to cybersecurity events that have a reasonable likelihood of materially harming any material part of the normal operations of the covered entity. 23 NYCRR § 500.6(a)(2) · Second Amendment · effective 1 November 2023

The 16 October 2024 NYDFS Industry Letter imposes no new rule. It applies 23 NYCRR Part 500 to AI, including the § 500.6(a)(2) audit-trail provision. Read against an AI agent, a standard application log does not satisfy: it records that a request returned a status code, not what was accessed or under what authorization. The full reading is in standard API call logs do not satisfy 23 NYCRR § 500.6.

The audit trail has to answer four questions about each operation the agent performed. What was accessed — the specific nonpublic-information element, not a request hash. By which agent — the model identifier and provider, not "the chatbot". Under what authorization — the policy and purpose limitation the action satisfied. When — a timestamp the covered entity cannot retroactively change. The retention side is its own clock: § 500.6(b) runs five years for the (a)(1) reconstruction records and three years for the (a)(2) audit-trail records.

"The regulator does not ask for the log. It asks for the record of what the agent did, and proof you kept it."Warrant Compliance · 2026-06-04
05 · SR 11-7 DOCUMENTATION

SR 11-7 · documentation as a record obligation.

Banks should establish a model risk management framework that includes ... comprehensive documentation ... documentation that allows informed parties to understand the model. SR 11-7 · § III.B documentation pillar · 2011-04-04

The fourth pillar of US bank model risk guidance is comprehensive documentation. SR 11-7, originally issued 4 April 2011 by the Federal Reserve with OCC Bulletin 2011-12 the same day and adopted by FDIC through FIL-22-2017, was carried forward by SR 26-2 in 2026 with explicit AI/ML scope. Under SR 26-2, large language models and agentic systems that produce or shape a bank decision are named as material models, so the documentation pillar attaches to them directly. The line-by-line read is in SR 11-7 / SR 26-2, line by line.

For an AI agent, the documentation record is three layers. The development record — the agent's tool-selection logic, prompt template, retrieval policy, scope of use, and limitations, which are bank artifacts even when a vendor supplies the foundation model. The validation record — the ongoing-monitoring cadence and the triggers that force re-validation. And the per-decision record — what the agent did and the alternatives it weighed, which SR 26-2 reads as part of effective challenge at runtime. The unmapped AI deployment with no model inventory entry is the next examination cycle's most likely model risk finding.

06 · THE DEPLOYER CHECKLIST

The checklist · question, record, clause.

The mapping below is the whole entry in one table. Each row is a question a regulator asks, the record artifact that answers it, and the clause that demands it. A deployer can run this against a production agent and treat any empty record cell as a finding.

Regulator question The record artifact Clause
What did the agent do? Automatic event record per action over the lifetime of the system: trace.actions[*] (actor, subject, inputs, outputs, ts). Art. 12(1)
Was each action within its remit? Per-action authorization record: authorization_envelope.within_purpose, preconditions_met, human_oversight_appropriate. Art. 12(2)(c) · 500.6(a)(2)
Can you detect a risk or modification? Risk-situation record per action, flagging deviation from intended purpose and substantial modification. Art. 12(2)(a)
Did you keep it long enough? Retention proof: provider-controlled logs at least six months; deployer-controlled logs at least six months. Art. 19(1) · 26(6)
What was accessed, and under what authority? Operation-level audit trail: subject accessed, agent identity and provider, authorization satisfied, immutable timestamp. 500.6(a)(2)
Can you reconstruct the decision? Documentation record: development, validation, and per-decision records that let informed parties understand the model. SR 11-7 · SR 26-2

The structural choice a deployer makes now is whether each of these records lives inside the agent or in a record layer downstream of the decision. A record mapped to a specific obligation, kept past the retention floor, and independently verifiable without contacting Warrant satisfies the question in every column at once.

W
Sample evidence package · Warrant registerINDEPENDENTLY VERIFIABLE WITHOUT CONTACTING WARRANT
→ /v/7de85ceaeac42a47
07 · FAQ

Questions a compliance officer asks first.

What records must an AI agent keep to satisfy a regulator?

Three record sets, depending on the regime. Under the EU AI Act, Article 12(1) requires automatic recording of events over the lifetime of a high-risk AI system. Under NYDFS, 23 NYCRR 500.6(a)(2) requires an audit trail designed to detect and respond to cybersecurity events. Under SR 11-7, carried forward by SR 26-2, the bank must keep comprehensive documentation of the model. In each case the record must capture what the agent did at the operation level, not just that a request returned a status code.

How long must AI agent records be retained under the EU AI Act?

At least six months. Article 19(1) sets the provider retention floor at a period appropriate to the intended purpose, of at least six months, unless other Union or national law requires longer. Article 26(6) sets the matching deployer floor for logs under the deployer's control, also at least six months. Sectoral law often runs longer. MiFID II runs five to seven years. The Medical Device Regulation runs ten to fifteen years for implantable devices.

Do standard application logs satisfy the record-keeping rules?

Usually not. An application log that records HTTP method, status code, and latency is traffic-shaped. The audit trail NYDFS 23 NYCRR 500.6(a)(2) requires, and the event record EU AI Act Article 12(2) makes relevant, are operation-shaped: they must show what was accessed, by which agent, under what authorization, and when. A rolling 30-day application log also fails the six-month retention floor under Article 19(1) and Article 26(6).

Who keeps the records, the provider or the deployer?

Both, on different floors. The provider is responsible for the high-risk system being able to generate the logs automatically under Article 12(1), and retains them under Article 19(1). The deployer retains the logs that come under its control under Article 26(6). Most managed-service contracts after May 2026 route an export feed to the deployer and a parallel retention duty back to the provider, so neither side carries the entire record alone.

What does the SR 11-7 documentation pillar require for an AI agent?

SR 11-7, carried forward by SR 26-2 with explicit AI/ML scope in 2026, requires comprehensive documentation that allows informed parties to understand the model. For an AI agent that means the development record, the validation record, and the per-decision record of what the agent did and why. The unmapped AI deployment with no model inventory entry is the most likely model risk finding at the next examination cycle.

What happens if the records are not kept?

Under the EU AI Act, Article 16(c) routes Article 12 through provider obligations and Article 99(4) applies, at up to EUR 15 million or 3 percent of total worldwide annual turnover for the preceding financial year, whichever is higher. Under NYDFS, a missing 23 NYCRR 500.6(a)(2) audit trail is a gap a regulator examining a cybersecurity event surfaces first, and it sits under the CISO certification at 23 NYCRR 500.17(b). Under SR 11-7 the exposure is a matter requiring attention or a matter requiring immediate attention at examination.

08 · READ THE SOURCE

Read the source directly.

Authored by Warrant Compliance, the regulatory-analysis function at Warrant. [email protected]. Editorial commentary on regulatory text. Not legal advice. The verbatim quotations of Article 12(1) and Article 19(1) reflect the official English-language text of Regulation (EU) 2024/1689 as published in the Official Journal of the European Union on 12 July 2024. The 23 NYCRR § 500.6(a)(2) text reflects the Second Amendment effective 1 November 2023. The SR 11-7 quotation reflects the Federal Reserve supervisory guidance issued 4 April 2011, carried forward by SR 26-2 with explicit AI/ML scope in 2026.

FILED ALONGSIDE
ENTRY № 01 · 2026-05-07
Article 12, line by line.
The verbatim record-keeping obligation, the application date, and the penalty path to Article 99(4).
ENTRY № 27 · 2026-05-11
Article 26 deployer obligations.
The deployer-side six-month floor under Article 26(6), read with the eleven other duties.
ENTRY № 03 · 2026-05-07
Standard logs do not satisfy § 500.6.
The NYDFS audit-trail rule applied to AI agents at the operation level.