EU AI ACT · SOC 2 · HIPAA
What Article 12 requires, what it doesn’t, and what a dispute requires anyway.
The regulation
“High-risk AI systems shall be designed and developed with capabilities enabling the automatic recording of events (‘logs’) throughout the lifetime of the AI system.”
An honest note on the deadline: the Digital Omnibus provisional agreement of 7 May 2026 moved the high-risk deadline for stand-alone systems to 2 December 2027, pending formal adoption. The original 2 August 2026 date remains in law until that process completes. Treat August 2026 as the planning deadline — the audit infrastructure work takes months either way.
Also honest: Article 12 says “logs,” not “tamper-evident logs.” The regulatory minimum is recording. But Article 9 requires a risk management system, and when an incident occurs — a credit-scoring model produces a discriminatory output, a medical diagnostic is challenged, a recruitment tool is investigated — “we have logs but cannot prove they weren’t modified” is a gap in that system. The regulation doesn’t mandate cryptographic immutability. Defensible evidence production requires it regardless.
Requirement → mechanism
The five evidence classes
| class | what it means | when you have it |
|---|---|---|
| AUTHORITATIVE_EVIDENCE | Independent party sealed it. Agent could not have forged this. | Archeion sealed |
| SIGNED_NON_AUTHORITATIVE | Ed25519 signatures present. Requires private key to forge. | SDK signing enabled |
| NON_AUTHORITATIVE_EVIDENCE | Hash chain intact. Proves no post-hoc modification. | Default |
| PARTIAL_EVIDENCE | Chain intact but events were dropped during the session. | LOG_DROP events present |
| NO_EVIDENCE | Chain broken or structurally invalid. | Verification failed |
For most internal compliance purposes, NON_AUTHORITATIVE_EVIDENCE is sufficient. For regulatory submissions and legal proceedings where the operator is a party to the dispute, AUTHORITATIVE_EVIDENCE is the correct target — see how the boundary is enforced.
What Sasana does not do
Hashes only. You cannot reconstruct what the agent said from a Sasana log.
Detects it after the fact. Detection and prevention are different properties.
Those are observability. Sasana is evidence production. Complementary.
Self-hosted only. Your evidence never depends on someone else's uptime — or honesty.