AI-Act record-keeping, answered with artifacts
EU AI Act deployers face record-keeping duties (in the spirit of Article 26(6): keep the logs your AI system generates, for at least six months, to the extent they are under your control). This page maps what such obligations typically ask for to the specific NeuralRing artifact that answers it — written for you to forward to your compliance team.
This is an engineering description of record-keeping artifacts, not legal advice. Your compliance team determines which obligations apply to your system and whether these artifacts satisfy them.
| Compliance asks… | NeuralRing artifact | How it answers |
|---|---|---|
| Keep logs of the AI system's operation over its lifetime | Signed attestation chain | Every request emits an append-only, hash-chained, Ed25519-signed record (metadata only). Export any date range from the dashboard; verify offline with the bundled script. |
| Records sufficient to identify situations of risk / trace outputs | Attestation observed block | Which endpoint served, route hops incl. failovers, token counts, latency, finish reason — per request, linkable from your Activity feed. |
| Know where processing happened (data-residency obligations) | Attestation claimed block + assurance level | The executing jurisdiction and data-center region as declared by the endpoint, stamped with HOW substantiated that claim is (self-attested / verified / certified). The record never claims more than is proven. |
| Demonstrate the provider-selection policy you applied | policyApplied in each attestation | The jurisdiction pin, minimum tier and assurance floor your request carried are recorded per request — evidence your routing policy was enforced, not just configured. |
| Retention of records (Art. 26(6): ≥ 6 months) | Append-only attestation store | Records are never updated or deleted; retention is a database policy on an EU-resident store, tamper-evident by construction. |
| No unnecessary personal data in logs | Data-minimization default | Prompts and completions are NOT logged by default. Content logging is a per-org opt-in whose state is shown in your dashboard settings; even then only a hash enters the attestation. |
Try it: make one request in the playground, open its attestation link, and hand the dashboard export to your auditor. Every claim in it states its own assurance level — that honesty is the audit story.