AI-Act record-keeping, answered with artifacts

EU AI Act deployers face record-keeping duties (in the spirit of Article 26(6): keep the logs your AI system generates, for at least six months, to the extent they are under your control). This page maps what such obligations typically ask for to the specific NeuralRing artifact that answers it — written for you to forward to your compliance team.

This is an engineering description of record-keeping artifacts, not legal advice. Your compliance team determines which obligations apply to your system and whether these artifacts satisfy them.
Compliance asks…NeuralRing artifactHow it answers
Keep logs of the AI system's operation over its lifetimeSigned attestation chainEvery request emits an append-only, hash-chained, Ed25519-signed record (metadata only). Export any date range from the dashboard; verify offline with the bundled script.
Records sufficient to identify situations of risk / trace outputsAttestation observed blockWhich endpoint served, route hops incl. failovers, token counts, latency, finish reason — per request, linkable from your Activity feed.
Know where processing happened (data-residency obligations)Attestation claimed block + assurance levelThe executing jurisdiction and data-center region as declared by the endpoint, stamped with HOW substantiated that claim is (self-attested / verified / certified). The record never claims more than is proven.
Demonstrate the provider-selection policy you appliedpolicyApplied in each attestationThe jurisdiction pin, minimum tier and assurance floor your request carried are recorded per request — evidence your routing policy was enforced, not just configured.
Retention of records (Art. 26(6): ≥ 6 months)Append-only attestation storeRecords are never updated or deleted; retention is a database policy on an EU-resident store, tamper-evident by construction.
No unnecessary personal data in logsData-minimization defaultPrompts and completions are NOT logged by default. Content logging is a per-org opt-in whose state is shown in your dashboard settings; even then only a hash enters the attestation.

Try it: make one request in the playground, open its attestation link, and hand the dashboard export to your auditor. Every claim in it states its own assurance level — that honesty is the audit story.