EU AI Act Article 50 — 20 days to seal | Get passport
🐉

Record-Keeping and Logging

EU AI Act Article 12 · Automatic Event Recording · SIGIL Chain · Audit-Grade Trail · Ed25519-Signed · EAT Directive aligned

ART 12 SIGIL CHAIN ACTIVE
8
Log Categories
1Hz
Event Rate
86,400
Events/Day
6mo
Auto Retention
5yr
Governance Retention
0
Gaps in Chain

What does Article 12 Require?

Article 12 of the EU AI Act requires that high-risk AI systems are technically designed to enable automatic recording of events ("logs") throughout the system's lifetime. Logs must:

DEFONEOS implements Article 12 through the SIGIL chain — an Ed25519-signed, hash-chained event ledger that records every system event automatically, at the point of occurrence, with cryptographic guarantees of integrity, ordering, and authenticity.

⚠️ Honesty Register

The SIGIL chain is a live, functioning logging system — events are genuinely recorded, hash-chained, and Ed25519-signed. The event rates (1Hz, 86,400/day) describe the design capacity and observed activity. However, DEFONEOS has not undergone formal certification of its logging against any specific recognised standard (e.g., RFC 5424 Syslog). "Conformance to recognised standards" (Art 12(2)) would require such assessment. The SIGIL chain format is well-documented but proprietary to CSOAI Ltd.

The SIGIL Chain — DEFONEOS Logging Infrastructure

Architecture

The SIGIL chain is a sequential, append-only, hash-chained ledger. Each entry ("SIGIL") contains:

FieldDescriptionExample
Sequence #Monotonically incrementing index0001234567
TimestampISO 8601 UTC (Ed25519-signed)2026-07-05T23:14:32Z
ActorIdentity of the acting component/agentdefoneos-ciso-selfscan
ActionWhat happened (8 operation types)SCAN_COMPLETE
PayloadStructured event data (JSON){"vectors":14,"checks":280,"pass":280}
Prev HashSHA-256 of the previous SIGILa1b2c3d4...
This HashSHA-256 of this SIGIL's contentse5f6a7b8...
SignatureEd25519 signature by actor's key7e8f9a0b...

Key property: Removing, modifying, or reordering any SIGIL breaks the hash chain. The integrity of the entire log can be verified by a single pass from genesis to head.

SIGIL Operation Types

OpNameDescriptionTypical Actors
PPUBLISHNew artifact published (page, MCP, config)Build pipeline, JEEVES
VVERIFYVerification performed (health check, compliance check)CISO self-scan, health monitor
MMONITORMonitoring event (metrics, state observation)Post-market monitoring, drift detector
QQUERYInformation request (API call, data read)MCP servers, federation bridge
CCOUNCILBFT governance vote or decisionBFT council (33 agents)
HHALTStop/halt action (human oversight trigger)Human operator, stop button
SSECURITYSecurity event (threat detected, access blocked)Guardian, SOC, DORADO
AASSESSRisk/conformity assessment eventRMS, conformity evaluator

Logging Categories

1. System Lifecycle Events

EventOpTriggerRetention
System startupMProcess start6 months
System shutdownMProcess stop6 months
Configuration changePConfig file modified5 years
DeploymentPNew version deployed5 years
RollbackHVersion reverted5 years

2. Governance Events

EventOpTriggerRetention
BFT proposalCCouncil proposal submitted5 years
BFT vote castCAgent votes (for/against/abstain)5 years
Council decisionCQuorum reached, decision logged5 years
Red line breachHRed line violation detected5 years
Human overrideHManual override of automated decision5 years

3. Security Events

EventOpTriggerRetention
Foreign IP access attemptSNon-sovereign IP attempts access5 years
Authentication failureSInvalid key/token presented6 months
Supply chain alertSCompromised package detected5 years
Red-team detectionSAdversarial input detected5 years
Key rotationSCryptographic key rotated5 years

4. Data Processing Events

EventOpTriggerRetention
Data accessQSystem reads processed data6 months
Data exportQData leaves sovereign boundary5 years (GDPR)
Subject access requestQGDPR DSAR received5 years (GDPR)
Data retention expiryMData past retention period6 months
DPIA triggerANew high-risk processing identified5 years (GDPR)

5. Monitoring and Compliance Events

EventOpTriggerRetention
CISO scan completeV5-min security scan finishes6 months
Compliance checkVFramework check passes/fails5 years
Drift detectedMModel/data drift above threshold5 years
RMS cycle completeA5-min risk management cycle5 years
Post-market alertMPMR threshold exceeded5 years (Art 72)
Incident reportedSSerious incident (Art 73)5 years (Art 73)

6-8. MCP Operations, Federation, and Agent Activity

CategoryEvents LoggedOp TypesVolume/Day
6. MCP OperationsMCP calls, federation lookups, tool invocationsQ, M~50,000
7. Federation BridgeCross-MCP calls, marketplace activity, SIGIL receiptsQ, V~10,000
8. Agent ActivityAgent spawns, task completions, memory operationsM, C~5,000

Total daily volume: ~86,400 events (1 Hz average), peaking at ~5 Hz during scan cycles.

Sample Log Entries

2026-07-05T23:14:32Z defoneos-ciso-selfscan SCAN_COMPLETE vectors=14 checks=280 pass=280 fail=0 duration=234s
2026-07-05T23:14:05Z defoneos-rms RISK_CYCLE hazards_checked=42 controls_verified=156 residual_high=0 residual_medium=3
2026-07-05T23:12:00Z bft-council-agent-7 COUNCIL_VOTE proposal=BAN-FOREIGN-IP-RANGE vote=FOR reason="sovereignty_protection"
2026-07-05T23:10:00Z defoneos-dorado SECURITY_EVENT type=FOREIGN_ACCESS_ATTEMPT ip=203.0.113.42 blocked=true action=IP_BAN
2026-07-05T23:05:00Z defoneos-drift-monitor DRIFT_CHECK metric=response_latency_p99 baseline=120ms current=118ms delta=-1.7% status=NORMAL
2026-07-05T23:00:00Z jeeves-agent PUBLISH target=defoneos-technical-documentation.html size=28473 sigil=ed25519:7e8f...
2026-07-05T22:55:00Z defoneos-pmm POST_MARKET_MONITOR monitoring_vectors=14 checks=280 alerts=0 cycle_time=300s

Retention Schedule

CategoryRetention PeriodLegal BasisStorage
System lifecycle (non-governance)6 monthsArt 12(3) — appropriate to purposeSIGIL chain (hot)
Governance decisions5 yearsArt 17 QMS + Art 12(3)SIGIL chain (cold)
Security events5 yearsUK Data Protection Act 2018SIGIL chain (cold)
Data processing logs5 yearsGDPR Art 30 + Art 12(3)SIGIL chain (cold)
Serious incidents5 yearsArt 73 reportingSIGIL chain (cold)
Compliance checks5 yearsArt 17 QMSSIGIL chain (cold)
MCP operations6 monthsArt 12(3) — operationalSIGIL chain (hot)

Hot storage: Immediately queryable, <100ms response. Cold storage: Archived but verifiable, <5s response.

Article 12 Compliance Matrix

RequirementArticleStatusEvidence
Automatic recording of eventsArt 12(1)✅ METAll 8 categories auto-logged. No manual trigger required.
Logging conforms to recognised standardsArt 12(2)⚠️ PARTIALSIGIL chain is well-documented but not certified against a specific standard (e.g., RFC 5424).
Log retention appropriate to purposeArt 12(3)✅ MET6-month hot, 5-year cold retention schedule. Per-category policy.
Logs accessible to authoritiesArt 12(4)✅ METRegulator access protocol defined. 72-hour response.
Trade secret protectionArt 12(5)✅ METLogs contain operational data, not source code or model weights. Payloads scoped to metadata.
Log integrity guaranteeArt 12(1) impl.✅ METEd25519 signatures + hash chain. Tamper-evident.
Log availability guaranteeArt 12(1) impl.⚠️ PARTIALSingle SIGIL chain. No distributed replicas yet (planned).

Regulator Log Access Protocol

StepActionMethodResponse Time
1Authority submits log access requestFormal written request
2CSOAI verifies authority and scopeIdentity check24h
3Log range extracted from SIGIL chainAutomated extraction script1h
4Hash chain integrity verifiedFull chain verification1h
5Logs delivered (encrypted / secure portal)Per authority preference72h total
# Regulator verification command (provided with log delivery): $ python3 sigil_verify.py --start 2026-07-01 --end 2026-07-05 → Chain integrity: VALID (0 gaps) → Signatures verified: 432,000/432,000 → Tampering detected: NONE → Hash chain root: sha256:e5f6a7b8c9d0...

Integration with Other Articles

ArticleHow Logging Supports It
Art 9 (RMS)Risk cycle logs feed the risk register. Hazards identified from log patterns.
Art 13 (Transparency)Deployer instructions reference log data for evidence of correct operation.
Art 14 (Human Oversight)HUMAN override events recorded for accountability. Stop button use logged.
Art 15 (Robustness)Adversarial test logs feed robustness assessment.
Art 17 (QMS)Quality KPIs computed from logs. CAPA items tracked through logs.
Art 72 (PMR)Post-market monitoring data sourced from monitoring logs.
Art 73 (Incidents)Serious incidents auto-flagged from security logs. 72h reporting timer starts on log entry.
Annex IV §2(f)Logging documentation is item 6 of the Annex IV technical documentation.

⚠️ Honesty Register — Logging Limitations

What IS working: The SIGIL chain is a genuine, live, hash-chained logging system. Events are recorded automatically with Ed25519 signatures. Hash chain integrity is verifiable. Retention policies are enforced.

What IS NOT certified: The logging system has not been assessed against any specific recognised logging standard (e.g., RFC 5424 Syslog, ISO 27037). Art 12(2) "conformity to recognised standards" requires such assessment. The SIGIL format, while well-documented and open, is proprietary to CSOAI Ltd. There is currently a single SIGIL chain instance (no distributed replication), meaning a single point of failure exists for log availability (though not for integrity).

What's planned: (1) SIGIL chain distributed replication across sovereign VMs, (2) RFC 5424 Syslog bridge for standard compliance, (3) ISO 27037 alignment assessment.

🛡️ Ready to put DEFONEOS to work?

7 personas · 5 tiers · 30-second signup · free 30-day sandbox for regulators and end-users.

Sign up · Ed25519-signed receipt → For Defence Primes For Regulators (Free) Series A — £45-90M Round
ED25519 SIGIL receipts · UK-sovereign · AUKUS-compatible · T-27 days to EU AI Act