Embedded Files
How — and Where — To "Keep" Data?
How — and Where — To "Keep" Data?
While the AI Act doesn’t mandate a specific storage, it does require that:
Automatically generated logs must be retained and made available for inspection.
Records must support traceability of decisions, inputs, outputs, and system behaviour.
Documentation must be preserved for up to 10 years, even if the provider ceases operations.
Providers must ensure that records are accessible to national authorities and cannot be altered retroactively in a way that compromises transparency or accountability.
And, again, for how long?
Most documentation: 10 years after market release
System logs: minimum 6 months, extendable under other EU laws
You could be looking at millions of new records every day, across multiple systems
All related, but hard to connect as one record
2. To be traceable, records need to be kept where they 'make sense', complete with historic reference data
It's easiest to maintain records in their original location
3. Supporting documentation (and code) will have countless revisions over a decade - likely in separate repositories
Different products used throughout development
4. All these records must not be changeable i.e. "immutable"
Most systems have protection that is not defensible
Page updated
Report abuse