AI + Records

Guide to Record-Keeping Under the EU AI Act 2023

Essentials

One of the EU AI Acts' key pillars is mandatory record-keeping to ensure transparency, accountability, and traceability throughout the AI lifecycle:

Technical documentation detailing system design, training data, and performance
Quality management procedures covering risk controls and testing protocols
System logs capturing inputs, outputs, and decision-making processes
User consent records, where applicable

And for how long?

Most documentation: 10 years after market release
System logs: minimum 6 months, extendable under other EU laws

What Records Must Be Kept?

Under Articles 12, 18, and 19 of the Act, providers and deployers of high-risk AI systems must maintain the following types of documentation:

Even if a business shuts down, Member States must ensure these records remain accessible to regulators.

Need some help? Ask our experts for free, no-obligation advice.

Book A Free Consultation

How Should Records Be Kept?

The EU AI Act does not use the term “immutability” explicitly in its core articles, but it strongly implies the need for tamper-proof, traceable, and auditable records.

Next Up: How Should Records Be Kept?

Page updated

Report abuse