AIG-020 AI System Event Logging
Description
AI systems record event logs that enable post-incident analysis and audit. At minimum, logs capture: timestamps of each inference or decision event, model version in use, input data type or identifier (not necessarily the raw input), output or output category, confidence score where available, any human override or intervention events, and system errors or exceptions. Logs are retained for the period required by applicable regulations (at minimum 6 months for EU AI Act deployers; recommended 12 months for Tier 2+; 24 months for Tier 3). Logs are protected from tampering.
Rationale
AI event logs are the primary forensic artefact when AI-driven decisions are challenged or when incidents require root-cause analysis.
Framework Mappings (5)
| EU-AI-Art.12.1 | Logging and Record-Keeping — Automatic Event Logging Capability | full |
| EU-AI-Art.16.4 | Provider Obligations — Log Retention | full |
| EU-AI-Art.26.5 | Deployer Obligations — Log Retention | full |
| A.6.2.8 | AI system recording of event logs | full |
| MANAGE 4.3 | Incident and Error Communication | partial |
Evidence (1)
AI system event logs demonstrating that inference events, model versions, output categories, confidence scores, and human override events are captured and retained for the required period.
Example: Splunk log export for ai-underwriting-api (sample 100 events, 2026-04-01): each event containing request_id, timestamp, model_version, input_category, output_class, confidence_score, human_override_flag, and exception fields; log retention policy: 12 months
Test: Request a sample of AI event logs (minimum 50 events) and the log retention configuration. Verify: (1) each log event contains the required fields (timestamp, model version, input identifier, output or output category, confidence score where applicable, override flag), (2) log retention period meets regulatory minimum (6 months) and the organisation's stated requirement, (3) logs are stored in a tamper-evident or write-protected log store, (4) log access is restricted and access events are themselves logged.
Questions (2)
Do your AI systems record event logs capturing inference events, model versions, outputs, confidence scores, and human override events?
AI event logs are the primary forensic artefact when AI-driven decisions are challenged or incidents require root-cause analysis. Logs must be protected from tampering and retained for the period required by applicable regulations.
What is the log retention period applied to your AI system event logs?
EU AI Act deployers are required to retain logs for at least 6 months. The GASP framework recommends 12 months for Tier 2 systems and 24 months for Tier 3. Retention below 6 months is non-compliant for EU AI Act-regulated deployments.