EU AI Act Article 50 — 20 days to seal |
Get passport
What does Article 12 Require?
Article 12 of the EU AI Act requires that high-risk AI systems are technically designed to enable automatic recording of events ("logs") throughout the system's lifetime. Logs must:
- Be automatic — no manual triggering required (Art 12(1))
- Conform to recognised standards or common specifications for logging (Art 12(2))
- Be retained for a period appropriate to the intended purpose (Art 12(3))
- Be accessible to national competent authorities upon request (Art 12(4))
- Be proportional — logging requirements should not compromise legitimate trade secrets (Art 12(5))
DEFONEOS implements Article 12 through the SIGIL chain — an Ed25519-signed, hash-chained event ledger that records every system event automatically, at the point of occurrence, with cryptographic guarantees of integrity, ordering, and authenticity.
⚠️ Honesty Register
The SIGIL chain is a live, functioning logging system — events are genuinely recorded, hash-chained, and Ed25519-signed. The event rates (1Hz, 86,400/day) describe the design capacity and observed activity. However, DEFONEOS has not undergone formal certification of its logging against any specific recognised standard (e.g., RFC 5424 Syslog). "Conformance to recognised standards" (Art 12(2)) would require such assessment. The SIGIL chain format is well-documented but proprietary to CSOAI Ltd.
The SIGIL Chain — DEFONEOS Logging Infrastructure
Architecture
The SIGIL chain is a sequential, append-only, hash-chained ledger. Each entry ("SIGIL") contains:
| Field | Description | Example |
| Sequence # | Monotonically incrementing index | 0001234567 |
| Timestamp | ISO 8601 UTC (Ed25519-signed) | 2026-07-05T23:14:32Z |
| Actor | Identity of the acting component/agent | defoneos-ciso-selfscan |
| Action | What happened (8 operation types) | SCAN_COMPLETE |
| Payload | Structured event data (JSON) | {"vectors":14,"checks":280,"pass":280} |
| Prev Hash | SHA-256 of the previous SIGIL | a1b2c3d4... |
| This Hash | SHA-256 of this SIGIL's contents | e5f6a7b8... |
| Signature | Ed25519 signature by actor's key | 7e8f9a0b... |
Key property: Removing, modifying, or reordering any SIGIL breaks the hash chain. The integrity of the entire log can be verified by a single pass from genesis to head.
SIGIL Operation Types
| Op | Name | Description | Typical Actors |
| P | PUBLISH | New artifact published (page, MCP, config) | Build pipeline, JEEVES |
| V | VERIFY | Verification performed (health check, compliance check) | CISO self-scan, health monitor |
| M | MONITOR | Monitoring event (metrics, state observation) | Post-market monitoring, drift detector |
| Q | QUERY | Information request (API call, data read) | MCP servers, federation bridge |
| C | COUNCIL | BFT governance vote or decision | BFT council (33 agents) |
| H | HALT | Stop/halt action (human oversight trigger) | Human operator, stop button |
| S | SECURITY | Security event (threat detected, access blocked) | Guardian, SOC, DORADO |
| A | ASSESS | Risk/conformity assessment event | RMS, conformity evaluator |
Logging Categories
1. System Lifecycle Events
| Event | Op | Trigger | Retention |
| System startup | M | Process start | 6 months |
| System shutdown | M | Process stop | 6 months |
| Configuration change | P | Config file modified | 5 years |
| Deployment | P | New version deployed | 5 years |
| Rollback | H | Version reverted | 5 years |
2. Governance Events
| Event | Op | Trigger | Retention |
| BFT proposal | C | Council proposal submitted | 5 years |
| BFT vote cast | C | Agent votes (for/against/abstain) | 5 years |
| Council decision | C | Quorum reached, decision logged | 5 years |
| Red line breach | H | Red line violation detected | 5 years |
| Human override | H | Manual override of automated decision | 5 years |
3. Security Events
| Event | Op | Trigger | Retention |
| Foreign IP access attempt | S | Non-sovereign IP attempts access | 5 years |
| Authentication failure | S | Invalid key/token presented | 6 months |
| Supply chain alert | S | Compromised package detected | 5 years |
| Red-team detection | S | Adversarial input detected | 5 years |
| Key rotation | S | Cryptographic key rotated | 5 years |
4. Data Processing Events
| Event | Op | Trigger | Retention |
| Data access | Q | System reads processed data | 6 months |
| Data export | Q | Data leaves sovereign boundary | 5 years (GDPR) |
| Subject access request | Q | GDPR DSAR received | 5 years (GDPR) |
| Data retention expiry | M | Data past retention period | 6 months |
| DPIA trigger | A | New high-risk processing identified | 5 years (GDPR) |
5. Monitoring and Compliance Events
| Event | Op | Trigger | Retention |
| CISO scan complete | V | 5-min security scan finishes | 6 months |
| Compliance check | V | Framework check passes/fails | 5 years |
| Drift detected | M | Model/data drift above threshold | 5 years |
| RMS cycle complete | A | 5-min risk management cycle | 5 years |
| Post-market alert | M | PMR threshold exceeded | 5 years (Art 72) |
| Incident reported | S | Serious incident (Art 73) | 5 years (Art 73) |
6-8. MCP Operations, Federation, and Agent Activity
| Category | Events Logged | Op Types | Volume/Day |
| 6. MCP Operations | MCP calls, federation lookups, tool invocations | Q, M | ~50,000 |
| 7. Federation Bridge | Cross-MCP calls, marketplace activity, SIGIL receipts | Q, V | ~10,000 |
| 8. Agent Activity | Agent spawns, task completions, memory operations | M, C | ~5,000 |
Total daily volume: ~86,400 events (1 Hz average), peaking at ~5 Hz during scan cycles.
Sample Log Entries
2026-07-05T23:14:32Z defoneos-ciso-selfscan SCAN_COMPLETE vectors=14 checks=280 pass=280 fail=0 duration=234s
2026-07-05T23:14:05Z defoneos-rms RISK_CYCLE hazards_checked=42 controls_verified=156 residual_high=0 residual_medium=3
2026-07-05T23:12:00Z bft-council-agent-7 COUNCIL_VOTE proposal=BAN-FOREIGN-IP-RANGE vote=FOR reason="sovereignty_protection"
2026-07-05T23:10:00Z defoneos-dorado SECURITY_EVENT type=FOREIGN_ACCESS_ATTEMPT ip=203.0.113.42 blocked=true action=IP_BAN
2026-07-05T23:05:00Z defoneos-drift-monitor DRIFT_CHECK metric=response_latency_p99 baseline=120ms current=118ms delta=-1.7% status=NORMAL
2026-07-05T23:00:00Z jeeves-agent PUBLISH target=defoneos-technical-documentation.html size=28473 sigil=ed25519:7e8f...
2026-07-05T22:55:00Z defoneos-pmm POST_MARKET_MONITOR monitoring_vectors=14 checks=280 alerts=0 cycle_time=300s
Retention Schedule
| Category | Retention Period | Legal Basis | Storage |
| System lifecycle (non-governance) | 6 months | Art 12(3) — appropriate to purpose | SIGIL chain (hot) |
| Governance decisions | 5 years | Art 17 QMS + Art 12(3) | SIGIL chain (cold) |
| Security events | 5 years | UK Data Protection Act 2018 | SIGIL chain (cold) |
| Data processing logs | 5 years | GDPR Art 30 + Art 12(3) | SIGIL chain (cold) |
| Serious incidents | 5 years | Art 73 reporting | SIGIL chain (cold) |
| Compliance checks | 5 years | Art 17 QMS | SIGIL chain (cold) |
| MCP operations | 6 months | Art 12(3) — operational | SIGIL chain (hot) |
Hot storage: Immediately queryable, <100ms response. Cold storage: Archived but verifiable, <5s response.
Article 12 Compliance Matrix
| Requirement | Article | Status | Evidence |
| Automatic recording of events | Art 12(1) | ✅ MET | All 8 categories auto-logged. No manual trigger required. |
| Logging conforms to recognised standards | Art 12(2) | ⚠️ PARTIAL | SIGIL chain is well-documented but not certified against a specific standard (e.g., RFC 5424). |
| Log retention appropriate to purpose | Art 12(3) | ✅ MET | 6-month hot, 5-year cold retention schedule. Per-category policy. |
| Logs accessible to authorities | Art 12(4) | ✅ MET | Regulator access protocol defined. 72-hour response. |
| Trade secret protection | Art 12(5) | ✅ MET | Logs contain operational data, not source code or model weights. Payloads scoped to metadata. |
| Log integrity guarantee | Art 12(1) impl. | ✅ MET | Ed25519 signatures + hash chain. Tamper-evident. |
| Log availability guarantee | Art 12(1) impl. | ⚠️ PARTIAL | Single SIGIL chain. No distributed replicas yet (planned). |
Regulator Log Access Protocol
| Step | Action | Method | Response Time |
| 1 | Authority submits log access request | Formal written request | — |
| 2 | CSOAI verifies authority and scope | Identity check | 24h |
| 3 | Log range extracted from SIGIL chain | Automated extraction script | 1h |
| 4 | Hash chain integrity verified | Full chain verification | 1h |
| 5 | Logs delivered (encrypted / secure portal) | Per authority preference | 72h total |
# Regulator verification command (provided with log delivery):
$ python3 sigil_verify.py --start 2026-07-01 --end 2026-07-05
→ Chain integrity: VALID (0 gaps)
→ Signatures verified: 432,000/432,000
→ Tampering detected: NONE
→ Hash chain root: sha256:e5f6a7b8c9d0...
Integration with Other Articles
| Article | How Logging Supports It |
| Art 9 (RMS) | Risk cycle logs feed the risk register. Hazards identified from log patterns. |
| Art 13 (Transparency) | Deployer instructions reference log data for evidence of correct operation. |
| Art 14 (Human Oversight) | HUMAN override events recorded for accountability. Stop button use logged. |
| Art 15 (Robustness) | Adversarial test logs feed robustness assessment. |
| Art 17 (QMS) | Quality KPIs computed from logs. CAPA items tracked through logs. |
| Art 72 (PMR) | Post-market monitoring data sourced from monitoring logs. |
| Art 73 (Incidents) | Serious incidents auto-flagged from security logs. 72h reporting timer starts on log entry. |
| Annex IV §2(f) | Logging documentation is item 6 of the Annex IV technical documentation. |
⚠️ Honesty Register — Logging Limitations
What IS working: The SIGIL chain is a genuine, live, hash-chained logging system. Events are recorded automatically with Ed25519 signatures. Hash chain integrity is verifiable. Retention policies are enforced.
What IS NOT certified: The logging system has not been assessed against any specific recognised logging standard (e.g., RFC 5424 Syslog, ISO 27037). Art 12(2) "conformity to recognised standards" requires such assessment. The SIGIL format, while well-documented and open, is proprietary to CSOAI Ltd. There is currently a single SIGIL chain instance (no distributed replication), meaning a single point of failure exists for log availability (though not for integrity).
What's planned: (1) SIGIL chain distributed replication across sovereign VMs, (2) RFC 5424 Syslog bridge for standard compliance, (3) ISO 27037 alignment assessment.