DARKMATTER
Try it free
Regulatory readiness

EU AI Act Article 12.
Automatic logging, without trusting your own logs.

High-risk AI system providers must produce automatic, traceable event records. DarkMatter is a proof engine for AI agents, the record is sealed at the moment of action and verifiable by anyone, including regulators, without your involvement.

Enforcement: August 2, 2026
What Article 12 requires

The text in plain language

Article 12 of the EU AI Act requires providers of high-risk AI systems to ensure their systems technically allow for the automatic recording of events over the lifetime of the system. The events recorded must be sufficient to:

  • Identify situations that may result in the AI system presenting a risk under Article 79(1), or in a substantial modification of the system.
  • Facilitate post-market monitoring as referenced in Article 72.
  • Monitor the operation of high-risk AI systems referred to in Article 26(5).

"Traceability" is the operative word. The European Commission's interpretive guidance treats it as a property of the record itself, not just a claim about how the record was made.

Not legal advice. This page describes how DarkMatter's technical properties align with Article 12's logging and traceability requirements. Compliance with the EU AI Act is determined by your legal counsel and notified body, not by us.

How DarkMatter maps to the requirements

What you get, requirement by requirement

Article 12 requires
Automatic recording of events sufficient to identify risk situations and substantial modifications.
DarkMatter provides
A single line of code at decision time emits a signed, hash-chained record. Every agent action, decision, override, and consent event is captured automatically as a Context Passport, including those that turn out to be the risk situation later.
Article 12 requires
Records sufficient to facilitate post-market monitoring under Article 72.
DarkMatter provides
A queryable, replayable chain of every decision the agent made, with parent linkage. Reconstruction of any incident is byte-exact, not approximate.
Article 12 requires
Traceability sufficient to monitor operation under Article 26(5).
DarkMatter provides
Records are anchored to a public Witness Log. Tampering at any point breaks the cryptographic chain and is detectable by anyone, including the regulator, without our involvement.
Article 12 implies
The record must be credible to the regulator, not just to you.
DarkMatter's structural property
Records are signed with keys you control, anchored outside our infrastructure, and verifiable by anyone with the open-source verifier. Even if DarkMatter were compromised, your records remain verifiable independently.
Why a self-hosted Postgres log will not satisfy Article 12

The traceability problem

A standard Postgres audit table records what your application says happened. The regulator's question is whether that record can be trusted. If the record lives inside the system being audited, the answer is no, that's a self-report, not an audit trail.

Article 12 does not say "log events." It says "automatic recording of events" with traceability. The European Commission and notified bodies are interpreting "traceability" as a structural property: tamper-evidence, independence, and external verifiability. A row in your own database does not satisfy any of those.

DarkMatter's records are signed at the moment of action with keys you control. The chain is anchored to a public Witness Log every ten minutes. The verifier is open source. A regulator can take a single Context Passport, run the verifier offline, and confirm independently that the record has not been altered since the moment it was created. That is what "traceability" actually means.

80 days to August 2.
Set up takes 15 minutes.

One line of code at decision time, one open-source verifier, one Witness Log entry that survives even if we don't. Start free, no card required.

Start for free →