← All articles
Security & Governance IT Leaders Published · · By ObjectStack Team

EU AI Act Audit Readiness: Can Your AI Runtime Produce Evidence?

When an auditor asks for the full record of one AI decision, model quality is not enough. Your runtime must show authorization, evidence, oversight, and audit history.

EU AI Act Audit Readiness: Can Your AI Runtime Produce Evidence?
  • EU AI Act
  • CADA
  • Compliance
  • Data Sovereignty
  • Self-hosted
  • AI Governance

The short version: An audit is not only about your model. It is about whether your runtime can show who authorized each AI action, what it changed, which evidence it used, and where the record lives. Auditability cannot be bolted on later; it has to be recorded as the action happens.

Picture a conference room.

An insurer doing business in Europe brings in an external auditor for an AI Act compliance dry run. The auditor sits down, opens a laptop, skips the small talk, and asks the first question:

“Pull up for me the full record of last month’s claim that the AI automatically flagged as ‘high fraud risk’ and was therefore denied — who triggered it, what data the AI relied on, which rule it used, who reviewed it, and what appeals process the customer went through.”

The room goes silent.

Not because the denial was necessarily wrong, but because for the part of that decision the AI participated in, there is no single complete, continuous, non-repudiable place in the system to pull it from. The claims data is in one system, the AI scoring service in another, and the review records in a third. None of it is on the same ledger as the human actions. To stitch together the line the auditor wants, three teams would have to dig through three days of logs, with no guarantee they could assemble it at all.

This company was not fined at the time; it was only a dry run. But the AI Act’s penalty framework is calculated as a percentage of global revenue, an order of magnitude large enough to make any company take it seriously. The problem the dry run exposed is exactly the kind of problem a real audit will ask about again.

This silent conference room is the scene many enterprises need to prepare for as AI Act obligations phase in.

The Countdown Is Real, but It Is Phased

The EU AI Act is not a single deadline. It entered into force in 2024, then began applying in stages. Some obligations already apply; transparency and governance obligations continue phasing in around August 2026; and high-risk system obligations follow their own implementation timetable. In June 2026, the EU also proposed the Cloud and AI Development Act (CADA), adding more attention to cloud and AI sovereignty. For enterprises doing business in Europe or serving European customers, the important point is not one date on a calendar. It is that audit-readiness has to exist before the auditor asks for one concrete AI decision.

The practical question is simple: could your team pass an independent AI governance audit within 90 days? It is not that enterprises do not want to comply. It is that, once they are actually in that conference room, many cannot produce the record.

The Audit Isn’t Examining the Model — It’s the Runtime

The first thing many teams do for compliance is evaluate the model: does it have certifications, will it output harmful content, and how is it tested? These matter, but they are not the audit’s main battlefield. What regulators actually want is whether you can, for every action where AI touches the business, clearly say three things:

What the auditor asksWhat it examinesThe cost of having no answer
Was this data processed lawfully?Where the data is, who can read it, whether it left the EUData-residency violation, CLOUD Act exposure
Who authorized the AI to do this action?Actions like denial or disbursement counted against whose permissionsAccountability can’t be assigned, actions uncontrollable
Was the AI’s step recorded?Whether you can produce a complete, non-repudiable chain of evidenceThe audit fails outright

Not one of these questions is primarily about the model. They are about the layer beyond the model: the runtime that carries the data, enforces permissions, and records the evidence.

What the AI Act Actually Requires of “High-Risk Systems”

This is not an abstract “be compliant.” The AI Act names several hard obligations for high-risk AI systems, including logging, human oversight, data governance, and traceability. These obligations are worth going through one by one because many land on the runtime, not the model:

The AI Act’s requirementWhich layer it lands onCan the model provide it
Automatic event logging (traceable)The runtime’s audit ledgerNo — the model leaves no record
Human oversight (intervene in and override critical decisions)The runtime’s approvals and processesNo — it must be enforced by process
Explainable decisions (what they relied on)The inputs and rules the runtime recordsPartly, but the non-repudiable record is in the runtime
Data governance (source, permissions, residency)The runtime’s permissions and deploymentNo

However strong the model is, it cannot check these boxes by itself. This is why teams can choose the model carefully and still fail compliance: they put effort on the wrong layer. What regulators want must be produced structurally by the runtime.

Can’t I Just Buy a Compliance Tool?

The natural reaction is: there are many “AI Act compliance platforms” out there, vendors advertise that they are compliant, and you can sign a DPA or get a certificate. Hasn’t this been outsourced?

This path solves part of it, but not the problem in that conference room.

Compliance tools and certifications help with documentation and endorsement: they tell the regulator “we have a process, documentation, and a data processing agreement.” But the auditor does not only want to know whether you have a process. They want to pull up the full record of this one decision. Documentation cannot prove the legality of one specific action, and a DPA cannot answer which permission the AI relied on to make this denial, or who reviewed it. This kind of evidence can only be recorded by the runtime that actually executes the action, at the moment the action happens. Buying tools can help you manage the policy layer, but not the action layer. When an audit follows the chain all the way down, it asks about one specific action.

Auditability Can’t Be Bolted On

This leads to a hard truth many people have not realized: compliance is not a document you rush out at the end. It is a property a system either has or does not have.

The chain of evidence the auditor wants must be recorded at the moment the action happens. If the runtime did not record it then, no amount of last-minute preparation can produce the true record of last month’s denial. All you can do is reconstruct it, and a reconstructed record is less trustworthy than evidence captured at execution time.

This is why “ship AI now, deal with compliance later” is a dangerous bet in 2026: you are betting the audit will not ask about actions that went unrecorded at the time. Once it does, every AI decision from that period becomes a gap you can only explain, not prove.

Before heading into the audit room, self-check with these five questions. Any one you cannot answer “yes” to is a risk point:

  1. Pick any business action the AI participated in: can you pull up its full record on the spot?
  2. Are permissions enforced by the runtime, or written into the prompt?
  3. Are human and agent actions recorded on the same audit ledger?
  4. Under whose jurisdiction do this data and processing fall?
  5. When something goes wrong, can you stop a given agent or class of action with one click?

Why “Writing the Rules Into the Prompt” Can’t Pass This

Plenty of teams actually did governance. They just did it in the wrong place: in the prompt. “You may only query data the current user has permission for”; “high-risk claims require human review.” Day to day, these instructions may look like they work. But they cannot pass an audit for two reasons.

First, a prompt is advice, not control. It takes effect only if the model follows it, and one jailbreak or uncovered edge case can bypass it. When the auditor asks, “How do you guarantee a certain class of claim always goes through human review?” “We wrote it in the prompt” is not a signable answer.

Second, a prompt produces no record. An audit wants structured, non-repudiable evidence, and a prompt can’t give that.

What compliance requires is moving governance from “advice in the prompt” to “enforcement in the execution engine”: permissions verified by the runtime on every read and write, with audit as a natural by-product of the action.

After CADA, “Where the Data Is” Becomes a Harder Question

CADA pushes another issue to the front: data sovereignty. At its core, it asks: under whose jurisdiction are your data and AI processing? That question points directly at deployment. Handing an AI runtime that reads real business data to an external SaaS whose internals you cannot inspect becomes harder to sign off on under sovereignty frameworks. Self-hosting can improve data residency, third-party exposure, and visibility at once. What needs self-hosting is not necessarily the model, but the runtime that carries the objects, permissions, tools, approvals, and audit evidence.

But be honest: self-hosting is not a get-out-of-jail card. It is a trade. When the runtime runs on your own infrastructure, patching, rotating keys, guaranteeing logs are not lost, and stopping a class of actions when something goes wrong all become your responsibility. What you get is control; the cost is operational accountability. Conversely, if you want someone else to carry that responsibility for you, it often means handing them the data too. Neither side of this ledger is free; it comes down to which cost you can bear and sign off on.

What a Signable Runtime Looks Like

Flip the requirements above and you get the acceptance checklist. The most direct test is not reading the product brochure; it is whether the runtime can produce, on the spot, the record the auditor wants. On ObjectOS, the denial from the opening pulls up as a record like this:

{
  "event": "claim.decision.update",
  "actor": { "type": "agent", "on_behalf_of": "user:risk.bot.supervised" },
  "object": "ins_claim/CLM-88231",
  "decision": { "from": "pending", "to": "rejected", "reason_code": "fraud_high" },
  "model_evidence": ["device_mismatch", "velocity_anomaly"],
  "permission_checked": "claims_adjuster → allowDecide: true",
  "human_review": { "rule": "fraud_high → human review required", "by": "user:wang.adjuster", "at": "2026-05-12T09:40:55Z" },
  "timestamp": "2026-05-12T09:31:02Z"
}

In this record, who did what, what the AI relied on, which permission was checked, who reviewed it, and when are all present. It is not engineering tacked on after the fact; it is a line the runtime writes automatically as the agent, acting under a supervised identity, calls a governed tool. Humans and agents go through the same permission engine and record to the same ledger. The business definitions, including objects, permissions, and review processes, are diffable, traceable metadata in your repository. When the auditor asks “which class of claim must go through human review,” the answer is not in someone’s head. It is written in the process definition.

Closing

Back to that conference room: if the auditor sat down right now and asked you for the full record of one AI decision from last month, could your system produce it at that moment without three teams digging through three days of logs?

If you cannot answer, it is almost never because the model is inadequate. It is because governance was put on the wrong layer: into the prompt, or outsourced to policy documents, instead of landing in the runtime. Move it back to the runtime, and the chain of evidence will be there before you need it. This cannot be bolted on; you can only make it true now.

npm i -g @objectstack/cli && os start

Have an agent change a record under a user’s identity, then open the audit record. The line the auditor wants should already be there.