AxioRankDocs

EU AI Act evidence pack

Offline-verifiable evidence supporting Article 12 (logging) and Article 14 (human oversight).

The EU AI Act technical evidence pack is a one-click zip, assembled live from your control plane, that an assessor can verify offline. It is organized around the two articles AxioRank's runtime directly evidences: Article 12 (record-keeping and automatic logging) and Article 14 (human oversight). The August 2, 2026 enforcement milestone makes runtime evidence of these obligations a near-term need.

This pack is evidence supporting a deployer's Article 12 and Article 14 obligations under Regulation (EU) 2024/1689. It is not a conformity assessment, not a CE marking, and not the Article 11 / Annex IV technical documentation. AxioRank is not a notified body. The bundled AIACT-MAPPING.md states exactly what is and is not covered; have your own counsel confirm sufficiency for your role and your system's classification.

What it contains

article-12-logging/

  • coverage-statement.json: every governed tool call is logged before its decision is returned, across the SDK, MCP, and inbound paths.
  • retention-attestation.json: your configured retention window, and the design where the signed checkpoint chain is preserved when personal data is purged, so the integrity proof of the log's history outlives the data itself.
  • integrity/: the latest signed tree head, the append-only checkpoint chain, and the public keys. These verify offline; see below.
  • decision-summary.json: allow / deny / hold counts over the period.

article-14-oversight/

  • approval-policies.json: the rules that hold an action for a human, including the two-person dual-control threshold and hold timeouts.
  • oversight-capabilities.json: the actions a supervisor has, including hold, deny, quarantine the agent, and revoke its keys.
  • sample-receipts/: real per-action receipts whose delegation chain records the human approval decision (who resolved the held call, the decision, and when), bound into a signed receipt. When a held action's checkpoint has not sealed yet, a SAMPLING-NOTES.md explains why fewer samples are present.

Generating it

A workspace admin on the Team plan or above can download the pack from the Integrity or Maturity page, next to the SOC 2 and ISO 27001 bundle, or directly:

GET /api/compliance/evidence-bundle?profile=eu-ai-act

Verifying it offline

No account, no live connection, and no special hardware are required. The bundled VERIFY.md walks through it; in short, pin the public keys and run the open-source verifier over a sample receipt:

npm install @axiorank/audit-verify
npx @axiorank/audit-verify article-14-oversight/sample-receipts/receipt-1.json \
  --jwks article-12-logging/integrity/jwks.json

A passing result confirms the logging and human-oversight evidence was not edited after export, and that the recorded human approval decision was signed. What sets this pack apart is its backing: the logging evidence is an append-only transparency log, and the human-oversight evidence carries the approver's signed decision, both verifiable by anyone with no trust in AxioRank.

Compliance evidence bundle

One zip of offline-verifiable evidence for SOC 2 and ISO 27001 audits.

Data residency

Where AxioRank stores your data, exactly which sub-processor holds what, and the controls EU and UK teams use to keep data under their governance.

On this page

What it containsGenerating itVerifying it offline