In EAB, every determination is timestamped, every decision attributed, and every legal source version anchored at the moment of the decision. When the auditor arrives, the record is already there — not assembled from emails, spreadsheets, and memory.
Traceability in EAB is not a reporting layer added on top of compliance work. It is the structure of the compliance work itself.
“A compliance record that required coordination to produce is not a compliance record. It is a reconstruction — and reconstructions have gaps.”
The audit trail in EAB is not a log file. It is the accumulated output of every governance action across the compliance chain — registration, technical completion, screening, obligation management, evidence collection, and approval. Each stage produces a structured, immutable record. Each record is anchored to the actor who created it, the timestamp of creation, and the legal source version that was in force.
Legal version anchoring means that an auditor reviewing a screening result from 18 months ago can verify not just what was decided, but which version of Regulation (EU) 2024/1689 was in force at that moment — and whether the obligation derivation was correct under that version. This is not available in a system that applies the current version of the law to all historical decisions.
The bypass log is part of the trail. Every override, every exemption claim, every supervisor decision that deviated from the default governance path is recorded with identity, timestamp, and justification. The trail does not present a curated view of compliance — it presents the complete record, including the decisions that were harder to make.
These are not features layered on top of compliance. They are the properties of how EAB stores every governance action.
Approved records in EAB cannot be edited. Re-screening creates a new record. Obligation updates create a new version. The history only grows — it never shrinks, and previous states are always accessible.
Every record carries the identity of the role and user who created or approved it. There are no anonymous decisions. Supervisor approvals, operator registrations, and technical completions are all attributed at the individual level.
Every screening result carries the legal source version that was in force when the decision was made. An auditor can verify not just what was decided, but whether the decision was correct under the law as it stood at the time — not as it stands today.
Every governance action is timestamped in UTC. The timeline of compliance activity — registration, screening, obligation completion, evidence attachment — is reconstructable to the minute across the lifecycle of every AI system.
Overrides, exemption claims, and supervisor bypasses are logged permanently with justification. An auditor reviewing the bypass log sees the complete picture — including the decisions that were harder to make, and the reasons given for them.
PDF export reflects the state of the record at a chosen reference date — not the current state. An auditor can export the compliance record as it stood on the date of a specific decision, review, or legal change event.
When the auditor arrives, the record is already there. Every decision attributed. Every version anchored. Every gap explicitly stated.
EU-hosted · Anchored to CELEX 32024R1689
Tell us about your organization and what you’re looking to address. We’ll follow up with the relevant information.
