Regulation (EU) 2024/1689 requires high-risk AI systems to be traceable. It states the obligation — not the technical form of a valid proof. The Causal Seal supplies that form.
Article 12 — Record-keeping. High-risk AI systems must technically allow the automatic recording of events (logs) over the system's lifetime, to a degree ensuring a level of traceability of the system's functioning appropriate to its purpose — enabling the identification of situations that may present a risk, and supporting post-market monitoring.
Article 19 — Automatically generated logs. Providers must keep the logs generated under Article 12 that are under their control, for an appropriate period.
The Act deliberately does not prescribe a data format. That silence is the gap this standard fills: an open, verifiable, model-agnostic record that any auditor can check.
| EU AI Act obligation | Causal Seal provision |
|---|---|
| Art. 12 — automatic recording of events over the lifetime | One seal is emitted per output, automatically at generation time — not on demand, not reconstructed afterwards. |
| Art. 12 — traceability of the system's functioning | The causal parameter classes record who answered (identity.*), with what model (engine.*), around what subject (field.*), how it was shaped (shaping.*), seeing what context (context.*), and when. |
| Integrity of the records | A SHA-256 fingerprint binds the causal state, the output, and the timestamp. Altering any single element invalidates the seal — detectable by anyone. |
| Art. 12 — identification of risk-relevant situations | The guard state (shaping.guard) and the subject regime (field.regime) are sealed per output: episodes where the system corrected its trajectory, or where the topic ruptured, are individually filterable. |
| Art. 12 — support for post-market monitoring | Seals are replayable and, when signed, authenticated across the whole deployment — enabling audit long after the fact. |
| Art. 19 — retention of generated logs | Seals are compact and self-verifying: their integrity survives storage, export, and migration, without a trusted database. |
Obligations for high-risk AI systems under the Act become enforceable on 2 August 2026. Organizations placing or operating such systems in the EU market need a concrete, auditable answer to the traceability requirement by then.
→ NIST AI RMF mapping · → US state regimes · Full specification §10