Article 12 requires automatic recording of events during the system’s operation. Any inference code path that can execute without emitting a log event is a compliance gap. The missing logging detection rule flags inference code paths that do not call the logging instrumentation.
The rule identifies function definitions or code blocks within the inference pipeline that lack calls to the tracing or logging framework (OpenTelemetry span creation, structured log emission, or equivalent). A flag does not necessarily mean the logging is absent; it may mean the logging is implemented at a different layer (for example, through framework-level instrumentation rather than application-level calls). The flag triggers a review to confirm that logging coverage is complete.
Combined with the comprehensive event coverage requirement described above, this rule ensures that logging gaps are detected during development rather than discovered during a regulatory inspection. The rule configuration and its findings are retained as Module 10 evidence, demonstrating that the organisation actively verifies logging completeness as part of its development process.
Key outputs
- Semgrep rule for missing logging detection in inference paths
- Integration with pre-commit hooks and CI pipeline
- Review process for flagged code paths
- Module 10 AISDP evidence