Every inference request and response is logged with sufficient detail for forensic analysis. The log record includes the consumer identity (API key or OAuth subject), the input (or a hash of the input for privacy-sensitive systems), the output, the model version, the inference latency, and any validation or filtering actions taken.

These logs serve dual purposes. For compliance, they satisfy Article 12’s automatic recording requirement and provide the raw data for the post-market monitoring system (Module 12). For security, they enable forensic analysis of suspected attacks: model extraction attempts leave distinctive patterns in the query logs; prompt injection attempts may be identifiable through anomalous input characteristics.

The logs are stored in immutable, append-only storage and retained for the ten-year period. Access to inference logs is restricted to authorised monitoring and audit personnel. Where inference logs are used for model retraining, the data governance controls described in apply to the retraining dataset derived from those logs.

Key outputs

• Comprehensive inference logging (consumer, input/hash, output, version, latency, actions)
• Immutable storage with ten-year retention
• Restricted access to authorised personnel
• Module 10 and Module 9 AISDP evidence