Article 73(6) explicitly prohibits altering the AI system in a way that could affect subsequent evaluation of the causes before informing the competent authorities. This requirement means that the evidence preservation procedure must be executed before any remediation action, unless the system is actively causing harm (in which case the break-glass procedure is activated simultaneously with evidence capture).

Upon incident detection, an automated snapshot script captures the currently deployed model version from the model registry, the current configuration from the config management system, the inference logs for the incident period from the logging infrastructure, the monitoring metrics for the incident period from the monitoring platform, and the current data pipeline state from the orchestration tool. These snapshots are written to immutable storage (S3 Object Lock, Azure Immutable Blob Storage) immediately.

The evidence preservation procedure is tested periodically as part of disaster recovery testing to confirm that it captures all required evidence and that the captured evidence is retrievable and intact. The procedure, the immutable storage configuration, and the test results are documented in Module 9.

Key outputs

• Automated evidence snapshot script triggered on incident detection
• Immutable storage for captured evidence
• Execution before any system modification (per Article 73(6))
• Module 9 AISDP evidence