EU AI Act, Articles 12 and 13
Article 12 of the EU AI Act requires high-risk AI systems to automatically record events ("logs") over their lifetime. Article 13 requires those systems to be designed for transparency and to enable users to interpret outputs appropriately. This page maps Verdifax's manifest hash to the specific obligations under both articles.
Maturity note. Several pipeline steps, hardware attestation, the zero-knowledge proof, and the formal verifier, currently emit scaffold values rather than real cryptographic measurements. Every audit bundle flags these with a
scaffoldfield; the open-source verifier surfaces them in its report. See /concepts/scaffold-gaps/ for the full disclosure list and what activates each. Rows in the crosswalk below that depend on scaffold layers are flagged inline.
What Article 13 actually says
The Article requires that high-risk AI systems be designed and developed so that:
- Their operation is sufficiently transparent to enable users to interpret outputs and use them appropriately.
- They are accompanied by instructions for use that include the system's intended purpose, capabilities, performance, and known limitations.
- Their lifecycle generates automatic logs sufficient for traceability, Article 12 specifies that those logs must enable the monitoring of the system's operation and the post-market surveillance referred to in Article 72.
The post-market surveillance requirement is where the audit-trail integrity question lands. A regulator must be able to look at a recorded event and confirm it actually happened.
Where Verdifax fits
Verdifax does not write the instructions for use. It does not interpret model output. It does not claim to satisfy Article 13 in its entirety, that's a system-level obligation that includes documentation, performance reporting, and governance.
What Verdifax does provide is the integrity layer that turns whatever logs your system produces into something a regulator can independently verify. Specifically:
| Article 13 requirement | Verdifax contribution |
|---|---|
| Automatic event logs | Every model invocation is sealed by manifest hash |
| Tamper-evident records | The hash collapses 18 sealed fields under SHA-256; any modification invalidates it |
| Reproducibility for post-market review | Re-running the same inputs produces the same hash byte-for-byte |
| Independent verification | The hash can be checked by anyone with the inputs, without trusting the operator |
| Public-log anchoring | Every successful run is committed to the Sigstore Rekor public transparency log, third parties can independently confirm the run existed at a specific time |
| Hardware-anchored attestation | [scaffold today] Stage 5 (ZKSP) is designed to bind the run to a TPM2 / SEV-SNP measurement; currently emits a scaffold value (not bound to real hardware). Activates on confidential-compute deployment, see scaffold-gaps |
Sample audit response
When an EU AI Act regulator requests evidence that a specific decision was made by your AI system, your response can be:
- The original input (or its hash, if PII is at issue)
- The Verdifax manifest hash for that decision
- Optional: the generated PDF audit report from
/runs/{id}/report.pdf, which includes the regulatory mapping section
The regulator re-derives the hash from the inputs and confirms it matches what was recorded. No trust in the operator required.
What this does not cover
- Annex IV technical documentation, Verdifax does not generate this. Your governance team writes it.
- Conformity assessment, Verdifax is one component, not a full assessment.
- Risk management system (Article 9), separate obligation.
- Data governance (Article 10), Verdifax does not see training data.
- Human oversight (Article 14), Verdifax records what happened; it doesn't enforce who was reviewing.