langchain has an open github issue (35357) requesting structured compliance audit logging for eu ai act article 12. the issue is still open. frameworks don't ship this yet.
the compliance deadline is august 2, 2026 — less than 3 months away.
here's what article 12 requires:
- automatic recording over the lifetime of the system
- logs that capture inputs, outputs, and decisions
- retention for at least six months
- tamper-evident storage
most frameworks log to stdout, a database, or a file the agent can reach. that doesn't meet the standard. if the agent can modify the log, you can't prove compliance.
mnemopay's merkleaudit is built for this. every transaction the agent proposes gets written to an append-only hash chain. each entry includes the agent's request, fiscalgate's decision, the timestamp, and a hash of the previous entry. the agent never gets write access.
the chain is tamper-evident. if you edit an entry, the hash breaks. if you delete an entry, the chain breaks. if you try to insert an entry, the timestamps and hashes don't match.
when a regulator asks for proof, you export the chain and hand over a file that's cryptographically verifiable. they can check every hash and confirm nothing was edited.
langchain's issue proves the demand is real. mnemopay ships the solution today.
Top comments (0)