Agentic AI & the Service Firm

The audit trail is the product: EU AI Act logging before August 2026

Article 12 of the EU AI Act contains fourteen words that will reorganise how professional firms run AI: high-risk systems "shall technically allow for the automatic recording of events (logs)" over their lifetime. Automatic. Not a file note written afterwards. Not a screenshot when something looks odd. System-generated records, kept — under Articles 19 and 26 — for at least six months, and available when someone with authority asks what the machine actually did.

Most firms reading this are not yet running "high-risk" systems as the Act defines them — and the 2026 Digital Omnibus deferred the stand-alone high-risk obligations to December 2027. So why act now? Three reasons that have nothing to do with Brussels' timetable.

Reason one: you already need the answer

The question "can we reconstruct what the agent did?" arrives before any regulator does. It arrives when a client challenges a number in a report the agent drafted. When an insurer asks, at renewal, how AI-assisted work is supervised. When a departing employee claims the agent, not they, sent the file. In each case the firm's position is exactly as strong as its logs — and the uncomfortable discovery, in most firms, is that the chat tool's history shows the conversation but not the actions: which sources the agent fetched, which systems it touched, what a human corrected before the output left the building.

An agent is not a chat window. It plans, retrieves, calls tools, iterates. A defensible trail therefore has five elements, and they map directly onto what Article 12 anticipates: the instruction (who asked for what, when); the sources (what the agent retrieved or was given); the actions (each tool call and system touched); the interventions (who reviewed, sampled, corrected, overrode); and the adoption (the named human who signed the result out). Anthropic's engineering documentation makes a point worth repeating here: in a well-built agent system, permissions are enforced by the surrounding harness, not by the model's good intentions — and the same architecture that enforces is the architecture that logs.

Reason two: there is no finished standard to wait for

Firms accustomed to buying compliance as a product will look for the harmonised technical standard for AI logging. It does not exist yet: the European standardisation work and the relevant ISO drafts are still in progress. That is not a reason to wait; it is the reason the firms that design sensible logs now — from first principles, around the five elements above — will find the eventual standard descriptive of what they already do. ISO/IEC 42001, the certifiable AI management-system standard published in December 2023, already gives the wrapper: documented processes, assigned responsibility, continual review. The log is what makes those processes inspectable.

Reason three: every serious regime is converging on the same artefact

This is not a European peculiarity. NIST's Generative AI Profile — the US reference vocabulary for these risks — names confabulation and human-AI configuration among its core risk areas and prescribes documentation and traceability as the response. Singapore, which has no AI statute at all, published a Model AI Governance Framework for Agentic AI in January 2026; its territory is the same: who authorised the agent, within what bounds, with what record. When the voluntary regime in Singapore, the risk framework in Washington and the binding regulation in Brussels all converge on "show me the trail", the trail has stopped being a compliance artefact. It is becoming the professional work-product itself — the thing that distinguishes advice a firm stands behind from text a machine emitted.

The more-for-less trap, and its exit

Here is the commercial version of the argument. Agents let a firm deliver more work for less cost — the pressure Richard Susskind named "more-for-less" long before the technology existed to satisfy it. But a firm that captures the efficiency while quietly losing the evidentiary chain has traded margin for uninsurable risk. The exit from the trap is unglamorous: logging switched on and retained; a monthly sample of agent-assisted matters reviewed the way audit files get cold-reviewed; one page of management information to the board — how many agent-assisted matters, how many sampled, what was found. That regime costs hours. Its absence, discovered after an incident, costs the defence.

Before August 2026

The Act's transparency obligations apply from 2 August 2026 — days from now, as this is published. The logging duties bind later and, for most readers, indirectly. Act on the earlier date anyway: switch on and retain what your platforms can already log; close the gap between conversation history and action history with your vendors — in writing; and put the five-element record into your file-note discipline for anything an agent touches that a client will rely on.

Firms did not adopt time-recording because they loved it. They adopted it because it made their work defensible and billable at once. Agent logging is the same instrument, one technology later.

Sources

  1. EU AI Act, Article 12 (Record-keeping), Article 14 (Human oversight), Arts. 19 & 26 (log retention ≥ 6 months) — Regulation (EU) 2024/1689, EUR-Lex; high-risk dates as amended by the 2026 Digital Omnibus.
  2. ISO/IEC, ISO/IEC 42001:2023 — AI management systems.
  3. NIST, Generative AI Profile (NIST-AI-600-1) — Jul 2024.
  4. IMDA (Singapore), Model AI Governance Framework for Agentic AI — Jan 2026, updated May 2026.
  5. Anthropic, Beyond permission prompts: making Claude Code more secure and autonomous — Oct 2025 (harness-enforced permissions).

Could your firm reconstruct last month's agent activity? The ASIMOV Audit scores exactly this evidence chain across six governance domains.

Book an AI Risk Diagnostic