The EU AI Act: Where Provenance Once Urged, is Now Decreed.
Three articles, one deadline, and an infrastructure gap most enterprises haven't closed.
On 2 August 2026, the high-risk obligations of the EU AI Act enter into force. For organizations deploying AI in regulated contexts, be it credit, employment, healthcare, education, critical infrastructure, law enforcement, and the rest of Annex III, this is not a future planning horizon. It is the operational deadline against which compliance will be measured. The penalty structure is severe: up to €15 million or 3% of global annual turnover for failures of the high-risk obligations, with the most serious violations reaching 7% of turnover.
Most enterprises understand the regulation in broad strokes. The harder question is what specific obligations it imposes, where the technical work has to land, and which capabilities most organizations are missing. Three articles do most of the work that defines what compliant AI deployment actually looks like: Article 12 on record-keeping, Article 14 on human oversight, and Article 50 on transparency obligations for generated content. Each demands a property of the underlying system that conventional logging, monitoring, and consent flows do not deliver.
Article 12: Record-Keeping; the obligation that hits operations hardest
Article 12 requires that high-risk AI systems "technically allow for the automatic recording of events (logs) over the lifetime of the system." Two phrases in that sentence carry most of the weight. Automatic means the system has to generate the logs itself; manual documentation does not satisfy the obligation. Lifetime means from deployment through decommissioning, not just for the current release.
The article specifies what the logs need to enable: identification of situations where the system might present a risk or undergo substantial modification, support for post-market monitoring, and operational monitoring by deployers. It does not specify the format, the storage, the retention period, or the integrity guarantees. That is left to interpretation, and the interpretation that matters is the one a market surveillance authority arrives at when it asks for evidence.
This is where the gap between technical compliance and legal defensibility becomes operational. A standard application log, written by the same system that produced the AI output, stored in a database that engineering can modify, does technically constitute a "log." It also has effectively zero evidentiary value. If an auditor cannot prove the log was not altered between the event and the inquiry, the log does not function as proof. Article 12 does not use the word tamper-proof, but the obligation to provide logs that authorities can rely on creates a de facto requirement for tamper-evident records.
Closing this gap requires that the record of every AI event be captured at the moment of the event, signed by an identity the operating system cannot forge, and anchored in storage that the operator cannot retroactively modify. This is what cryptographic provenance — receipts written to an external, immutable substrate at the time of the event — actually delivers. It is also what conventional observability stacks were never designed to provide.
For organizations approaching the August deadline, the practical question is not do we log AI usage. The practical question is can we produce, on demand, a record of any AI-driven event that a regulator will accept as evidence. The answer for most organizations today is no.
Article 14: Human Oversight; the obligation that requires a verifiable record
Article 14 requires that high-risk AI systems be designed for effective human oversight by natural persons during the period the system is in use. Specifically, it requires that the human assigned oversight be able to understand the system's capabilities and limitations, monitor its operation, intervene or override outputs, and decide not to use the output in any particular case.
Read in isolation, this looks like a UX requirement — design the interface so a human can review and override. In practice, Article 14 cannot be satisfied without the record-keeping that Article 12 requires, and it raises the bar on what that record must contain.
Effective oversight requires that the human reviewer can see what the AI actually did and why. That means the prompt or input that drove the model. The model version that produced the output. The output itself. The context in which it was produced. The identity of any agent or user that initiated the action. Without these, "oversight" reduces to reviewing a recommendation in isolation, with no visibility into how it was generated. The reviewer is asked to take responsibility for an output they cannot meaningfully evaluate.
The connection between Articles 12 and 14 is therefore tighter than it appears. Article 12 mandates the record. Article 14 mandates that the record be sufficient for a human to act on. Together, they require that high-risk AI systems produce, retain, and surface a complete chain of evidence from input to output to decision — and that this chain be available not only to regulators after the fact, but to the human reviewer in real time.
For agentic systems, this becomes particularly demanding. An agent that makes multiple tool calls, queries multiple data sources, and takes multiple actions before returning an output cannot be meaningfully overseen by a human reviewing only the final output. Article 14 implicitly requires that the entire trace of the agent's reasoning and actions be reconstructable and reviewable. This is not a property that bolted-on observability provides. It has to be a property of the runtime.
Article 50: Transparency for Generated Content; the obligation that extends beyond high-risk
Article 50 addresses a different surface area. It applies broadly, not only to high-risk systems, and it covers transparency obligations for AI-generated content. Providers of generative AI systems must ensure that AI-generated outputs are marked in a machine-readable format and detectable as artificially generated. Deployers of systems that generate or manipulate text, audio, image, or video that resembles real people, objects, places, or events ("deep fakes") must disclose that the content has been artificially generated.
Article 50 takes effect alongside the high-risk obligations on 2 August 2026.
The technical requirement here is sometimes summarized as "watermarking," but that framing understates the scope. The article requires that the marking be machine-readable and that it survive in a way that allows downstream detection. For the dominant output of most enterprise AI usage — text content — robust watermarking remains an open technical challenge, and provider-side watermarks are routinely lost when content is paraphrased, translated, or excerpted.
The more durable approach is to bind every AI-generated output to a cryptographic record at the point of generation, and to surface that binding through the workflow that uses the output. This is provenance applied to content rather than to events. A document, a code change, an image, or a decision artifact carries with it a verifiable record of the AI involvement that produced it. The record persists even when the content is edited downstream, because the original generation event remains anchored in tamper-evident storage.
For organizations producing AI-assisted content at any scale — be it marketing teams, legal teams, communications teams, engineering teams — Article 50 is the obligation that pulls provenance out of the high-risk silo and makes it a horizontal requirement across the enterprise.
Where Weilliptic fits
The architecture the EU AI Act implicitly requires: automatic, complete, tamper-evident, independently verifiable records bound to the human or agent that initiated the action — and surfaced in time for human oversight, agnostic across content lifecycles. This is precisely what WeilChain was built to deliver.
WeilChain anchors AI events as cryptographically signed receipts, written at the moment of the event, bound to an identity through a seamless interface, and stored on a tamper-evident substrate that operators cannot retroactively modify. The records are complete: the prompt, the model, the output, the identity, the context. They are independently verifiable: a third party (a regulator, an auditor, a court) can validate the receipt without trusting the system that produced it. They are portable: the record outlives the application, the model version, and the vendor.
For Article 12, this delivers logs that satisfy the evidentiary bar that conventional logging does not. For Article 14, it delivers the chain of evidence that makes human oversight meaningful for agentic systems. For Article 50, it provides a binding between generated content and its originating event that does not depend on watermark survival.
Critically, this is delivered without requiring organizations to replace their existing AI infrastructure. WeilChain integrates with the agents, models, and workflows already in production through SDKs, hooks, and a browser-side wallet that captures interactions with frontier models like Claude and ChatGPT. The compliance surface is added without disrupting the engineering surface.
What enterprises should be doing before August
The risk pattern that will produce enforcement actions in 2026 is not organizations that tried in good faith and got the details wrong. It is organizations that did not start in time. With approximately three months until the high-risk obligations take effect, the work that has to be in place is no longer a planning exercise. It is a deployment.
The minimum credible position by August requires three things: an inventory of AI systems with their risk classification documented, a record-keeping architecture that produces logs which satisfy the evidentiary bar Article 12 implies, and a governance model in which a human reviewer for any high-risk decision can see the complete chain of evidence the AI produced. Most organizations have at most one of these in place today.
The EU AI Act is not a document to be interpreted. It is a deadline against which infrastructure has to be operational. The organizations that recognize the timeline and put the right substrate in place before August will be in a position to deploy AI in the workflows where the value actually sits.
Provenance is not a compliance afterthought. It is the primitive that makes compliant AI possible. The Act assumes it. The deadline requires it. The infrastructure to deliver it exists.
Run the audit before the auditor does. Start with Weilliptic.
Pick one high-risk AI system in production. We'll walk through it with your team and tell you — honestly — what would hold up and what wouldn't. If WeilChain is the right answer, we'll show you. If it isn't, you'll still leave with a defensible gap analysis.