Source: OJ L, 2024/1689, 12.7.2024Current language: EN
- Artificial intelligence act
Basic legislative acts
- AI act regulation
Article 19 Automatically generated logs
Summary What does Article 19 of the AI act regulation say?
This article establishes the log retention obligations for providers of high-risk AI systems, building directly on Article 12, which requires those systems to be capable of automatically generating logs in the first place.
Here, the focus shifts to how long those logs must be kept.
The retention obligation only applies to logs that are actually under the provider's control, and a minimum retention period of six months is set, subject to any overriding Union or national law, including data protection rules.
A carve-out is also provided for providers that are financial institutions, who may fold their log retention into their existing documentation obligations under Union financial services law.
Important points:
- Retain the automatically generated logs of your high-risk AI systems for a minimum of six months, to the extent those logs are under your control.
- The six-month minimum can be overridden by applicable Union or national law, including Union data protection law.
- Providers that are financial institutions subject to Union financial services law can satisfy this obligation by maintaining the logs as part of their documentation under that law.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Providers of high-risk AI systems shall keep the logs referred to in Article 12(1), automatically generated by their high-risk AI systems, to the extent such logs are under their control. Without prejudice to applicable Union or national law, the logs shall be kept for a period appropriate to the intended purpose of the high-risk AI system, of at least six months, unless provided otherwise in the applicable Union or national law, in particular in Union law on the protection of personal data.
Providers that are financial institutions subject to requirements regarding their internal governance, arrangements or processes under Union financial services law shall maintain the logs automatically generated by their high-risk AI systems as part of the documentation kept under the relevant financial services law.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
instructions for use
Definition
testing in real-world conditions
Definition
provider
Definition
personal data
Definition
subject
Definition
deployer
Definition
intended purpose
Definition
AI system
Definition
general-purpose AI model