EU AI Act Article 12 (record-keeping for high-risk AI systems) and Article 19 (record retention by providers) are operationalised for agentic AI by a 14-field audit-evidence template that captures every agent decision in a regulator-queryable form: deployment ID, agent identity, session ID, ISO timestamp, user prompt, retrieved context with provenance, model output, planned action, action class, approval reference, executed action, tool-call audit chain, output disclosure surface, and policy version. Logs retained for the regulatory minimum (typically 6 months for the EU AI Act baseline, 5 to 7 years for sector-specific overlays like HIPAA and SOX) in a queryable format that supports under-4-business-hour evidence assembly. An enterprise that captures the 14 fields, retains them for the maximum applicable period, and instruments the queryable export has substantially completed Article 12 compliance for the agent layer; the residual work is integrating the agent log stream with the broader audit substrate.

Article 12 audit-evidence template specification. 60-day review cadence given active regulator guidance development. Watches: (1) European AI Office guidance on Article 12 specifically (the Office's first detailed enforcement guidance is expected in Q3 2026 ahead of the August enforcement window), (2) Member-State-level retention period clarifications (Germany BfDI and France CNIL have already issued sector-specific guidance that extends the retention floor in some contexts), (3) ISO/IEC 42001 update that may formalise a parallel record-keeping standard, (4) vendor-platform native support for the 14-field structure (Microsoft, Anthropic, OpenAI, Google all have partial implementations as of April 2026).