Title: Article 12 of the EU AI Act — practical interpretation notes after running it in production for 14 months

Body:

For anyone tracking AI Act implementation: Article 12 (record-keeping for high-risk AI systems) becomes applicable on 2 August 2026.

The text is short but the implementation reading does a lot of work. After 14 months operating an Article 12 logging stack in our own production system, a few practical interpretation notes:

Retention is a sliding scale, not a fixed term. The Regulation's "lifetime of the system" plus sectoral overlays (MDR Art. 10 for medical, NIS2 for critical infrastructure, sector law for finance) gives you 5 years as a baseline and 10+ years for many high-risk systems.

Conformity Assessment and ongoing logging are separate. We have seen practitioners conflate them. The CA proves the system met requirements at design time. Article 12 proves it kept doing so in operation. Both required for most Annex III categories.

Operator interventions are logged events under Article 12, not just inference. Human overrides, manual approvals, training-data injections — all in scope.

"Automatic recording" implies tamper-evidence in practice. Hash chain plus signing is what national supervisory authorities seem to expect, even though the literal text does not require it.

Multi-tenancy is GDPR Art. 32 and AI Act Article 12 simultaneously. Per-tenant logging isolation is not just security hygiene — under the AI Act each tenant's high-risk system is a separate compliance object.

I wrote up the full interpretive framework with EU AI Office references, EASA cross-mapping for aviation deployments, and 50+ JSON event-schema examples into a bilingual practitioner toolkit. Launch price 29 euros: https://yoendem.gumroad.com/l/eu-ai-act-article-12-toolkit

Happy to discuss specifics in the comments.