Ordinary logs are mutable. Both the EU AI Act and ISO/IEC 42001 require operators to keep records they can produce and rely on during audits, investigations, or oversight reviews — and a record that can be edited after the fact, without detection, loses its value as evidence exactly when it matters. Marturia addresses one specific part of that problem: the integrity of individual records. It issues a cryptographic receipt for each AI decision you choose to protect. Each receipt is signed with an Ed25519 key scoped to your tenant (RFC 8032), hash-chained to prior receipts with SHA-256, and periodically anchored by a witness service that cosigns a Merkle root of recent receipts. Verification runs locally once you hold the tenant public key — no account, no authentication.
This guide maps the record-keeping and log-integrity obligations of the two regimes to what a receipt actually provides, and it states the boundaries plainly: receipts secure the integrity of individual entries. They do not address the content, completeness, or regulatory classification of your records. This is not legal advice, and Marturia is not a complete compliance solution — see the scope section before relying on any of this.
EU AI Act record-keeping obligations¶
The Act places duties on providers and deployers of high-risk AI systems to maintain automatically generated logs that support traceability and monitoring. Three articles are most relevant to record integrity.
Article 12 — logging / record-keeping. High-risk systems must be designed to automatically record events over their lifecycle to support traceability. A Marturia receipt binds — by hash — the decision payload (input, model version, output) and a timestamp at the moment the decision is made. Because the receipt is hash-chained and signed, any later alteration of that record becomes detectable: the verifier recomputes the SHA-256 link to the previous receipt, checks the Ed25519 signature over the receipt contents, and confirms the periodic Merkle-root anchor. A mismatch at any step indicates tampering.
Article 14 — human oversight. Oversight measures presuppose the ability to review past decisions — and to trust that the records under review haven’t been rewritten. Marturia verification returns a pass/fail once the tenant public key is available. A failed verification tells an overseer that the record presented is not the record originally issued.
Article 19 — automatically generated logs. Providers must retain the logs their systems generate for an appropriate period. (Deployer-side log-keeping duties live separately, in Article 26.) Receipts secure the integrity of those retained entries, and because verification needs only the public key and the receipt, an authority can confirm integrity without access to Marturia infrastructure or your credentials.
ISO/IEC 42001 AI management-system controls¶
ISO/IEC 42001:2023 defines an AI management system (AIMS) whose Annex A contains control areas spanning logging and record-keeping, data governance, lifecycle management, transparency, and human oversight. The standard does not prescribe specific technical mechanisms — it requires that records be available and trustworthy for the purposes of the management system. (Control identifiers and exact text are in the official standard; confirm the mapping below against it.)
- The control area covering logging and record-keeping expects retained evidence of AI operation. Receipts satisfy the integrity dimension by making post-hoc alteration evident through the hash chain and signatures.
- The control area covering lifecycle management expects traceable records across development, deployment, and monitoring. Each receipt is bound to a specific model version and decision context, so an auditor can reconstruct the sequence without trusting the mutable storage layer.
- The control area covering human oversight expects that oversight activities rest on reliable records. Receipts add the verification step that lets reviewers confirm nothing changed since issuance.
- The control area covering transparency expects that information about decisions can be produced on request. Local verification meets the narrow requirement that the information produced can be shown to be unaltered.
Operators still map these areas to their own documented processes and confirm alignment with the official text of the standard.
Crosswalk¶
| Requirement area | What the rule expects | What a Marturia receipt provides | What you still own |
|---|---|---|---|
| Log integrity (EU AI Act Art. 12) | Automatic records that support traceability and monitoring | Signed, hash-chained record of each decision; alteration detectable via recomputed links + signatures | Choosing which decisions to receipt; retaining the underlying data and full log context |
| Human oversight (EU AI Act Art. 14) | Ability to review past decisions with confidence | Local pass/fail verification of record integrity | Training reviewers; establishing review procedures |
| Log retention (EU AI Act Art. 19) | Generated logs retained and available to authorities | Integrity any party can check with the tenant public key | Retention policy, storage, and responding to requests |
| Logging & record-keeping (ISO 42001 Annex A) | Trustworthy evidence of AI operation | Cryptographic proof an entry hasn’t been modified | Designing the AIMS and auditing its effectiveness |
| Lifecycle traceability (ISO 42001 Annex A) | Traceable records across phases | Model version + decision context bound inside each receipt | Broader documentation and change-control processes |
| Human oversight support (ISO 42001 Annex A) | Records that enable oversight | Verification without authentication, for any reviewer | Integrating verification into oversight workflows |
Receipts secure the integrity of individual entries. They do not, on their own, satisfy completeness or contextual-metadata requirements in either regime.
What this does not do¶
Marturia covers the tamper-evidence and integrity dimension of record-keeping — one piece of a much larger obligation. Receipts do not:
- Determine whether a system is high-risk or in scope of the EU AI Act.
- Generate the substantive content any article requires.
- Ensure completeness — that every required decision is actually receipted.
- Satisfy transparency, risk-management, data-governance, or conformity-assessment obligations.
- Replace legal advice or a compliance program.
Mapping controls to obligations remains your responsibility, ideally with counsel. The value Marturia adds is narrow and real: when you do produce a record, you can prove it hasn’t changed.
Adopting it incrementally¶
Start with the subset of high-risk decisions whose records carry the greatest audit or oversight exposure. Instrument those decision points to emit a receipt, and store the receipt ID alongside your existing logs. Add the verification step to your audit or oversight checklist. Expand coverage only once those first receipts verify cleanly in practice.
Verification runs locally, with no account:
pip install marturia-verify
marturia-verify --receipt receipt.json --pubkey-hex <tenant-public-key>
Closed beta is open — the verifier is public, so you can confirm everything above against a real receipt in your own environment.
Related Marturia resources - /guides/verifying-ai-decisions-soc2.html - /blog/what-the-ai-act-makes-you-keep.html - /docs/