Why tamper-evident logging matters for AI

Article 12 of the EU AI Act requires providers and operators of high-risk AI systems to ensure those systems automatically record events ("logs") throughout their operational lifetime — logs that are sufficient to reconstruct the system's processing and establish accountability after the fact.

The regulation specifies that logging must be capable of identifying the cause of malfunctions or unexpected results. Importantly, it requires tamper-evidence: records that can be shown not to have been modified since they were created.

TrustNotch is designed to address these logging requirements for AI agents and the systems running them. Using TrustNotch does not itself guarantee regulatory compliance — that determination depends on your specific system and legal context — but it provides the cryptographic foundations that tamper-evident logging requires.

Most audit-log services store your records in a database they control. If a record needs to be shown unmodified, you must trust their assertion that nothing has changed — because no independent check exists.

In a regulatory audit or legal proceeding, this is a structural weakness. An auditor can ask for evidence that logs have not been tampered with after the fact — and "we say they haven't" is not evidence.

The same problem applies to AI systems themselves: an agent that can log its own actions to a store it influences has a credibility gap. Logs submitted to a service that returns signed, externally anchored receipts are harder to deny or revise.

Tamper-evident logging and GDPR's right to erasure can seem at odds: if a log entry is cryptographically sealed, how can personal data be erased?

TrustNotch resolves this with per-entry erasure. You can erase the stored payload for any entry — removing it from TrustNotch's servers — while every proof for that entry and every sibling entry continues to verify. The Merkle tree is constructed over the hashes of content, not the content itself, so removing a payload doesn't invalidate any sibling's inclusion path.

This means you can satisfy a GDPR erasure request for a specific user's data without retroactively undermining the integrity of surrounding log entries.

TrustNotch's MCP server lets AI agents log their own actions directly — through the same Model Context Protocol interface they use for everything else. The agent calls submit_log, gets back a signed receipt, and can later call verify_log to confirm an entry is intact. The whole logging loop is in the agent's context, not a separate integration.

Because verification is independent of TrustNotch, an agent's logs can be audited by anyone — the operator, a regulator, or a third-party auditor — using the open-source verifier, without any involvement from TrustNotch.