Jose Marques

Your AI agents need audit trails before August 2026

2026-04-06T00:00:00+00:00

The EU AI Act becomes enforceable in August 2026. If your AI agents make decisions that affect people - hiring, lending, healthcare, legal - you need audit trails.

Most AI agent frameworks have no built-in governance. LangChain, CrewAI, and OpenAI Agents SDK all let you build powerful agents, but none of them log what the agent did, why it did it, or whether a human approved it.

The requirement

Articles 9-15 of the EU AI Act require:

Automatic logging of agent actions (Article 12)
Human oversight mechanisms (Article 14)
Risk management documentation (Article 9)
Technical documentation of system behavior (Article 11)

The solution

asqav adds governance to any Python AI agent in one decorator:

from asqav import audit

@audit
def my_agent_call(prompt):
    return llm.invoke(prompt)

Every call gets a tamper-evident audit trail with:

Input/output recording
Timestamp and caller identity
Quantum-safe digital signature (ML-DSA / FIPS 204)
Policy evaluation results

Works with your stack

Install

pip install asqav

Open source, MIT licensed, no vendor lock-in.

One decorator to audit every AI agent call

2026-04-05T00:00:00+00:00

AI agents are calling APIs, querying databases, and making decisions in production. If something goes wrong, can you prove what happened?

The @audit decorator from asqav wraps any Python function with a tamper-evident audit trail. No infrastructure changes, no database to manage.

Before

def process_claim(claim_id):
    analysis = llm.invoke(f"Analyze claim {claim_id}")
    decision = llm.invoke(f"Approve or reject: {analysis}")
    return decision

No record of what the LLM returned. No proof a human reviewed it. No way to reproduce the decision.

After

from asqav import audit

@audit
def process_claim(claim_id):
    analysis = llm.invoke(f"Analyze claim {claim_id}")
    decision = llm.invoke(f"Approve or reject: {analysis}")
    return decision

Now every call is logged with:

Full input and output
Cryptographic signature (quantum-safe ML-DSA)
Timestamp and execution context
Policy evaluation results

The audit trail is tamper-evident. If anyone modifies a log entry, the signature breaks.

Policy enforcement

You can also block or flag actions in real-time:

from asqav import audit, policy

@policy(max_tokens=1000, require_approval=True)
@audit
def high_risk_decision(data):
    return agent.run(data)

Install

pip install asqav

MIT licensed. Source on GitHub.

EU AI Act compliance checklist for engineering teams

2026-04-04T00:00:00+00:00

The EU AI Act is the first comprehensive AI regulation. If you deploy AI systems in the EU - or your users are in the EU - you need to comply.

This is the practical checklist, focused on what engineering teams actually need to build. No legal jargon.

Key deadlines

February 2025 - Prohibited AI practices banned
August 2025 - General-purpose AI rules apply
August 2026 - High-risk AI system requirements enforced

What engineering teams need

Article 9 - Risk management

Document known risks of your AI system
Test for bias, fairness, and accuracy
Define residual risk thresholds

Article 11 - Technical documentation

System architecture documentation
Training data description
Performance metrics and benchmarks

Article 12 - Record-keeping

Automatic logging of system operations
Tamper-evident audit trails
Log retention for regulatory review

Article 13 - Transparency

User-facing documentation of AI involvement
Explanation of decision-making process

Article 14 - Human oversight

Human-in-the-loop for high-risk decisions
Override and stop mechanisms
Monitoring dashboards

Tools

asqav SDK - Audit trails and policy enforcement for AI agents
asqav Compliance Scanner - GitHub Action to check governance gaps on every PR
Full checklist on GitHub - Detailed checklist with evidence requirements