
Key facts.
- Moffatt v Air Canada (2024): AI chatbot outputs binding to customers require auditability, correctability, and company attribution - disclaiming AI autonomy isn't a legal defense.
- FINRA (2024 regulatory guidance): AI-assisted financial recommendations require a complete, retrievable audit trail including input data, model version, confidence indicators, and human oversight touchpoints.
- HIPAA administrative safeguard requirements extend to AI agents handling protected health information: every access, action, and output must be logged with the agent's identity, timestamp, and authorization basis.
- EU AI Act Article 12 (in effect 2025): high-risk AI systems must maintain logs "to the extent technically feasible" that allow post-hoc monitoring of system operation and outcomes.
- Air Canada made AI outputs auditable or not; a newer model that can't trace reasoning lands remediation late.
Logs aren't audit trails
Application logs capture what happened: timestamp, action taken, response received. they're written for debugging, not for legal examination. A production log for an agentic workflow might read: "2026-05-05T14:22:11Z tool_call=check_eligibility params={member_id:48821} result=eligible." that's a log entry.
An audit trail captures what happened, why it was authorized, what the agent knew at the time, and what the outcome was in a format that's tamper-evident, attributable, and queryable by a regulator. An audit trail entry for the same action reads: "Decision: member 48821 marked eligible for Plan B upgrade. Agent version: 2.1.4. Input context hash: a3f9c2d1. Eligibility rule applied: RULE-028 (income threshold crossed). Human oversight: automated (no HITL threshold met at $0 value change). Outcome: upgrade provisioned. Immutable record ID: AUD-20260505-48821-a3f."
The audit trail is queryable by member ID, by date range, by rule applied, by agent version. it's tamper-evident - the record can't be modified after write without detection. it's attributable - the agent version and rule version are explicit, so a change in behavior after a model update is traceable. Logs don't provide these properties. Most agents are built to produce logs.
What regulated audit trails require by domain
Financial services (FINRA): input data at decision time, model version and configuration, confidence indicator, any human review touchpoint, outcome, and post-outcome correction history. Retention: 3-7 years depending on activity type.
Healthcare (HIPAA): agent identity, patient record accessed, authorization basis, access timestamp, and outcome of any recommendation. Access logs must be available for 6 years; enforcement has extended this to AI agents with HIPAA settlement guidance from HHS OCR 2024.
EU high-risk AI (AI Act Article 12): operation logs sufficient to allow post-hoc assessment of system behavior, recorded automatically throughout the operational lifetime of the system, with storage period commensurate with intended purpose.
# Audit trail record structure (regulated deployment)
audit_record = {
"record_id": "AUD-20260505-48821-a3f", # immutable, cryptographically signed
"agent_version": "2.1.4",
"model_version": "gpt-4o-2024-11",
"rule_version": "RULES-2025Q4-v3",
"subject_id": "member-48821", # regulated entity
"decision": "eligible_plan_b",
"reasoning_hash": "a3f9c2d1", # hash of full context at decision time
"authorization_basis": "RULE-028",
"hitl_threshold_met": False,
"outcome": "upgrade_provisioned",
"outcome_timestamp": "2026-05-05T14:22:15Z",
"immutability_proof": ""
}

Audit trail requirements by regulation
| Regulation | Key requirement | Retention | Tamper-evidence | Agent attribution |
|---|---|---|---|---|
| FINRA AI guidance 2024 | Input data, model version, confidence, HITL touchpoints | 3-7 years | Required | Required |
| HIPAA (HHS OCR 2024) | Agent identity, PHI access, authorization, outcome | 6 years | Required | Required |
| EU AI Act Art. 12 | Operation logs for post-hoc system assessment | Operational lifetime | Required | Required |
| Moffatt v Air Canada principle | Correctability, attributability, company ownership | Claim-based | Implied | Required |
The Pattern Intelligence Layer includes audit trail specifications as a first-class pattern attribute for regulated domains. Each regulated pattern defines the audit record schema, the immutability mechanism, the retention policy, and the HITL threshold that triggers a human oversight touchpoint and its corresponding audit entry. Compliance is designed in, not retrofitted after an examination finds gaps.

