Article 20
Automatically generated logs

 

1. Providers of high-risk AI systems shall keep the logs automatically generated by their high-risk AI systems, to the extent such logs are under their control by virtue of a contractual arrangement with the user or otherwise by law. Without prejudice to applicable Union or national law, the logs shall be kept for a period that is appropriate in the light of the intended purpose of high-risk AI system and applicable legal obligations under Union or national law of at least 6 months. The retention period shall be in accordance with industry standards and appropriate to the intended purpose of high-risk AI system[This change has been provisionally agreed on subject to final checks by the EP. NB EP and the Council submitted different changes here. We’ve focused on the EP change]

2. Providers that are credit financial institutions regulated by Directive 2013/36/EU subject to requirements regarding their internal governance, arrangements or processes under Union financial services legislation shall maintain the logs automatically generated by their high-risk AI systems as part of the documentation kept under Articles 74 of that Directive the relevant financial service legislation[The Council amended this clause, and it has been provisionally agreed on subject to final checks by the EP.]