HEINI
DE Book demo Choose plan
Start Features
Solutions Managing directorsCFO & financeIT leadershipTax advisorsTradesFreight & logisticsAll industriesEnterprise
Pricing Integrations
Customers All customersPSE TechnikKnowledge staysSupplier with HeiniGroup & holdingAgencies & partners
Resources All resourcesFAQBlogCustomers & casesStories
Login Book demo Choose plan
← Back to blog SME & AI

The EU AI Act Without Cryptographic Proof Is an Empty Shell

In 13 weeks the regulation enters full effect in its core provisions. Many companies will meet a requirement they cannot prove.

HEINI · April 25, 2026 ·7 min
#ai-act#compliance#enterprise#proof-layer#governance

In 13 weeks the regulation enters full effect in its core provisions. Many companies will meet a requirement they cannot prove.

On 2 August 2026 the EU AI Act enters full effect in its decisive high-risk provisions. Anyone running autonomous systems in compliance, recruitment, critical infrastructure, financial services or medical applications must from that day be able to prove three things: data lineage, decision logic, end-to-end traceability. Fines up to 35 million euros or 7 percent of global annual revenue — whichever is higher.

In many conversations about the AI Act over the last few months I have heard one recurring reaction: “We log everything, that will do.”

It will not do. And the day this becomes obvious is closer than most expect.

What the AI Act actually requires

Article 12 requires for high-risk systems the automatic recording of events over the entire lifetime. Article 13 demands transparency and provision of information to users. Article 14 prescribes human oversight, which only works if decisions are reconstructible. Article 15 requires robustness, accuracy and cybersecurity — explicitly including protection against unauthorized changes to records.

The last point is the decisive one. Unauthorized changes means: whoever keeps the records cannot be the only party able to change them. Otherwise a regulator in a dispute is forced to take the vendor at their word.

That is exactly where the current state of affairs collapses for many companies.

Three audit scenarios that will come

Scenario 1 — Regulator inquiry. A high-risk classification system — a credit risk system, say — repeatedly denies financing to one person. The person complains, a regulator inquires. The company delivers a log file. The lawyer for the affected person asks: “Can you prove cryptographically that this log file contained these values on the day of the decision — and was not retroactively created or amended?” Many companies will not be able to answer this question with a load-bearing yes today.

Scenario 2 — Internal whistleblower. An employee claims that a system update happened shortly before a critical decision — and that the previous version would have produced different results. The company must prove which version was active at which point in time. Without a hash chain between software state, processing time and output, this question is legally a matter of belief.

Scenario 3 — International data flow. An autonomous system processes data that lives partly on cryptographic-anchor infrastructure, partly in an EU cloud, partly in a non-European region. A regulator demands proof that the data flow logic mandated by data protection law was actually maintained. Without an external attestation layer, only the vendor’s word remains.

In each of these three scenarios, logging is not a sufficient answer. It takes provability — and that has three non-negotiable properties: tamper resistance, external verifiability, selective disclosure.

Why “audit logging” is the wrong term

Established observability tools are excellent. But they are built for a world in which logs serve internal performance optimization. The requirement that a log file is load-bearing against the vendor itself was never their design purpose.

The AI Act, however, requires exactly that: a record that holds up even when the operator of a high-risk system would have an interest in tidying the log file. This gap will become visible in the first proceedings after the law takes effect — and the market will understand that provability is its own technical discipline, not a by-product of observability.

What cryptographic provability concretely means

Three building blocks that must work together:

  1. Hash chain per decision. Every action of an autonomous system is sealed with a hash that references the previous hash. A retroactive change breaks the chain and is immediately visible.
  2. External anchoring at a neutral cryptographic notary. The hashes are anchored outside the vendor’s infrastructure — at a public, neutral notary or at a regulated time-stamp authority. The vendor can no longer silently change their own log file.
  3. Selective disclosure. Instead of showing the entire log file, you prove only the one decision with a Merkle path. Compliant with data protection law, mindful of trade secrets, load-bearing in court.

These three building blocks are not future music. They have existed in the cryptography world for years. They have simply not yet migrated into the enterprise stack for autonomous software. That is exactly where we step in.

What companies should do in the next 13 weeks

Three pragmatic steps, no marketing:

  • Inventory. Which autonomous systems in the company fall under high-risk? An honest answer usually contains more systems than the first gut estimate suggests.
  • Provability audit. For each of these systems: can we prove one specific decision to an external regulator tamper-resistantly? If the answer is no — where is the gap?
  • Sidecar strategy. Instead of rebuilding the running system, place an attestation layer next to it that produces hashes and anchors them externally. Lower intervention, faster productive, audit-ready from day one.

We are building the layer that is missing

HEINI is purpose-built for exactly this: a sidecar attestation layer for enterprise software with hash chains, proof points, external anchoring at a neutral cryptographic notary and selective disclosure. Single-tenant architecture, because regulated industries will accept nothing else.

Three mechanics make the difference compared to plain logging: a pre-flight permission check that examines every pending action against a stored competence profile before it is executed — a may-do rather than a can-do logic. A three-stage deletion cascade under GDPR Article 17 that demonstrates forgetting across working memory, vector index and long-term storage — not through claimed deletion but through an irrefutable difference record. And an external attestation anchor that records the order of decisions, admissible under German law.

If you want to talk to us — as a regulated industry, as a compliance function or as a consultancy with a mandate — you can reach us through the channels on this site.

2 August 2026 is coming, whether companies are prepared or not. The only question is who experiences it as a regulatory burden — and who experiences it as a competitive advantage.

HEINI Operations UG. Questions and feedback are explicitly welcome.