Compliance

AI Agent Audit Trails: SOC2 and GDPR

Comprehensive audit logging for AI agents. Meet SOC2 requirements, satisfy GDPR, and debug agent behavior with detailed decision logs.

Veto TeamJanuary 20, 20269 min

Every action your AI agent takes should be recorded. Audit trails are essential for debugging, security, and compliance.

What to Log

  • Tool calls with full arguments
  • Decision outcomes (allow, deny, approve)
  • User and agent context
  • Timestamps and duration
  • Human approvals and rejections

Structured Logging

audit_logging.pypython
from veto import Veto
import structlog

logger = structlog.get_logger()
veto = Veto(api_key="veto_live_xxx")

# Log every decision
@veto.on_decision
def log_decision(decision):
    logger.info(
        "agent_decision",
        tool=decision.tool_name,
        action=decision.action,
        agent_id=decision.context.agent_id,
        timestamp=decision.timestamp.isoformat(),
        reason=decision.reason,
    )

Querying Audit Logs

audit_queries.pypython
# Find all denied actions in the last 24 hours
denied = veto.logs.query(
    action="deny",
    since=datetime.now() - timedelta(hours=24)
)

# Find all actions by a specific agent
agent_actions = veto.logs.query(
    agent_id="agent-123",
    since=datetime.now() - timedelta(days=7)
)

Retention and Compliance

retention_config.pypython
veto.configure_logging({
    "retention": {
        "decisions": "7years",
        "executions": "1year",
        "denials": "3years",
    },
    "export": {
        "format": "jsonl",
        "destination": "s3://audit-logs/veto/",
    }
})

Related posts

EU AI Act Compliance for AI Agents

The EU AI Act imposes strict requirements on high-risk AI systems. Here's how to achieve compliance for autonomous agents.

Ready to secure your agents?

Start freeRead the docs