An Automated Compliance Checker for AI Agent Logging and Record-Keeping under the EU AI Act Using a Domain-Specific Language

Author

• Lamia Hasan Rodoshi, University of Texas at ArlingtonFollow

Graduation Semester and Year

Spring 2026

Language

English

Document Type

Thesis

Degree Name

Master of Science in Computer Science

Department

Computer Science and Engineering

First Advisor

Dr. Faysal Hossain Shezan

Second Advisor

Dr. Mohammad Atiqul Islam

Third Advisor

Dr. Shirin Nilizadeh

Abstract

AI agents plan multi-step workflows, invoke tools, and operate across different components, and the EU AI Act is the first comprehensive framework that impose record-keeping obligations on such systems. Existing techniques do not propose any audit for AI Agents, prior work is legal-theoretical, or evaluates LLMs behaviorally by perturbing inputs and measuring output properties such as fairness, safety, or privacy. Article 12 record-keeping, by contrast, is a structural property of the agent’s code: whether each tool call, LLM invocation, validation step, and session boundary is logged at the right point in the workflow. Behavioral probes cannot verify this. We propose ReDit, an automated audit framework for EU AI Act record-keeping. ReDit interprets ten requirements for Article 12 obligations as Domain-Specific Language (DSL) rules where our trace generator extracts control-flow and data-flow graphs from agent source code, and checks whether each lifetime event is logged at the correct location. We use static analysis rather than execution because agent behavior is stochastic and runtime traces cover only a subset of execution paths whereas static analysis covers all reachable events and paths deterministically and can be audit before deployment. On a labeled benchmark of 70 agents, ReDit achieves F1 = 0.8791 (precision 0.9302, recall 0.8333). A measurement study on 770 open-source GitHub agents finds that no high-risk agent fully complies with Article 12, and 256 employ no logging at all.

Keywords

AI Agent, EU AI Act, Regulations, DSL, Compliance, Audit, Logging, Record-Keeping

Disciplines

Cybersecurity

License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Recommended Citation

Rodoshi, Lamia Hasan, "An Automated Compliance Checker for AI Agent Logging and Record-Keeping under the EU AI Act Using a Domain-Specific Language" (2026). Computer Science and Engineering Theses. 3.
https://mavmatrix.uta.edu/cse_theses2/3