Most firms that keep a record of their AI use keep something that looks like an audit trail but is not really one. A folder of saved chats, a spreadsheet of approvals, a log that an administrator could edit. Those records are useful for day-to-day reference, but they share one weakness: nothing about them proves they were not changed after the fact. If a record can be quietly edited, it cannot settle a dispute, because the first question anyone serious will ask is whether it was edited.
A tamper-evident audit trail is different. It is built so that any change to a past record is detectable, even by the person who keeps the records. That property, detectability, is what turns a log from a private note into evidence a firm can stand behind when a client, a partner, or a regulator asks what happened and when. It is worth understanding how that property is actually achieved, because the mechanism is simpler than it sounds and explains why some records hold up and others do not.
The first requirement is that the record is append-only: entries can be added, but existing entries cannot be modified or deleted. In most systems this is a policy, a rule that people agree to follow. A policy is only as strong as the discipline behind it, and an administrator with database access can usually override it. Append-only becomes meaningful when it is enforced by the system itself rather than promised by the people using it.
Qonera enforces this at the database level. The audit log has triggers that block any attempt to update or delete a row once it is written, so the append-only rule is not a convention someone could bend under pressure. It is a property of the storage itself. That removes the most common failure mode of a homegrown log, which is that the record can be cleaned up after something goes wrong, by someone who would rather it had not happened.
Append-only stops the obvious edits, but the stronger guarantee comes from a hash chain. Each entry in the trail carries a cryptographic fingerprint, a SHA-256 hash, computed from the contents of that entry combined with the fingerprint of the entry before it. Because each fingerprint depends on the one before, the entries are linked in a chain where every link is derived from the entire history that precedes it.
The consequence is what makes it tamper-evident. If someone altered a single past entry, even by one character, that entry’s fingerprint would no longer match, and because every later fingerprint was computed from it, every entry after it would fail to verify too. You cannot quietly change one record without rewriting the entire chain that follows it, and the verification process, which recomputes the fingerprints from the beginning, catches exactly that. The tampering does not have to be guessed at. It is provable, and so is its absence.
The mechanism is technical, but the reason it matters is not. A firm with a tamper-evident trail can make a claim that a firm with an editable log cannot: that the record of what was reviewed, by whom, and when, is the same record that was written at the time, and can be shown to be unchanged since. When a client challenges a deliverable months later, the firm is not asking to be taken on trust. It is offering a record whose integrity can be checked independently.
That is also why a tamper-evident trail is worth more than a more detailed but editable one. Detail is helpful, but integrity is what makes the detail count. A thorough log that could have been edited proves nothing a skeptic has to accept. A hash-chained log proves its own integrity to anyone willing to run the verification, which is the standard a record has to meet the moment it is genuinely contested rather than merely consulted.
The same principle sits behind Article 12 of the EU AI Act, which requires record-keeping for high-risk AI systems so that what was done, with what data, and under what review can be reconstructed afterward. A record that could be edited after the fact does not really meet that bar, because reconstruction depends on the record being faithful to what actually happened. Most of the obligations under the EU AI Act apply from August 2026, and a tamper-evident trail is one of the few governance features that is genuinely hard to retrofit convincingly: a log that becomes tamper-evident only from today cannot vouch for everything that came before.
Qonera records every step of the review and approval workflow in an append-only, hash-chained trail, exportable as CSV or PDF for client assurance, internal governance, or regulator review. The workflow is designed so the record builds itself as the work happens, rather than being assembled afterward from memory. An audit trail is only as good as the confidence you can place in it, and the whole point of building it this way is that the confidence does not depend on trusting the person who keeps the records, including us.
This article is for general information only and does not provide legal advice. Organisations should consult qualified legal counsel about how Article 12 and the EU AI Act apply to their specific systems, workflows, and obligations.
Multi-model stress testing, Conflict Heatmap, tamper-evident audit trail, and structured sign-off, built for teams who need defensible AI output.