Why External AI Reasoning Breaks Articles 12 and 72 of the EU AI Act by Default

The real risk is evidentiary, not artificial intelligence Articles 12 and 72 of the EU AI Act are often described narrowly as technical obligations on providers of high-risk AI systems. Read together, they encode a broader regulatory expectation: Article 12 requires record-keeping capabilities sufficient to enable traceability of AI-influenced decisions. Article 72 requires a post-market monitoring system capable of identifying, investigating, and responding to risk once high-risk AI systems are in use. These obligations are formally imposed on providers, with supporting duties on deployers. However, the governance expectation they establish is not confined to system ownership. Where AI outputs are relied upon in Annex III decision contexts, regulators, auditors, and courts will reasonably expect that the reasoning influencing those decisions can be evidenced, contextualized, and reviewed. Interpretive note: This analysis does not assert that Articles 12 or 72 of the EU AI Act directly impose logging or monitoring obligations on organizations for third-party AI systems they do not provide or deploy. Rather, it examines how the traceability and post-market monitoring expectations embodied in those provisions become operationally unmeetable once external AI reasoning is relied upon in regulated decision contexts.