EU AI Act compliance for law-enforcement AI: the audit trail for risk assessment, polygraphs, and profiling

Written by Catalina Turlea
25 Apr 2026
Law-enforcement AI is one of the categories where the EU AI Act is the most explicit and the most demanding. Annex III, point 6 lists what counts: AI used by law-enforcement authorities (or on their behalf) to assess the risk of an individual becoming a victim of a crime, polygraphs and similar tools, evaluating the reliability of evidence, assessing the risk of someone offending or re-offending based on profiling or personality traits, and profiling individuals in the course of detection, investigation, or prosecution.
Some uses are not high-risk. They are prohibited. Article 5 banned AI systems that assess the risk of a natural person committing a crime "based solely on the profiling of a natural person or on assessing their personality traits and characteristics." Cross that line and the fine is €35 million or 7% of worldwide annual turnover.
If you build AI for law-enforcement use, or if a law-enforcement authority deploys your product in this space, the audit trail is the product. There is no other deliverable.
The articles you have to satisfy
Law-enforcement AI sits at the intersection of the most demanding obligations in the Act.
- - Article 9 — risk-management system documenting foreseeable misuse, including misuse by the operator.
- - Article 11 + Annex IV — technical documentation including accuracy and bias metrics by sub-group, the rationale for any decision threshold, and the operating conditions in which performance was measured.
- - Article 12 + Article 26(6) — automatic event logs.
- - Article 13 — instructions for use specifying the system's capabilities and limitations.
- - Article 14 — human oversight by personnel with the competence to interpret outputs, override them, and decide not to act.
- - Article 17 — quality management system documented end-to-end.
- - Article 19 / Article 26(6) — log retention of at least six months. Law-enforcement and criminal-procedure rules typically extend this for years.
- - Article 26 — deployer obligations: assign human oversight to a competent person, monitor operation, suspend use when risk is identified, keep the logs.
- - Article 27 — Fundamental Rights Impact Assessment before first use, performed by the public-authority deployer.
- - Article 49 — registration of the system in the EU database. Law-enforcement deployers register in a restricted section but registration is still required.
- - Article 50 — transparency obligations for emotion-recognition and biometric-categorisation systems, where they apply.
- - Article 72 — post-market monitoring.
- - Article 73 — serious-incident reporting in 15 days; 10 if a person dies or a fundamental-rights infringement is widespread.
That is not paperwork. That is the operating discipline of the product.
Why "the model flagged this person" is the worst possible defence
A risk score is generated. An investigator reads it and acts. A person spends a night in a station. The system was never evaluated on the demographic distribution it sees in production. The threshold was set on a whiteboard. The log does not record the input features that drove the score. The investigator's decision is documented as "discretion."
The Act does not let any of that stand. Annex IV demands documented accuracy by sub-group. Article 14 demands that the investigator be able to override and to decide not to use. Article 9 demands a risk-management system that anticipated this failure mode. Article 27 demands a Fundamental Rights Impact Assessment before deployment.
The villain is Ship and Pray, wearing a uniform. A vendor demo, a pilot, a procurement deal, a system live in a real station. The evaluation set was last year's data. The accuracy by sub-group was never measured. The instructions for use are a PDF. The audit trail is whatever the investigator remembers.
That position will not survive contact with a national court, a parliamentary inquiry, or the supervisory authority. The penalty for the operational breach band is €15 million or 3% of worldwide annual turnover. The cost of getting it wrong is higher than that. Liberty is the currency.
The law-enforcement audit-trail checklist
For each AI feature in scope, you should be able to produce on demand:
- - Annex IV technical documentation — including accuracy and bias metrics by every demographic sub-group represented in the deployment population.
- - Risk-management dossier under Article 9 — foreseeable misuse by the operator, mitigations, residual risk, basis for acceptance.
- - Versioned model, prompt, and threshold configurations — every change with date, author, evaluation, and approval.
- - Pre-deployment evaluation reports — including adversarial tests and sub-group performance, signed off by a domain expert with authority to refuse to ship.
- - Runtime event logs under Article 12 — sufficient to reconstruct any score the system produced, the input features that produced it, and the operator who reviewed it.
- - Human-oversight records under Article 14 — operator decisions to act, override, or refuse to act, with rationale where required.
- - Quality-management records under Article 17 — change-control, reviewer training, supplier qualification.
- - Post-market monitoring data under Article 72.
- - Fundamental Rights Impact Assessment under Article 27.
- - EU database registration under Article 49.
- - Serious-incident register under Article 73.
Improvise any one of these after the fact and you have no audit trail. You have a story.
Where domain experts have to be in the loop
Article 14 demands oversight by people with the competence to provide it. In law enforcement, that means experienced investigators, prosecutors, defence-perspective specialists, civil-liberties advisors, and statisticians who understand the data limits.
Standard evaluation tooling shuts every one of them out. The eval set is a notebook only engineering can run. The threshold is decided in a vendor meeting. The instructions for use are a PDF nobody reads end-to-end. By the time a defence-perspective specialist sees the system, procurement is signed and the press release is drafted.
Lovelaice is built for this gap. The domain expert — the civil-liberties officer, the prosecutor, the senior investigator — defines what acceptable looks like before the model touches data: accuracy across sub-groups, calibration of the score, false-positive ceilings, the language of the rationale text, the cases where the system must abstain. They review outputs directly with blind evaluation that removes bias from the scoring. Every evaluation is captured. Every prompt and threshold version is immutable. Every result is exportable.
When the supervisory authority, the national court, or the parliamentary committee asks how you know this system performs equitably and reliably, you do not improvise. You export the run. Every reviewer, every decision, every override, every threshold change, traceable.
Retention and reporting windows to design for
- - Prohibited practices under Article 5 are already in force. Predictive policing based solely on profiling of natural persons cannot be deployed at all.
- - Six months minimum log retention under Article 19. Criminal-procedure rules typically extend this materially.
- - Ten years retention of Annex IV technical documentation and the EU declaration of conformity.
- - 15 days to file a serious-incident report. 10 days if a person dies or a fundamental-rights infringement is widespread.
Law-enforcement is the category where the Act expects the most documentation and the most human oversight, because the harms it is designed to prevent are the gravest. Speed without proof is liberty without proof. Build the audit trail before any officer is asked to read the score.
Sources
- - Regulation (EU) 2024/1689 — official text (EUR-Lex)
- - Annex III, point 6 — law enforcement
- - Annex IV — technical documentation
- - Article 5 — prohibited AI practices
- - Article 9 — risk management system
- - Article 11 — technical documentation
- - Article 12 — record-keeping
- - Article 13 — transparency and information for deployers
- - Article 14 — human oversight
- - Article 17 — quality management system
- - Article 19 — automatically generated logs
- - Article 26 — deployer obligations
- - Article 27 — Fundamental Rights Impact Assessment
- - Article 49 — EU database registration
- - Article 50 — transparency obligations
- - Article 72 — post-market monitoring
- - Article 73 — serious-incident reporting
- - Article 99 — penalties
More in this series
The EU AI Act audit-trail series — one article per Annex III high-risk category:
- - Biometrics: remote identification, categorisation, and emotion recognition
- - Critical infrastructure: safety-component AI
- - Education and EdTech: admissions, assessment, and proctoring
- - Credit scoring and insurance: essential financial services
- - Employment and HR: recruitment, ranking, and workforce management
- - Migration, asylum, and border control
- - Justice and democratic processes
You might also like

EU AI Act compliance for HR and recruitment AI: building the audit trail
If your product screens CVs, ranks candidates, or scores performance, the EU AI Act now classifies you as high-risk. Here's the audit trail you have to produce.

EU AI Act compliance for critical infrastructure: the audit trail for safety-component AI
Safety-component AI in road, water, energy, and digital infrastructure is high-risk under the EU AI Act. Here's the audit trail required.

EU AI Act compliance for credit scoring and insurance AI: what the audit trail looks like
Credit scoring and life-and-health insurance pricing are high-risk under the EU AI Act. Here's the audit trail providers and deployers must produce.