EU AI Act compliance for migration, asylum, and border-control AI: the audit trail

By Catalina Turlea·
EU AI Act compliance for migration, asylum, and border-control AI: the audit trail

Written by Catalina Turlea

25 Apr 2026

If your AI assists migration management, asylum processing, visa adjudication, or border control, the EU AI Act puts you firmly in scope. Annex III, point 7 lists the uses: polygraphs and similar tools, assessment of risk (security risk, irregular-migration risk, health risk) posed by a person entering or having entered a Member State, examination of applications for asylum, visa or residence permits and the associated complaints about the eligibility decision, and detection, recognition or identification of natural persons in the migration context — with a narrow carve-out for verification of travel documents.

These are decisions about whether people can cross borders, stay, work, or claim protection. The Act treats the audit trail as the operational artefact that makes the decisions reviewable, not as a back-office formality.

The full regime is in force. Operational-obligation breaches reach €15 million or 3% of worldwide annual turnover. Prohibited-practice breaches reach €35 million or 7%.

The articles you have to satisfy

Migration-and-border AI carries every Annex III obligation, with extra weight on fundamental-rights protections.

  • - Article 9 — risk-management system documenting foreseeable misuse, including operator misuse.
  • - Article 11 + Annex IV — technical documentation covering accuracy by nationality, language, dialect, age, gender, and any other demographic dimension represented in the deployment population.
  • - Article 12 — automatic event logs across the lifetime of the system.
  • - Article 13 — instructions for use with the documented limitations.
  • - Article 14 — human oversight by qualified personnel; the ability to decide not to use, override, or reverse.
  • - Article 17 — documented quality management system.
  • - Article 19 / Article 26(6) — log retention of at least six months. Asylum, immigration, and border rules will typically require materially longer.
  • - Article 26 — deployer obligations including assignment of human oversight, monitoring, and the duty to suspend use when risk is identified.
  • - Article 27 — Fundamental Rights Impact Assessment by the public-authority deployer before first use.
  • - Article 49 — registration in the EU database, with the law-enforcement-style restricted entry where it applies.
  • - Article 72 — post-market monitoring with a written plan.
  • - Article 73 — serious-incident reporting; 15 days, 10 if a person dies or a fundamental-rights infringement is widespread.

The audit trail is the compounded evidence that all of these obligations were met before, during, and after deployment.

Why "the model said so" cannot survive a tribunal

An asylum claim is reviewed. A risk score is generated. The case officer reads it. The claim is rejected. The applicant appeals. The tribunal asks how the score was produced, on what data the model was trained, how it performs for applicants from this country and language, what the threshold was, who reviewed it, and whether the case officer exercised the right to override.

If the answer is "we used the score the vendor's tool returned," the audit trail has already failed. Tribunals do not accept opaque scoring as a basis for a decision affecting an individual's protection claim. The Act does not let them.

The villain is Ship and Pray, behind a glass partition. A vendor demo, a pilot, a deal, a system live in a real processing centre. The evaluation set is whatever the engineers had. Accuracy across the languages and dialects that show up in production was never measured. The case officer was trained for an hour. The audit trail is the case file the officer wrote afterward.

That position will not survive an appeal, a parliamentary committee, or the supervisory authority. The fine is not the worst outcome. The worst outcome is a tribunal ruling that the decision-making process itself was unlawful and that all decisions made by that process must be reopened.

The migration-and-border audit-trail checklist

For each AI feature in scope, you should be able to produce on demand:

  1. - Annex IV technical documentation — including accuracy and bias metrics across every nationality, language, dialect, and demographic group represented in the deployment population.
  2. - Risk-management dossier under Article 9 — foreseeable misuse including discriminatory application, mitigations, residual risk, basis for acceptance.
  3. - Versioned model, prompt, and threshold configurations — each change with date, author, evaluation, and approval.
  4. - Pre-deployment evaluation reports — including sub-group performance and adversarial scenarios, signed off by a domain expert with the authority to refuse to ship.
  5. - Runtime event logs under Article 12 — the input, the model version, the score, the rationale, the case officer's decision, the override if any.
  6. - Human-oversight records under Article 14 — every override, every refusal to use, every escalation.
  7. - Quality-management records under Article 17 — change-control, reviewer training, supplier qualification.
  8. - Post-market monitoring data under Article 72.
  9. - Fundamental Rights Impact Assessment under Article 27.
  10. - EU database registration under Article 49.
  11. - Serious-incident register under Article 73.

If any one of these is missing, the system is not compliant with the obligations it was designed to satisfy.

Where domain experts have to lead

Article 14 requires oversight by personnel with the competence to provide it. In the migration-and-border context, that means experienced case officers, legal-protection specialists, country-of-origin information experts, language and interpretation specialists, and civil-liberties advisors with refugee-law training.

Standard evaluation tooling shuts them out. The eval set lives in a notebook. The acceptance criteria are decided in a procurement meeting. Sub-group performance is reported in aggregate, not in operational terms a case officer can use. The instructions-for-use are translated by engineering and never reviewed by the domain.

Lovelaice is built for this gap. The domain expert defines what acceptable looks like before the model sees any data — sub-group accuracy floors, calibration of the score, refusal behaviour for low-confidence inputs, rationale-text completeness, absence of penalty for language background. They review outputs directly through a simple interface, with blind evaluation that removes bias from the scoring. Every evaluation is captured. Every prompt and threshold version is immutable. Every result is exportable.

When the tribunal, the parliamentary committee, or the supervisory authority asks how the score for a specific case was produced and why the operator was permitted to act on it, the answer is a report, not a recollection.

Retention and reporting windows to design for

  • - Six months minimum log retention. Immigration, asylum, and law-enforcement procedural rules typically extend this materially.
  • - Ten years retention of Annex IV technical documentation and the EU declaration of conformity.
  • - 15 days to file a serious-incident report. 10 days if a fundamental-rights infringement is widespread or a person dies.

Migration and border AI is the category where the costs of getting it wrong land directly on people with the fewest channels of redress. Build the audit trail before the first case is decided.

Sources

More in this series

The EU AI Act audit-trail series — one article per Annex III high-risk category: