An audit trail for AI decisions exists to answer a specific question: if this decision is challenged, can the organisation demonstrate what happened, who was responsible and on what basis the decision was made?
Without a documented audit trail, an AI-assisted decision can only be accounted for as 'the system produced this output and it was acted upon.' In public sector, that account is not adequate. Residents have the right to understand how decisions affecting them were made. The ICO has powers to investigate AI processing. Scrutiny committees can question AI-assisted decisions. Tribunals can review the evidence basis for automated or AI-assisted determinations.
Arto's audit trail transforms the accountability position. Every workflow execution produces a permanent, timestamped record that documents the workflow's actions, the data accessed, the AI output produced and the officer's review and decision. That record converts 'the AI decided' into a fully attributed, documented account of a human decision informed by AI.
An audit trail does not make AI accountable. It makes the humans who use AI accountable, which is what public sector organisations need.
What every Arto audit record contains
Every Arto workflow execution produces an audit record containing the following fields. The record is generated automatically and cannot be modified after creation.
Field | What is recorded | Why it matters |
Trigger | The event that initiated the workflow: source channel, timestamp and reference identifier. | Establishes when and how the process began. Essential for subject access requests and for demonstrating that processing was initiated by a legitimate source. |
Data accessed | The specific data records accessed during execution: system, record reference, data categories retrieved. | Satisfies UK GDPR data minimisation documentation requirements. Confirms the AI accessed only what was necessary for the defined purpose. |
AI reasoning | The AI agent's analysis: what it identified, what rules or framework it applied and what output it produced. | Supports the right to explanation for AI-assisted decisions under UK GDPR. Enables the organisation to explain the AI's role to any individual, oversight body or legal forum. |
Governance checks | The results of the six compliance checks run at execution: which passed, which flagged, any conditions applied. | Documents compliance with the governance framework at the point of execution. Evidence for DPO review and ICO inquiry. |
Human oversight gate | Whether a HITL gate was triggered, which officer was assigned, and whether the gate was passed or the case returned. | Records the human oversight event. If the case was reviewed and approved, this is the accountability record. If returned, records the reason. |
Officer decision | The responsible officer's identity, their decision (approve or return), their reasoning note (if provided) and the timestamp. | This is the core accountability record. It attributes the decision to a named human officer. 'The AI decided' is replaced by 'Officer [name] reviewed the AI analysis and made the following decision on [date] at [time].' |
Output | The action taken as a result of the decision: letter sent, account updated, case allocated, report generated. | Confirms what was done and when. Can be cross-referenced against back-office system records. |
Governance certificate | A summary of the assurance case: the standards the workflow aligns to, the oversight configuration, and the officer decision record. | The primary governance evidence document for DPO review, IT security assessment and scrutiny committee. Exportable in a format suitable for each audience. |
In short: The audit trail is not a log of what the AI did. It is a record of what the AI produced, what the human decided in response, and when. The officer's decision is the accountability record. The AI's output is the evidence base for that decision.
Why the audit trail is immutable
The Arto audit trail is immutable. Once a record is created, it cannot be modified, deleted or overwritten by any user, including administrators. The record reflects what happened at the moment it was created and cannot be changed after the fact.
This matters because the audit trail is a legal document as much as an operational record. If a decision is challenged, in an ICO inquiry, a tribunal, a judicial review or an internal investigation, the audit trail is the organisation's primary evidence of what happened. An audit trail that can be modified is not evidence; it is a claim. An immutable audit trail is evidence because it demonstrably reflects the original record.
The immutability of Arto's audit trail means organisations can present it to any oversight body with confidence that the record has not been altered since it was created. This is the property that transforms the audit trail from an internal record into a defensible legal instrument.
When the audit trail is used and by whom
The ICO or data protection regulator
The ICO opens a complaint investigation into whether a council's AI deployment processed personal data lawfully.
They need: Evidence that: the lawful basis for processing was established; data minimisation controls were in operation; the data was processed only for the specified purpose; AI outputs were reviewed by a qualified officer before being acted upon.
The audit trail provides: The complete execution record for every workflow run: data accessed, legal basis applied, governance checks passed, officer review and decision. Exportable immediately in a format suitable for regulatory submission.
A tribunal or court
A resident challenges a benefits decision at a tribunal, arguing the council's AI system produced an incorrect calculation that was acted upon without proper human review.
They need: Evidence that: the AI calculation was reviewed by a qualified officer before the decision letter was issued; the officer's decision is documented and attributed; any anomaly flags in the calculation were investigated before the decision was finalised.
The audit trail provides: The officer decision record showing who reviewed the AI output, when and what decision they made. The AI reasoning record showing the calculation basis. The audit record showing whether plausibility checks and anomaly detection flagged anything before the officer reviewed. This is the evidence that distinguishes a properly reviewed decision from one that was automatically generated and acted upon.
An internal audit team
Internal audit reviews the council's AI deployments as part of an annual governance audit, examining whether AI is being used in line with approved policy and with adequate oversight.
They need: Evidence that: each AI deployment has an approved assurance record; human oversight gates are in operation and being used; the governance framework is being applied consistently across all workflow executions.
The audit trail provides: The organisation governance score from the Monitoring dashboard, reflecting assurance record completion across all active flows. The audit trail for any selected workflow or time period, showing consistent governance check results and officer oversight records. Exportable in a format suitable for internal audit review.
A scrutiny committee or elected member
A scrutiny committee asks how the council makes AI-assisted decisions in social care and wants assurance that human oversight is real, not nominal.
They need: A plain-language account of: what the AI does, what a human officer does with the AI output, and how that is documented. Confidence that no significant decision is made solely by an AI system.
The audit trail provides: An accessible summary of the governance framework applied to each deployment: the Assurance Designer record, the HITL configuration showing what decisions require officer review, and example audit records showing officer attribution. The Assurance Designer record as an accessible summary of governance status for a given workflow.
Exporting and using the audit trail
Audit records can be retrieved by workflow, date range, officer, or by the individual or case the workflow related to. A subject access request that touches AI-processed data is answered by retrieving the relevant run records. An ICO investigation into a specific complaint is answered by retrieving records for that individual’s case. Where full disclosure is required, the complete run record is available: AI reasoning, every data access event and the full HITL decision record.
The Assurance Designer record provides an accessible summary of the governance position for any deployment, provides an accessible summary of the governance position for any single execution. It confirms the compliance framework was applied, records what checks were run and passed, and identifies the officer responsible for the decision. It is designed to be understood by non-technical audiences including legal teams, auditors and elected members.
