What this page covers
Organizations active in Spain still need evidence that survives tool changes, supplier handovers and later reviews. Attesto preserves hashes, signatures, Merkle proofs and verifier receipts without claiming a local office.
Legal timing
The AI Act entered into force on 1 August 2024. The Commission describes 2 August 2026 as the general application date, while the AI Omnibus political agreement moves many high-risk areas to 2 December 2027 and product-integrated systems to 2 August 2028. The preparation work still has to start now because evidence cannot be rebuilt reliably after deployment.
This page is implementation guidance for evidence planning, not legal advice.
Evidence Attesto AI can preserve
canonical event hash
system identifier
policy version
human approval or override
auditor verification receipt
Example evidence records
Example proof receipt
Example Attesto receipt
event_type
COUNTRYES
timestamp
2026-06-04T10:21:00Z
leaf_hash
sha256:8f41...b19e
merkle_root
sha256:52ac...91d4
verification_status
valid demo receipt, raw data not exposed
Where Attesto fits
Local implementation and supervisory practice can differ in Spain. Attesto stays focused on the proof layer: selected evidence can be verified independently while legal interpretation remains with counsel and auditors.
FAQ
How is this different from a normal log?
A normal log asks an auditor to trust the system that produced it. Attesto records hashes, signatures, Merkle proofs and verifier receipts so selected evidence can be checked independently.
Does Attesto need to expose raw sensitive data?
No. Raw records can remain encrypted or customer-controlled while proof material is shared for verification.
Where does AI Act evidence in Spain fit in the compliance stack?
Local implementation and supervisory practice can differ in Spain. Attesto stays focused on the proof layer: selected evidence can be verified independently while legal interpretation remains with counsel and auditors.