Balancing logging and privacy

AI systems keep records of how people use them, which raises questions about privacy. The new EU AI Act, which started coming into effect in 2024, is creating more formal rules about AI systems, including requirements for keeping logs, especially for high-risk AI systems.

According to the EU AI Act, companies that provide AI systems must follow specific requirements, with penalties up to €35 million or 7% of global annual turnover for serious violations. For high-risk AI systems, providers need to implement proper logging systems that track how the AI works, though the law balances this with the need to respect user privacy.

Popular AI tools today typically have settings that let users manage some aspects of their data. Most explain that sharing data helps improve the systems, while also mentioning privacy considerations. These settings let users make choices about whether their conversations can be used to train the AI.

As new regulations like the EU AI Act are fully implemented (most provisions apply from August 2026), companies will need to think carefully about what data they collect and how they protect user privacy while still maintaining necessary records for accountability and safety.^[1]