IETF Internet-Draft — Agent Audit Trail

Why it matters for NETEVO

The Agent Infrastructure Whitepaper Dimension 3 (audit and observability) is the architectural surface where this draft applies. Mandatory record fields cover agent identity, action classification, outcome tracking and trust level; records are linked by hash chaining (RFC 8785 JSON canonicalisation) with optional ECDSA for non-repudiation. Export to JSONL, Syslog (RFC 5424) and CSV.

This is the load-bearing forensic-traceability anchor for the Implicit Authority Cascade framing — the standardised, tamper-evident agent log is the evidentiary substrate for reconstructing an authority cascade after the fact.

The draft maps its requirements to the EU AI Act logging mandate, ISO/IEC 42001, SOC 2 and PCI DSS — a useful cross-jurisdictional bridge. This is an individual submission, not Working-Group-adopted, so it carries no formal IETF standing. NETEVO tracks the draft weekly during its active development phase and watches for the next revision and for Working-Group adoption.