Why high-risk AI now needs evidentiary infrastructure - and what DOMSELARDI is building with REMIS

The hole in the AI Act

The AI Act tells deployers of high-risk systems that they must keep the right records, prove what their model did and when, and let independent third parties verify those facts. The Act does not tell them how. That is the gap REMIS fills.

Without an evidentiary layer, every high-risk AI operator is on the same footing: their word against the complainant's. Internal logs are not opposable. Cloud dashboards do not speak the language of a judge. Audit trails written by the same system being audited are - rightly - treated with suspicion.

Why this matters now

By 2026 the AI Act regime is in motion. Banks deploy credit-scoring models. Public administrations route benefit decisions through classifiers. Insurers automate fraud triage. Each of them faces the same compounding question: when a decision is contested, what do you actually have to show?

Logs record. Governance organises. Observability watches. The evidentiary infrastructure attests.

That single distinction - between recording and attesting - is the doctrinal foundation of REMIS, deposited at the INPI in May 2026 under Enveloppe Soleau DSO2026017847.

What REMIS actually does

REMIS sits next to a high-risk AI system, not inside it. When the AI emits an event the deployer wants to be able to defend later - an output, a flagged decision, a model update, a rollback - REMIS:

1. Captures the event payload against a versioned taxonomy.
2. Hashes it.
3. Signs it with the deployer's key.
4. Stamps it with a qualified eIDAS 2 timestamp from a trust service provider.
5. Wraps the result in a self-portable evidence bundle.

The bundle is small, signed, time-anchored, and verifiable offline by anyone with a verification CLI - without ever needing access to the source system, the business data, or the model weights.

How it differs from logging and SIEM

A SIEM watches your perimeter. An archiving service stores files. A governance platform tracks policies. None of them produce material that survives third-party verification when the system that produced it is no longer trusted.

REMIS produces exactly that. It is a new category, articulated against four legal frameworks at once - the AI Act, GDPR, eIDAS 2, and the French law of evidence (Code civil art. 1366-1367). That cross-articulation is why we treat it as research, why the doctrine is INPI-deposited, and why the engineering choices - qualified timestamping, self-portable bundles, offline verification - are not negotiable.

Where REMIS stands today

REMIS is DOMSELARDI's flagship R&D programme. The verbal and semi-figurative trademarks (INPI 5258272 and 5258284) are filed. The doctrine is deposited. An Innov'up grant application is under instruction with the Région Île-de-France. Pilots are planned with high-risk AI deployers in banking, insurance and public administration.

If you operate a high-risk AI system and you want to be able to prove what it did - to an auditor, a regulator, or a judge - REMIS is the layer we are building so you can.