Use xAPI for AI Audit Trails: Implementation Guide with Examples

TL;DR: xAPI (Experience API, IEEE 9274.1.1) provides a standardized format for capturing activity data. Its Actor-Verb-Object structure maps naturally to AI decisions, making it ideal for compliance audit trails without inventing a custom format.

When regulators audit your AI systems, they'll want structured data they can query and analyze. They won't want to parse custom log formats. xAPI gives you a standard.

Pro tip: xAPI is now an IEEE standard (9274.1.1). Using it means your audit trails are built on internationally recognized infrastructure, not proprietary formats.

Why xAPI for AI?

xAPI was designed for learning technology—tracking what learners do in educational systems. But its core abstraction is universal:

Someone did something to something else, with context and results.

This maps directly to AI decisions:

Agent made decision about entity, with inputs and outcomes.

The xAPI Statement Structure

flowchart LR
    subgraph STATEMENT["xAPI Statement"]
        A[Actor] --> V[Verb] --> O[Object]
        V --> R[Result]
        V --> C[Context]
        V --> T[Timestamp]
    end

    style A fill:#3b82f615,stroke:#3b82f6
    style V fill:#10b98115,stroke:#10b981
    style O fill:#a855f715,stroke:#a855f7
    style R fill:#f59e0b15,stroke:#f59e0b
    style C fill:#ec489915,stroke:#ec4899
    style T fill:#6b728015,stroke:#6b7280

Actor

Who or what made the decision. For AI systems:

The AI agent/model making the decision
A human operator approving
A hybrid (human-approved-AI)

Verb

What action was taken. For AI decisions:

classified, predicted, recommended
approved, denied, escalated
flagged, filtered, routed

Object

What was acted upon:

A loan application
A customer support ticket
A transaction
A document

Result

The outcome:

Success/failure
Confidence score
Response text
Duration

Context

The surrounding circumstances:

Model version
Input features
Other actors involved
Parent decisions

Example: Loan Decision

{
  "actor": {
    "objectType": "Agent",
    "name": "loan-underwriting-model-v3",
    "account": {
      "homePage": "https://example.com/models",
      "name": "underwriting-v3.2.1"
    }
  },
  "verb": {
    "id": "https://example.com/xapi/verbs/denied",
    "display": { "en": "denied" }
  },
  "object": {
    "objectType": "Activity",
    "id": "https://example.com/applications/2024-07734",
    "definition": {
      "name": { "en": "Loan Application #2024-07734" },
      "type": "https://example.com/xapi/types/loan-application"
    }
  },
  "result": {
    "success": false,
    "response": "Debt-to-income ratio of 0.52 exceeds maximum threshold of 0.43",
    "extensions": {
      "https://example.com/xapi/ext/confidence": 0.94,
      "https://example.com/xapi/ext/decision-code": "DTI-EXCEEDED"
    }
  },
  "context": {
    "extensions": {
      "https://example.com/xapi/ext/model-version": "3.2.1",
      "https://example.com/xapi/ext/applicant-segment": "prime",
      "https://example.com/xapi/ext/features-used": ["income", "debt", "employment"]
    }
  },
  "timestamp": "2025-02-09T14:23:17.234Z"
}

This single statement captures everything an auditor needs to understand what happened.

Regulatory Mapping

xAPI statements satisfy requirements across multiple frameworks:

Requirement	Regulation	xAPI Field
Decision attribution	EU AI Act Art. 12	actor
Action logging	EU AI Act Art. 12	verb
Subject identification	GDPR Art. 22	object
Decision explanation	GDPR Art. 22	result.response
Timestamp	All	timestamp
Context preservation	NIST AI RMF	context

Building an AI Vocabulary

xAPI uses URIs to identify verbs. For AI systems, define a consistent vocabulary:

Decision Verbs

https://your-domain.com/xapi/verbs/classified
https://your-domain.com/xapi/verbs/predicted
https://your-domain.com/xapi/verbs/recommended
https://your-domain.com/xapi/verbs/approved
https://your-domain.com/xapi/verbs/denied
https://your-domain.com/xapi/verbs/escalated

Action Verbs

https://your-domain.com/xapi/verbs/created
https://your-domain.com/xapi/verbs/updated
https://your-domain.com/xapi/verbs/sent
https://your-domain.com/xapi/verbs/invoked

Oversight Verbs

https://your-domain.com/xapi/verbs/reviewed
https://your-domain.com/xapi/verbs/overrode
https://your-domain.com/xapi/verbs/confirmed
https://your-domain.com/xapi/verbs/rejected

The LRS Advantage

xAPI data is stored in a Learning Record Store (LRS). Modern LRS implementations provide:

Standard API: Query statements programmatically
Aggregation: Roll up statements for analytics
Retention policies: Automatic archival and deletion
Access control: Who can see what
Compliance features: Immutability, audit logs

You don't need to build storage infrastructure from scratch.

Query Examples

With xAPI, auditors can run queries like:

All decisions by a specific model:

GET /statements?agent=loan-underwriting-model-v3

All denied applications in a date range:

GET /statements?verb=denied&since=2025-01-01&until=2025-02-01

All overrides by human operators:

GET /statements?verb=overrode&agent_type=human

This queryability is what makes xAPI valuable for compliance—auditors can self-serve rather than requesting custom reports.

Warning: Custom log formats create compliance debt. Every auditor needs to learn your schema. Standards like xAPI mean your audit trails work with existing tools and expertise.

Key Takeaway

xAPI provides a standardized, queryable format for AI audit trails without inventing custom schemas. Its Actor-Verb-Object structure maps naturally to AI decisions, and the existing LRS ecosystem provides storage and query infrastructure. This isn't reinventing the wheel—it's using established standards for a new purpose.

Empress uses xAPI natively. Every AI decision is captured as a standards-compliant xAPI statement, queryable via LRS APIs. Your audit trails work with any xAPI-compatible tool, not just ours.