When the EU’s Digital Services Act fined a German fintech €3.2 million for failing to produce a single “prompt‑to‑output” log after a complaint, its legal team spent three weeks reconstructing 12 hours of chat history — see our security tooling notes for the full breakdown. Why “Explainability” Isn’t the Compliance Trigger Legal definitions versus technical glossaries Regulators talk about “traceability” and “auditability” in statutes, not about the fuzzy notion of “model interpretability” that data scientists love to throw around. The EU AI Act, for example, spells out a record‑keeping obligation in Article 10, but never demands a layer‑wise explanation of the transformer. In practice, a compliance officer is asked to hand over a file that shows who said what, when, and which model version responded. The technical glossary of “SHAP values” or “attention maps” simply doesn’t map to that requirement.…