Transparency rules in2 Aug 2026
FAQ

Questions, answered straight.

The EU AI Act, and the honest details about how Veillo works. Educational, not legal advice.

The EU AI Act

What is the EU AI Act?+

The EU AI Act (Regulation 2024/1689) is the European Union's law on artificial intelligence. It sorts AI uses into risk tiers and sets obligations accordingly: some uses are banned, some are high-risk and carry heavy duties, some need only transparency, and most carry no specific obligation beyond AI literacy.

When do the deadlines apply?+

Key dates: the AI literacy duty (Article 4) and the prohibitions (Article 5) have applied since 2 February 2025; general-purpose AI obligations since 2 August 2025; the Article 50 transparency duties from 2 August 2026; the core high-risk obligations from 2 December 2027 (postponed from 2 August 2026 by the 2026 Digital Omnibus); and certain embedded high-risk systems from 2 August 2028.

Does the Act apply to my business?+

If your organisation operates in the EU and uses AI systems, the Act likely applies to you as a 'deployer', even if you did not build the AI. Most SMBs are deployers rather than providers. The specific obligations depend on how each system is used.

What is the difference between a provider and a deployer?+

A provider develops an AI system or places it on the market. A deployer uses an AI system in the course of its activities. Provider obligations are heavier; deployer obligations are lighter but still real, especially for high-risk uses. Veillo is built for deployers.

Is it against the Act to use tools like ChatGPT or Copilot?+

No, using general AI tools is not inherently prohibited. A tool's risk tier depends on how you use it. The same tool can be minimal-risk for drafting internal content and higher-risk if used to, for example, screen job candidates. Veillo classifies by use, not by tool.

What are the penalties for non-compliance?+

The Act provides for significant fines, up to €35 million or 7% of global annual turnover for prohibited practices, and up to €15 million or 3% for other breaches. Figures are set by the Act; how they apply to a given organisation is a matter for the authorities and qualified counsel.

Is this legal advice?

Is Veillo a law firm?+

No. Veillo is a software product that helps you manage your compliance work. It is not a law firm and does not provide legal advice. Think of it as the system that organises the work and produces the documents, not the lawyer who signs off on your specific situation.

So is anything Veillo produces legal advice?+

No. The classifications, documents, and recommendations support the judgment of qualified legal counsel; they do not replace it. You remain responsible for your compliance. We say this plainly in the product and on every document, because a compliance tool that pretended otherwise would be the wrong tool.

Then how do I know the classifications are right?+

Two ways. First, the rules that map a use to a risk tier are written and reviewed by qualified counsel before they are shown as authoritative, not generated by a model. Second, anything a model suggests (for a free-text system we have not seen before) is clearly marked AI-assisted and waits for a person to confirm it. A high-risk result never confirms itself.

What happens if a classification is wrong?+

You can reclassify any system yourself, and the change is recorded in the audit log with who made it and when. Because the substantive mappings are counsel-reviewed and high-risk results require human sign-off, the system is built to fail safe: toward review, not toward a silent wrong answer.

Do I still need a lawyer?+

For most routine classifications and the standard documents, Veillo does the heavy lifting and many SMBs will not need bespoke advice. For genuinely novel or high-stakes situations, you should still involve counsel, and Veillo gives them a clean, organised starting point instead of a blank page. It lowers the legal bill; it does not pretend to remove it.

What is the counsel-reviewed catalog?+

When a tool is used a certain way, the classification is the same for everyone who uses it that way. So we classify it once: counsel reviews 'this tool, used this way, is this tier, and here is why', and every customer who adds that tool for that use inherits the reviewed answer with the reasoning attached. Entries are marked pending review until a lawyer signs off, and you always see which state an entry is in.

Accuracy and keeping current

The law and the tools keep changing. How do you stay current?+

Three ways. We track regulator updates from the AI Office and national authorities and flag the documents and classifications they affect. When guidance changes, the affected catalog entries are sent back for counsel review rather than left to drift. And tools that add materially new capabilities get re-checked. A quarterly review prompt keeps your own register honest too.

What does 'pending counsel review' mean on a classification?+

It means the entry is a structured placeholder we have built but a lawyer has not yet signed off on it as authoritative. We show this state honestly rather than dressing a placeholder up as a settled legal conclusion. Reviewed entries are labelled as such, with the rationale.

Does Veillo use AI to classify my tools?+

Only as an assistant, and only where there is no reviewed answer. For tools and uses in our catalog, the classification comes from counsel-reviewed content. For a free-text system we have not seen, a model can suggest a starting tier, but it is always marked AI-assisted and a person confirms it before it becomes part of your record.

Data, security, and privacy

Where is my data stored?+

In the EU. Veillo's application, database, and file storage run in EU regions by design, which matters for a compliance product serving European businesses.

Is Veillo GDPR-compliant, and is a DPA available?+

Veillo is built EU-first and we offer a Data Processing Agreement. See the DPA and security pages for the current details, including our sub-processors and where data is hosted.

Who can see my compliance data?+

Your workspace is yours. Access inside your organisation is controlled by roles, and you can give an external auditor a read-only view of a single entity without exposing the rest. We do not sell data, and we do not use your compliance records to train models.

Can I export my data and leave?+

Yes. Your register exports to PDF, your documents to PDF and DOCX, and your audit log to CSV, at any time. The point of the product is to give you a portable, audit-ready record, not to trap it. There is no lock-in beyond the value of keeping it in one place.

Auto-discovery (beta)

What is auto-discovery?+

An optional feature that connects to systems you already run, such as Google Workspace, Microsoft Entra, Okta, or an expense tool like Pleo or Spendesk, and surfaces the AI tools your team is actually using. It turns inventory from a manual chore into something that keeps itself current. It is rolling out in private beta on the Business plan and up.

What does it actually access? Do you read our emails?+

No. It reads sign-in and app-authorisation metadata from your identity provider, and for expense tools the transaction descriptions, all read-only. It aggregates these into counts and tool names. It does not read the contents of emails, files, or messages, and it never requests write access.

Is it safe to connect our identity provider?+

Connections are read-only, scoped to the minimum needed, and you can disconnect at any time, which revokes the access. Nothing is changed in the systems you connect. Because it is in beta, you also control exactly which sources you connect and when.

Is auto-discovery live today?+

It is in private beta. The flow and the review queue are built; the live connectors to each provider are rolling out. If you want early access, tell us which systems you use and we will bring you on as your providers go live. Until then you can build your inventory from our library of common tools in a few minutes.

Pricing, fit, and getting started

How quickly can I get value?+

You can run the free, no-signup inventory tool in about five minutes and download a classified register. In a trial workspace, most teams reach their first generated document within an hour.

Is this overkill for a small company?+

The Act applies regardless of size, and small teams are exactly the ones without a compliance department to absorb it. Veillo is priced for SMBs and starts from the tools you already use, so a micro-business can get to an audit-ready posture without hiring anyone.

Do I need IT or a technical person to set it up?+

No. The core flow is point-and-click: pick your tools, say what you use them for, generate the documents. Auto-discovery, when you want it, is an admin clicking 'connect' once. There is nothing to install.

Why not just use a consultant or a template pack?+

A consultant engagement is a snapshot that is out of date the moment your tools change; a template pack is a blank you still have to fill in and keep current. Veillo is the ongoing system: it keeps your inventory live, regenerates documents from it, tracks regulator updates, and keeps the audit trail. It is closer to an accounting tool than a one-off report.

About Veillo

Who is behind Veillo?+

Veillo is an Arbos Techne product, operated by Arbos Folk, a sole proprietorship registered in Denmark. It is built in Europe, for European businesses. See the about and contact pages for company details.

How does Veillo make money?+

A straightforward subscription, billed monthly or annually, with EU VAT handled at checkout. No selling of data, no hidden consultant upsell. The pricing is on the pricing page.

Still have a question?

Run the free diagnosis to see where your own AI stands, or get in touch and we’ll answer it.

A note on cookies

We use strictly necessary cookies to run the site and keep it secure. With your OK, we also use privacy-respecting, EU-hosted analytics to see how Veillo is used. No advertising, no third-party trackers. Read our cookie policy.