How can we help?
How-to guides and answers for getting set up, classifying your AI, generating documents, and running the day to day.
Getting started
What Veillo is, how the pieces fit, and your first day in the app.
A short overview of Veillo: who it is for, the inventory to classification to documents loop, and what it does not do.
Read →What it means that Veillo is software rather than a law firm: where the legal judgment comes from, and when you still need your own lawyer.
Read →Six steps to an audit-ready starting point: create your workspace, set your profile, add your tools, confirm high-risk, generate a document, invite your team.
Read →What each part of Veillo is for: the dashboard, risk register, roadmap, documents, updates, quarterly review, audit log, and the beta connectors.
Read →How the free, no-signup inventory tool differs from a Veillo workspace, and what carries over when you start a trial.
Read →Inventory and classification
Build your risk register and understand how each system gets a tier.
How to build your risk register with the add-systems wizard: pick tools from the library or add your own, then say what you use each one for.
Read →What to do when an AI tool you use does not appear in Veillo's library: add it as a custom system and classify the use.
Read →The two ways Veillo decides a risk tier: the counsel-reviewed catalog and AI-assisted suggestions you confirm. Plus the four tiers and why the basis is always shown.
Read →High-risk and prohibited classifications wait for human sign-off. How to review the reasoning, confirm a system, or reclassify it if it is wrong.
Read →The pending counsel review label explained: what it is, why Veillo shows it honestly, and what you can do with an entry that carries it.
Read →How to change a system's use, reclassify it, or remove it from your register, and what happens to your obligations when you do.
Read →The Catalog screen, for Owners and Admins, holds the reviewed classifications behind your register. What it is and how reviewed and pending entries differ.
Read →Roadmap and documents
Work through your obligations and generate the documents that satisfy them.
How the roadmap derives your duties from your register, how the weighted health score is calculated, and how to work through it.
Read →Generate a compliance document from your register: pick a template, choose the system if needed, then edit, export to PDF or DOCX, and keep versions.
Read →Why some Veillo documents are generated once for the whole company and others once per high-risk system, and what that means when your register changes.
Read →What the quarterly review is, the three statements you confirm, who can sign it off, and how it keeps your register honest.
Read →How to edit a generated document, how version history works, and how to export to PDF or DOCX.
Read →How to get a generated document to your own counsel for sign-off, and what to ask them to look at.
Read →The compliance documents
What each of the seven generated documents covers, when you need it, and how to produce it.
What the AI Literacy Policy is, why it applies to every organisation under Article 4, and how to generate it in Veillo.
Read →The Article 50 transparency disclosure: when you have to tell people they are dealing with AI or AI-generated content, and how to generate it.
Read →The Article 9 risk management procedure for high-risk systems: what it covers and how to generate it in Veillo.
Read →The Annex IV technical documentation memo for a high-risk system: what to hold, and how to generate one per system.
Read →The human oversight protocol for a high-risk system under Articles 14 and 26: who oversees it, when they step in, and how to generate one per system.
Read →The incident response procedure for high-risk systems under Articles 26 and 73: what to do if a system causes serious harm, and how to generate one per system.
Read →The data governance procedure for high-risk inputs under Article 26: keeping input data fit for purpose, and how to generate one per system.
Read →Operational duties
The duties you meet by doing something and confirming it, rather than by generating a document.
The record-keeping duty for high-risk systems under Article 26: switch on logging, retain it, and mark the step done on your roadmap.
Read →Before a high-risk system is used on your own staff, you have to inform the affected workers and their representatives. How Veillo tracks this duty.
Read →When a high-risk system helps make decisions about individuals, those people generally have a right to be told. How this conditional duty works in Veillo.
Read →High-risk AI usually involves personal data, which can trigger a data protection impact assessment under GDPR Article 35. How Veillo tracks the DPIA duty.
Read →Some deployers must assess a high-risk system's impact on fundamental rights under Article 27. Who this applies to and how Veillo tracks it.
Read →Certain deployers, mainly public authorities, must register their use of a high-risk system in the EU's public database under Article 49.
Read →Auto-discovery and connections
Connect the systems you already run and review the AI they surface. Business and up, beta.
Auto-discovery connects to the systems you already run and surfaces the AI tools your team uses. What it reads, what it never touches, and its beta status.
Read →How to connect Google Workspace, Microsoft Entra, Okta, or an expense tool, what access it asks for, and how to disconnect.
Read →The discovery queue lists AI tools found across your connected sources. How to import the real ones into your register and dismiss the rest.
Read →Updates and audit log
Stay current with regulator updates, and keep an audit-ready record of every change.
The Updates feed carries curated guidance from the AI Office and national regulators, flagged to your sector and systems. How relevance is decided and what changes when guidance does.
Read →Veillo records every change to your compliance posture in an append-only audit log. What it records, how to read it, and how to export it or give an auditor access.
Read →Account, team, and billing
Roles, plans, invoices, and the things that live in settings.
The five roles in Veillo (Owner, Admin, Editor, Reviewer, Auditor), what each can do, and how to invite teammates or give an external auditor read-only access.
Read →Veillo's plans compared, monthly vs annual billing, how to upgrade or downgrade, what happens at your limits, and how EU VAT and invoices work.
Read →How to export your register, documents, and audit log out of Veillo, how to cancel, and what happens to your data afterward.
Read →On the Scale plan you can manage more than one legal entity from one account and switch between them. How multi-entity works and who it is for.
Read →How to make someone else an Owner of your workspace, and why you might, for a handoff or when a founder moves on.
Read →The emails Veillo sends, from account messages to quarterly review reminders, and how to manage what you receive.
Read →How to sign in to Veillo with email or Google, and how single sign-on works on the Scale plan.
Read →Data, security, and privacy
Where your data is stored, GDPR, and how access works.
Best practices
Playbooks for getting to audit-ready and keeping your register honest.
A realistic week-long plan to go from nothing to an audit-ready posture: inventory, classify, generate documents, handle operational duties, and record a review.
Read →Shadow AI is the tools teams adopt without telling anyone. How to surface it with connectors, expense data, and a few questions to your team.
Read →Classification is driven by how you use a tool, not the tool itself. How to describe a use so the tier is accurate.
Read →AI Act compliance needs an owner, even in a company without a compliance team. How to assign it and use roles so it does not fall through the cracks.
Read →What an audit-ready posture looks like if an authority asks: a current register, generated documents, handled duties, and a complete audit trail.
Read →Reference
Deadlines, a glossary, and where to read up on the Act itself.
The EU AI Act phases in over several years. The key dates for deployers, from the AI literacy duty to the high-risk obligations.
Read →Plain definitions of the EU AI Act and Veillo terms you will run into: deployer, provider, Annex III, risk tiers, DPIA, FRIA, and more.
Read →Where to read up on the EU AI Act itself: the plain-English guides, the Annex III explorer, the deadlines, and the FAQ.
Read →Where AI tends to be high-risk varies by industry. Where to find Veillo's sector guidance for healthcare, finance, recruitment, and more.
Read →Troubleshooting
Fixes for the snags people hit most.
Fixes for sign-in problems: password reset, missing verification or invite emails, Google sign-in, and SSO.
Read →Generated documents are a snapshot. If you change your register afterward, regenerate the document so it reflects the current systems and details.
Read →Fixes for auto-discovery connections: the Connect button is disabled, a connection shows an error, or a sync returns no tools.
Read →Why a system shows as awaiting review or needing confirmation, and how to clear it by confirming or reclassifying.
Read →Can’t find an answer?
Run the free diagnosis to see where your own AI stands, or get in touch and a human will answer.