The Incident Response Procedure
If a high-risk system causes or risks serious harm, you have to act fast and in the right order. The Incident Response Procedure makes that path clear before anything goes wrong.
Updated May 2026
What it is
A per-system procedure for serious incidents: when to suspend use, how to tell the provider, and how to report to the authority within the time the Act allows. It draws on Articles 26 and 73.
When it applies
Once per confirmed high-risk system. The value is having it in place before an incident, so the people involved are not improvising under pressure.
How to generate it
Generate it from Documents for the relevant high-risk system, then review the contacts and timelines so they match your real escalation path.
Veillo is compliance tooling, not a law firm. Even counsel-reviewed content is general reference, not legal advice on your specific situation.
The human oversight protocol for a high-risk system under Articles 14 and 26: who oversees it, when they step in, and how to generate one per system.
The data governance procedure for high-risk inputs under Article 26: keeping input data fit for purpose, and how to generate one per system.
Generate a compliance document from your register: pick a template, choose the system if needed, then edit, export to PDF or DOCX, and keep versions.
Still need help?
Get in touch and a human will answer, or book a short walkthrough.