Prepare for an authority inquiry
If an authority asks how you handle a particular AI use, the answer should be a few clicks, not a scramble. Here is what to have in place, and what to show.
Updated May 2026
What to have in place
- A current register, so the AI you use and how you use it is written down.
- Confirmed classifications, so high-risk uses have been reviewed by a person.
- Generated documents for the duties that need them, and operational duties marked done.
- An audit log that shows who did what and when.
What to show
For a specific system, you can show its classification and the reasoning, the documents that cover it, and the audit trail of when it was classified and reviewed. Export the register to PDF and the audit log to CSV, and give an auditor a read-only Auditor view of the entity if they want to look directly. See the audit log and using it as evidence and roles and your team.
When to involve counsel
An organised record lowers the temperature of any inquiry, but it is not a substitute for advice. For anything contested or high-stakes, involve your own lawyer. Veillo gives them a clean starting point rather than a blank page. See Veillo is compliance tooling, not a law firm.
Veillo is compliance tooling, not a law firm. Even counsel-reviewed content is general reference, not legal advice on your specific situation.
Veillo records every change to your compliance posture in an append-only audit log. What it records, how to read it, and how to export it or give an auditor access.
The five roles in Veillo (Owner, Admin, Editor, Reviewer, Auditor), what each can do, and how to invite teammates or give an external auditor read-only access.
A realistic week-long plan to go from nothing to an audit-ready posture: inventory, classify, generate documents, handle operational duties, and record a review.
Still need help?
Get in touch and a human will answer, or book a short walkthrough.