Keep the system's logs
High-risk systems produce logs as they run. Where those logs are under your control, you have to keep them, usually for at least six months. This is a duty you do, then confirm.
Updated May 2026
What the duty is
For a high-risk system, switch logging on and keep the logs somewhere you can produce them on request, for an appropriate period. This is not a document Veillo generates; it is an operational step you take in the system itself.
When it applies
Per high-risk system, where the logs are under your control. It sits under the deployer duties in Article 26.
Marking it done
Once retention is set up, open the duty on your Compliance Roadmap and mark it done. The confirmation is written to your audit log, so there is a dated record that you did it.
Veillo is compliance tooling, not a law firm. Even counsel-reviewed content is general reference, not legal advice on your specific situation.
How the roadmap derives your duties from your register, how the weighted health score is calculated, and how to work through it.
The human oversight protocol for a high-risk system under Articles 14 and 26: who oversees it, when they step in, and how to generate one per system.
Veillo records every change to your compliance posture in an append-only audit log. What it records, how to read it, and how to export it or give an auditor access.
Still need help?
Get in touch and a human will answer, or book a short walkthrough.