The Risk Management Procedure
High-risk systems need a documented process for spotting and reducing the risks they create. The Risk Management Procedure is that process, written down.
Updated May 2026
What it is
A documented process for identifying, weighing, and reducing the risks a high-risk system creates over its life, and keeping that current as the system and its use change. It sits under Article 9.
When it applies
Once you have at least one confirmed high-risk system. It is generated organisation-wide rather than per system, since it describes how you run risk management across your high-risk uses.
How to generate it
Confirm your high-risk systems first, then generate the Risk Management Procedure from Documents. Review it so it reflects how your team actually reviews and mitigates risk, rather than the template defaults.
Veillo is compliance tooling, not a law firm. Even counsel-reviewed content is general reference, not legal advice on your specific situation.
The human oversight protocol for a high-risk system under Articles 14 and 26: who oversees it, when they step in, and how to generate one per system.
Generate a compliance document from your register: pick a template, choose the system if needed, then edit, export to PDF or DOCX, and keep versions.
How the roadmap derives your duties from your register, how the weighted health score is calculated, and how to work through it.
Still need help?
Get in touch and a human will answer, or book a short walkthrough.