The Compliance Roadmap and your health score
The roadmap is the list of duties the Act puts on you, worked out from what is in your register. The health score is how far through them you are, weighted by what is at stake.
Updated May 2026
How the roadmap is built
You do not assemble the roadmap by hand. Veillo reads your register and works out which duties apply. Some apply to every organisation, like AI literacy. Some apply because you have a limited-risk system, like the Article 50 disclosure. Some apply once for every high-risk system you confirm, like a human oversight protocol. Add or confirm a system and the relevant duties appear; remove it and they drop away.
How the health score works
The score on your dashboard is a weighted measure of how many of your duties are in place, not a flat percentage. Duties are weighted by what is at stake if they are missed, so the core high-risk obligations count for more than administrative ones. Two things pull the score down the hardest: high-risk classifications still awaiting your sign-off, and high-stakes duties left open.
2 high-risk classifications awaiting sign-off. The rest are in your action items.
Working through it
Each duty on the roadmap is met in one of three ways:
- Generate a document. Most duties are satisfied by a policy or procedure Veillo produces from your details. See generate your first document.
- Confirm an operational step. Some duties are an action, like switching on log retention or informing affected workers. You mark these done once they are.
- Act outside Veillo. A few duties, like registering in the EU database where it applies, are completed elsewhere and recorded here.
Work highest-stakes first. The roadmap orders duties so the heaviest exposure is at the top.
Conditional obligations
Some duties only apply in certain situations, like informing workers before a high-risk system is used on your own staff, or a fundamental rights impact assessment for public bodies and some financial uses. Veillo flags these as conditional and states the trigger in plain words, so you can decide whether they apply rather than having the tool guess for you.
Veillo is compliance tooling, not a law firm. Even counsel-reviewed content is general reference, not legal advice on your specific situation.
Generate a compliance document from your register: pick a template, choose the system if needed, then edit, export to PDF or DOCX, and keep versions.
High-risk and prohibited classifications wait for human sign-off. How to review the reasoning, confirm a system, or reclassify it if it is wrong.
What the quarterly review is, the three statements you confirm, who can sign it off, and how it keeps your register honest.
Still need help?
Get in touch and a human will answer, or book a short walkthrough.