The whole EU AI Act loop, in one tool.
Inventory the AI you use, classify each system under Annex III, generate the documents, and keep them current as the rules move. Built for deployers, the businesses that use AI, not the ones that build it.
Compliance posture
Start from the tools you already run.
Most SMBs use ten or more AI tools and have never written them down. Veillo starts you from a library of nearly 100 common tools, so the first pass is mostly ticking boxes.
- Pick from a pre-built library, grouped by category, with brand logos so they are easy to spot.
- Add custom-built systems in free text; the classifier reads the description.
- Re-checked whenever you add something new, so the register never drifts.
A tier for every system, with the reasoning attached.
Classification depends on the use, not the tool. Veillo maps each use case to a risk tier using a rules table reviewed by counsel, and shows you why.
- Prohibited, high-risk, limited, or minimal, with the Annex III reference.
- The model can suggest a tier for free-text systems, but it is always marked AI-assisted and waits for your confirmation.
- A high-risk result never confirms itself. It routes to a person to sign off.
Ranking candidates is an Annex III(4)(a) employment use, which is high-risk. Confirm to add it to your register.
Every classification makes the next one faster.
A tool used a certain way carries the same classification for everyone who uses it that way. So Veillo does it once. Counsel reviews “this tool, used this way, is this tier, and here is why”, and from then on every customer who adds that tool for that use inherits the reviewed answer, with the reasoning attached.
- Reviewed entries carry the rationale and the date. Your register is audit-defensible, not a guess.
- A high-risk result still routes to a person. The catalog speeds up the easy calls, it does not rubber-stamp the hard ones.
- The more the catalog covers, the more of your inventory classifies itself the moment you add a tool.
Until a lawyer signs off, an entry is marked pending review, and you always see which state it is in. Veillo builds the catalog; counsel reviews the substance.
Illustrative. Reviewed entries apply to every customer who uses that tool that way.
The documents, generated from your inventory.
Each template is authored and reviewed by counsel. Veillo fills in your company and system specifics, and you edit, version, and export the result.
- Edit in a rich text editor, then export to PDF or DOCX.
- Every edit is a new version; old versions stay for the audit trail.
- Each page carries the footer an auditor expects, including the not-legal-advice note.
Human Oversight Protocol
One set of documents, mapped to the articles that ask for them.
AI Literacy Policy
The baseline training and awareness your staff need to use AI responsibly.
Organisation-wideTransparency Disclosures
Chatbot notices, AI-content labelling, and automated-decision explanations.
Per disclosureHuman Oversight Protocol
Who watches the system, what they watch for, and when they step in.
Per high-risk systemAnnex IV Technical Memo
The technical documentation a high-risk system has to keep on file.
Per high-risk systemRisk Management Procedure
How risks are found, weighed, and reduced over a system's life.
Where high-risk is presentIncident Response Procedure
How a serious incident is logged, escalated, and reported.
Per high-risk systemData Governance Procedure
How training and input data is governed, where that duty applies.
High-risk using personal dataVeillo builds the machine that stores and fills these in. The operative legal text is written and reviewed by qualified counsel, never generated by a model.
Every duty your AI brings, tracked to done.
Documents are only part of it. A high-risk system also pulls in human oversight, record-keeping, worker notices, and more. Veillo reads your classified inventory and lays out exactly which duties apply to you, then tracks each one, so “where are we” becomes a number you can watch climb.
- Built from your real inventory: add a high-risk tool and its duties appear, with the deadline attached.
- Generate a document, confirm an operational step, or mark a duty not applicable. Every change is logged.
- Duties that bind only some deployers, like a fundamental rights assessment, are flagged for you to confirm, never assumed.
What each duty requires is reviewed by counsel. Veillo tracks your progress; it does not give legal advice.
Illustrative. The duties shown are derived from your classified inventory.
Compliance is a practice, not a one-time audit.
The Act moves, your tools change, and an auditor wants to see that you kept up. Veillo turns that into a quiet routine.
- Regulator updates from the AI Office and national authorities, flagged to the documents they affect.
- A quarterly review prompt, signed off by a named person and recorded.
- An append-only audit log of every change, exportable as CSV or PDF.
Know what is due, and when.
The Act phases in over several years. Veillo tracks the dates against your systems, so the next obligation is never a surprise.
The right people, the right access.
Compliance touches legal, ops, and IT. Roles keep each person to what they need, and an external auditor can be given a read-only link to a single entity without seeing the rest.
Running a portfolio? The consultancy tier puts every client in one place. See the consultancy tier.
Your data stays in the EU
Application, database, and file storage all run in EU regions. See the security page.
Tooling, not legal advice
Veillo manages your compliance work product. The substance is reviewed by counsel; you stay responsible.
An audit trail by default
Every change is logged, append-only, and exportable. The record is the point.
See where your AI stands in about five minutes.
Run the free inventory tool with no signup, or start a trial and have your first document in an afternoon.
14-day trial of Business · no card · see pricing