Hael
Sign inRequest a demo
PRODUCT · DOCUMENTS

Audit-grade artefacts, not templates.

Annex IV technical files, FRIAs, DPIAs, model cards and risk-management files generated from the registry — with a citation behind every claim, and an independent review before the document ever reaches you.

hael.app / documents / annex-iv / SYS-0148
Annex IV technical file — draft v0.3
Independently reviewedEach line cited to the registry record.
§2.1
Intended purpose: credit-decision support for unsecured personal lending applicants.
Registry · SYS-0148 · Purpose
§3.4
Training data: internal claims 2019–2025; bureau records under DPA-2024-017.
Registry · Data assets
§5.2
Foundation model: Acme AI v4.1 (provider). System is a deployer under Art. 25.
Registry · Third parties
§7.1
Risk classification: High-risk under Annex III §5(a) — access to essential services.
Classify · 14 May 2026
THE PROBLEM

Template-shaped Word files do not survive an audit.

Most AI governance documents in circulation are templates with the right headings and the wrong contents — claims about systems no one verified, dates that pre-date the model in question, references to data the team no longer uses. They pass a checklist tool. They fail a regulator.

An artefact is only audit-grade if every claim in it can be traced to a fact in the system of record, and if the document is held open rather than padded when a fact is missing.

HOW IT WORKS

Sourced, reviewed, blocked when missing.

Every artefact is generated against the registry record, line by line, with the citation visible. An independent review runs before you ever read the draft.

01
Generate from the registry
Each section is produced from registry fields — purpose, data, third parties, classification — not from a template with placeholders.
02
Cite every claim
Each line in the document carries a back-reference to the registry field and the date it was last reviewed. Auditors can follow the chain.
03
Independently review
A separate review pass checks the draft against its sources and the framework requirement, before the document is surfaced to the document owner.
04
Block rather than invent
If a required input is missing or stale, the relevant section is held open with the named owner — never filled with plausible-sounding text.
THE SYSTEM-OF-RECORD SPINE

Documents are a view of the registry, rendered to the format the framework demands.

The registry is the source. Documents render that source into Annex IV files, FRIAs, DPIAs and model cards — so the artefact, the classification, the questionnaire answer and the trust page entry all say the same thing because they all derive from the same record.

Registry
Every artefact reads its facts from the system's record — owner, data, third parties, lifecycle.
Classification
The document set generated for a system is determined by its classification — high-risk systems get the Annex IV pack; consequential-decision systems get the FRIA.
Questionnaire answers
Buyer answers cite the same artefact lines that appear in the audit file — one source, two surfaces.
Trust page
The trust page links to the artefacts the buyer is allowed to see, NDA-gated where appropriate.
Monitoring
A registry change flags the dependent document as stale, with a guided path to regenerate, re-review and re-seal.
Agent governance
Agents carry their own artefacts — purpose, tools, scope, behaviour log — generated from the same engine.
REAL ARTEFACTS, NOT TEMPLATES

Sourced line by line. Reviewed before you see it. Blocked when a fact is missing.

A document is either traceable to the registry or it is not in scope. The system declines to invent. That is the difference between an artefact a regulator will accept and a template a vendor sold you.

SourcedEach claim ↳ registry field, dated and versioned.
ReviewedIndependent model reviews the draft before you ever see it.
BlockedMissing input? The section is held open — never invented.
Artefact set
Annex IV fileFRIADPIAModel cardRisk-mgmt filePost-market planConformity declaration
DOCUMENTS

See an Annex IV file generated against a real system.

Bring one live AI system. We'll register it on the call, classify it, and generate the artefact pack — with every claim cited and the missing-input rule visible.