Legal review cycle
Set a review cadence, assign owners, and automatically monitor deadlines.
The legal review cycle ensures AI systems are regularly reviewed from a legal and operational perspective. You define who reviews and how often – SimpleAct sends automatic reminders and escalates when overdue.
Important
For high-risk systems under the EU AI Act, regular review is mandatory. The legal review cycle helps you meet this obligation in a documented way.
Setting up the review cycle – step by step
- 1Open Legal Review in the left navigation
- 2Select the system in the selector
- 3Set the review cycle: e.g. every 12 months (365 days)
- 4Assign a review owner: the person who will conduct the review
- 5Click "Save review cycle"
- 6SimpleAct automatically calculates the next due date
Conducting a review
- 1When a review is due, a notice appears in the dashboard and in the view
- 2Open Legal Review and work through the questionnaire
- 3Answer questions: Has the risk classification changed? New use cases? New regulatory requirements?
- 4Save the result – the review is recorded with date and owner in the audit log
- 5If changes are needed: create actions directly in the audit playbook
What happens when overdue?
When a review is overdue (past its due date), the dashboard shows a warning. The system is marked as "review overdue" – this does not directly block the Go-Live Gate, but it is visible in the compliance report and relevant for auditors.
How often should a review happen?
| Risk level | Recommended cadence | Note |
|---|---|---|
| High risk | 6–12 months | Mandatory under EU AI Act – also ad-hoc for material changes. |
| Limited risk | 12 months | Recommended to catch changes in use or context. |
| Minimal risk | 24 months | Optional but good for internal governance. |
