GDPR Art. 22 automated decision-making: how do you document 'meaningful human review' in practice?

We're implementing an AI-assisted underwriting workflow and need to satisfy GDPR Art. 22 requirements for 'meaningful human intervention' when automated decisions significantly affect individuals. The technical implementation is straightforward — a human-in-the-loop approval step — but the documentation burden for proving that the review is genuinely meaningful (not a rubber stamp) is substantial. For compliance teams who've navigated this: what evidence do you collect to demonstrate substantive review? Do you log reviewer decision time, require written justification for overrides, or maintain audit trails of the model's confidence scores vs. the final human decision? We're also mapping this to the EU AI Act's high-risk classification — the overlap is significant but the documentation formats differ. Jurisdiction: EU/DE primary, with some UK operations post-Brexit. We acknowledge that this is peer experience exchange, not a request for legal advice.