Skip to main content

07 · Conformity Assessment & Notified Bodies

Sources
note

Notified bodies chapter became applicable 2 August 2025. Under PE-CONS 30/26, Chapter III high-risk conformity requirements apply from 2 December 2027 for Article 6(2) / Annex III systems and 2 August 2028 for Article 6(1) / Annex I systems, pending OJ publication.

What conformity assessment means

Before a high-risk AI system can be placed on the EU market, the provider must demonstrate it meets all requirements in Chapter III. This is the conformity assessment. Two routes:

Route 1 — Internal (self-assessment)

Available for most Annex III high-risk AI systems. The provider conducts and documents the assessment themselves against the requirements. If done correctly, they can then issue an EU Declaration of Conformity and affix the CE mark.

Route 2 — Third-party (notified body)

Required for:

  • Article 6(1) / Annex I systems where the relevant Union harmonisation legislation requires third-party conformity assessment, with AI Act requirements integrated into that product-law assessment for Section A systems
  • Remote biometric identification systems, biometric categorisation systems and emotion recognition systems where Article 43 requires notified-body involvement

A notified body assesses the technical documentation, quality management system, and the AI system itself.

What notified bodies are

Notified bodies (NBs) are independent third-party conformity assessment organisations designated by member state notifying authorities. They must meet criteria in Article 31 (independence, competence, impartiality, liability coverage). They notify the Commission of their designation. Once notified, they appear in the NANDO database.

note

Capacity warning: AI-focused notified bodies are scarce as of mid-2026. Most AI NBs come from adjacent sectors (medical devices, machinery). This gap is part of why the Omnibus extended the high-risk product transition to 2028.

Conformity assessment process for a high-risk AI provider

Step-by-step (self-assessment route):

StepActionArticle
1Confirm system is high-risk under Art. 6 (Annex I or III)Art. 6
2Establish and document risk management system (lifecycle-long)Art. 9
3Document data governance (training/validation/testing datasets)Art. 10
4Compile Annex IV technical documentation packageArt. 11 + Annex IV
5Build in automatic event loggingArt. 12
6Prepare instructions for use for deployersArt. 13
7Design and validate human oversight mechanismsArt. 14
8Establish quality management systemArt. 17
9Conduct internal assessment (or engage notified body if required)Art. 43
10Issue EU Declaration of Conformity (keep for 10 years)Art. 47
11Affix CE markingArt. 48
12Register system in EU database (before deployment for public-body deployers)Art. 71

Post-market obligations

  • Post-market monitoring plan: continuous monitoring of performance in production per Art. 72
  • Serious incident reporting: providers must report to national market surveillance authorities without undue delay (Art. 73)
  • Market surveillance: national authorities conduct checks; can require access to training data and documentation

Harmonised standards

CEN/CENELEC and ETSI are developing harmonised standards under the AI Act. Once published in the Official Journal, compliance with them creates a presumption of conformity — a fast path to completing the assessment. Standards are not yet available (as of mid-2026); their absence is part of why the Omnibus extended the high-risk transition.

Standards page: https://digital-strategy.ec.europa.eu/en/policies/ai-act-standardisation FLI standards overview: https://artificialintelligenceact.eu/standard-setting-overview/

Technical verification framework (academic perspective)

The arXiv paper (arXiv:2512.13907, Dec 2024) maps each legal requirement to concrete technical verification methods — covering dataset documentation, algorithmic auditing, robustness testing, and human oversight mechanisms. Useful for technical teams building compliance processes. URL: https://arxiv.org/html/2512.13907v3

Key articles

TopicArticle(s)
Conformity assessment proceduresArt. 43
Annex I / product-law conformity routeArt. 43(1), Art. 43(3), Annex I
Self-assessment (Annex III)Art. 43(2)
Notified body criteriaArt. 31
Notifying authoritiesArts. 28–30
EU Declaration of ConformityArt. 47
CE markingArt. 48
EU databaseArt. 71
Post-market monitoringArt. 72
Serious incident reportingArt. 73
Quality management systemArt. 17
Technical documentationArt. 11 + Annex IV