HomeConformity Assessment
EU AI Act ยท Conformity Assessment

Conformity Assessment: Self-Assessment vs Notified Body

Before registering a high-risk AI system in the EU database, providers must complete a conformity assessment demonstrating compliance with all applicable requirements. The type of assessment depends on your system's classification.

Two Paths to Conformity

The EU AI Act establishes two conformity assessment procedures, defined in Articles 43 and detailed in Annexes VI and VII. Which one applies depends on whether your AI system falls under existing EU product safety legislation or operates as a standalone high-risk system.

Path 1: Internal Control (Self-Assessment)

Most standalone high-risk AI systems listed in Annex III can undergo internal conformity assessment under Annex VI. This means the provider assesses compliance internally without involving a third-party Notified Body. The provider must verify that the quality management system (Article 17) complies with requirements, examine the technical documentation, and verify the system meets all applicable requirements in Chapter III, Section 2.

Important: Self-assessment does not mean less rigorous. The documentation must withstand regulatory scrutiny. National competent authorities can request full access to your technical documentation at any time.

Path 2: Third-Party Assessment (Notified Body)

Systems that involve biometric identification (Annex III, point 1) require third-party conformity assessment by a Notified Body, unless they are subject to EU harmonisation legislation listed in Annex I. Systems embedded in products covered by Annex I legislation (medical devices, machinery, etc.) follow the conformity assessment procedures already established under that legislation.

The Notified Body can assess either the quality management system and technical documentation (Annex VII) or carry out a type examination (Annex VI alternative). The provider may choose which route to take.

After Assessment: Declaration and CE Marking

Upon successful conformity assessment, the provider must draw up an EU Declaration of Conformity (Article 47) and affix the CE marking (Article 48) to the AI system. The declaration must be kept available for 10 years and provided to national competent authorities upon request.

Only after conformity assessment and CE marking can the provider proceed to Article 71 database registration.

Related Resources

Annex III Classification — first step: determine if your system is high-risk

EU Authorized Representative — required for non-EU providers before registration

Registration for US Companies — extraterritorial scope explained

Need Help With EU AI Act Registration?

Lexara Advisory guides US companies through every step — from classification to database submission.

Contact Lexara Advisory →

Lexara Advisory LLC is an AI governance consulting firm, not a law firm. This content is for informational purposes only and does not constitute legal advice.

Lexara AI Assistant

🤖 AI — not a human or lawyer

&9888;&xFE0F; AI Disclosure (EU AI Act · Art. 50): You are interacting with an automated AI system, not a human.
Hello. I can help you understand EU AI Act registration requirements. What type of AI system does your company use or develop?
Powered by Lexara Advisory LLC