Conformity Assessment and CE Marking Under the EU AI Act

Before you can place a high-risk AI system on the EU market, someone has to certify it meets the rules. For most high-risk systems, that someone is you.

There is no external auditor who signs off a recruitment-screening model or a credit-scoring engine before it ships. The provider runs the assessment, draws up the paperwork, and affixes the mark that tells the market the system is compliant. People often hear “self-assessment” and relax. However, self-certifying means you carry the full legal weight of the claim, with no notified body standing between you and a market surveillance authority that later disagrees.

Everything the high-risk compliance regime has asked of you so far, including risk management (Article 9), data governance (Article 10), the technical file (Article 11), logging, human oversight, accuracy, comes due at the conformity assessment. It is where you show that all of it holds together before the system goes live.

For Annex III high-risk systems, the obligation applies from 2 December 2027, the date the Digital Omnibus moved it to, pending formal adoption. That is the date the assessment has to be finished by.

What a conformity assessment is

A conformity assessment is the procedure for demonstrating that a high-risk system meets the requirements in Articles 9 to 15 before it goes on the market. Article 43 sets out two ways to do it:

1. Internal control (Annex VI), where you assess your own compliance.
2. A notified-body procedure (Annex VII), where an accredited third party examines your quality management system and your technical documentation.

What decides it is what your system does and where it sits in Annex III.

Which route applies to you

For most high-risk systems, only one route is open.

Annex III points 2 to 8: internal control (Annex VI). Critical infrastructure, education, employment, essential services such as creditworthiness scoring, law enforcement, migration, and justice. If your system sits here, you self-assess. A notified body is not available to you even if you wanted the cover. Article 43(2) routes these straight to internal control.

Annex III point 1, biometrics: it depends. Remote biometric identification, biometric categorisation, and emotion recognition can go either way. If you have applied the relevant harmonised standards or common specifications, you may self-assess under Annex VI or opt into a notified body under Annex VII. If you have not applied them (because they don’t exist yet, or because you took a different approach), the notified-body route becomes mandatory.

There is a third situation. If your AI is a safety component of a physical product already regulated under EU law (a medical device, industrial machinery, a vehicle), the conformity assessment folds into that product’s existing process under its own legislation, handled by the notified body that already assesses the product. Most software-only systems never touch this path.

If you build recruitment, credit, education, or insurance AI, that means you. You self-certify, and no one outside your company reviews the system before it goes live.

Self-assessment is not the soft option

Internal control sounds lighter than a third-party audit. In terms of your actual risk, it is heavier.

When a notified body assesses your system, you have an accredited reviewer’s judgement on record. When you self-assess, the only judgement on record is your own. A market surveillance authority can open your file at any point after launch under Article 79 and form its own view. If it concludes the system never met Articles 9 to 15, the finding is dated to the day you placed the system on the market, long before the authority knocked.

So the internal-control file has to be audit-ready from launch. That means the technical documentation is complete, the risk-management record is current, and the quality management system that Article 17 requires is actually running. Annex VI is just a check that these exist and agree with each other. If they don’t, you have certified something that isn’t true.

Take a Berlin HR-tech company shipping a CV-screening tool to EU employers. It is an Annex III point 4 system, so internal control is the only route. No notified body will ever look at it. The company signs its own declaration, affixes its own CE marking, and goes live. Eighteen months later a rejected applicant complains, the regional authority requests the file, and finds the bias examination under Article 10 was a one-off script someone ran the week before launch and never repeated. Self-certification doesn’t soften that finding. It is the company’s signature on the claim that the system complied.

The EU declaration of conformity

The conformity assessment produces a document: the EU declaration of conformity. Article 47 requires you to draw one up for each high-risk system before it goes on the market. By signing it, you assume sole responsibility for the system’s compliance.

Annex V fixes what it has to contain:

• the system’s name, type, and a reference that lets it be identified and traced
• your name and registered address, or your authorised representative’s if you are outside the EU
• a statement that you issue the declaration under your sole responsibility
• a statement that the system conforms to the AI Act and any other EU law that applies
• the harmonised standards or common specifications you relied on
• the notified body and a reference to its certificate, where one was involved
• the date and an authorised signature

You keep the declaration for ten years after the system is placed on the market, and hand it to a national authority on request (Article 18). If the system is also covered by other EU legislation that wants its own declaration, you can draw up one combined document rather than a stack of them.

CE marking

The CE marking is the visible end of the process. It is the mark you have seen on a phone charger or a kettle, and it carries the same meaning here: the provider declares the product meets the applicable EU requirements. For a high-risk AI system, you affix it only after the conformity assessment is complete and the declaration is signed.

Article 48 wants the marking affixed “visibly, legibly and indelibly” to the system or its data plate. Where the system is software with nothing to physically label, it goes in the accompanying documentation and the interface, with a digital CE marking kept easily accessible. Where a notified body was involved (biometrics under Annex VII), its identification number sits next to the marking. A self-assessed system carries no number, because no notified body was there.

Do not treat the marking as a formality. Article 83 lists CE marking that is missing or wrongly affixed as a primary enforcement trigger. It is one of the first things a market surveillance authority checks, because it is visible without reading a single page of your technical file. An unmarked high-risk system on the EU market is a finding before anyone examines whether the system is any good.

When you have to do it again

A conformity assessment certifies the system as assessed. Change the system enough and the certificate no longer covers it.

Article 43(4) requires a fresh assessment after a “substantial modification”: a change that affects compliance with Articles 9 to 15, or alters the intended purpose, as defined in Article 3(23). Retrain the model on a materially different dataset, extend it into a use case it was not validated for, or change how it reaches a decision, and you are back at the gate. The CE marking does not carry over.

There is a deliberate carve-out. Changes you planned in advance and wrote into the technical documentation at the original assessment (a scheduled retraining cadence, a pre-declared update path) are not substantial modifications. This is the same change envelope that Article 13 asks you to disclose to deployers. Decide what your system is allowed to do over its life, write it down once, and you spare yourself a new assessment every time it learns something. Leave it undefined and every update becomes an argument about whether you needed to re-certify.

What to do now

If you are a provider heading for the EU market with a high-risk system:

1. Confirm your route early. Find your Annex III category. Points 2 to 8 mean internal control: no notified body, no external sign-off. Point 1 biometrics may need a notified body, and engaging one takes months. Don’t discover that in the quarter you planned to launch.
2. Build the file to survive a cold read. Internal control is only as strong as the technical documentation, risk record, and quality management system behind it. Assume an authority will read them with no help from you.
3. Draw up the declaration before launch. It is a signed assumption of liability, so treat the signature with the weight it carries.
4. Affix the CE marking last, and only once. After the assessment, after the declaration, never on an uncertified system.
5. Define your change envelope. Write the updates you can make without re-certifying into the technical file at the first assessment. Everything outside it triggers Article 43(4).

The conformity assessment is the moment the EU AI Act turns your compliance work into a claim you have signed. For most high-risk systems nobody checks that claim before the system ships. That is exactly why the authority that checks it afterwards can date any failure back to the day you made it.