← Blog

EU AI Act Conformity Assessment Bodies: Which Notified Bodies Will Sign Off Your High-Risk System

The EU AI Act requires high-risk AI systems to undergo a conformity assessment before being placed on the market. For some categories, the provider self-assesses. For others, the provider has to engage a notified body that the member state has designated under Article 31. With August 2, 2026 thirty-two days away, providers need a working understanding of which Annex III categories trigger third-party conformity assessment, how the notified body designation process works, and what the assessment record looks like when it lands in a market surveillance investigation.

ByParminder Singh· Founder & CEO, DeepInspect Inc.
Compliance & Regulationeu-ai-actconformity-assessmentnotified-bodiescompliancehigh-risk-airegulation
EU AI Act Conformity Assessment Bodies: Which Notified Bodies Will Sign Off Your High-Risk System

The EU AI Act requires every high-risk AI system to undergo a conformity assessment before being placed on the EU market or put into service. The conformity assessment is the procedure that demonstrates the system meets the Chapter III, Section 2 requirements. For most Annex III categories, the provider can self-assess under Article 43(2). For some categories, mostly biometric identification and categorization, the provider has to engage a notified body. The August 2, 2026 application date is 32 days away, and providers whose systems fall into the third-party assessment categories need to know which notified bodies will be designated and how to engage them.

I want to walk through the conformity assessment framework, which Annex III categories trigger third-party assessment, how notified body designation works under Article 31, and the operational record a notified body actually reviews.

What conformity assessment means under the regulation

Article 43 sets out the two conformity assessment procedures for high-risk AI systems. Procedure A under Annex VI is an internal control procedure where the provider self-assesses against the requirements and draws up the EU declaration of conformity. Procedure B under Annex VII is an assessment by a notified body of the quality management system and the technical documentation.

The choice between Procedure A and Procedure B depends on the Annex III category. Most categories fall under Procedure A. The exceptions, where Procedure B applies, are biometric identification systems and biometric categorization systems under Annex III point 1. For those, the provider has the option to either apply harmonized standards and use Procedure A, or use Procedure B with the notified body assessment.

For high-risk AI systems that are safety components of products covered by the Annex I product safety legislation, the conformity assessment follows the sectoral procedure already established for the product (medical devices under MDR, machinery under the Machinery Regulation, etc.). The AI Act requirements are integrated into that sectoral assessment.

Which Annex III categories trigger third-party assessment

Annex III lists the eight high-risk categories. For seven of them, the provider self-assesses under Procedure A. Biometric is the category where Procedure B applies if the provider does not use harmonized standards.

Biometric identification, biometric categorization, and emotion recognition under Annex III point 1. Procedure B applies unless harmonized standards exist and are applied in full. The Commission has issued standardization requests to CEN-CENELEC for the AI Act harmonized standards, with completion targeted in 2026.

Critical infrastructure (Annex III point 2), education and vocational training (point 3), employment and worker management (point 4), access to essential services and benefits (point 5), law enforcement (point 6), migration, asylum, and border control (point 7), and administration of justice and democratic processes (point 8) all default to Procedure A internal control.

The Procedure A categories still require the full technical documentation under Article 11, the quality management system under Article 17, and the post-market monitoring under Article 72. The difference from Procedure B is who reviews the documentation. Under Procedure A, the provider's own quality function reviews internally. Under Procedure B, a notified body reviews and issues an EU technical documentation assessment certificate.

How notified body designation works under Article 31

Article 31 sets out the requirements a body has to meet to be designated as a notified body for the AI Act. The body has to be established under the law of a member state and have legal personality. The body has to be independent of the providers it assesses, including financial and organizational independence. The body has to have the technical competence to assess AI systems against the regulation's requirements, with documented expertise in machine learning, software engineering, cybersecurity, and the application domain of the systems it assesses.

The notifying authority of each member state, designated under Article 28, runs the designation process. The notifying authority assesses the candidate body against Article 31, designates it for specific scopes (which Annex III categories it can assess), and notifies the Commission. The Commission publishes the list of notified bodies in the New Approach Notified and Designated Organisations (NANDO) database with a four-digit identification number per body.

As of the June 2026 status, the NANDO database listed a small number of notified bodies for the AI Act, with most designations pending. Providers in the Procedure B categories should expect a constrained supply of notified bodies in the first months of application, with capacity ramping over the second half of 2026 and into 2027.

The conformity assessment record under Annex VII

Annex VII specifies what the notified body assessment looks like. The assessment has two parts. The quality management system assessment under Annex VII point 4. The technical documentation assessment under Annex VII point 5.

The quality management system assessment evaluates whether the provider has the policies, procedures, and instructions to ensure compliance. The QMS has to cover the design and development process, the data management process, the validation and testing process, the change control process, and the post-market monitoring process. The notified body audits the QMS on-site and reviews evidence that the QMS is operated as documented.

The technical documentation assessment evaluates whether the documentation under Annex IV adequately demonstrates compliance with the Chapter III, Section 2 requirements. The notified body reviews the design specifications, the data governance documentation, the validation and testing record, the cybersecurity measures, the risk management record, and the post-market monitoring plan.

The notified body issues either an EU technical documentation assessment certificate or a refusal with justification. The certificate is valid for up to five years for high-risk AI systems and is subject to surveillance audits during the validity period.

The evidence the notified body asks for

The notified body assessment under Procedure B converges on the same operational evidence the market surveillance authority would ask for in a post-deployment investigation. The categories of evidence are the same.

Identity context evidence. Which natural persons, which authenticated agents, which systems make calls to the high-risk AI? The provider has to demonstrate that the identity is captured at the point of call and is bound to the audit record.

Policy evidence. Which rules govern which categories of input and output? The provider has to demonstrate that policy is evaluated per call, that policy versions are tracked, and that policy changes are documented.

Log evidence. The Article 12 automatic recording is the foundational evidence. The notified body samples the logs to verify the required fields are recorded automatically over the lifetime of the system, and that the retention satisfies Article 19.

Incident evidence. Have any serious incidents occurred under the Article 73 criteria? If so, what was the reporting timeline? What corrective actions were taken? The notified body reviews the incident response evidence as part of the post-market monitoring assessment.

How the architecture shapes the assessment outcome

Two architectures map differently into the conformity assessment.

The application-controlled audit architecture. The application that runs the AI call writes its own logs, manages its own retention, and produces evidence on request. The notified body's question is whether the application can be relied on to produce evidence about itself. The architecture passes assessment if the application has hardened internal controls, segregated log-writer privileges, and an independent integrity check. Most enterprise applications fail at least one of those controls.

The gateway-mediated audit architecture. A stateless proxy between the authenticated caller and the model writes every record, manages retention independently of the application, and produces evidence on request. The notified body's question is the same, but the answer is structurally different. The gateway is not the system under assessment; it is the recorder of the system under assessment. The integrity controls live at the gateway layer where the application has no write access.

The second architecture passes the conformity assessment with less friction. The notified body's assessment is faster and the evidence chain is cleaner.

DeepInspect

DeepInspect is a stateless policy gateway that sits between authenticated users or agents and any LLM. Every AI request passes through the gateway. The gateway verifies identity, evaluates policy, and produces a signed, tamper-evident audit record for every decision. The record includes the identity, the policy version, the model version, the data classes detected, the timestamps, and the policy outcome.

For a high-risk AI system undergoing conformity assessment, DeepInspect produces the operational evidence the notified body asks for. The Article 12 records are the gateway records. The Article 19 retention is configured at the gateway. The Article 14 oversight intervention can be wired into the gateway as a policy that suspends specific categories of decisions on demand. The integrity controls live at the gateway layer, independent of the application.

If you are facing the August deadline, let's talk.

Frequently asked questions

Which Annex III categories require a notified body?

Annex III point 1 (biometric identification, biometric categorization, emotion recognition) requires a notified body under Procedure B unless the provider applies harmonized standards in full. The other seven Annex III categories default to Procedure A internal self-assessment. High-risk AI systems that are safety components of products covered by Annex I sectoral product safety legislation follow the sectoral conformity assessment.

Where can a provider find the list of notified bodies?

The Commission maintains the list of notified bodies in the NANDO database, accessible at the Commission's NANDO portal. Each notified body has a four-digit identification number that appears on the EU declaration of conformity for systems assessed by that body. As of mid-2026, the AI Act notified body list is in active build-out and providers in scope should monitor designation announcements from their national notifying authority.

How long does a Procedure B conformity assessment take?

The duration depends on the complexity of the system and the readiness of the documentation. A well-documented system with a mature quality management system, complete Annex IV technical documentation, and clean Article 12 logs can complete the assessment in two to four months. A system with documentation gaps can extend to six months or longer, including the remediation cycle.

What is the difference between an EU declaration of conformity and a notified body certificate?

The EU declaration of conformity is the provider's own statement under Article 47 that the system complies with the regulation. Every high-risk AI system requires a declaration of conformity. The notified body certificate is the additional document issued under Procedure B that records the notified body's positive assessment. The declaration of conformity references the certificate when Procedure B applies.

Can a deployer be assessed by a notified body?

The conformity assessment obligation sits with the provider, not the deployer. A deployer that inherits provider status under Article 25 (by putting the system on the market under its own name, by substantial modification, or by purpose change to a high-risk use) inherits the conformity assessment obligation. Deployers that remain deployers do not directly engage the notified body, although the deployer's operational evidence supports the provider's assessment record.

What happens if a system is placed on the market without conformity assessment?

Placing a high-risk AI system on the EU market without the conformity assessment is non-compliance under Article 99, with the penalty tier at EUR 15 million or 3 percent of global annual turnover. The market surveillance authority can also order the withdrawal of the system from the market, the recall of systems already placed, and the prohibition of further placement