Hael
Sign inRequest a demo
EU AI Act · Requirements

What is an AI conformity assessment?

Updated 30 June 2026 · 5 min read
Key takeaway
An AI conformity assessment is the process by which a high-risk AI system is shown to meet the EU AI Act's requirements before it is placed on the market. It is the formal check that the obligations have been met. Depending on the system, it is either carried out by the provider itself (self-assessment) or involves an independent notified body.
  • A conformity assessment shows a high-risk AI system meets the EU AI Act before it goes to market.
  • Most Annex III systems use provider self-assessment; some require an independent notified body.
  • Success leads to an EU declaration of conformity, CE marking where applicable, and EU database registration.
  • Substantial modification of a system can trigger a fresh assessment.
  • Current as of June 2026. This is general information, not legal advice.

What the assessment checks

The conformity assessment verifies that the high-risk system meets the Act's core requirements: that a risk management system exists, that data governance is in place, that technical documentation is complete, that logging, transparency, human oversight, accuracy, robustness, and cybersecurity measures are present. In effect, it confirms that the full set of high-risk obligations has been satisfied and documented.

The two routes

There are two main routes, depending on the type of system:

  • Self-assessment (internal control): For most Annex III high-risk systems, the provider conducts the assessment itself, based on its technical documentation and quality processes. No external body is required, but the provider remains fully responsible.
  • Notified body assessment: For certain systems, particularly some biometric systems and AI that is a safety component of products already subject to third-party assessment, an independent notified body must be involved.

What follows a successful assessment

Once the assessment is passed, the provider draws up an EU declaration of conformity, affixes the CE marking where applicable, and registers the system in the EU database before placing it on the market. The CE marking signals that the provider claims the system meets the applicable EU requirements.

When reassessment is needed

A conformity assessment is not necessarily permanent. If a high-risk system is substantially modified after it is placed on the market, it may need to be assessed again, because the change could affect its compliance. This is why keeping technical documentation and risk assessments current matters: it determines whether a change counts as substantial and triggers reassessment.

Why it matters commercially

The conformity assessment and the CE marking are how a high-risk system earns its place on the EU market. For a vendor, being able to show a completed assessment is increasingly part of winning enterprise trust. For an enterprise deploying a high-risk system, checking that the provider has completed its assessment is part of responsible procurement. Either way, the assessment is the moment the paperwork becomes a market permission.

Key terms

Conformity assessment
The formal process of showing a high-risk AI system meets the Act before going to market.
Notified body
An independent organisation designated to carry out conformity assessments for certain high-risk systems.
CE marking
The mark a provider affixes to signal a system meets the applicable EU requirements.
Declaration of conformity
The provider's signed statement that the system complies with the Act's requirements.
EU database
The public EU register of high-risk AI systems placed on the market.

References

Related guides

Keep reading on EU AI Act.

Free check

See where you stand on EU AI Act, free.

Answer a few questions and get an indicative view of what EU AI Act expects of your AI systems and where you stand today — no sign-up to see your result.

Indicative, not legal advice.
EU AI Act · indicative readiness
HAEL FREE TOOL
Applicability
Applies to your AI use
What's expected
Risk classification · governance · documentation · oversight
Where you stand
Banded result · pointed to the gaps that matter most
Result
On-screen, free · optional PDF
Pre-scoped to EU AI Act~ 5 MIN