Conformity assessment and CE marking for high-risk AI: how does it work?
Adopted 2026-06-16 ยท ≈ 2 min read ยท 
edited by Dirk Baaijen
Before placing a high-risk AI system on the market you run a conformity assessment (Art. 43), draw up technical documentation, issue an EU declaration, affix the CE marking and register in the EU database.
Short answer: As a provider you must first put a high-risk AI system through a conformity assessment (Art. 43). If it passes, you draw up an EU declaration of conformity (Art. 47), affix the CE marking (Art. 48) and register the system in the EU database (Art. 49) before placing it on the market.
Which route applies to my system?
The conformity assessment demonstrates that your system meets the requirements for high-risk AI (such as risk management, data governance, transparency and human oversight). For most Annex III systems there are two routes:
- Internal control (Annex VI): for most Annex III systems a self-administered assessment is enough. You check your quality management and technical documentation against the requirements, without a third party having to verify them.
- Notified body (Annex VII): in certain cases โ notably biometrics โ assessment by a notified body is required. This third party reviews your quality management system and technical documentation.
Which route applies depends on the type of system and whether harmonised standards were used. Decide early, because an external assessment takes time.
What must I record and issue?
- Technical documentation (Annex IV): a file showing the system meets the requirements โ design, data, performance, risk management and testing. It is the foundation of the whole assessment.
- EU declaration of conformity (Art. 47): a signed statement in which you, as provider, take responsibility for the system's conformity. You keep it available for ten years.
- CE marking (Art. 48): affixed visibly, legibly and indelibly to the system, or to its packaging and documentation. For purely digital systems it may be applied digitally. Where a notified body is involved, its identification number is added.
- Registration (Art. 49): you register the system in the EU database before it is placed on the market or put into service.
What if my AI is built into a product?
If your product already falls under Annex I product legislation (for example machinery or medical devices), an integrated assessment applies: the AI requirements are folded into the conformity assessment that already governs that product. So you do not run two separate procedures, but one combined one. The CE marking the product already carries then also covers AI conformity. This avoids duplication, but means you must address the AI requirements within the existing product procedure.
Read more: AI Act: timeline of obligations. Take the scan.
Sources
- https://eur-lex.europa.eu/eli/reg/2024/1689/oj
Regulation (EU) 2024/1689 (AI Act), Arts 43, 47, 48: conformity assessment and CE.
Read next
CE marking and notified bodies for high-risk AI
High-risk AI receives a CE marking after a successful conformity assessment. Sometimes the provider assesses itself; sometimes an independent notified body must be involved. This guide explains when each route applies and what the CE marking means.
The EU declaration of conformity under the AI Act (Article 47)
The EU declaration of conformity is the written statement by which the provider itself confirms that a high-risk AI system meets the AI Act. Article 47 sets out its content, language and retention; the provider bears full responsibility for it.
AI as a medical device: the dual conformity (MDR + AI Act)
If your AI is a medical device, it must meet both the MDR (clinical evaluation, CE) and the AI Act (high-risk requirements). The regulations are meant to run together through a single conformity assessment and one notified body โ not two separate tracks.