Notified Bodies play a crucial role in the European Union’s Artificial Intelligence Act (AI Act), serving as independent third-party organisations responsible for conformity assessment of high-risk AI systems. These designated entities ensure AI systems meet regulatory requirements before market entry. Key points include:
- Primary function: Conduct conformity assessments for high-risk AI systems under Annex III of the AI Act
- Designation process: National authorities designate qualified organisations following strict criteria
- Scope: Cover AI systems in critical sectors like healthcare, transportation, law enforcement, and education
- Timeline: Operational from August 2025 when high-risk AI system requirements take effect
- Impact: Essential for market access of high-risk AI systems in the EU market
What Are Notified Bodies in the AI Act Context?
Notified Bodies are independent, third-party organisations officially designated by EU member state authorities to perform conformity assessment procedures for high-risk AI systems. These entities bridge the gap between regulatory requirements and market implementation, ensuring AI systems comply with the AI Act’s safety and transparency standards.
Under the AI Act framework, Notified Bodies serve as the gatekeepers for high-risk AI system certification, similar to their role in other EU regulatory frameworks like the Medical Device Regulation (MDR) or the Radio Equipment Directive (RED).
Stay Ahead of AI Regulation
Join AI Act Alert, eyreACT’s newsletter delivering concise updates, compliance tips, and insights to keep your AI systems market-ready and trusted.
Notified Bodies in AI Act
The AI Act establishes Notified Bodies through several key provisions:
Article 33 outlines the designation procedure, requiring member states to notify the European Commission and other member states of their designated bodies. The notification must include detailed information about the body’s competence, organizational structure, and scope of activities.
Article 34 specifies the requirements Notified Bodies must meet, including technical competence, independence, impartiality, and appropriate insurance coverage. These organizations must demonstrate expertise in AI technologies, risk management, and the specific sectors they will assess.
Article 35 addresses the operational obligations of Notified Bodies, including maintaining competence, ensuring confidentiality, and cooperating with market surveillance authorities.
Key Responsibilities and Functions of Notified Bodies
Notified Bodies conduct comprehensive evaluations of high-risk AI systems to verify compliance with AI Act requirements. This process includes:
Technical Documentation Review: Examining system architecture, training data, risk management procedures, and quality management systems to ensure alignment with regulatory standards.
Quality Management System Assessment: Evaluating the provider’s quality management framework, including processes for continuous monitoring, risk management, and incident reporting.
System Testing and Validation: Conducting or overseeing testing procedures to verify system performance, accuracy, and robustness across intended use cases.
Certification and Marking
Upon successful conformity assessment, Notified Bodies issue CE marking authorization, enabling AI system providers to place their products on the EU market. This certification demonstrates compliance with all applicable AI Act requirements.
Ongoing Surveillance
Notified Bodies maintain oversight responsibilities throughout the AI system’s lifecycle, including post-market surveillance activities and investigation of reported incidents or non-compliance issues.
Notified Bodies’ Designation Requirements and Criteria
Independence and Impartiality: Notified Bodies must operate independently from AI system providers, users, and other stakeholders that could compromise their assessment objectivity.
Legal Structure: Organizations must be established under the law of an EU member state and possess appropriate legal personality to assume liability for their assessment activities.
Financial Stability: Demonstrated financial resources and appropriate insurance coverage to support their operational responsibilities and potential liability exposure.
Technical Competence
AI Expertise: Deep understanding of artificial intelligence technologies, machine learning algorithms, data science principles, and AI system development methodologies.
Sector Knowledge: Specialized expertise in the specific high-risk AI application areas they will assess, such as healthcare diagnostics, autonomous vehicles, or biometric identification systems.
Risk Assessment Capabilities: Proven competence in risk management methodologies, safety analysis, and cybersecurity assessment relevant to AI systems.
Personnel Qualifications
Technical Staff: Qualified engineers, data scientists, and AI specialists with relevant education, training, and professional experience in AI system assessment.
Management Personnel: Leadership team with appropriate qualifications in quality management, regulatory compliance, and organizational governance.
Continuous Training: Ongoing professional development programs to maintain current knowledge of AI technologies and regulatory developments.
Are you ready for the EU AI Act’s deadline?
eyreACT’s AI Act compliance platform will help organisations like yours seamlessly navigate these complex requirements. Be among the first to access our comprehensive solution for AI system classification, risk assessment, and ongoing compliance management.
High-Risk AI Systems Under Assessment
Notified Bodies focus on AI systems classified as high-risk under Annex III of the AI Act, which includes:
Critical Infrastructure
AI systems used in road traffic management, water and gas supply management, and other essential infrastructure components that could impact public safety.
Education and Vocational Training
AI systems for educational assessment, admission processes, and vocational training evaluation that could significantly affect individuals’ access to education and career opportunities.
Employment and Human Resources
AI recruitment systems, performance evaluation tools, and workplace monitoring technologies that influence employment decisions and working conditions.
Essential Services
AI systems in credit scoring, insurance risk assessment, and other financial services that affect access to essential services and opportunities.
Law Enforcement and Justice
Biometric identification systems, risk assessment tools for criminal justice, and other AI applications in law enforcement contexts.
Healthcare and Safety
AI diagnostic systems, surgical robots, and other medical AI applications that could impact patient safety and health outcomes.
Conformity Assessment Procedures
Module A: Internal Production Control
For certain lower-risk categories within high-risk AI systems, providers may conduct internal conformity assessment with Notified Body oversight and periodic surveillance.
Module B: EU Type Examination
Comprehensive assessment of AI system design, development process, and technical documentation by the Notified Body to verify compliance with AI Act requirements.
Module C: Conformity to Type
Ongoing verification that production AI systems conform to the approved type and continue meeting regulatory requirements throughout their lifecycle.
Module D: Production Quality Assurance
Assessment and ongoing surveillance of the provider’s quality management system to ensure consistent compliance with AI Act requirements.
Timeline and Implementation
Preparation Phase (2024-2025)
Member states establish designation procedures and begin evaluating candidate organizations for Notified Body status.
Operational Launch (August 2025)
High-risk AI system requirements become applicable, and Notified Bodies begin conducting conformity assessments for new AI systems entering the market.
Full Implementation (2026-2027)
Complete operational framework with established Notified Bodies across all member states and standardized assessment procedures.
Ongoing Evolution
Continuous refinement of assessment methodologies, harmonized standards development, and adaptation to emerging AI technologies.
Choosing the Right Notified Body
Sector Expertise
Select a Notified Body with demonstrated competence in your specific AI application domain and understanding of relevant technical standards and best practices.
Geographic Considerations
While Notified Body certifications are valid across the EU, consider practical factors like language capabilities, local market knowledge, and proximity for ongoing collaboration.
Assessment Approach
Evaluate potential Notified Bodies’ assessment methodologies, timelines, and communication practices to ensure alignment with your compliance strategy and business objectives.
Track Record and Reputation
Consider the organisation’s experience with similar technologies, regulatory compliance history, and reputation within the AI and technology community.
Book a demo with eyreACT to simplify your AI Act compliance
EU AI Act is more complex than GDPR but we help you nail it. From automated AI system classification to ongoing risk monitoring, we’re creating the platform of developer-friendly, business-friendly tools you need to confidently deploy AI within the regulatory European framework.
Costs and Timelines for Notified Bodies
Conformity assessment costs vary significantly based on AI system complexity, scope of assessment, and Notified Body pricing structures. Expect costs ranging from tens of thousands to hundreds of thousands of euros for comprehensive assessments.
Timeline Expectations
Initial conformity assessments typically require 3-12 months depending on system complexity, documentation completeness, and any necessary remediation activities.
Ongoing Costs
Annual surveillance activities, periodic reassessments, and modification evaluations represent ongoing compliance costs that should be factored into long-term business planning.
Notified Bodies: Challenges and Considerations
Limited Initial Capacity
The initial number of designated Notified Bodies may be limited, potentially creating bottlenecks for AI system providers seeking certification. Luckily, eyreACT can assess AI systems and identify the areas for potential scrutiny.
Evolving Standards
Assessment criteria and methodologies will continue evolving as harmonised standards are developed and practical experience is gained.
Technical Complexity
AI system assessment presents unique challenges compared to traditional product certification, requiring specialised expertise and innovative assessment approaches. That’s exactly why we have created eyreACT AI Act Compliance ecosystem.
International Implications
AI Act compliance may affect global AI development strategies and market access plans for international technology companies – ask us about our global partner integrations!
Best Practices for Working with Notified Bodies
Early Engagement
Begin discussions with potential Notified Bodies during AI system development to understand assessment requirements and identify potential compliance issues early.
Documentation Preparation
Maintain comprehensive technical documentation throughout the development process to streamline the conformity assessment procedure.
Quality Management Integration
Implement robust quality management systems that align with AI Act requirements and facilitate ongoing compliance demonstration.
Stakeholder Communication
Establish clear communication channels with your chosen Notified Body and maintain regular dialogue throughout the assessment process.
What Should We Expect from Notified Bodies Framework in the Future?
The Notified Body framework for AI systems represents a significant evolution in technology regulation, establishing precedents that may influence global AI governance approaches. As the AI Act implementation progresses, we can expect:
Standardisation development: Continued refinement of assessment methodologies and harmonised standards to support consistent evaluation across different Notified Bodies and member states.
International alignment: Potential mutual recognition agreements and alignment with other international AI regulatory frameworks to facilitate global market access.
Technology evolution: Adaptation of assessment procedures to address emerging AI technologies and applications not currently covered by existing frameworks.
Market maturation: Development of a competitive Notified Body marketplace with specialised expertise and efficient assessment procedures. Explore the Notified Bodies database in eyreACT!
Final Thoughts: The Growing Role of Notified Bodies in Post-AI Act World
Notified Bodies represent a critical component of the EU AI Act’s implementation, providing the technical expertise and independent assessment necessary to ensure high-risk AI systems meet regulatory requirements.
For AI system providers, understanding the Notified Body framework and preparing for conformity assessment is essential for successful market entry and ongoing compliance.
The success of this regulatory approach will depend on the establishment of competent, efficient Notified Bodies and the development of practical, effective assessment methodologies that balance innovation promotion with risk mitigation.
As this framework evolves, staying informed about developments and maintaining proactive compliance strategies will be essential for all stakeholders in the AI ecosystem.
Organisations developing high-risk AI systems should begin preparing now by understanding the requirements, engaging with potential Notified Bodies, and implementing robust quality management and documentation practices that will support successful conformity assessment and ongoing compliance with the AI Act.
