Skip to main content
← Back to Blog
Use-case·10 min read·

How to Complete an EU AI Act Conformity Assessment: A Practical Walkthrough

A step-by-step walkthrough of the EU AI Act conformity assessment for high-risk AI systems, including the self-assessment route, notified body route, and the exact documentation needed.

#conformity assessment#EU AI Act#notified body#Annex IV

Quick answer

A conformity assessment is the EU AI Act's procedural check that a high-risk AI system meets all the regulatory requirements before it is placed on the EU market. Most high-risk AI systems use an internal (self-assessment) route. Some (e.g. biometric identification) require a notified body third-party conformity assessment. You need technical documentation (Annex IV), risk management system (Article 9), and quality management system (Article 17) in place.

Step 1: Confirm you are the provider

Only providers (Article 3(3)) do the conformity assessment. Deployers (users) do not. If you are integrating a third-party AI system into your product under your own branding, you typically become the provider.

Step 2: Build the Article 17 quality management system

  • Regulatory compliance strategy
  • Design control and design-verification techniques
  • Development, quality control, and quality assurance
  • Examination, test, and validation procedures
  • Risk management (Article 9)
  • Post-market monitoring (Article 72)
  • Incident reporting (Article 73)
  • Communication with competent authorities
  • Record keeping
  • Resource management (including data-supply security)
  • Accountability framework

Step 3: Produce Annex IV technical documentation

Annex IV requires: general description of the AI system; detailed description of elements including data; monitoring, functioning and control; risk management system; change description; harmonised standards applied; EU declaration of conformity; post-market monitoring plan.

Step 4: Choose your route

  • Internal control (Annex VI) — the default for most high-risk AI systems. Provider self-assesses and signs the declaration of conformity.
  • Notified body involvement (Annex VII) — required for biometric-identification and -categorisation systems under Annex III(1). The notified body audits the QMS and technical documentation.

Step 5: Sign the EU Declaration of Conformity

Article 47 requires a written Declaration of Conformity, signed by the provider, containing specific information (provider identity, AI system identification, standards applied, name/address of notified body if applicable). Kept for 10 years after the AI system is placed on the market.

Step 6: Affix the CE marking

High-risk AI systems carry the CE marking to show conformity (Article 48). For embedded AI inside a physical product with its own CE marking, the AI Act CE is typically integrated.

Step 7: Register in the EU database

Before placing a high-risk AI system on the market, the provider must register it in the EU database maintained by the Commission (Article 71).

Using GeraCompliance

GeraCompliance provides a guided conformity assessment workflow, Annex IV technical documentation templates, QMS process library, and the Declaration of Conformity generator. See the 2026 deadline overview and the FRIA guide.