Comparison

Conformity Assessment vs. Self-Assessment under the EU AI Act

When is an internal self-assessment sufficient, when is external conformity assessment by a notified body required?

Art. 43 of the AI Regulation governs conformity assessment for high-risk AI systems. In principle, providers can assess conformity themselves – unless the AI system falls under certain exceptions requiring an external body. This page explains the difference.

Internal Self-Assessment (Art. 43 Para. 2)

In self-assessment, the provider internally verifies whether their AI system meets all requirements of the AI Regulation. This is possible for most high-risk AI systems under Annex III.

  • Faster and more cost-effective than external assessment
  • Full control over the assessment process
  • Suitable for AI systems without biometric identification

When required:

For most high-risk AI systems under Annex III – except for real-time remote biometric identification in publicly accessible spaces.

External Conformity Assessment (Art. 43 Para. 1)

In external assessment, a notified body verifies the conformity of the AI system. This is mandatory for certain high-risk systems.

  • Highest legal certainty through independent verification
  • Mandatory for real-time remote biometric identification (Art. 43 Para. 1)
  • Recognized by all EU market surveillance authorities

When required:

Mandatory for high-risk AI systems for real-time remote biometric identification of natural persons in publicly accessible spaces (Art. 43 Para. 1 in conjunction with Annex III No. 1).

Decision Guide: Which Procedure Do You Need?

1

Check whether your AI system is classified as a high-risk system under Annex III. If not, no conformity assessment is required.

2

If high-risk: Check whether your system performs real-time remote biometric identification in publicly accessible spaces. If yes → external assessment required.

3

In all other cases: Internal self-assessment per Annex VI is possible. Use our compliance check for the initial assessment.

Thomas Bahr

Managing Director, Webutissimo S.L. – EU AI Act Compliance Expert

Thomas Bahr helps companies implement the AI Regulation (EU) 2024/1689. Focus areas: risk classification, technical documentation and conformity assessment for AI systems.

EU AI Act & AI ComplianceUpdated: 15 July 2026

Determine your risk class and the appropriate assessment path now.