Conformity Assessment vs. Self-Assessment under the EU AI Act
When is an internal self-assessment sufficient, when is external conformity assessment by a notified body required?
Art. 43 of the AI Regulation governs conformity assessment for high-risk AI systems. In principle, providers can assess conformity themselves – unless the AI system falls under certain exceptions requiring an external body. This page explains the difference.
Internal Self-Assessment (Art. 43 Para. 2)
In self-assessment, the provider internally verifies whether their AI system meets all requirements of the AI Regulation. This is possible for most high-risk AI systems under Annex III.
- Faster and more cost-effective than external assessment
- Full control over the assessment process
- Suitable for AI systems without biometric identification
When required:
For most high-risk AI systems under Annex III – except for real-time remote biometric identification in publicly accessible spaces.
External Conformity Assessment (Art. 43 Para. 1)
In external assessment, a notified body verifies the conformity of the AI system. This is mandatory for certain high-risk systems.
- Highest legal certainty through independent verification
- Mandatory for real-time remote biometric identification (Art. 43 Para. 1)
- Recognized by all EU market surveillance authorities
When required:
Mandatory for high-risk AI systems for real-time remote biometric identification of natural persons in publicly accessible spaces (Art. 43 Para. 1 in conjunction with Annex III No. 1).
Decision Guide: Which Procedure Do You Need?
Check whether your AI system is classified as a high-risk system under Annex III. If not, no conformity assessment is required.
If high-risk: Check whether your system performs real-time remote biometric identification in publicly accessible spaces. If yes → external assessment required.
In all other cases: Internal self-assessment per Annex VI is possible. Use our compliance check for the initial assessment.
Thomas Bahr
Managing Director, Webutissimo S.L. – EU AI Act Compliance Expert
Thomas Bahr helps companies implement the AI Regulation (EU) 2024/1689. Focus areas: risk classification, technical documentation and conformity assessment for AI systems.
Weiterführende Seiten:
Determine your risk class and the appropriate assessment path now.