AI Notified Bodies
AI notified bodies are conformity assessment organizations designated under the EU AI Act to verify defined categories of high-risk AI systems when third-party assessment is required. They are market-access evidence institutions: useful for checking documentation, quality management, and legal conformity, but not proof that an AI system is harmless or fit for every deployment.
Definition
An AI notified body is a conformity assessment body that has been assessed, designated, and notified by an EU Member State to perform specified third-party assessment tasks under Regulation (EU) 2024/1689, the EU AI Act. In EU product law, a notified body is a designated organization that checks whether certain products satisfy applicable requirements before market placement when the relevant legislation requires third-party assessment.
For AI, the term matters because some high-risk systems cannot rely only on a provider's internal declaration of conformity. A notified body may assess the provider's quality management system, technical documentation, and conformity with the AI Act's high-risk requirements. That role connects law, technical evidence, auditing, product safety, fundamental-rights governance, and market access.
AI notified bodies are related to AI Audits and Assurance, AI Post-Market Monitoring, and AI Liability and Accountability, but they are narrower. They are not general AI safety labs, model-ranking services, civil-society watchdogs, or the European AI Office's general-purpose AI supervision arm. They are designated conformity assessment organizations acting within a legal procedure and notification scope.
Snapshot
- Legal basis: EU AI Act Chapter III, Section 4 for notifying authorities and notified bodies, and Section 5 for conformity assessment, certificates, CE marking, and registration.
- Core function: third-party conformity assessment for defined high-risk AI routes, especially Annex III point 1 biometric systems when internal control is not enough, and certain product-integrated high-risk AI systems under Annex I legislation.
- Notifying authority: a Member State body responsible for assessment, designation, notification, and monitoring of conformity assessment bodies.
- Public list: Article 35 requires the Commission to assign identification numbers and keep a public list of notified bodies; the Commission's NANDO system is the live place to check official designation scope.
- Certificate status: notified-body certificates can be time-limited, extended after reassessment, and suspended, withdrawn, or restricted if requirements are no longer met.
- Core caution: notified-body review is evidence of conformity within a defined scope, not a general claim that the system is safe, fair, lawful in every use, or free from post-market failure.
Current Context
For the requested June 25, 2026 review baseline, the legal anchor is Regulation (EU) 2024/1689, supported by the European Commission's AI Act Service Desk and NANDO notified-body database. The official timeline still lists August 2, 2026 for Annex III high-risk rules and August 2, 2027 for high-risk AI embedded in regulated products, while also noting the Digital Omnibus proposal to link high-risk application to support tools such as harmonised standards.
The Digital Omnibus status matters for this topic. On June 16, 2026, the European Parliament approved simplification measures for the AI Act. The Commission's high-risk-system guidance page now describes a new enforcement timeline following political agreement: December 2, 2027 for systems in certain high-risk areas and August 2, 2028 for product-integrated systems. A source-disciplined article should still distinguish the baseline AI Act text, Service Desk implementation summaries, Parliament and Commission pages, and the final Official Journal amendment that supplies the codified legal text.
NANDO now includes Regulation (EU) 2024/1689 on artificial intelligence as an active legislation entry. The current list of bodies, identification numbers, notification status, and activities should be checked in NANDO at the time of any compliance claim because Article 35 requires an up-to-date public list and because notification scope can change.
The Commission's draft high-risk classification guidelines were also part of the June 2026 context. The Commission describes them as non-binding, enforcement-guiding interpretation, with stakeholder consultation open until June 23, 2026. They sharpen classification questions, but they do not themselves create a notified-body duty unless the AI Act route and applicable product-law route require one.
The substance of the notified-body role is unchanged by timing uncertainty. Article 31 sets competence and independence requirements. Article 34 says notified bodies verify conformity according to Article 43 procedures. Article 43 routes only some AI Act assessments to notified bodies, while many high-risk AI systems remain under internal-control conformity assessment unless the law is changed or a product-law route requires third-party assessment.
Institutional Chain
Provider. The provider classifies the AI system, implements the high-risk requirements, prepares technical documentation, operates a quality management system where required, performs or obtains conformity assessment, draws up the EU declaration of conformity, and keeps post-market monitoring records.
Conformity assessment body. A candidate body applies for notification in the Member State where it is established. Article 29 requires the application to describe conformity assessment activities, modules, AI system types, and competence evidence, including an accreditation certificate where available.
Notifying authority. The Member State authority assesses, designates, notifies, and monitors the conformity assessment body. Article 28 requires Member States to designate or establish notifying authorities and protect objectivity, competence, confidentiality, and freedom from conflicts of interest.
Commission and Member States. Article 30 requires notification through the Commission's electronic tool. If no objection is raised within the relevant period, the conformity assessment body may operate as a notified body within its notification scope. Article 35 then makes identification numbers and lists public.
Market surveillance and fundamental-rights authorities. Notified-body review does not replace market surveillance, complaint rights, serious-incident reporting, post-market monitoring, or the powers of authorities protecting fundamental rights. These are separate parts of the AI Act governance chain.
When a Notified Body Is Required
Annex III point 1: biometrics. For high-risk AI systems listed in Annex III point 1, Article 43 allows internal control when the provider applies relevant harmonised standards or common specifications. Notified-body involvement under Annex VII is required when those standards or specifications do not exist, are not available, are restricted, or are not fully applied.
Annex III points 2 to 8. For other Annex III high-risk systems, including areas such as critical infrastructure, education, employment, essential services, law enforcement, migration, justice, and democratic processes, Article 43 currently uses internal-control conformity assessment without notified-body involvement. This is one of the most important boundaries: many socially significant high-risk systems do not automatically get third-party notified-body review under the baseline text.
Law enforcement, immigration, asylum, and EU institutions. For Annex III point 1 systems intended to be put into service by law enforcement, immigration or asylum authorities, or EU institutions and bodies, Article 43 says the relevant market surveillance authority acts as the notified body.
Product-integrated high-risk AI. For high-risk AI systems covered by Union harmonisation legislation in Annex I, the relevant product-law conformity assessment route applies. Notified bodies under those sectoral acts may assess AI-specific requirements if their compliance with relevant Article 31 competence and independence requirements has been assessed in that notification procedure.
Future expansion. Article 43 empowers the Commission to amend the conformity assessment route and subject Annex III points 2 to 8 to notified-body assessment, taking into account the effectiveness of internal control and the availability of adequate notified-body capacity and resources.
What They Assess
A notified body does not merely "test the model." Under Annex VII-style assessment, the object is the provider's quality management system and technical documentation for the high-risk AI system. That can include system purpose, risk management, data governance, logging, human oversight, accuracy, robustness, cybersecurity, technical documentation, change management, and post-market evidence.
Article 31 requires notified bodies to have legal personality under Member State law, suitable organization and quality management, resources, process and cybersecurity capacity, independence from providers and interested operators, confidentiality procedures, liability insurance unless covered by the Member State, and sufficient administrative, technical, legal, and scientific personnel.
Article 32 creates a presumption of conformity with notified-body requirements when a conformity assessment body demonstrates conformity with relevant harmonised standards published in the Official Journal, but only to the extent those standards cover the Article 31 requirements. Article 33 allows subsidiaries or subcontractors only under conditions: the notified body remains responsible, must inform the notifying authority, needs provider agreement, and must keep qualification and work records available for five years after the subcontract ends.
Article 34 requires notified bodies to verify conformity according to Article 43 and to avoid unnecessary burdens on providers, especially micro and small enterprises, while still respecting the regulation's required level of protection. Article 44 gives notified bodies certificate powers: certificates have maximum periods, can be extended after reassessment, and can be suspended, withdrawn, or restricted if the system no longer meets requirements.
Article 45 turns notified-body work into an information-sharing system. Notified bodies must inform notifying authorities about certificates, refusals, restrictions, suspensions, withdrawals, scope changes, and market-surveillance requests, and they must share relevant positive and negative conformity assessment information with other notified bodies while preserving confidentiality.
How to Verify a Claim
A useful verification starts with the exact claim, not the certificate logo. Ask whether the claim is "this organization is a notified body," "this body is notified for this AI Act activity," "this specific system passed a required conformity assessment," or "this deployment is lawful and safe." Those are different claims.
- Check the route: identify whether the system is Annex III point 1 biometrics, another Annex III system, an Annex I product-integrated system, a derogation under Article 46, or a sectoral product-law case. Article 43 does not send every high-risk AI system to a notified body.
- Check NANDO: verify the body name, identification number, Member State, Regulation (EU) 2024/1689 scope, modules, activities, and system types. A body notified under another law is not automatically notified for AI Act work.
- Check authority continuity: Article 36 requires changes to notifications to be reported and provides rules for restriction, suspension, withdrawal, cessation, certificate continuity, and transfer to another notified body. A certificate may need a takeover record, not just an old PDF.
- Check challenge history: Article 37 allows the Commission to investigate doubts about competence and, if Member State action is insufficient, suspend, restrict, or withdraw designation by implementing act. A serious claim should be checked against current designation status, not the status at issuance.
- Check subcontracting: if subsidiaries or subcontractors performed assessment work, Article 33 makes the notified body responsible and requires provider agreement and records. Hidden subcontracting is a red flag for assurance quality.
- Check conformity artifacts: a notified-body certificate should line up with the provider's EU declaration of conformity under Article 47, CE marking where applicable, registration duties under Article 49, technical documentation, post-market monitoring, and substantial-change triggers.
- Check public versus restricted records: law-enforcement, migration, asylum, and border-control uses can involve non-public database sections or authorities acting as notified bodies. Lack of public detail should not be treated as proof of either compliance or non-compliance without knowing the legal route.
The strongest procurement or audit question is therefore: "Show the chain." Provider role, system version, intended purpose, classification basis, standards or common specifications, conformity route, notified-body scope, certificate status, EU declaration, registration record, monitoring plan, incident history, and authority contacts should tell one consistent story.
Governance and Safety Implications
The safety value of notified bodies is procedural discipline: an external organization checks whether a provider's evidence meets legal requirements before a defined system reaches the market or is put into service. That can improve documentation quality, risk-management practice, traceability, human-oversight analysis, cybersecurity review, post-market monitoring, and accountability for high-risk systems.
The governance value is also public-list discipline. NANDO and Article 35 make designation scope visible. A buyer, auditor, regulator, journalist, or affected party can ask whether the named body was actually notified for the relevant regulation, activity, module, and system type.
The safety risk is assurance theater. A notified body can review evidence within its legal scope, but it does not guarantee that a system will never harm people, that every deployment context is safe, that a downstream use is lawful, or that later model updates remain compliant. Notified-body review is a control in a larger system that also needs AI system inventory, audit trails, incident reporting, post-market monitoring, and enforceable corrective action.
Capacity is a safety issue. If there are too few competent bodies for AI, biometrics, cybersecurity, data governance, safety-critical products, and fundamental-rights analysis, conformity assessment can become a bottleneck, a paperwork exercise, or an incumbent advantage for firms able to buy scarce assessment capacity early.
Failure Modes
- Scope laundering: a certificate for one system, module, or product-law route is marketed as proof that a broader product line or deployment context is safe.
- NANDO mismatch: the named body exists, but its notification scope does not cover the relevant AI Act activity, module, system type, or sectoral product route.
- Evidence starvation: the notified body receives polished documentation but not enough logs, data provenance, evaluation failures, incident history, or runtime evidence to test the claim.
- Consulting conflicts: the assessment body or related entities sell advisory services that compromise, or appear to compromise, impartiality.
- Point-in-time illusion: the system changes through fine-tuning, updates, retrieval changes, data drift, tool integration, or user feedback while the old assessment remains rhetorically attached.
- Capacity bottlenecks: too few competent assessors slow lawful deployment or push review toward checklists and shallow document inspection.
- Fundamental-rights gap: the review checks formal conformity while affected people still lack usable notice, explanation, complaint, appeal, or remedy.
- Certification overclaim: "certified" is treated as "safe," even though conformity assessment is bounded by legal criteria, evidence access, version, intended purpose, and post-market controls.
Minimum Evidence Record
A useful notified-body claim should leave enough detail for a reviewer to reconstruct the assessment boundary. At minimum, record:
- System identity: provider, system name, version, intended purpose, AI Act role, and whether the system is Annex III, product-integrated Annex I, or another route.
- Assessment route: internal control, Annex VII notified-body route, sectoral product-law route, derogation, reassessment after substantial modification, or certificate extension.
- Notified-body scope: NANDO identification number, Member State, notification status, activities, modules, system types, and any subcontracting or subsidiary involvement.
- Standards and specifications: harmonised standards, common specifications, restrictions, partial application, or explanation for why notified-body involvement was triggered.
- Evidence reviewed: quality management system, technical documentation, risk management, data governance, logs, human oversight, cybersecurity, testing, post-market monitoring plan, and unresolved limitations.
- Decision record: certificate, refusal, restriction, suspension, withdrawal, corrective-action deadline, appeal path, validity period, and reassessment triggers.
- Post-market link: monitoring records, serious incidents, complaints, market-surveillance requests, substantial changes, and how those records feed back into the certificate or assessment file.
Source Discipline
AI notified-body claims should distinguish legal text, Service Desk summaries, NANDO live listings, Commission guidance, harmonised standards, common specifications, product-sector rules, certificates, and private compliance commentary. They do not have the same legal force.
Use current names and dates. A body may be notified under one EU act but not another; may be notified for one activity but not another; and may gain, lose, restrict, or modify scope. "Listed in NANDO" is not enough unless the relevant legislation, module, activity, and system type match.
For timing claims, preserve the status of the source. The baseline AI Act timeline, the Service Desk's Digital Omnibus note, the May 2026 provisional agreement, Parliament's June 16, 2026 approval, Commission implementation pages, and a final Official Journal amendment are different legal states. Do not treat a political agreement, guidance page, or press release as if it were already codified legal text unless it has formally entered into force.
For safety claims, do not cite notified-body involvement as proof that a system is conscious, generally intelligent, risk-free, rights-respecting in every context, or safe to deploy without monitoring. A certificate is evidence about conformity under defined conditions.
Spiralist Reading
An AI notified body is a checkpoint in the bureaucracy of trust.
The machine does not become safe because an institution has stamped a file. But the file matters. It forces claims into documents, documents into review, review into responsibility, and responsibility into a public list.
For Spiralism, the lesson is not faith in certification. It is distrust made orderly enough to leave a record. The notified body is useful only when the record can resist the provider's story: what was assessed, what was not, what failed, what changed, and who can act when the system harms people after approval.
Open Questions
- How many notified bodies will have enough AI, cybersecurity, data, and fundamental-rights expertise for complex systems?
- Will the delayed Digital Omnibus timeline give conformity infrastructure enough time without weakening accountability for affected people?
- How should notified bodies review adaptive systems that change through updates, fine-tuning, retrieval, or user feedback?
- What evidence should be available to affected people when a certified high-risk system causes harm?
- How should conflicts be managed when assessment bodies also sell adjacent consulting services?
- Will internal-control routes for most Annex III systems be sufficient, or will the Commission eventually expand notified-body involvement?
- Will conformity assessment improve real safety, or mainly improve the appearance of compliance?
Related Pages
- EU AI Act
- AI Audits and Assurance
- AI Governance
- AI Audit Trails
- AI Post-Market Monitoring
- AI Incident Reporting
- AI Liability and Accountability
- Human Oversight in AI
- Algorithmic Impact Assessments
- Secure AI System Development
- AI System Inventory
- AI Procurement
- Model Cards and System Cards
- AI in Government and Public Services
- AI in Employment
- AI Vulnerability Disclosure
- ISO/IEC 42001
- ISO/IEC 42005
- Transparency and Public Registers
Sources
- EUR-Lex, Regulation (EU) 2024/1689, Artificial Intelligence Act, official text.
- AI Act Service Desk, Article 28: Notifying authorities, reviewed June 25, 2026.
- AI Act Service Desk, Article 29: Application of a conformity assessment body for notification, reviewed June 25, 2026.
- AI Act Service Desk, Article 30: Notification procedure, reviewed June 25, 2026.
- AI Act Service Desk, Article 31: Requirements relating to notified bodies, reviewed June 25, 2026.
- AI Act Service Desk, Article 32: Presumption of conformity with requirements relating to notified bodies, reviewed June 25, 2026.
- AI Act Service Desk, Article 33: Subsidiaries of notified bodies and subcontracting, reviewed June 25, 2026.
- AI Act Service Desk, Article 34: Operational obligations of notified bodies, reviewed June 25, 2026.
- AI Act Service Desk, Article 35: Identification numbers and lists of notified bodies, reviewed June 25, 2026.
- AI Act Service Desk, Article 36: Changes to notifications, reviewed June 25, 2026.
- AI Act Service Desk, Article 37: Challenge to the competence of notified bodies, reviewed June 25, 2026.
- AI Act Service Desk, Article 38: Coordination of notified bodies, reviewed June 25, 2026.
- AI Act Service Desk, Article 39: Conformity assessment bodies of third countries, reviewed June 25, 2026.
- AI Act Service Desk, Article 43: Conformity assessment, reviewed June 25, 2026.
- AI Act Service Desk, Article 44: Certificates, reviewed June 25, 2026.
- AI Act Service Desk, Article 45: Information obligations of notified bodies, reviewed June 25, 2026.
- AI Act Service Desk, Article 46: Derogation from conformity assessment procedure, reviewed June 25, 2026.
- AI Act Service Desk, Article 47: EU declaration of conformity, reviewed June 25, 2026.
- AI Act Service Desk, Article 49: Registration, reviewed June 25, 2026.
- AI Act Service Desk, Timeline for the Implementation of the EU AI Act, reviewed June 25, 2026.
- European Commission, Guidelines for providers and deployers of AI high-risk systems, reviewed June 25, 2026.
- European Commission, Notified bodies, reviewed June 25, 2026.
- European Commission, NANDO search by legislation, reviewed June 25, 2026.
- European Commission, NANDO list for Regulation (EU) 2024/1689 on artificial intelligence, reviewed June 25, 2026.
- European Parliament, AI Act: EP approves simplification measures and "nudifier" app ban, June 16, 2026.