Accreditation Scope defines the precise technical domain, specific conformity assessment procedures, and categories of high-risk AI systems for which a notified body has been formally authorized by a national accreditation authority. This scope acts as a legal and technical mandate, strictly limiting the body's activities to areas where it has demonstrated competence, impartiality, and adherence to harmonized standards.
Glossary
Accreditation Scope

What is Accreditation Scope?
The formally defined and authorized boundaries of technical competence within which a notified body is permitted to conduct conformity assessments for specific categories of high-risk AI systems.
The scope is detailed in the body's accreditation certificate and is critical for CE marking validity. A provider must select a notified body whose scope explicitly covers their AI system's risk classification and underlying technology, such as biometrics or medical devices. Operating outside this defined scope invalidates the resulting certification and triggers non-compliance with the EU AI Act.
Core Characteristics of Accreditation Scope
The accreditation scope is the formal, legally binding document that defines the precise boundaries of a notified body's authority to assess high-risk AI systems. It transforms a general authorization into a specific, auditable technical mandate.
Formal Definition of Competence
The accreditation scope is a juridically binding statement issued by a national accreditation body that explicitly lists the categories of high-risk AI systems a notified body is authorized to assess. It is not a general license but a granular specification of technical competence, detailing the exact conformity assessment activities, standards, and product categories covered. This document serves as the primary evidence of a notified body's qualification under the EU AI Act.
Strict Adherence to Harmonized Standards
An accreditation scope is inextricably linked to specific harmonized standards. A notified body is only competent to assess conformity against the standards explicitly listed in its scope. Key implications include:
- Presumption of Conformity: Assessment against a listed standard provides a legal presumption of conformity with the AI Act's essential requirements.
- No Implicit Extension: A body accredited for a general safety standard cannot automatically assess against a specialized AI fairness standard unless it is explicitly included.
- Version Control: The scope must be updated when harmonized standards are revised, requiring re-assessment of the body's competence.
Product Category Specificity
The scope defines competence not just by standard, but by specific AI system categories. A notified body may be accredited for high-risk AI systems in medical devices but not for those in biometric identification. This categorization is critical because:
- Domain Expertise: Assessing a surgical robot requires fundamentally different engineering and clinical knowledge than assessing an AI-driven recruitment tool.
- Risk Profile Variance: The potential harms and required mitigation strategies differ vastly between categories, demanding specialized auditor expertise.
- Regulatory Overlap: Many AI systems are components of regulated products (e.g., machinery, medical devices), requiring the notified body to also demonstrate competence in the relevant sectoral legislation.
Conformity Assessment Module Designation
The accreditation scope specifies which conformity assessment modules from the AI Act the notified body is authorized to execute. This is a critical procedural boundary. The scope will explicitly list authorization for:
- Internal Control Review: Auditing the provider's own internal checks.
- Type Examination: Assessing the technical design of a representative AI system.
- Full Quality Assurance: Auditing the provider's entire quality management system for design, development, and post-market monitoring. A body authorized only for type examination cannot issue a certificate based on a full quality assurance audit.
Geographic and Legal Jurisdiction
The accreditation scope is issued by a single national accreditation body within an EU member state but operates under the principle of mutual recognition. This means a certificate issued by a notified body within its accredited scope is valid across the entire EU single market. However, the scope is tied to the legal entity of the notified body at a specific registered address; a subsidiary in another country requires its own separate accreditation, even if it is part of the same corporate group.
Dynamic Scope Maintenance and Surveillance
An accreditation scope is not a static certificate but a living document subject to continuous surveillance. The national accreditation body conducts regular audits—typically annually—to verify the notified body's ongoing competence. The scope can be:
- Extended: Through a formal application and successful assessment for new standards or product categories.
- Restricted: If surveillance identifies a loss of competence in a specific area.
- Suspended or Withdrawn: Immediately, if a critical non-conformity is found, instantly invalidating the body's authority to issue certificates in that domain.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Frequently Asked Questions
Clarifying the boundaries and legal implications of a notified body's designated competence under the EU AI Act.
Accreditation scope is the formally defined and authorized boundary of technical competence within which a notified body is legally permitted to conduct conformity assessments for specific categories of high-risk AI systems. It is not a general license to certify any AI product. The scope precisely delineates the specific technologies, risk categories, and harmonized standards a body is qualified to evaluate. This ensures that a notified body assessing an AI-driven medical diagnostic tool, for example, is demonstrably competent in both medical device regulation and machine learning validation, preventing unqualified entities from issuing CE marking certifications.
Related Terms
The accreditation scope of a notified body is defined by its relationship to the broader conformity assessment framework. These interconnected concepts form the operational and legal context for third-party AI system certification.
Notified Body
An independent, accredited organization designated by an EU member state to conduct third-party conformity assessments of high-risk AI systems. A notified body's specific technical competence and authorized activities are precisely defined by its accreditation scope, which is granted by the national accreditation body. Without a defined scope, a notified body has no legal authority to issue certificates.
Harmonized Standards
European technical specifications adopted by recognized standards bodies (CEN, CENELEC, ETSI) that provide presumption of conformity with the AI Act's essential requirements. A notified body's accreditation scope explicitly references the specific harmonized standards against which it is competent to assess. Applying these standards is voluntary but creates a safe harbor for providers, streamlining the certification process within the defined scope.
Technical Documentation
The comprehensive dossier a provider must compile to demonstrate compliance, forming the primary evidence base for a notified body's assessment. The documentation package must address every requirement within the accreditation scope being assessed. Required elements include:
- System architecture and design specifications
- Training data provenance and governance records
- Risk management system documentation
- Performance metrics and validation results
Substantial Modification
A change to an AI system's intended purpose or a significant alteration to its performance characteristics that triggers a new conformity assessment. If the modified system's risk profile shifts into a different category, the original notified body may no longer be competent to assess it if the new classification falls outside its accreditation scope, requiring re-certification by an appropriately scoped body.
Market Surveillance Authority
A national public body empowered to enforce the AI Act and verify the validity of certifications. These authorities audit whether a notified body operated within its accredited scope when issuing a certificate. A finding of scope violation can result in:
- Certificate invalidation and mandatory market withdrawal
- Suspension of the notified body's designation
- Penalties against both the provider and the notified body

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us