Inferensys

Glossary

Accreditation Scope

The formally defined and authorized boundaries of technical competence within which a notified body is permitted to conduct conformity assessments for specific categories of high-risk AI systems.
Risk analyst performing AI risk assessment on laptop, risk matrices visible, casual office risk session.
DEFINITION

What is Accreditation Scope?

The formally defined and authorized boundaries of technical competence within which a notified body is permitted to conduct conformity assessments for specific categories of high-risk AI systems.

Accreditation Scope defines the precise technical domain, specific conformity assessment procedures, and categories of high-risk AI systems for which a notified body has been formally authorized by a national accreditation authority. This scope acts as a legal and technical mandate, strictly limiting the body's activities to areas where it has demonstrated competence, impartiality, and adherence to harmonized standards.

The scope is detailed in the body's accreditation certificate and is critical for CE marking validity. A provider must select a notified body whose scope explicitly covers their AI system's risk classification and underlying technology, such as biometrics or medical devices. Operating outside this defined scope invalidates the resulting certification and triggers non-compliance with the EU AI Act.

DEFINING TECHNICAL COMPETENCE BOUNDARIES

Core Characteristics of Accreditation Scope

The accreditation scope is the formal, legally binding document that defines the precise boundaries of a notified body's authority to assess high-risk AI systems. It transforms a general authorization into a specific, auditable technical mandate.

01

Formal Definition of Competence

The accreditation scope is a juridically binding statement issued by a national accreditation body that explicitly lists the categories of high-risk AI systems a notified body is authorized to assess. It is not a general license but a granular specification of technical competence, detailing the exact conformity assessment activities, standards, and product categories covered. This document serves as the primary evidence of a notified body's qualification under the EU AI Act.

02

Strict Adherence to Harmonized Standards

An accreditation scope is inextricably linked to specific harmonized standards. A notified body is only competent to assess conformity against the standards explicitly listed in its scope. Key implications include:

  • Presumption of Conformity: Assessment against a listed standard provides a legal presumption of conformity with the AI Act's essential requirements.
  • No Implicit Extension: A body accredited for a general safety standard cannot automatically assess against a specialized AI fairness standard unless it is explicitly included.
  • Version Control: The scope must be updated when harmonized standards are revised, requiring re-assessment of the body's competence.
03

Product Category Specificity

The scope defines competence not just by standard, but by specific AI system categories. A notified body may be accredited for high-risk AI systems in medical devices but not for those in biometric identification. This categorization is critical because:

  • Domain Expertise: Assessing a surgical robot requires fundamentally different engineering and clinical knowledge than assessing an AI-driven recruitment tool.
  • Risk Profile Variance: The potential harms and required mitigation strategies differ vastly between categories, demanding specialized auditor expertise.
  • Regulatory Overlap: Many AI systems are components of regulated products (e.g., machinery, medical devices), requiring the notified body to also demonstrate competence in the relevant sectoral legislation.
04

Conformity Assessment Module Designation

The accreditation scope specifies which conformity assessment modules from the AI Act the notified body is authorized to execute. This is a critical procedural boundary. The scope will explicitly list authorization for:

  • Internal Control Review: Auditing the provider's own internal checks.
  • Type Examination: Assessing the technical design of a representative AI system.
  • Full Quality Assurance: Auditing the provider's entire quality management system for design, development, and post-market monitoring. A body authorized only for type examination cannot issue a certificate based on a full quality assurance audit.
05

Geographic and Legal Jurisdiction

The accreditation scope is issued by a single national accreditation body within an EU member state but operates under the principle of mutual recognition. This means a certificate issued by a notified body within its accredited scope is valid across the entire EU single market. However, the scope is tied to the legal entity of the notified body at a specific registered address; a subsidiary in another country requires its own separate accreditation, even if it is part of the same corporate group.

06

Dynamic Scope Maintenance and Surveillance

An accreditation scope is not a static certificate but a living document subject to continuous surveillance. The national accreditation body conducts regular audits—typically annually—to verify the notified body's ongoing competence. The scope can be:

  • Extended: Through a formal application and successful assessment for new standards or product categories.
  • Restricted: If surveillance identifies a loss of competence in a specific area.
  • Suspended or Withdrawn: Immediately, if a critical non-conformity is found, instantly invalidating the body's authority to issue certificates in that domain.
ACCREDITATION SCOPE

Frequently Asked Questions

Clarifying the boundaries and legal implications of a notified body's designated competence under the EU AI Act.

Accreditation scope is the formally defined and authorized boundary of technical competence within which a notified body is legally permitted to conduct conformity assessments for specific categories of high-risk AI systems. It is not a general license to certify any AI product. The scope precisely delineates the specific technologies, risk categories, and harmonized standards a body is qualified to evaluate. This ensures that a notified body assessing an AI-driven medical diagnostic tool, for example, is demonstrably competent in both medical device regulation and machine learning validation, preventing unqualified entities from issuing CE marking certifications.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.