A Notified Body is a third-party conformity assessment organization officially designated by an EU member state to evaluate whether high-risk AI systems comply with the essential requirements of the EU AI Act. These bodies possess the technical competence and independence to audit a provider's risk management system, technical documentation, and quality management system, ensuring the algorithm meets harmonized standards for safety and fundamental rights before market placement.
Glossary
Notified Body

What is a Notified Body?
A Notified Body is an independent, accredited organization designated by an EU member state to conduct mandatory third-party conformity assessments of high-risk AI systems before they can receive CE marking and enter the European market.
The specific tasks a Notified Body can perform are strictly limited by its accreditation scope, which defines the categories of AI systems it is authorized to assess. If a high-risk system undergoes a substantial modification, the provider must return to the Notified Body for a new conformity assessment. The body's decision is the gatekeeper for affixing the CE marking, serving as the definitive regulatory validation that the AI system is fit for the European market.
Core Characteristics of a Notified Body
A notified body is a third-party conformity assessment organization designated by an EU member state to evaluate whether high-risk AI systems meet the essential requirements of the AI Act before they can receive CE marking and enter the European market.
Legal Designation and Competence
A notified body is not a self-appointed consultant but a legally designated entity. An EU member state's notifying authority formally assesses and designates the organization, then notifies the European Commission and other member states of its status.
- Must demonstrate technical competence and impartiality for specific AI categories
- Listed in the NANDO (New Approach Notified and Designated Organisations) database
- Operates under the legal jurisdiction of its designating member state
Independence and Impartiality
The cornerstone of a notified body's credibility is its structural separation from the AI provider. It must be a third party free from any influence that could affect its technical judgment.
- Cannot be the designer, manufacturer, or deployer of the AI system it assesses
- Personnel must not engage in activities conflicting with their assessment objectivity
- Financial independence from the commercial success of the assessed product is mandatory
Conformity Assessment Execution
The notified body performs the mandatory third-party assessment for high-risk AI systems, verifying compliance with the EU AI Act's essential requirements. This is the gatekeeping function before CE marking.
- Audits the provider's quality management system and technical documentation
- Evaluates the risk management system for completeness and effectiveness
- May conduct product testing or require specific performance demonstrations
Accreditation Scope and Boundaries
A notified body is not authorized to assess all AI systems. Its accreditation scope strictly defines the categories of high-risk AI products it is competent to evaluate, based on its demonstrated technical expertise and resources.
- Scope is formally defined in the designation notification
- Covers specific AI technologies (e.g., biometrics, medical devices, safety components)
- Operating outside the defined scope invalidates the conformity assessment
Ongoing Surveillance Obligations
The notified body's responsibility extends beyond the initial certification. It must conduct periodic audits and surveillance to ensure the AI system continues to comply with regulatory requirements throughout its lifecycle.
- Verifies the provider's post-market monitoring system is functioning
- Assesses substantial modifications to determine if re-certification is needed
- Can suspend or withdraw certificates if non-compliance is identified
Liability and Competent Personnel
The notified body must maintain professional indemnity insurance and employ personnel with the specialized knowledge to evaluate complex AI systems. Assessors must understand both the underlying technology and the applicable legal framework.
- Staff must possess deep knowledge of machine learning, data governance, and bias detection
- Must understand the intersection of AI functionality and fundamental rights
- Required to maintain confidentiality of all proprietary information obtained during assessment
Frequently Asked Questions
Clear answers to the most common questions about the role, responsibilities, and operational mechanics of Notified Bodies under the EU AI Act.
A Notified Body is an independent, third-party organization officially designated by an EU member state to conduct conformity assessments of high-risk AI systems before they can be placed on the market. These bodies are the gatekeepers of the CE marking process, verifying that a provider's technical documentation, quality management system, and risk mitigation strategies meet the essential requirements of the AI Act. They are not government agencies but accredited private entities with demonstrated technical competence, impartiality, and the capacity to audit complex algorithmic systems. Their assessment results in a certificate that is a prerequisite for affixing the CE mark and legally commercializing the AI system within the European Union.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Understanding the role of a Notified Body requires context within the broader EU AI Act conformity framework. These interconnected concepts define the regulatory pathway for high-risk systems.
Conformity Assessment
The mandatory verification process by which a provider demonstrates that a high-risk AI system meets all applicable regulatory requirements prior to market placement. This is the core activity performed by a Notified Body. The assessment involves auditing the technical documentation, quality management system, and the system's compliance with essential requirements. Successful completion is a prerequisite for CE marking.
CE Marking
A physical or digital mark affixed to an AI system indicating the manufacturer's declaration that the product complies with all applicable EU harmonization legislation, including the AI Act. For many high-risk systems, the CE marking cannot be affixed without a certificate issued by a Notified Body. It serves as a passport for the free movement of goods within the European Economic Area.
Accreditation Scope
The formally defined and authorized boundaries of technical competence within which a Notified Body is permitted to conduct conformity assessments. A body is not authorized to assess all AI systems; its scope is strictly limited to specific categories of high-risk AI systems (e.g., biometrics, medical devices). Providers must verify that a body's scope matches their system's classification.
Harmonized Standards
European technical specifications adopted by recognized standards bodies (CEN/CENELEC) that provide a presumption of conformity with the AI Act's essential requirements. When a provider designs a system in full compliance with these standards, the Notified Body's assessment is streamlined, as compliance with the standard is accepted as proof of meeting the corresponding legal obligations.
Technical Documentation
The comprehensive dossier a provider must compile and submit to the Notified Body. It must contain detailed information on the system's design, development, and performance, including:
- Intended purpose and foreseeable misuse
- System architecture and design specifications
- Training data provenance and governance
- Risk management system outputs
- Accuracy, robustness, and cybersecurity metrics
Quality Management System
A formalized, documented organizational structure of policies, processes, and procedures required for providers. The Notified Body audits this system to ensure the manufacturer can consistently design, develop, and maintain compliant high-risk AI systems. The audit covers strategy, design control, technical specifications, and post-market monitoring procedures.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us