A Notified Body is an independent conformity assessment organization officially designated by an EU member state to evaluate whether certain high-risk AI systems comply with the essential requirements of the EU AI Act. Unlike internal assessments performed by the provider, a Notified Body provides mandatory third-party scrutiny for systems involving critical safety components or biometric identification, ensuring impartial verification of the technical documentation file, quality management system, and risk mitigation measures before a product can be placed on the Union market.
Glossary
Notified Body

What is a Notified Body?
A Notified Body is an independent third-party organization designated by an EU member state to conduct mandatory conformity assessments for high-risk AI systems requiring external oversight before they receive CE marking.
The European Commission publishes and maintains the official list of designated Notified Bodies in the NANDO database, each assigned a unique identification number. These bodies must demonstrate technical competence, independence, and rigorous confidentiality protocols. Their assessment results in a EU-type examination certificate or approval of the provider's quality system, which is a prerequisite for drafting the declaration of conformity and affixing the CE marking. Ongoing surveillance audits by the Notified Body ensure continued compliance throughout the system's lifecycle.
Core Characteristics of a Notified Body
A Notified Body is an independent third-party organization designated by an EU member state to conduct mandatory conformity assessments for high-risk AI systems. These entities serve as the critical gatekeepers ensuring that systems requiring external oversight meet the essential requirements of the EU AI Act before they receive CE marking.
Independence and Impartiality
A Notified Body must operate as a third-party entity completely separate from the AI system provider. It cannot have any direct involvement in the design, manufacture, or commercialization of the systems it assesses.
- Must be free from commercial, financial, or other pressures that might influence judgment
- Personnel cannot be remunerated based on assessment outcomes or volume
- Strict conflict-of-interest policies govern all assessment activities
- Cannot provide consultancy services to the same clients they assess
Designation and Notification Process
A conformity assessment body becomes a Notified Body only after a rigorous national designation procedure by an EU member state, followed by formal notification to the European Commission.
- The member state's National Competent Authority evaluates competence against harmonized standards
- The European Commission assigns a unique Notified Body identification number
- The body is listed in the NANDO (New Approach Notified and Designated Organisations) database
- Designation is scope-limited to specific categories of high-risk AI systems
Conformity Assessment Activities
Notified Bodies execute the third-party conformity assessment procedures mandated for high-risk AI systems that cannot be self-assessed by the provider alone.
- Review the Technical Documentation File for completeness and accuracy
- Audit the provider's Quality Management System for design and post-market processes
- Verify that risk management and data governance procedures meet regulatory thresholds
- Issue the EU-type examination certificate when compliance is confirmed
- Conduct unannounced audits during the certificate validity period
Competence and Technical Expertise
Notified Bodies must possess in-house technical competence directly relevant to the AI systems they assess, including deep understanding of machine learning architectures and risk profiles.
- Employ personnel with demonstrated expertise in algorithmic bias detection and model explainability
- Maintain knowledge of state-of-the-art adversarial robustness evaluation techniques
- Understand sector-specific requirements for domains like medical devices or critical infrastructure
- Participate in standardization activities and Notified Body coordination groups
- Continuously train staff on evolving AI technologies and threat landscapes
Post-Certification Surveillance
The Notified Body's responsibility extends beyond initial certification to ongoing oversight throughout the validity period of the EU-type examination certificate.
- Conduct periodic surveillance audits to verify continued compliance
- Review Post-Market Monitoring data submitted by the provider
- Assess whether Substantial Modifications to the AI system require a new conformity assessment
- Have authority to suspend or withdraw certificates if non-compliance is discovered
- Coordinate with National Competent Authorities on serious incident investigations
Cross-Border Recognition
A conformity assessment certificate issued by a Notified Body in one EU member state is valid across the entire European Union market through the principle of mutual recognition.
- Eliminates the need for duplicate assessments in each member state
- Enables the CE Marking to serve as a single regulatory passport
- Requires Notified Bodies to participate in coordination groups to ensure harmonized interpretation
- Facilitates the Cross-Border Registration of high-risk AI systems in the EU database
Frequently Asked Questions
Clarifying the role, selection, and operational mechanics of independent third-party assessors under the EU AI Act for high-risk system conformity.
A Notified Body is an independent third-party organization officially designated by an EU member state to conduct conformity assessments on high-risk AI systems that require external oversight. Unlike a provider's internal checks, a Notified Body performs an objective audit of the technical documentation, quality management system, and design to verify compliance with the essential requirements of the AI Act. These entities are the gatekeepers for systems where self-assessment is insufficient, ensuring that algorithms impacting safety or fundamental rights are rigorously vetted before receiving a CE marking. They operate under strict impartiality and confidentiality obligations, reporting directly to the notifying national authority.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Understanding the role of a Notified Body requires mapping its relationship to the regulatory actors, processes, and artifacts within the EU AI Act's compliance framework.
Conformity Assessment
The mandatory verification process by which a provider demonstrates that a high-risk AI system meets the essential requirements of the EU AI Act. For systems requiring third-party oversight, this assessment is performed by a Notified Body rather than through internal self-assessment. The process involves auditing the Quality Management System, reviewing the Technical Documentation File, and verifying the system's compliance with Harmonized Standards before a Declaration of Conformity can be signed.
National Competent Authority
The designated public authority within an EU member state responsible for supervising the implementation and enforcement of AI regulations. This entity is distinct from a Notified Body but plays a critical role in the ecosystem:
- Designation: Nominates and monitors the Notified Bodies within its jurisdiction.
- Enforcement: Receives Incident Reporting Linkage data and can issue a Registration Suspension.
- Oversight: Acts as the ultimate backstop for market surveillance, ensuring Notified Bodies perform their duties rigorously.
Technical Documentation File
The comprehensive dossier that a provider must submit to a Notified Body for a conformity assessment. This is not merely a formality; it is the primary artifact under audit. The file must contain:
- System Architecture: Detailed design and algorithmic specifications.
- Risk Management: Documentation of risk mitigation and Residual Risk Disclosure.
- Data Provenance: A complete Training Data Provenance Record.
- Model Transparency: A Model Card Submission detailing evaluation results and limitations. The Notified Body verifies the completeness and accuracy of this file against regulatory requirements.
Pre-Market Authorization
The regulatory gate requiring explicit approval from a Notified Body before a high-risk AI system can be registered and placed on the Union market. This is the direct output of a successful conformity assessment. Without a positive certificate from the Notified Body, the provider cannot affix the CE Marking or complete the registration in the EU AI Act Database. This gate is mandatory for systems listed in Annex III that are not covered by a Harmonized Standard or for which the provider has not fully applied the standard.
Harmonized Standard
A European technical specification adopted by a recognized standards body (such as CEN/CENELEC) that provides a presumption of conformity with the EU AI Act's essential requirements. The relationship with a Notified Body is critical:
- Full Application: If a provider fully applies a Harmonized Standard, they may be able to self-assess, bypassing the Notified Body for those specific requirements.
- Partial or No Application: If a provider deviates from or does not use a Harmonized Standard, the involvement of a Notified Body becomes mandatory to verify that the alternative solutions meet the legal requirements.
- Audit Scope: The Notified Body's audit focuses intensely on any gaps where Harmonized Standards were not applied.
Substantial Modification
A change to an AI system's intended purpose or performance characteristics that triggers a new conformity assessment obligation. For systems originally certified by a Notified Body, this is a critical trigger point:
- Re-Assessment: The provider must return to the Notified Body for a new review of the modified system.
- Change Scope: Modifications that alter the Intended Purpose Declaration or significantly change the algorithmic logic invalidate the original certificate.
- Continuous Oversight: Notified Bodies may be involved in reviewing the provider's Post-Market Monitoring data to identify if a modification has occurred in practice.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us