Inferensys

Glossary

Notified Body

An independent third-party organization designated by an EU member state to conduct conformity assessments for high-risk AI systems requiring external oversight.
Risk analyst performing AI risk assessment on laptop, risk matrices visible, casual office risk session.
CONFORMITY ASSESSMENT

What is a Notified Body?

A Notified Body is an independent third-party organization designated by an EU member state to conduct mandatory conformity assessments for high-risk AI systems requiring external oversight before they receive CE marking.

A Notified Body is an independent conformity assessment organization officially designated by an EU member state to evaluate whether certain high-risk AI systems comply with the essential requirements of the EU AI Act. Unlike internal assessments performed by the provider, a Notified Body provides mandatory third-party scrutiny for systems involving critical safety components or biometric identification, ensuring impartial verification of the technical documentation file, quality management system, and risk mitigation measures before a product can be placed on the Union market.

The European Commission publishes and maintains the official list of designated Notified Bodies in the NANDO database, each assigned a unique identification number. These bodies must demonstrate technical competence, independence, and rigorous confidentiality protocols. Their assessment results in a EU-type examination certificate or approval of the provider's quality system, which is a prerequisite for drafting the declaration of conformity and affixing the CE marking. Ongoing surveillance audits by the Notified Body ensure continued compliance throughout the system's lifecycle.

CONFORMITY ASSESSMENT AUTHORITY

Core Characteristics of a Notified Body

A Notified Body is an independent third-party organization designated by an EU member state to conduct mandatory conformity assessments for high-risk AI systems. These entities serve as the critical gatekeepers ensuring that systems requiring external oversight meet the essential requirements of the EU AI Act before they receive CE marking.

01

Independence and Impartiality

A Notified Body must operate as a third-party entity completely separate from the AI system provider. It cannot have any direct involvement in the design, manufacture, or commercialization of the systems it assesses.

  • Must be free from commercial, financial, or other pressures that might influence judgment
  • Personnel cannot be remunerated based on assessment outcomes or volume
  • Strict conflict-of-interest policies govern all assessment activities
  • Cannot provide consultancy services to the same clients they assess
02

Designation and Notification Process

A conformity assessment body becomes a Notified Body only after a rigorous national designation procedure by an EU member state, followed by formal notification to the European Commission.

  • The member state's National Competent Authority evaluates competence against harmonized standards
  • The European Commission assigns a unique Notified Body identification number
  • The body is listed in the NANDO (New Approach Notified and Designated Organisations) database
  • Designation is scope-limited to specific categories of high-risk AI systems
03

Conformity Assessment Activities

Notified Bodies execute the third-party conformity assessment procedures mandated for high-risk AI systems that cannot be self-assessed by the provider alone.

  • Review the Technical Documentation File for completeness and accuracy
  • Audit the provider's Quality Management System for design and post-market processes
  • Verify that risk management and data governance procedures meet regulatory thresholds
  • Issue the EU-type examination certificate when compliance is confirmed
  • Conduct unannounced audits during the certificate validity period
04

Competence and Technical Expertise

Notified Bodies must possess in-house technical competence directly relevant to the AI systems they assess, including deep understanding of machine learning architectures and risk profiles.

  • Employ personnel with demonstrated expertise in algorithmic bias detection and model explainability
  • Maintain knowledge of state-of-the-art adversarial robustness evaluation techniques
  • Understand sector-specific requirements for domains like medical devices or critical infrastructure
  • Participate in standardization activities and Notified Body coordination groups
  • Continuously train staff on evolving AI technologies and threat landscapes
05

Post-Certification Surveillance

The Notified Body's responsibility extends beyond initial certification to ongoing oversight throughout the validity period of the EU-type examination certificate.

  • Conduct periodic surveillance audits to verify continued compliance
  • Review Post-Market Monitoring data submitted by the provider
  • Assess whether Substantial Modifications to the AI system require a new conformity assessment
  • Have authority to suspend or withdraw certificates if non-compliance is discovered
  • Coordinate with National Competent Authorities on serious incident investigations
06

Cross-Border Recognition

A conformity assessment certificate issued by a Notified Body in one EU member state is valid across the entire European Union market through the principle of mutual recognition.

  • Eliminates the need for duplicate assessments in each member state
  • Enables the CE Marking to serve as a single regulatory passport
  • Requires Notified Bodies to participate in coordination groups to ensure harmonized interpretation
  • Facilitates the Cross-Border Registration of high-risk AI systems in the EU database
NOTIFIED BODY OVERSIGHT

Frequently Asked Questions

Clarifying the role, selection, and operational mechanics of independent third-party assessors under the EU AI Act for high-risk system conformity.

A Notified Body is an independent third-party organization officially designated by an EU member state to conduct conformity assessments on high-risk AI systems that require external oversight. Unlike a provider's internal checks, a Notified Body performs an objective audit of the technical documentation, quality management system, and design to verify compliance with the essential requirements of the AI Act. These entities are the gatekeepers for systems where self-assessment is insufficient, ensuring that algorithms impacting safety or fundamental rights are rigorously vetted before receiving a CE marking. They operate under strict impartiality and confidentiality obligations, reporting directly to the notifying national authority.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.