Pre-market authorization is a legally binding clearance process distinct from self-assessment, where an independent Notified Body conducts a rigorous conformity assessment to verify that a high-risk AI system meets the essential requirements of the EU AI Act. This external validation is mandatory for specific categories of high-risk systems, such as biometric identification, where the potential for harm to fundamental rights is deemed too significant for provider self-certification alone. The authorization confirms that the system's design, risk management, and technical documentation satisfy harmonized standards.
Glossary
Pre-Market Authorization

What is Pre-Market Authorization?
Pre-market authorization is the mandatory regulatory gate requiring explicit approval from a Notified Body or competent authority before a high-risk AI system can be registered and placed on the Union market.
Upon successful completion, the Notified Body issues a certificate of conformity, which is a prerequisite for affixing the CE marking and submitting the system's unique registration ID to the EU database. Without this explicit pre-market authorization, the AI system cannot legally be placed on the market or put into service within the Union. The process also establishes a baseline for ongoing post-market monitoring, ensuring that any substantial modification triggers a new authorization cycle to maintain regulatory validity.
Core Characteristics of Pre-Market Authorization
Pre-market authorization is the mandatory regulatory gate requiring explicit approval from a Notified Body or competent authority before a high-risk AI system can be registered and placed on the Union market. The following characteristics define its operational and legal framework.
Frequently Asked Questions
Clarifying the regulatory gate that requires explicit approval from a Notified Body or competent authority before a high-risk AI system can be registered and placed on the Union market.
Pre-Market Authorization is the mandatory regulatory gate requiring an independent Notified Body to issue explicit approval before a high-risk AI system can be affixed with a CE Marking and registered in the EU AI Act Database. It is a binding conformity assessment process that verifies the system meets all essential health, safety, and fundamental rights requirements defined in the regulation. Unlike self-assessment, where the provider internally verifies compliance, pre-market authorization involves a third-party audit of the Technical Documentation File, the Quality Management System, and the algorithmic design. This mechanism is reserved for specific categories of high-risk systems, such as certain biometric identification technologies or safety components for critical infrastructure, where the potential for harm is deemed too significant for self-declaration alone.
Pre-Market Authorization vs. Self-Assessment
Comparison of regulatory approval routes for high-risk AI systems under the EU AI Act
| Feature | Pre-Market Authorization | Self-Assessment | Regulatory Sandbox |
|---|---|---|---|
Assessor | Notified Body (third-party) | Provider (internal) | National Competent Authority |
Applicable Standards | Harmonized standards with external audit | Harmonized standards with internal review | Modified or waived requirements |
Documentation Burden | Full Technical Documentation File | Full Technical Documentation File | Abbreviated submission |
CE Marking Authority | Notified Body approval required | Provider self-declares | Conditional or temporary marking |
Typical Duration | 6-18 months | 3-6 months | Variable by sandbox terms |
Quality Management System | Certified by Notified Body | Internally audited | Provisional acceptance |
Post-Market Obligations | Full monitoring and incident reporting | Full monitoring and incident reporting | Enhanced monitoring with exit report |
Registration Prerequisite | Conformity certificate | Declaration of Conformity | Sandbox notification |
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Pre-market authorization is a critical gate within a broader regulatory framework. These interconnected concepts define the actors, artifacts, and processes required to achieve and maintain market access for high-risk AI systems.
Conformity Assessment
The mandatory verification process demonstrating that a high-risk AI system meets the essential requirements of the EU AI Act. This is the technical prerequisite for authorization.
- Internal Control: Provider self-assesses when applying harmonized standards.
- Third-Party Audit: Required when standards are not fully applied, involving a Notified Body.
- Outcome: Generates the evidence base for the Declaration of Conformity.
Notified Body
An independent, accredited third-party organization designated by an EU member state to conduct conformity assessments for high-risk AI systems. Their involvement is mandatory when a provider cannot rely solely on harmonized standards for self-assessment.
- Role: Audits the Quality Management System and Technical Documentation File.
- Output: Issues the EU-type examination certificate required for authorization.
Technical Documentation File
The comprehensive dossier that forms the core evidentiary submission for pre-market authorization. It must be compiled before the conformity assessment begins.
- Contents: System architecture, design specifications, risk management details, and Training Data Provenance Record.
- Requirement: Must demonstrate compliance with all relevant essential requirements of the EU AI Act.
- Format: Submitted to the EU AI Act Database upon registration.
Declaration of Conformity
A legally binding document signed by the provider asserting that a high-risk AI system satisfies all applicable regulatory requirements. It is the final administrative step before CE Marking can be affixed.
- Liability: The provider assumes full legal responsibility for the system's compliance.
- Content: Must reference the specific legislative acts complied with and, if applicable, the Notified Body certificate.
- Registration: A copy must be submitted to the EU AI Act Database.
CE Marking
The physical or digital mark affixed to a high-risk AI system indicating its successful passage through pre-market authorization. It serves as a visible regulatory passport for free movement within the Union market.
- Prerequisites: Completion of Conformity Assessment and signing of the Declaration of Conformity.
- Significance: Indicates compliance with all applicable EU harmonization legislation, not just the AI Act.
- Affixation: Must be visible, legible, and indelible before the product is placed on the market.
Substantial Modification
A change to an AI system's Intended Purpose Declaration or performance characteristics that fundamentally alters its risk profile. This event invalidates the original authorization and triggers a new conformity assessment.
- Triggers: Changes to the operational context, user base, or core algorithmic logic.
- Obligation: The modified system is treated as a new system under the law, requiring re-registration in the EU AI Act Database.
- Responsibility: Falls on the entity making the modification, who may become the new legal provider.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us