Conformity Assessment
Conformity assessment is the formal process of demonstrating that a high-risk AI system meets the requirements of the EU AI Act before being placed on the market or put into service.
What is Conformity Assessment?
Conformity assessment for high-risk AI involves technical documentation (Annex IV), risk management, data and data governance evidence, testing records, human-oversight design, accuracy and robustness measurement, cybersecurity controls, and a quality management system. Most high-risk systems can self-assess; some require notified body involvement. The output is a CE marking and an EU declaration of conformity.
How does Conformity Assessment apply to enterprise AI?
Enterprises building or procuring high-risk AI need a conformity assessment plan from day one. The artefacts overlap heavily with ISO 42001 and ISO 27001 evidence and can be produced once and reused.
Related terms
- EU AI Act - The EU AI Act (Regulation (EU) 2024/1689) is the European Union's horizontal regulation for AI, classifying systems by risk and imposing obligations on providers, deployers, importers, and distributors.
- ISO 42001 - ISO/IEC 42001 is the international standard for AI management systems, specifying requirements for establishing, implementing, maintaining, and continually improving an AI governance programme.
- AI Risk Management - AI risk management is the discipline of identifying, assessing, mitigating, and monitoring the harms an AI system can cause across its lifecycle.
- TRACE Methodology - TRACE is Impetora's four-pillar methodology for delivering enterprise AI in regulated industries: Trust, Readiness, Architecture, Citations.
External references
Need help applying Conformity Assessment to your enterprise? Submit a short brief and we reply within one business day.