EU AI Act Article 43: Conformity Assessment for High-Risk AI Systems

Article 43 of Regulation (EU) 2024/1689 sets the gate between development and market. Before a high-risk AI system can be placed on the EU market or put into service, its provider must complete a conformity assessment — the formal procedure demonstrating that the system meets all Chapter III Section 2 requirements. Pass it, and you can issue the EU Declaration of Conformity (Article 47), affix the CE marking (Article 48), and register the system in the EU database (Article 49). Fail to do it, and the fine ceiling is €15 million or 3% of worldwide annual turnover, whichever is higher (Article 99).

Under the Digital Omnibus agreed in May 2026, the deadline for stand-alone high-risk AI systems (Annex III) is 2 December 2027. For high-risk AI embedded in regulated products under Annex I — AI safety components in machinery, medical devices, radio equipment — the deadline is 2 August 2028. The original 2 August 2026 date has been deferred; the obligations themselves have not changed.

This guide explains which assessment route applies to your system, what Annex VI (internal control) and Annex VII (notified body) each require, what the QMS and technical documentation must contain, how a substantial modification resets the assessment, and what the post-assessment steps look like in practice.

---

What Article 43 Conformity Assessment Actually Is

Conformity assessment is the EU's mandatory pre-market proof procedure. It is not an audit of your data protection posture, not a product liability exercise, and not the Fundamental Rights Impact Assessment (FRIA) that certain deployers run under Article 27. It is specifically the procedure by which a provider demonstrates — before going to market — that a high-risk AI system meets the technical requirements in Chapter III Section 2: the risk management system (Article 9), data governance (Article 10), technical documentation (Article 11), logging (Article 12), transparency to deployers (Article 13), human oversight (Article 14), and accuracy/robustness/cybersecurity (Article 15).

Article 43 does not stand alone. It sits at the end of the compliance stack — you cannot complete it until your Article 9 risk management system, Article 11 technical documentation, and Article 17 quality management system (QMS) are properly in place. Think of it as the final assembly check, not the build process itself.

Keep these distinctions clear:

• Article 27 (FRIA) — a Fundamental Rights Impact Assessment run by certain deployers before operational use. Not a provider obligation. Not conformity assessment.
• Article 72 (post-market monitoring) — an ongoing obligation that starts after market placement and runs throughout the system's operational life. Conformity assessment is a pre-market snapshot; Article 72 is what keeps it current.
• Article 9 (risk management system) — a continuous iterative process that feeds into the conformity assessment evidence but continues indefinitely beyond it.

---

The Two Assessment Routes: Annex VI and Annex VII

Article 43 prescribes exactly two routes. Which one applies depends on the system's Annex III category and — for biometric systems — whether harmonised standards or common specifications covering the Chapter III Section 2 requirements have been applied.

Annex VI — Internal Control (Self-Assessment)

For most Annex III high-risk AI systems — points 2 through 8, covering education and vocational training, employment, access to essential services, law enforcement, migration, and administration of justice — the provider conducts the assessment itself. No notified body is involved.

Under Annex VI, the provider verifies its own system against the Chapter III Section 2 requirements, confirms that the Article 11 / Annex IV technical documentation is complete, and checks that the Article 17 QMS covers the full development and post-market lifecycle. The provider then draws up the EU Declaration of Conformity and keeps the technical file and declaration for ten years.

Self-assessment does not mean light-touch. The documentation must be detailed enough that a market surveillance authority reviewing it could verify every conformity claim. "We tested for bias" is not sufficient. "We tested for gender and age bias in training data using method X against threshold Y, with results logged in version-controlled records at path Z" is.

Annex VII — Assessment by a Notified Body

A notified body — an independent third-party organisation designated by an EU Member State under Articles 31 to 39 — assesses both the QMS and the technical documentation. This is mandatory in two situations.

First: Annex III point 1 biometrics, where harmonised standards have not been fully applied.

Annex III point 1 covers biometric identification, biometric categorisation, and emotion recognition systems. The route depends on whether the provider has applied harmonised standards (or Commission-issued common specifications under Article 41) that cover all the Chapter III Section 2 requirements:

• If the provider has applied them in full: it may choose either Annex VI (internal control) or Annex VII (notified body). Both routes are available.
• If it has not applied them, applied them only partially, or no such standards yet exist: it must use Annex VII. Internal control is not an option.

This is the most commonly misunderstood route-selection rule. A biometrics provider who has fully applied relevant harmonised standards has a genuine choice. One operating without those standards — which currently describes most providers, since EU AI Act harmonised standards are still in development — has no choice: Annex VII is mandatory.

Second: high-risk AI systems that are safety components of Annex I products.

When AI is embedded as a safety component in a product covered by EU harmonisation legislation listed in Annex I — machinery (Regulation (EU) 2023/1230), medical devices (Regulation (EU) 2017/745), radio equipment, lifts, pressure vessels, and others — the conformity assessment follows the applicable product legislation. The Chapter III Section 2 AI requirements fold into that procedure. For most Annex I product sectors, the sectoral legislation already mandates a notified body, so the AI conformity requirements effectively ride on that existing obligation.

Under Annex VII the notified body reviews both the QMS and the technical documentation, may conduct on-site inspections of development processes and testing infrastructure, and issues an assessment certificate if conformity is confirmed.

Cost and lead time: Annex VII assessments typically cost €8,000–€25,000 depending on system complexity and audit scope. From initial submission to certificate, allow 12–20 weeks — longer if the notified body requests supplemental documentation. Engage early; notified body capacity ahead of the December 2027 deadline will be constrained.

---

Route-Selection at a Glance

---

What the Assessment Must Cover

Regardless of route, the assessment demonstrates conformity with Chapter III Section 2. The requirements are:

• Article 9 — Risk management system. A continuous iterative process: identify and analyse known and reasonably foreseeable risks to health, safety, and fundamental rights; estimate risks from intended use and reasonably foreseeable misuse; adopt suitable mitigation measures; update when post-market data reveals new risks.
• Article 10 — Data and data governance. Training, validation, and test datasets must be relevant, representative, sufficiently free from errors, and assessed for biases that could cause harm or discriminatory outcomes, having regard to the system's intended purpose.
• Article 11 + Annex IV — Technical documentation. The complete technical file: system description, design and development process, performance metrics, risk management records, human oversight measures, post-market monitoring plan. Seven mandatory sections, discussed below.
• Article 12 — Record-keeping. Automatic logging of events throughout the operational lifetime.
• Article 13 — Transparency to deployers. Instructions for use enabling deployers to use the system correctly, understand its capabilities and limitations, and exercise appropriate human oversight.
• Article 14 — Human oversight. Measures enabling human operators to monitor, understand, and where necessary intervene or override the system.
• Article 15 — Accuracy, robustness, cybersecurity. Declared accuracy metrics, resilience to errors and inconsistencies, and protection against adversarial interference and data poisoning.

The QMS (Article 17) is the organisational backbone. It does not appear as a separate assessment output, but a missing or hollow QMS surfaces as evidentiary gaps across all of the above.

---

Technical Documentation Under Article 11 and Annex IV

The technical file is the evidentiary core of any conformity assessment. Annex IV specifies its mandatory content. There are seven required sections:

1. System description. The intended purpose, the specific tasks the system performs, the deployment context, the reasonably foreseeable misuse scenarios, and any limitations the provider is aware of.

2. Training, validation, and test data. Dataset composition, labelling methodology, the procedures used to check for representativeness and errors, and the bias assessment conducted under Article 10. This section must be traceable: if an auditor asks which version of the training data produced which model checkpoint, your records must answer that.

3. Design and model architecture. System architecture, algorithms, key design choices, and the reasoning behind them. For providers using third-party model components, this includes what you know about those components and the assessment of risks they introduce.

4. Performance metrics. Accuracy, precision, recall (as relevant to the use case), robustness thresholds, results of adversarial testing, and how performance varies across relevant sub-populations. Bare headline accuracy figures are insufficient — regulators will look at disaggregated performance.

5. Risk management records. The output of the Article 9 process: hazard identification, risk estimation, evaluation, and the mitigation controls adopted. Residual risks and the rationale for accepting them.

6. Human oversight measures. How the system communicates confidence and uncertainty to operators, what override mechanisms exist, how operators are trained, and what audit trails the system generates to support ex-post review.

7. Post-market monitoring plan. The Article 72 plan: data collection methodology, performance monitoring thresholds, incident identification triggers, and the feedback loop into the Article 9 risk management system.

The documentation must be maintained for ten years after the system is placed on the market. When a market surveillance authority requests it during inspection or in response to a complaint, the provider must produce it without delay. Generic templates not tailored to the specific system will not survive scrutiny.

---

Quality Management System (Article 17)

The QMS is the procedural foundation that makes conformity assessment defensible over time, not just at the point of initial assessment. Article 17 requires providers of high-risk AI systems to establish, implement, document, and maintain a QMS covering the full lifecycle.

The QMS must cover, at minimum:

• Development procedures. How design choices are documented, reviewed, and approved. Version control for datasets and model checkpoints.
• Data governance. Who authorises training data use, how bias testing is logged, what triggers retraining, and how dataset versioning is maintained.
• Verification and validation. Defined test suites with documented pass/fail criteria. Records of each test run — not just pass/fail summaries, but the underlying results.
• Change management. How proposed modifications are assessed for whether they constitute a substantial modification under Article 43(4), and what approval process applies.
• Post-market monitoring. How operational data is collected, how incidents are classified, and how findings feed back into the risk management system and the technical documentation.
• Incident response. Procedures for detecting, escalating, investigating, and resolving failures in production. Documentation of corrective actions.

The distinction that matters for enforcement: a QMS that describes what should happen is a policy document. A QMS that records what actually happened — test logs, dataset approval records, incident investigations — is evidence. Notified bodies and market surveillance authorities will ask for both and will cross-check them.

For Annex VI (self-assessment) systems, the QMS serves as the internal check on conformity. For Annex VII (notified body) systems, the notified body reviews the QMS as part of the assessment.

---

The Notified Body Assessment Process (Annex VII)

For providers required to use Annex VII — biometric systems without fully applied harmonised standards, and safety components of Annex I products — the process runs roughly as follows.

Step 1: Pre-engagement and scope verification. Before submitting documentation, verify in the NANDO database (nando.ec.europa.eu) that the body is designated for AI conformity assessment and that its scope covers your system type. Confirm the body's current queue length and request a pre-assessment consultation if offered — many bodies will review a summary of your QMS and technical file to identify obvious gaps before the formal submission clock starts.

Step 2: Documentation submission. You submit the full Annex IV technical documentation package, the Article 9 risk management report, Article 10 data governance records, Article 17 QMS documentation, and evidence of Article 15 robustness and cybersecurity testing. Incomplete submissions are common; the most frequent gap is training data provenance records that cannot be traced to source for earlier dataset versions.

Step 3: Desk review. The notified body conducts a desk review of the documentation, typically over four to eight weeks. It checks conformity with each Chapter III Section 2 requirement and identifies any gaps requiring supplemental information or remediation.

Step 4: On-site audit (where required). For complex systems or where documentation review raises questions, the notified body may conduct an on-site audit of your development environment, version control systems, testing infrastructure, and QMS processes. On-site audits typically last two to five days.

Step 5: Certificate issuance. If the assessment is successful, the notified body issues a conformity assessment certificate. Once you have the certificate, you draw up the Article 47 Declaration of Conformity and affix the CE marking. The certificate is valid for three years and is renewable; the body monitors your QMS during the certificate period and may conduct periodic reassessments.

Step 6: Registration. Before placing the system on the market, you register it in the EU database under Article 49.

---

Substantial Modification Resets the Assessment

A fresh conformity assessment is required whenever a high-risk AI system undergoes a substantial modification (Article 43(4)). A substantial modification is one that was not anticipated in the original assessment and affects conformity with Chapter III Section 2 requirements, or changes the intended purpose in a way that triggers a new or different high-risk classification.

What typically counts: retraining on a materially different dataset that alters the population the model serves; adding a use case that falls within a different Annex III point; changing the decision logic in ways that affect accuracy or bias characteristics; modifying human oversight mechanisms so as to reduce their effectiveness.

What typically does not count: routine security patches that do not alter model behaviour; bug fixes that restore documented performance; incremental accuracy improvements within the same use case and within the tolerances documented in the original technical file.

If uncertain, document the modification assessment and your conclusion. If a notified body issued the original certificate, notify the body of significant changes — it determines whether a new assessment is needed.

---

After a Successful Assessment: Three Follow-On Steps

1. EU Declaration of Conformity (Article 47)

The provider draws up a written declaration identifying the system by commercial name, model, and version; stating which conformity assessment procedure was used; referencing the technical documentation; identifying the notified body if one was involved; declaring conformity with the applicable Chapter III Section 2 requirements; and carrying the provider's legal name, address, and authorised signature. Keep the declaration for ten years. Produce it for authorities on request.

2. CE Marking (Article 48)

Affix the CE mark to the system — or, for software-only systems where physical marking is not practicable, to the user interface, packaging, or accompanying documentation. Affixing the mark without a valid completed assessment is a breach. So is failing to affix it after a valid one.

3. Registration in the EU Database (Article 49)

Before placing the system on the market, register it in the EU database for high-risk AI systems. This is an Article 49 obligation — not Article 51, which concerns GPAI model classification. The registration record must be kept current; updates are required when information changes materially.

---

Worked Example: An HR-Tech Provider on the Self-Assessment Route

A 35-person company based in Tallinn provides a resume-screening tool used by employers across Germany, France, and the Netherlands. The tool ranks candidates against job criteria. That falls within Annex III point 4 (employment, workers management, access to self-employment), placing it firmly in the high-risk tier.

The applicable route is Annex VI — internal control. Annex III point 4 is not biometrics; there is no notified body requirement.

What the assessment looks like:

The compliance lead compiles the Article 11 / Annex IV technical file. System description: candidate ranking for open roles; intended for use by human hiring managers who retain final decision authority. Training data: five labelled CV datasets, with demographic bias testing for gender, age, and nationality conducted at each training cycle; test results retained by dataset version. Model architecture: gradient-boosted ranker with fairness constraint penalising rank disparity by protected attribute. Performance metrics: recall@10 benchmarked by demographic group, with defined threshold below which the model is retrained. Article 9 risk management: primary risk identified as systematic underranking of underrepresented candidates; mitigation is the fairness constraint plus monthly disparity monitoring post-deployment. Article 14 human oversight: hiring manager makes final decision; the interface surfaces the model's confidence score and flags when a recommendation would produce a significant demographic disparity relative to the candidate pool. Post-market monitoring plan: monthly recall@10 by demographic group; any decline exceeding 3% triggers root-cause analysis.

The Article 17 QMS documentation covers the approval workflow for dataset updates, the test suite (unit, integration, and fairness tests run before any release), the change management process, and the incident response procedure.

Once the technical file is assembled and the QMS records are in order, the compliance lead draws up and signs the Article 47 Declaration of Conformity, affixes the CE mark to the product documentation, and registers the system under Article 49.

Target: complete well before 2 December 2027. Realistic lead time from starting documentation to completed assessment: six to ten weeks. The main bottleneck was assembling bias-testing records for historical dataset versions that pre-dated the current version-control discipline.

Confir's AIRC and AITR assessments structure this process — mapping directly to the Article 11 / Annex IV requirements, collecting evidence control by control, and generating the technical documentation pack and Article 47 Declaration of Conformity as outputs.

---

Common Mistakes and How to Avoid Them

Treating Annex IV as a template to fill in, not evidence to assemble. A notified body or market surveillance authority will check whether your documented controls match the specific risks your system poses. Generic language about "bias testing" without methodology, results, or version references will not pass.

Assuming biometrics always needs a notified body. That is incorrect. If you have fully applied harmonised standards covering the Chapter III Section 2 requirements, you may choose Annex VI. Check what standards exist and what they cover before assuming Annex VII is unavoidable.

Assuming Annex III points 2–8 never needs a notified body. Also incorrect — the other direction. For systems in points 2–8, Annex VI is the correct route regardless of whether harmonised standards exist. No notified body is required.

Conflating conformity assessment with the FRIA. Article 27 is a deployer's obligation run before operational use. Article 43 is a provider's obligation run before market placement. They cover different actors at different stages for different purposes. The FRIA does not substitute for conformity assessment, and conformity assessment does not satisfy the FRIA obligation.

Planning for August 2026 as the deadline. The deadline for stand-alone Annex III systems is 2 December 2027 (2 August 2028 for Annex I safety components). The original August 2026 date has been deferred under the Digital Omnibus. Use the correct dates in your compliance roadmap.

Neglecting post-market monitoring after assessment is done. Conformity assessment is a pre-market snapshot. Article 72 monitoring is what validates that the system remains compliant in production. They are connected — the Annex IV monitoring plan must be real and operational — but they are distinct obligations. Providers who pass assessment and then run no meaningful monitoring are compliant on paper.

---

Relationship to Post-Market Monitoring (Article 72) and FRIA (Article 27)

These three obligations are frequently conflated. They are distinct in actor, timing, and purpose.

Article 72 and Article 43 are connected: the post-market monitoring plan in section 7 of the Annex IV technical file is the bridge. But the monitoring obligation runs for the system's operational lifetime and is not satisfied by the assessment itself.

Article 27 is entirely separate. It is a deployer obligation — run by the organisation using the system in a particular context — not a provider obligation. Providers are not responsible for deployers' FRIA compliance, though they must provide the information deployers need to conduct it (Article 13, instructions for use).

---

Deadlines and Penalties

Application dates (per Digital Omnibus, political agreement May 2026):

• 2 December 2027 — stand-alone high-risk AI systems (Annex III, points 1–8).
• 2 August 2028 — high-risk AI systems that are safety components of Annex I products.

The original 2 August 2026 date has been deferred. These are the operative deadlines for all planning purposes.

Penalties (Article 99):

Non-compliance with Article 43 — placing a high-risk system on the market without completing conformity assessment — falls under the middle penalty tier: €15,000,000 or 3% of total worldwide annual turnover for the preceding financial year, whichever is higher.

For SMEs and start-ups, Article 99(6) caps the fine at the lower of the two figures. That is a proportionality protection worth noting, but it does not eliminate the obligation.

The figure "€30 million or 6%" does not exist in the Act. Any source citing it is incorrect.

---

Notified Bodies: Designation and Oversight (Articles 31–39)

Notified bodies are not self-designating. They are notified by EU Member States to the European Commission after satisfying independence, impartiality, and technical competence requirements set out in Articles 31 to 39. The Commission publishes the designated list via the NANDO database.

When selecting a notified body for an Annex VII assessment, verify:

• The body is designated specifically for AI conformity assessment (not just for the product sector with AI as an incidental add-on scope).
• Its accreditation scope covers your specific system type — biometrics, or the relevant Annex I product sector.
• It is currently accepting new assessment submissions and its queue timeline is compatible with your deadline.

A certificate issued by a body whose designation does not cover your system type is legally invalid. Check NANDO before engaging.

National accreditation bodies (one per Member State under Regulation (EC) No 765/2008) oversee notified bodies and can be contacted if concerns arise about a body's competence or impartiality.

---

How Confir Helps

Most of the time and effort in Article 43 conformity assessment goes into assembling the Article 11 / Annex IV technical documentation and ensuring the Article 17 QMS has adequate records to support each claim. Confir's AIRC and AITR assessments work through the Chapter III Section 2 requirements control by control, collect the evidence systematically, and generate the technical documentation pack and the Article 47 Declaration of Conformity as structured outputs. The AIRC intake also determines which assessment route applies — Annex VI or Annex VII — based on your system's classification, so there is no guesswork.

The engine is deterministic and rule-based: same intake produces the same scoping and documentation structure, which matters for audit defensibility. Pricing starts at €600/year, self-serve from the website.

---

Related guides

• high-risk AI classification requirements
• Article 43 compliance software tools
• SMB compliance requirements guide
• AI system inventory management