CE Marking Under the EU AI Act: What It Is and When You Affix It

The CE marking on a high-risk AI system is the public declaration that a provider has completed the EU's conformity process and that the system meets the requirements of Regulation (EU) 2024/1689. It is a legal claim, not a badge of quality — and affixing it prematurely, or failing to affix it when required, each carry the same penalty ceiling: €15,000,000 or 3% of total worldwide annual turnover, whichever is higher, under Article 99(4).

For providers of high-risk AI systems, the CE marking is the visible end-point of a structured compliance chain. This page explains what the marking means under the Act, the exact conditions for affixing it, and which systems must carry it.

The EU AI Act definition

Article 3, point 24, of Regulation (EU) 2024/1689 defines "CE marking" as:

"a marking by which a provider indicates that an AI system is in conformity with the requirements set out in Chapter III, Section 2 and other applicable Union harmonisation legislation providing for its affixing."

Chapter III, Section 2 is the core high-risk obligation block — Articles 9 through 15, covering the risk management system, data governance, technical documentation, logging, transparency to deployers, human oversight, and accuracy and cybersecurity. The CE marking certifies that the provider has satisfied all of these requirements, not just one or two.

The phrase "other applicable Union harmonisation legislation" is significant: where a high-risk AI system is embedded in a product covered by existing EU product law — a medical device, a machine, a vehicle — the AI system's conformity feeds into the product's existing CE marking process rather than generating a separate AI-specific mark. That route is discussed below.

When and how it is affixed (Article 48)

A provider may not affix the CE marking until two prior steps are complete.

First: the conformity assessment (Article 43). This is the formal evaluation of whether the system meets the Chapter III, Section 2 requirements. For most Annex III high-risk AI systems — those in the areas of employment, education, access to essential services, law enforcement, migration, and justice — the conformity assessment follows the internal-control procedure set out in Annex VI: the provider conducts the assessment itself, without a third party. For biometric identification and categorisation systems (Annex III, point 1), where harmonised standards are not applied, the assessment must go through an Annex VII notified-body procedure: an independent third-party conformity assessment body designated by a member state examines the system.

Second: the EU Declaration of Conformity (Article 47 / Annex V). Before affixing the CE marking, the provider must draw up this declaration, which identifies the system, references the legislation it is assessed against, states that the conformity assessment has been carried out, and is signed by the person responsible. The declaration must be kept for ten years and made available to authorities on request (Article 18).

Only after both steps are complete does Article 48 permit the marking to be affixed. The marking must be:

• visible, legible, and indelible on the system or its accompanying documentation;
• digital where the system is made available only in digital form — the Act expressly allows a digital CE marking for digital-only high-risk AI systems; and
• followed by the notified body's identification number where a notified body was involved in the conformity assessment (Annex VII procedure). That number immediately tells a market-surveillance authority which third party reviewed the system.

The CE marking may not be affixed to systems that do not meet the requirements. Authorities may require its removal, and providers who affix it without completing the underlying process face enforcement action.

One technical point on sequence: because the EU Declaration of Conformity itself incorporates information about the conformity assessment, there is a logical dependency — you cannot finalise the declaration until the assessment is done. The CE marking follows the declaration. The documentation chain is assessment → declaration → marking, and each step generates records that market-surveillance authorities can inspect.

Which systems carry a CE marking

Only high-risk AI systems carry a CE marking. The Act's other risk tiers — limited-risk systems under Article 50 (chatbots, synthetic-content generators, emotion recognition in non-prohibited contexts) and minimal-risk systems — have no CE marking obligation.

High-risk AI systems reach that classification through two distinct routes under Article 6.

Route 1 — Annex III stand-alone systems. These are the eight areas listed in Annex III: biometrics, critical infrastructure, education and vocational training, employment and worker management, access to essential private and public services, law enforcement, migration and border control, and administration of justice. A system classified as high-risk via this route, and not exempt under Article 6(3), must carry its own CE marking. The conformity assessment deadline for these systems is 2 December 2027 under the Digital Omnibus agreed in May 2026, which deferred the original 2 August 2026 date.

Route 2 — Safety components in Annex I products. Where an AI system functions as a safety component of a product covered by the Union harmonisation legislation listed in Annex I — medical devices, machinery, toys, radio equipment, civil aviation, motor vehicles, and others — the situation is different. The AI system's conformity is subsumed into the product's existing CE marking process. The provider does not affix a separate AI-Act CE marking; instead, the product-level conformity assessment (already required by the relevant product law) incorporates the AI system's compliance with the Chapter III, Section 2 requirements. Article 43(3) governs this integration. The deadline for these Annex I product-route systems is 2 August 2028.

A practical consequence: if you build a recruitment screening tool that classifies as high-risk under Annex III, you need your own CE marking. If you build an AI subsystem that controls a safety function in a Class IIb medical device, the conformity assessment integrates with the MDR procedure and the CE marking on the device covers the AI component.

The Article 6(3) exemption. An AI system that nominally falls within an Annex III category is not high-risk — and therefore carries no CE marking obligation — if the provider can demonstrate it poses no significant risk of harm to health, safety, or fundamental rights. The exemption applies when the system performs a narrow procedural task, improves the result of a previously completed human activity, detects patterns without replacing or influencing a human assessment, or does preparatory work. One hard limit: any system that profiles natural persons is always high-risk, regardless of claimed function. Providers relying on the Article 6(3) exemption must document the assessment and register the system in the EU database under Article 49.

Frequently Asked Questions

What happens if a provider affixes the CE marking before completing the conformity assessment?

Affixing the CE marking without completing the Article 43 conformity assessment and the Article 47 Declaration of Conformity is a breach of Article 48. The penalty ceiling under Article 99(4) is €15,000,000 or 3% of total worldwide annual turnover, whichever is higher. Market-surveillance authorities can require the marking's removal and may prohibit the system's market access. For companies that are SMEs or start-ups, Article 99(6) caps the fine at the lower of the fixed amount or the percentage — but the removal order and market-access block apply regardless of company size.

Does a CE marking guarantee an AI system is safe?

The CE marking means the provider has completed the EU's required conformity process: the Article 43 assessment, the Article 47 declaration, and the affixing rules in Article 48. It is a procedural claim — that the high-risk requirements of Chapter III, Section 2 have been assessed and met — not a guarantee of real-world safety outcomes. Post-market monitoring under Article 72 and serious-incident reporting under Article 73 continue to apply after the marking is affixed.

Must limited-risk AI systems carry a CE marking?

No. Limited-risk AI systems subject only to the Article 50 transparency obligations — for example, systems that interact with users via natural language, generate synthetic content, or perform emotion recognition in non-prohibited contexts — do not require a conformity assessment and do not carry a CE marking. The marking is specific to the high-risk tier.

Where should the CE marking physically appear?

Article 48 requires that it be affixed visibly, legibly, and indelibly to the AI system itself or to its packaging and accompanying documentation. For AI systems made available exclusively in digital form — the majority of software-based high-risk systems — a digital CE marking satisfies the requirement. Where a notified body participated in the conformity assessment, its identification number must follow the marking.

When did the CE marking obligation take effect?

The CE marking requirement is part of the high-risk regime, which applies from 2 December 2027 for stand-alone Annex III systems and from 2 August 2028 for AI systems embedded in Annex I regulated products, following the Digital Omnibus deferral agreed in May 2026. The original date of 2 August 2026 for these obligations has been pushed back. The Regulation itself entered into force on 1 August 2024.

Can a distributor or deployer affix the CE marking?

No. The CE marking is the provider's declaration. Only the provider — the entity that developed or placed the high-risk AI system on the market or into service under its own name or trademark — is authorised to affix it. A deployer that substantially modifies a high-risk system or places it on the market under its own name becomes a provider under Article 25, at which point the full conformity chain, including the CE marking obligation, attaches to it.

Related terms

• Conformity assessment (Article 43) — the Article 43 procedure that must be completed before the CE marking can be affixed.
• EU Declaration of Conformity (Article 47) — the document drawn up under Annex V that precedes and underlies the CE marking.
• Notified body — the independent third-party body whose identification number follows the CE marking where the Annex VII procedure applied.
• Harmonised standard — a standard whose application creates a presumption of conformity with the Act's requirements, relevant to choosing between the Annex VI and Annex VII conformity-assessment routes.
• Safety component — the concept that routes Annex I product AI through the product's existing CE marking process rather than a standalone AI-Act marking.
• Article 43 — Conformity assessment — the full conformity assessment article, covering both internal control (Annex VI) and notified-body (Annex VII) procedures.