Notified Body — Third-Party AI Conformity Assessment under EU AI Act

Definition

A notified body is a third-party conformity assessment organization that has been officially designated by a European Union Member State to evaluate specific regulated products against EU legislation requirements, and whose designation has been notified to the European Commission. Notified bodies operate within a specific regulatory framework — the Regulation or Directive under which they are notified — and can only conduct conformity assessments within their scope of notification.

Under the EU AI Act, certain categories of high-risk AI systems require third-party conformity assessment by a notified body — specifically AI systems that are safety components of products covered by other Union harmonisation legislation listed in Annex I (medical devices, machinery, aviation, automotive equipment, etc.), and standalone high-risk AI systems where the risk profile requires independent third-party verification beyond self-assessment. For most Annex III standalone high-risk systems, internal self-assessment by the provider is permitted, making notified body involvement optional though strategically valuable.

Becoming a notified body under the EU AI Act requires designation by a Member State and notification to the European Commission, following an accreditation process that evaluates technical competence and impartiality. Not all accredited certification bodies are notified bodies — these are distinct designations with different scopes and legal bases.

Why it matters operationally

Notified bodies matter because they are the mandatory third-party verification layer for the highest-risk AI applications. Organizations developing AI systems that are safety components of regulated products — medical AI, AI in aviation systems, AI in automotive safety functions — cannot self-certify. They must engage a notified body for the conformity assessment. The legal validity of their CE marking and EU market access depends on it.

For organizations developing standalone Annex III high-risk systems, notified body engagement is not mandatory for most categories, but it provides a level of credibility and regulatory defensibility that self-assessment cannot. An AI governance or conformity assessment report from a body that is either accredited or designated carries weight that internal documentation alone does not — with regulators, with enterprise buyers, and in potential liability proceedings.

Regulatory framework

Framework Notified body requirements
EU AI Act — Arts. 43-44, 74-76 Defines when notified body involvement is mandatory, the notification process, notified body requirements (competence, impartiality, independence), and supervision obligations.
ISO/IEC 17065 Standard for product certification bodies, used as reference for notified body competence requirements under the EU AI Act.
ISO/IEC 17021-1 Standard for management system certification bodies — relevant for accreditation as basis for notification.
NANDO Official European Commission database of notified bodies designated under EU legislation. Allows verification of whether a body is notified and under which Regulations.

How Zertia evaluates it

Zertia is pursuing notified body designation under the EU AI Act for applicable categories. Currently, Zertia operates as an ANAB-accredited certification body for ISO/IEC 42001 — providing the management system certification that builds the governance evidence base for conformity assessments. Zertia’s High-Risk AI Systems Audit provides the independent technical audit that organizations use to prepare for notified body conformity assessments, addressing the same technical requirements that notified bodies evaluate.

High-Risk AI Systems Audit →

ISO 42001 Certification →

Definitions that hold up under audit.

Does this term apply to your certification project? Let's talk 30 minutes, no commercial pressure.