Home · EU AI Act · Insights · EU AI Act conformity assessment: Annex VI internal vs Annex VII notified body
Cluster · EU AI Act

Conformity assessment: Annex VI vs Annex VII.

By Elshan Musayev Published 2026-05-06 8 min read
TL;DR. For most high-risk AI systems listed in Annex III of Regulation (EU) 2024/1689, the provider may self-certify through internal control under Annex VI — provided applicable harmonised standards are fully applied. The notified body route under Annex VII is mandatory for biometric remote identification systems when those systems are not covered by harmonised standards. For all other Annex III categories, Annex VI is the default where harmonised standards exist and are applied in full.

title: "EU AI Act Conformity Assessment: Annex VI vs Annex VII" meta_description: "Internal control (Annex VI) or notified body (Annex VII)? Which conformity assessment route applies to your high-risk AI system under EU AI Act Art. 43." slug: /insights/conformity-assessment-annex-vi-vii.html canonical: https://ekmgc.de/insights/conformity-assessment-annex-vi-vii.html lang: en schema: FAQPage, Article pillar: /insights/article-9-rms-practitioner-guide.html date: 2026-05-06 author: EKM Global Consulting GmbH

Table of Contents

  1. The Core Question Every Provider Must Answer
  2. Annex VI: Internal Control by the Provider
  3. Annex VII: Third-Party Assessment via Notified Body
  4. Decision Tree: Which Route Applies?
  5. Annex IV Technical Documentation: Required on Both Routes
  6. Substantial Modification and Re-Assessment Triggers
  7. DACH-Specific Considerations
  8. Closing: Next Steps for Providers
  9. FAQ

The Core Question Every Provider Must Answer

Before a high-risk AI system may be placed on the EU market or put into service, the provider must complete a conformity assessment (Art. 43, Regulation (EU) 2024/1689). The assessment generates the evidence base for the EU declaration of conformity (Art. 47) and is a prerequisite for CE marking (Art. 48) and registration in the EU database (Art. 49).

Article 43 distinguishes two procedural routes:

The route is determined primarily by the category of the high-risk system and secondarily by whether applicable harmonised standards have been applied in full. A system placed on the market under the wrong procedure is not CE-marked in conformity, regardless of the thoroughness of the internal work.

Annex VI: Internal Control by the Provider

When It Applies

Annex VI applies to all Annex III high-risk AI systems — except biometric remote identification under Art. 6(2) when harmonised standards are absent — where the provider applies harmonised standards covering all relevant AI Act requirements.

As of mid-2026, the Commission has not published AI Act-specific harmonised standards in the Official Journal. ISO/IEC 42001:2023 (AI management system) and ISO/IEC 23894:2023 (AI risk management) are the practical reference standards currently used to structure conformity work. They carry no legal presumption of conformity until formally harmonised. Providers must document which AI Act requirements each standard addresses and identify gaps requiring supplementary evidence.

What the Procedure Requires

The provider must:

  1. Establish, implement, document, and maintain a QMS in accordance with Art. 17, covering the full lifecycle from design through post-market monitoring.
  2. Compile technical documentation under Annex IV before placing the system on the market — see Section 5 and the risk management layer in the pillar article.
  3. Draw up the EU declaration of conformity under Art. 47.
  4. Affix the CE marking under Art. 48.
  5. Register the system in the EU database before placement on the market (Art. 49).

Evidentiary Burden

Internal control does not mean a light-touch process. Every affirmation in the declaration of conformity must be traceable to documented evidence. The risk management system under Art. 9 — a continuous, iterative process running throughout the AI system's lifecycle — must be documented with versioned records. Accuracy, robustness, cybersecurity (Art. 15), data governance (Art. 10), human oversight measures (Art. 14), and transparency (Art. 13) each require contemporaneous evidence, not retrospective reconstruction.

Annex VII: Third-Party Assessment via Notified Body

When It Is Mandatory

Article 43(1) requires the Annex VII procedure for AI systems intended for biometric remote identification of natural persons (Annex III, point 1(a)) when the provider has not applied harmonised standards in full. Given that no harmonised standards for biometric remote identification AI systems had been formally published under the AI Act as of this writing, providers of such systems must engage a notified body.

A provider may also voluntarily elect Annex VII for other Annex III systems — for instance where third-party attestation strengthens the provider's contractual position with deployers.

What Annex VII Assessment Involves

The notified body performs two distinct assessments:

  1. QMS assessment. The body examines whether the provider's QMS satisfies Art. 17, through documentation review and on-site or remote audit. It issues an approval decision and must notify the Commission and other Member States of any suspension.
  2. Technical documentation assessment. The body reviews the Annex IV file for the specific AI system or category of systems and issues a technical documentation assessment certificate. It may request additional evidence, require design changes, or impose conditions.

A QMS approval does not automatically certify any particular AI system. Technical documentation assessments for each high-risk system are required separately.

Timeline and Resource Expectations

Providers should plan for a minimum of three to six months from a complete application submission to receipt of a certificate, drawing on experience from analogous regulated domains (medical devices, industrial machinery). Incomplete documentation or first-time applicants consistently fall toward the longer end. Budget planning should be conservative: AI Act notified body fees are not regulated and reflect specialised auditing capacity. The detailed interaction between the Annex VII audit scope and the Art. 9 risk management system is covered in the pillar article.

Decision Tree: Which Route Applies?

Step 1. Is the system a high-risk AI system under Annex III? - No — the conformity assessment obligations of Chapter 5 do not apply. - Yes — proceed to Step 2.

Step 2. Is the system intended for biometric remote identification of natural persons (Annex III, point 1(a))? - Yes — proceed to Step 3. - No — proceed to Step 5.

Step 3. Are applicable harmonised standards published in the Official Journal and applied in full? - Yes — Annex VI is permissible; proceed to Step 4. - No or partial — Annex VII is mandatory. Engage a notified body.

Step 4. Does the provider elect voluntary third-party assessment despite harmonised standards being applied? - Yes — proceed under Annex VII voluntarily. - No — proceed under Annex VI.

Step 5. For non-biometric Annex III systems: are applicable harmonised standards published and applied in full? - Yes — Annex VI applies. - No or partial — Annex VI still applies but the evidentiary burden intensifies. Voluntary Annex VII engagement may be advisable for high-exposure systems.

Step 6. Has a substantial modification occurred after initial conformity assessment? - Yes — re-assessment is required (see Section 6). - No — maintain records and post-market monitoring obligations.

Annex IV Technical Documentation: Required on Both Routes

Regardless of assessment route, the provider must compile and maintain technical documentation in accordance with Annex IV before placing the system on the market and for ten years thereafter. The Annex IV file must include:

  1. General description — intended purpose, affected persons and sectors, hardware context.
  2. System architecture and components — software, firmware, algorithms, training methods.
  3. Data governance measures under Art. 10 — dataset provenance, quality criteria, bias mitigation.
  4. Risk management system under Art. 9 — the iterative identification, estimation, evaluation, and mitigation process throughout the lifecycle. Full detail is in the pillar article.
  5. Accuracy, robustness, and cybersecurity measures under Art. 15, including validation results.
  6. Human oversight measures under Art. 14 — override capabilities and operator controls.
  7. Post-market monitoring plan under Art. 72.
  8. Instructions for use for deployers (Art. 13) — intended purpose, foreseeable misuse, limitations.
  9. EU declaration of conformity template (Art. 47).

The file is a living document. Any significant update to the system may signal a substantial modification requiring re-assessment.

Substantial Modification and Re-Assessment Triggers

Article 43(4) requires that where a high-risk AI system has been substantially modified after initial conformity assessment, the full procedure must be repeated. Substantial modification is defined in Art. 3(23) as a change affecting compliance with Title III, Chapter 2 or resulting in a change in intended purpose.

Changes that routinely trigger re-assessment:

Minor updates — security patches that do not alter functionality, performance improvements within the documented accuracy range — do not automatically constitute substantial modifications, but providers must document their materiality assessment for each change and retain that record.

DACH-Specific Considerations

BSI and DAkkS designation. The Bundesamt für Sicherheit in der Informationstechnik (BSI) holds market surveillance responsibility in Germany. Notified bodies under the AI Act will be designated by DAkkS (Deutsche Akkreditierungsstelle). An existing BSI C5 Type II attestation may provide partial evidentiary support for Annex IV cybersecurity documentation but does not substitute for AI Act conformity assessment.

BaFin MaRisk AT 9 alignment. For AI systems deployed within BaFin-supervised institutions, the provider's Annex IV documentation and QMS must be coherent with MaRisk AT 9 outsourcing requirements. A well-structured Annex IV file substantially reduces the effort required to respond to deployer audit requests under MaRisk.

GDPR Art. 35 DPIA timing. Where a high-risk AI system processes personal data, a Data Protection Impact Assessment must be completed under GDPR Art. 35 before processing begins — not in parallel with CE marking. DPIA outputs must be reflected in the Annex IV data governance and risk management sections. Completing CE marking before the DPIA closes creates concurrent AI Act and GDPR supervisory exposure.

Post-market monitoring data flows. DACH-headquartered providers collecting post-market data from deployers across Germany, Austria, and Switzerland encounter three distinct data protection jurisdictions. Switzerland is not an EU member state; transfers rely on the Commission's adequacy decision. Post-market monitoring architectures must account for these flows from the design stage.

Closing: Next Steps for Providers

Conformity assessment is not a one-time project milestone. The evidentiary file must remain current and auditable for the entire operational life of the system and for ten years after placement on the market.

Providers who have not yet determined which route applies — or who are uncertain whether existing documentation meets the evidentiary standard — should begin with a structured gap assessment against Annex IV and the Art. 9 risk management requirements before committing to a launch timeline.

EKM Global Consulting GmbH offers a structured 10-minute Quick Scan at app.ekmgc.de to identify which conformity assessment route applies and the key documentation gaps to address. For advisory mandates covering full Annex IV build-out, QMS alignment, or notified body preparation, see ekmgc.de/eu-ai-act.html.

FAQ

Q1: Can any Annex III high-risk AI system use the Annex VI internal control route?

With one mandatory exception: biometric remote identification systems under Annex III, point 1(a) must use Annex VII when harmonised standards are not yet published and applied in full. For all other Annex III categories, Annex VI is the default. Where no harmonised standards have been adopted, Annex VI remains available but the provider bears a heavier evidentiary burden to demonstrate conformity without a standards presumption.

Q2: What is a notified body and how is it designated under the AI Act?

A notified body is a conformity assessment body designated by a Member State authority and notified to the Commission under Art. 28. Designation requires independence, documented technical competence in the relevant AI domains, and national accreditation (DAkkS in Germany). The list of designated bodies is published in the Commission's NANDO database.

Q3: Do harmonised standards under the AI Act already exist?

As of mid-2026, no AI Act-specific harmonised standards had been published in the Official Journal. Standardisation work continues under CEN/CENELEC mandate M/612. ISO/IEC 42001:2023 and ISO/IEC 23894:2023 are the reference standards used in practice but carry no legal presumption of conformity until formally harmonised.

Q4: How long does Annex VI internal control take compared to Annex VII?

Annex VI is entirely within the provider's control. For providers building the compliance infrastructure from scratch, three to five months is a realistic estimate. Annex VII adds an external assessment cycle of three to six months on top of internal preparation time. First-time applicants and complex multi-component systems typically require longer.

Q5: What triggers re-assessment after initial conformity assessment?

Art. 43(4) requires re-assessment after a substantial modification under Art. 3(23). Changes that routinely trigger this include: retraining on materially different data, changes to intended purpose, architectural changes, and risk management revisions that alter the documented risk posture. Providers should maintain a change-log protocol evaluating each update against the substantial modification threshold.

Q6: Does CE marking expire?

CE marking carries no fixed expiry date, but it is contingent on the accuracy of the declaration of conformity and the underlying technical documentation. A substantial modification means the existing marking no longer attests to the modified system's conformity, and re-assessment is required before the modified system is placed on the market.

Q7: How does a GDPR DPIA relate to AI Act conformity assessment?

The DPIA under GDPR Art. 35 is a separate obligation that must be completed before processing begins — prior to finalising the conformity assessment. Its outputs must feed into the Annex IV data governance and risk management documentation. Sequencing these correctly is a common gap in DACH-regulated sectors where both AI Act and GDPR supervisory authorities hold jurisdiction.

Q8: Can the provider use a notified body voluntarily for non-biometric Annex III systems?

Yes. Art. 43 permits providers to elect Annex VII voluntarily for any Annex III high-risk system. This may be commercially rational where deployers — particularly in banking, insurance, or healthcare — contractually require third-party attestation as a condition of procurement, or where the provider anticipates heightened market surveillance attention.

Published by EKM Global Consulting GmbH, Baden-Baden. This article is informational and does not constitute legal advice. Regulation (EU) 2024/1689 and its implementing acts should be read in full.

Internal Link Plan

Link anchor Destination Section
pillar article / Art. 9 RMS /insights/article-9-rms-practitioner-guide.html Sections 2, 3, 5, 6
Quick Scan https://app.ekmgc.de Section 8 (CTA)
EU AI Act advisory https://ekmgc.de/eu-ai-act.html Section 8 (CTA)

Schema.org Recommendation

Apply FAQPage schema to the FAQ block (Q1–Q8). Apply Article schema at the page level: author EKM Global Consulting GmbH, datePublished 2026-05-06, about "EU AI Act conformity assessment Annex VI Annex VII". Add BreadcrumbList: homepage → Insights → this article.

Citations

Related insights