Notified body
A notified body under the EU AI Act is an independent conformity-assessment organisation designated by an EU member state and listed by the Commission to assess whether certain high-risk AI systems meet the Act's requirements. It performs third-party conformity assessment under Annex VII for systems where self-assessment is not sufficient, such as some biometric systems.
When a notified body is required
Most Annex III high-risk systems can use the internal-control route (Annex VI) and do not need a notified body. Third-party assessment by a notified body (Annex VII) is required mainly for certain biometric identification and categorisation systems, and where a high-risk AI system is a safety component of a product already governed by EU sector law that itself mandates third-party assessment. Notified bodies are designated by national authorities under Articles 28 to 39 and listed in the Commission's database.
Why it matters for SMBs
Most SMBs deploying AI tools never deal with a notified body directly, because they are deployers rather than providers, and because the common deployer cases rely on internal control. The distinction matters when an organisation becomes a provider of a high-risk system, since the assessment route then determines cost, timeline, and whether independent certification is needed before the CE marking can be affixed.
Last reviewed June 2026 by the ComplyAgent team.
See also our EU AI Act compliance guide, ISO/IEC 42001 and NIST AI RMF, or browse the full glossary.