EU AI Act Art.30 Challenge of Competence of Notified Bodies: Procedure, Rights, and Regulatory Response (2026)

Article 30 of the EU AI Act introduces a targeted enforcement mechanism that sits alongside—but is distinct from—the broader supervisory tools in Art.29. Where Art.29 empowers notifying authorities to suspend, restrict, or withdraw a notification based on general concerns about a body's compliance with Art.27 requirements, Art.30 gives any person with a legitimate interest the right to formally challenge whether a specific notified body has the technical competence to conduct a particular conformity assessment activity.

The distinction matters in practice. Art.29 is triggered when a notifying authority has concerns about a body's overall eligibility. Art.30 is triggered when a specific actor—a provider, a competitor body, a market surveillance authority, or a civil society organisation—believes that a particular assessment was conducted by a body lacking the technical depth, impartiality, or scope authority to perform it validly. Art.30 is therefore a narrower, more targeted challenge mechanism, but its consequences can be significant: an upheld Art.30 challenge invalidates the assessment in question and may, where the challenge reveals systematic competence deficiencies, trigger the Art.29 enforcement pathway.

For AI system providers, Art.30 creates both a right and a risk. The right: to challenge a notified body's competence if the provider has grounds to believe the assessment process was procedurally or technically flawed. The risk: to have their own certificates challenged by competitors, deployers, or authorities if the notified body that assessed their system had questionable competence for the specific AI technology involved.

The Position of Art.30 in the Notified Body Framework

The notified body enforcement architecture operates across a sequence of interrelated articles:

• Art.27: Requirements — the eligibility criteria a conformity assessment body must satisfy before it can be designated and notified
• Art.28: Notification procedure — the formal process by which a designated body acquires notified body status, a NANDO number, and the legal authority to issue CE conformity certificates
• Art.29: Changes to notifications — the mechanism by which notifying authorities suspend, restrict, or withdraw notification when ongoing Art.27 compliance fails
• Art.30: Challenge of competence — the procedure for contesting whether a notified body had the specific technical competence required for a given assessment activity
• Art.31: Operational obligations — the duties notified bodies must fulfil during the performance of conformity assessments

Art.30 occupies a unique position in this sequence. It is the only article that gives external actors—parties other than the notifying authority—a formal procedural right to trigger regulatory scrutiny of a notified body. Art.29 investigations are notifying authority-initiated; Art.30 challenges can be initiated by anyone with a legitimate interest in the outcome.

This external initiation right reflects a policy judgment: that the notified body ecosystem benefits from decentralised oversight. Notifying authorities cannot observe every assessment activity directly. Economic operators, providers, and market surveillance authorities have information about specific assessments that the notifying authority may lack. Art.30 creates a channel for that information to reach the regulatory process.

Who Can Challenge: The Legitimate Interest Requirement

Art.30 specifies that challenges may be brought by "any party with a legitimate interest." The EU AI Act does not provide an exhaustive definition of legitimate interest, but the context establishes a clear set of cases where legitimacy is unambiguous.

Providers whose systems were assessed by the challenged body. A provider has a direct commercial and legal interest in whether the notified body that assessed its system had genuine competence to do so. If the certificate issued on the basis of that assessment is invalidated, the provider loses its CE marking authority and must undertake a new assessment. The provider's standing to challenge is therefore clear: it has the most direct interest in the assessment's validity.

Providers whose competitors' systems were assessed by the challenged body. If a competitor's system received certification from a body that lacked competence for the specific AI technology category, the competitor benefits from a certificate obtained through a deficient process. This distorts competition in the market for high-risk AI systems. Providers whose own systems underwent more rigorous assessment have a legitimate interest in ensuring the playing field is level.

Deployers and importers. Entities that have deployed or imported high-risk AI systems on the basis of CE markings issued following an assessment by the challenged body have a direct interest in whether those markings remain valid. An invalidated certificate means the deployed system may no longer be compliant with placement-on-the-market requirements.

Market surveillance authorities. National market surveillance authorities encounter high-risk AI systems in the field. If an authority identifies a pattern of non-conformities in systems assessed by a particular notified body, it has a regulatory interest in challenging that body's competence—both to protect the market and to identify whether the non-conformities trace to assessment failures rather than post-certification changes.

Civil society and sector stakeholders. Organisations representing users of high-risk AI systems—for example, in employment, education, or healthcare contexts—may have legitimate interests in the quality of the conformity assessment that underpins deployment authorisation. Art.30's broad formulation does not exclude such actors, though they will typically need to demonstrate a specific connection between their interests and the assessment in question.

Other notified bodies. A notified body operating in the same assessment space as the challenged body has a legitimate interest in the professional standards maintained by its peers. Certification by a body lacking genuine competence in a particular technology area undermines confidence in the notified body system as a whole. The extent to which peer-body standing is sufficient under Art.30 will depend on how national implementing authorities interpret the legitimate interest requirement.

Grounds for Challenge: What Art.30 Can Address

Art.30 challenges must be substantiated. A challenge is not a general dissatisfaction with an assessment outcome; it must identify specific grounds on which the notified body lacked competence for the assessment activity challenged.

Technical competence gaps. The most direct ground is that the notified body did not have the specialised technical knowledge, qualified personnel, or testing infrastructure required to assess the specific AI system type or risk category. High-risk AI systems in medical contexts require different expertise than high-risk AI systems in law enforcement or employment screening. A notified body designated for general conformity assessment but lacking AI-specific competencies in a given domain may be technically unqualified to assess a particular system.

Art.27 requires notified bodies to employ staff with "appropriate scientific and technical expertise and sufficient knowledge of the requirements" for the systems within their designated scope. An Art.30 challenge can argue that the personnel who conducted a specific assessment did not meet this standard—for example, because they lacked machine learning expertise for an AI system using novel learning architectures, or because they had no domain knowledge of the clinical context in which the system operates.

Scope of notification limitations. Notified bodies receive notification for specific product categories, conformity assessment procedures, and technical areas. If a notified body conducts an assessment for a category outside its notified scope—even if its designation covers adjacent categories—the assessment is ultra vires and challengeable under Art.30.

Scope boundaries can be ambiguous. The NANDO database records notified scope, but AI systems often cross traditional product classification lines. A system used in a medical device and in employment screening simultaneously may fall within different scope categories. An Art.30 challenge can argue that the notified body's scope did not properly cover the full risk profile of the system assessed.

Impartiality and independence failures. Art.27 requires notified bodies to be free from conflicts of interest and to operate independently of the economic operators they assess. An Art.30 challenge can argue that the specific assessment was compromised by a conflict of interest—for example, because the notified body had financial relationships with the provider, employed personnel who had previously worked for the provider, or had commercial incentives to approve the system quickly.

Procedural deficiencies in the specific assessment. The conformity assessment procedures for high-risk AI systems include documentation review, technical examination, testing, and quality management system audit components. An Art.30 challenge can identify that a specific procedure step was omitted, abbreviated beyond permissible limits, or conducted without the rigour required by the applicable harmonised standards.

Subcontracting without adequate controls. Art.32 permits notified bodies to subcontract specific assessment tasks, subject to the conditions that the main body retains responsibility and that the subcontractor meets the applicable requirements. Where a challenge reveals that critical assessment activities were subcontracted to entities that did not meet Art.27 standards, this constitutes a competence challenge under Art.30.

The Challenge Procedure: From Submission to Decision

Art.30 establishes the procedural framework for how challenges are processed.

Submission to the Notifying Authority

Challenges are submitted to the notifying authority responsible for the challenged notified body—not to the European Commission, not to the provider whose system was assessed, and not directly to the notified body. The notifying authority is the designated national body responsible for the designation and ongoing supervision of notified bodies in its Member State.

The challenge submission must include:

• Identification of the specific notified body being challenged
• Identification of the specific assessment activity challenged (or, where a general competence deficiency is alleged, the relevant scope area)
• A statement of the challenger's legitimate interest
• The specific grounds for the challenge, with supporting evidence
• Any technical documentation supporting the competence deficiency claim

The Art.30 challenge is a formal procedural act, not an informal complaint. This distinction matters: a formal Art.30 challenge triggers mandatory investigation obligations for the notifying authority. An informal complaint may or may not trigger investigation at the authority's discretion.

The Notifying Authority's Investigation Obligation

Upon receiving an Art.30 challenge, the notifying authority must investigate whether the challenged notified body had the competence to perform the specific assessment activity. This is an obligation, not a discretionary power.

The investigation must examine the specific grounds raised in the challenge. It cannot be satisfied by a general declaration that the body holds accreditation and NANDO listing. The authority must assess whether, for the specific assessment in question, the body had the technical expertise, the appropriately qualified personnel, and the correct scope to perform the assessment validly.

The notifying authority has powers to:

• Require the notified body to provide documentation of the personnel involved in the assessment, their qualifications, and their specific competence for the AI technology assessed
• Require the body to demonstrate that it had access to the testing infrastructure and measurement equipment necessary for the assessment
• Commission an independent technical assessment by a different competent body to evaluate whether the assessment methodology was appropriate
• Inspect the body's quality management records for the specific assessment
• Interview the personnel involved in the assessment

The notifying authority is also expected to give the challenged body an opportunity to respond to the challenge allegations before making a decision—a basic rights-of-defence requirement that mirrors the procedure in Art.29(3).

Investigation Timeline

Art.30 does not specify a fixed investigation timeline in the same way that product regulations sometimes do. However, the General Data Protection Regulation-style principle that investigations should be completed without undue delay applies. The assessment community has discussed indicative timelines of three to six months for straightforward competence challenges, and up to twelve months for complex technical challenges requiring independent expert assessment.

Where the challenge relates to an ongoing assessment—a provider currently engaged in a conformity assessment process with the challenged body—the urgency is higher. In such cases, the notifying authority should communicate its provisional assessment within a shorter period to allow the provider to determine whether to proceed with the current assessment or transfer to a different notified body.

Interim Measures During Investigation

Art.30 does not preclude the notifying authority from taking interim measures during the investigation period. Where the challenge raises concerns serious enough to justify precautionary action, the authority can exercise its Art.29(2) suspension powers on an interim basis while the Art.30 investigation proceeds.

Interim suspension is appropriate where:

• The challenge raises prima facie evidence of a serious competence gap affecting current and future assessments
• Ongoing assessments by the challenged body would generate additional certificates whose validity may subsequently be questioned
• Market surveillance findings independently confirm the concerns raised in the challenge
• The challenge involves alleged impartiality failures that compromise the body's independence for all current assessments

An interim suspension is a proportionate precautionary measure, not a prejudgment of the Art.30 investigation outcome. The body retains the right to challenge the interim suspension through available national administrative and judicial review mechanisms.

Possible Outcomes: What Happens After Investigation

Challenge Upheld: Competence Deficiency Confirmed

Where the investigation confirms that the challenged body lacked competence for the specific assessment activity, the consequences flow to both the assessment and the body.

For the assessment: The notifying authority must determine whether the deficiency was sufficient to invalidate the certificate issued. Not every procedural or competence imperfection automatically voids a certificate; the determination depends on whether the deficiency materially affected the assessment outcome. A technical competence gap that prevented the body from properly evaluating a critical risk category generally voids the certificate. A minor procedural shortcoming that did not affect the substantive assessment may not.

Where the certificate is invalidated, the provider must either undergo a new conformity assessment with a competent notified body or, if the system can be remediated to address the identified issues, present it for re-assessment. Until a new valid certificate is in place, the CE marking authority lapses.

For the notified body: The notifying authority must determine whether the confirmed deficiency in the challenged assessment reflects an isolated failure or a systematic competence gap. An isolated failure, while serious, may be addressed through targeted remediation of the body's personnel, training, or procedures. A systematic gap—evidence that the body has been conducting assessments in a category for which it has never had genuine competence—triggers the Art.29 pathway.

Where the Art.30 investigation reveals that the body's NANDO scope was effectively mis-stated (the body was notified for categories it was not competent to assess), the notifying authority must use Art.29 to restrict or withdraw the notification to bring the formal status into alignment with actual competence.

Challenge Partially Upheld

Partial findings are common in complex Art.30 investigations. The authority may confirm competence deficiencies in some aspects of the assessment while finding that other aspects were conducted competently. In such cases:

• The certificate may be maintained with conditions (for example, requiring supplementary documentation from the provider to address the areas not adequately assessed)
• A targeted re-assessment of specific components may be ordered without invalidating the full certificate
• The body may be required to implement specific competence improvements for future assessments in the challenged category without its current notifications being altered

Challenge Dismissed: Competence Confirmed

Where the investigation concludes that the challenged body had the required competence, the challenge is dismissed. The notifying authority communicates this conclusion to the challenger, the body, and—through NANDO updates where applicable—to other Member States.

A dismissed challenge does not prevent a subsequent challenge on different grounds or based on new evidence. However, repeated unfounded challenges against the same body by the same challenger may be considered vexatious, and Art.30's legitimate interest requirement provides a basis for filtering frivolous submissions.

Escalation to the Commission

Where a notifying authority's handling of an Art.30 investigation is itself challenged—for example, because a challenger believes the authority dismissed a substantiated challenge improperly—escalation to the Commission is available. The Commission retains oversight authority over the national notifying authority system and can request information about investigation outcomes.

Art.30 and Art.29: The Relationship Between Challenge and Enforcement

The Art.30 and Art.29 mechanisms are complementary but legally distinct.

Art.29 is a supervisory tool used by the notifying authority on its own initiative, or in response to information from the Commission, other Member States, or market surveillance authorities. The Art.29 threshold is "concern that the body no longer satisfies Art.27 requirements or fulfils its obligations"—a concern that can arise from Art.30 investigation findings but can also arise independently.

Art.30 is a challenge mechanism initiated by third parties. The outcome of an Art.30 investigation can feed into Art.29 action: if the investigation reveals systematic competence deficiencies, the notifying authority must use Art.29 tools to bring the body's formal status into line with the investigation findings.

The practical relationship between the two articles:

Art.30 and Art.31: Operational Obligations as Challenge Grounds

Art.31 establishes the operational obligations that notified bodies must fulfil when conducting conformity assessments. These include:

• Informing providers of assessment findings and granting an opportunity to respond before a decision is taken
• Documenting assessment activities and findings in a manner that enables retrospective scrutiny
• Maintaining confidentiality regarding commercial and technical information obtained during assessments
• Reporting non-conformities to market surveillance authorities in specific circumstances
• Maintaining registers of certificates issued, modified, suspended, and withdrawn

Failures to fulfil Art.31 obligations can constitute grounds for an Art.30 challenge. If a notified body conducted an assessment without providing the provider with an adequate opportunity to respond to preliminary findings, the procedural integrity of the assessment is compromised. If the body failed to document its assessment methodology in a way that allows the notifying authority to scrutinise the competence question in an Art.30 investigation, the body has itself created an evidentiary obstacle that will be interpreted against it.

Art.31 operational obligation failures therefore feed into Art.30 in two ways: as independent grounds for challenge, and as evidentiary factors that complicate the body's defence of its competence.

Provider Strategy: Art.30 as Risk and Tool

Managing the Risk of Art.30 Challenges to Your Certificates

AI system providers who have obtained certification from notified bodies should assess their exposure to Art.30 challenges. The relevant questions are:

Does the notified body have genuine technical competence for the specific AI system type? A body with broad NANDO scope but limited practical experience in the relevant AI technology domain is more vulnerable to challenge. Providers should, as part of due diligence, verify that the body's personnel who will conduct the assessment have demonstrable expertise in the relevant technology area.

Is the body's designated scope clearly covering the system's risk profile? AI systems that span multiple regulatory categories—for example, a system used in both a medical device context and in employment screening—may create scope boundary questions. The provider should ensure that the scope of the notified body's notification unambiguously covers all relevant risk categories for the system.

Has the body conducted assessments without adequate documentation? Where an Art.30 challenge is brought, the notifying authority's investigation will examine assessment documentation. If the body's records are incomplete or the assessment methodology is not reconstructable from documentation, this creates uncertainty that reflects on the certificate's validity. Providers should verify that the assessment record is complete.

Using Art.30 as a Challenge Tool

Providers who have grounds to believe that a competitor's certificate was issued by a body lacking genuine competence have a potential Art.30 avenue. The legitimate interest requirement is satisfied by competitive standing in the same market. The challenge must be substantiated: it cannot be a strategic harassment mechanism without genuine evidentiary basis.

Before bringing an Art.30 challenge, providers should assess:

• Whether they have specific, articulable grounds for the competence challenge
• Whether the grounds are based on known facts or are speculative
• Whether the expected outcome of a successful challenge (certificate invalidation for the competitor) is proportionate to the resources and reputational costs of the challenge process
• Whether the notifying authority in the relevant Member State has a track record of conducting rigorous Art.30 investigations

Python Implementation: CompetenceChallengeAssessor

The following implementation models the Art.30 assessment process for providers and compliance teams:

from dataclasses import dataclass, field
from enum import Enum
from typing import Optional
import datetime

class ChallengeGround(Enum):
    TECHNICAL_COMPETENCE_GAP = "technical_competence_gap"
    SCOPE_EXCEEDED = "scope_exceeded"
    IMPARTIALITY_FAILURE = "impartiality_failure"
    PROCEDURAL_DEFICIENCY = "procedural_deficiency"
    SUBCONTRACTING_FAILURE = "subcontracting_failure"
    PERSONNEL_QUALIFICATION_GAP = "personnel_qualification_gap"

class ChallengeOutcome(Enum):
    UPHELD = "upheld"
    PARTIALLY_UPHELD = "partially_upheld"
    DISMISSED = "dismissed"
    PENDING = "pending"
    INTERIM_SUSPENDED = "interim_suspended"

@dataclass
class NotifiedBodyAssessment:
    body_nando_number: str
    assessment_date: datetime.date
    ai_system_category: str
    personnel_ai_expertise: list[str]  # list of demonstrated AI competency areas
    designated_scope: list[str]        # NANDO-registered scope categories
    assessment_scope: list[str]        # scope actually assessed
    subcontractors: list[str] = field(default_factory=list)
    documentation_complete: bool = True
    rights_of_defence_provided: bool = True

@dataclass
class ChallengeEligibility:
    challenger_type: str
    legitimate_interest: str
    is_eligible: bool
    grounds: list[ChallengeGround]
    evidence_strength: str  # "strong", "moderate", "weak"
    recommended_action: str

class CompetenceChallengeAssessor:
    """
    Models Art.30 EU AI Act challenge eligibility and outcome likelihood.
    """
    
    def __init__(self, assessment: NotifiedBodyAssessment):
        self.assessment = assessment
        self._grounds_found: list[ChallengeGround] = []
    
    def evaluate_technical_competence(self, required_expertise: list[str]) -> bool:
        """Check if body personnel have required AI expertise for the system type."""
        covered = set(self.assessment.personnel_ai_expertise)
        required = set(required_expertise)
        missing = required - covered
        if missing:
            self._grounds_found.append(ChallengeGround.TECHNICAL_COMPETENCE_GAP)
            return False
        return True
    
    def evaluate_scope_coverage(self) -> bool:
        """Check if assessment scope falls within designated NANDO scope."""
        designated = set(self.assessment.designated_scope)
        assessed = set(self.assessment.assessment_scope)
        out_of_scope = assessed - designated
        if out_of_scope:
            self._grounds_found.append(ChallengeGround.SCOPE_EXCEEDED)
            return False
        return True
    
    def evaluate_procedural_integrity(self) -> bool:
        """Check Art.31 procedural obligation compliance."""
        issues = []
        if not self.assessment.documentation_complete:
            issues.append("incomplete documentation")
        if not self.assessment.rights_of_defence_provided:
            issues.append("rights-of-defence not provided")
        if issues:
            self._grounds_found.append(ChallengeGround.PROCEDURAL_DEFICIENCY)
            return False
        return True
    
    def assess_challenge_viability(
        self,
        challenger_type: str,
        legitimate_interest: str,
        required_expertise: list[str]
    ) -> ChallengeEligibility:
        """
        Full Art.30 challenge viability assessment.
        Returns grounds, evidence strength, and recommended action.
        """
        self._grounds_found = []
        
        # Run all checks
        self.evaluate_technical_competence(required_expertise)
        self.evaluate_scope_coverage()
        self.evaluate_procedural_integrity()
        
        grounds_count = len(self._grounds_found)
        
        if grounds_count == 0:
            strength = "none"
            eligible = False
            action = "No substantiated grounds for Art.30 challenge. Review alternative remedies."
        elif grounds_count == 1:
            strength = "moderate"
            eligible = True
            action = (
                f"One ground identified ({self._grounds_found[0].value}). "
                "File Art.30 challenge with notifying authority. "
                "Request interim measures if ongoing assessments at risk."
            )
        else:
            strength = "strong"
            eligible = True
            action = (
                f"{grounds_count} grounds identified. Strong basis for Art.30 challenge. "
                "Consider requesting interim suspension pending investigation. "
                "Preserve evidence of identified deficiencies before challenge submission."
            )
        
        return ChallengeEligibility(
            challenger_type=challenger_type,
            legitimate_interest=legitimate_interest,
            is_eligible=eligible,
            grounds=list(self._grounds_found),
            evidence_strength=strength,
            recommended_action=action
        )
    
    def estimate_outcome(self) -> ChallengeOutcome:
        """Estimate likely outcome based on grounds identified."""
        count = len(self._grounds_found)
        if count == 0:
            return ChallengeOutcome.DISMISSED
        elif count == 1 and ChallengeGround.PROCEDURAL_DEFICIENCY in self._grounds_found:
            return ChallengeOutcome.PARTIALLY_UPHELD
        elif count >= 2:
            return ChallengeOutcome.UPHELD
        else:
            return ChallengeOutcome.PARTIALLY_UPHELD

Usage example:

assessment = NotifiedBodyAssessment(
    body_nando_number="NB-2024-0042",
    assessment_date=datetime.date(2026, 2, 15),
    ai_system_category="high-risk-employment-screening",
    personnel_ai_expertise=["image-classification", "NLP-basic"],
    designated_scope=["employment-AI", "education-AI"],
    assessment_scope=["employment-AI", "healthcare-AI"],  # healthcare not in scope!
    documentation_complete=True,
    rights_of_defence_provided=True
)

assessor = CompetenceChallengeAssessor(assessment)
result = assessor.assess_challenge_viability(
    challenger_type="provider",
    legitimate_interest="Competitor system assessed by same body with overlapping scope",
    required_expertise=["employment-AI-bias-detection", "NLP-advanced", "fairness-assessment"]
)

print(f"Eligible: {result.is_eligible}")
print(f"Grounds: {[g.value for g in result.grounds]}")
print(f"Evidence strength: {result.evidence_strength}")
print(f"Action: {result.recommended_action}")

# Output:
# Eligible: True
# Grounds: ['technical_competence_gap', 'scope_exceeded']
# Evidence strength: strong
# Action: 2 grounds identified. Strong basis for Art.30 challenge. ...

Compliance Matrix: Art.30 Obligations by Actor

Art.30 Provider Checklist: 28 Items in 4 Phases

Phase 1: Pre-Assessment Due Diligence (before committing to a notified body)

1. Verify notified body's NANDO designation covers your specific AI system category
2. Confirm designated scope includes all risk profiles your system may exhibit (cross-sector systems require scope coverage for each relevant sector)
3. Request evidence of personnel qualifications for the specific AI technology domain (ML model type, application domain, bias assessment methodology)
4. Assess body's assessment track record in your technology area (number and type of prior certificates issued)
5. Identify any commercial or ownership relationships between the body and your competitors
6. Review Art.27(3) subcontracting policy: ask whether any assessment components will be subcontracted and to whom
7. Confirm the body operates a documented quality management system for conformity assessments

Phase 2: During Assessment

1. Request a written assessment plan specifying the procedures to be applied, the personnel responsible, and the timeline
2. Monitor whether assessment activities are conducted within the body's designated scope
3. Document all communications with the body regarding assessment scope, methodology, and personnel
4. If personnel change during the assessment, confirm replacements have equivalent qualifications
5. Exercise your Art.31 right to respond to preliminary findings before a final decision is taken
6. If subcontracting occurs, verify that the subcontractor meets Art.27 requirements for the subcontracted activity
7. Request full documentation of all testing activities, including testing infrastructure and measurement equipment used

Phase 3: Post-Certificate Risk Management

1. Retain a complete copy of the assessment dossier and certificate
2. Monitor NANDO for any Art.29 changes to the issuing body's notification (suspension, restriction, withdrawal)
3. Set up alerts for regulatory actions affecting your notified body's status
4. If the body undergoes personnel changes affecting the assessors who worked on your certificate, assess whether competence continuity is maintained
5. If competitors challenge your certificate, prepare a competence defence dossier demonstrating assessment rigour
6. If your body is suspended under Art.29 after your certificate is issued, obtain legal opinion on certificate validity

Phase 4: Challenge Strategy (if considering an Art.30 challenge)

1. Document specific grounds with evidence before initiating a challenge
2. Confirm your legitimate interest is substantiated and documentable
3. Identify the responsible notifying authority in the body's Member State
4. Obtain independent technical opinion on the competence deficiency claim
5. Assess whether grounds suggest an isolated or systematic deficiency (determines Art.29 escalation likelihood)
6. Consider whether interim measures are warranted given ongoing market exposure
7. Preserve all evidence in a legally privileged format before submission
8. Prepare for rights-of-defence participation: the challenged body will respond, and you may be required to answer

See Also

• EU AI Act Art.27: Requirements for Notified Bodies — Eligibility, Accreditation, and the Art.27 Framework (2026)
• EU AI Act Art.28: Notification of Conformity Assessment Bodies — NANDO Procedure, Commission Challenge, and Scope of Notification (2026)
• EU AI Act Art.29: Changes to Notifications — Suspension, Restriction, and Withdrawal of Notified Body Status (2026)