EU AI Act Art.47: CE Marking of Conformity — Affixing Rules, Software AI Systems, and UKCA Parallel (2026)
CE marking is the most visible compliance signal in the EU product regulatory framework — a two-letter mark that communicates, without supporting documentation, that the provider of a high-risk AI system has completed the full conformity chain under the AI Act. Article 47 of the EU AI Act establishes the affixing obligation: who must affix CE marking, when, where, how, and in what form. It also governs what marks are prohibited alongside CE marking and introduces digital affixing rules specifically for software-delivered AI systems — the dominant deployment form for SaaS-based high-risk AI applications.
For developers building high-risk AI systems under Annex III, Art.47 is the step immediately after the EU declaration of conformity (Art.46). Once the EU DoC is drawn up and signed, the provider must affix CE marking before placing the system on the EU market. Failure to affix CE marking is not a documentation deficiency — it is a market access violation under Art.16, carrying penalties of up to €15 million or 3% of global annual turnover for non-compliant placement.
Art.47 in the Conformity Chain
Art.47 occupies a fixed position in the pre-market compliance sequence. It cannot be completed before the EU declaration of conformity (Art.46), and it is a prerequisite for EU database registration (Art.45):
| Step | Article | Actor | Output |
|---|---|---|---|
| Risk Management | Art.9 | Provider | Risk management system file |
| Technical Documentation | Annex IV | Provider | Technical documentation package |
| Quality Management System | Art.17 | Provider | QMS documentation |
| Conformity Assessment | Art.43 | Provider ± notified body | Assessment completion (Track 1 or Track 2) |
| Certificate of Conformity | Art.44 | Notified body | Certificate (Track 2 / Annex VII only) |
| EU Declaration of Conformity | Art.46 | Provider | Written DoC |
| CE Marking | Art.47 | Provider | CE affixed — prerequisite for Art.45 and Art.16 |
| EU Database Registration | Art.45 | Provider | Public registration before market placement |
| Market Placement / Service Entry | Art.16 | Provider | System available to deployers and users |
The sequencing is strict. A provider cannot affix CE marking without a completed EU DoC under Art.46 — the CE marking physically and legally references the DoC. Conversely, the EU database registration under Art.45 requires CE marking to have been affixed before the registration is submitted. The Art.47 affixing step is the bridge between the provider's private compliance documentation and their public market presence.
What CE Marking Communicates
CE marking is not a quality mark, not a safety guarantee, and not a product certification. It is a conformity assertion — the provider's public statement that the high-risk AI system has been through the conformity assessment process required under Art.43, that an EU DoC has been drawn up under Art.46, and that the system meets all applicable AI Act requirements for Annex III high-risk systems.
Three aspects of this assertion are legally significant:
1. Sole provider responsibility. The provider — not a notified body, not a distributor, not a deployer — bears legal responsibility for the accuracy of the CE marking. Affixing CE marking on a system that has not completed the required conformity assessment, or that does not comply with the Annex III requirements, exposes the provider to enforcement action by market surveillance authorities under Art.74 and Art.76 for both the substantive non-conformity and the CE marking violation.
2. Presumption of conformity effect. Under EU product law principles, market surveillance authorities treat a CE marking as raising a rebuttable presumption of conformity. They bear the burden of demonstrating non-conformity before imposing access restrictions. This is an operational advantage for providers: a well-maintained CE marking creates friction for arbitrary enforcement while not protecting against genuine non-compliance.
3. Scope limitation. CE marking applies only to the specific version of the high-risk AI system for which the conformity assessment was completed and the EU DoC was drawn up. A subsequent update that constitutes a "substantial modification" under Art.3(23) of the AI Act — changes that could affect compliance with requirements or introduce new risks — triggers a new conformity assessment cycle, a new EU DoC, and consequently a new CE marking event.
Art.47(1): Affixing Obligation and Regulation (EC) No 765/2008
Art.47(1) subjects the CE marking under the AI Act to the general principles established in Art.30 of Regulation (EC) No 765/2008 — the New Legislative Framework (NLF) regulation that governs CE marking across all EU product sectors. These principles ensure that CE marking means the same thing whether it appears on a high-risk AI system, a medical device, industrial machinery, or electrical equipment.
Core affixing requirements from Art.30 of Regulation 765/2008, as applied to AI systems:
| Requirement | Specification | AI Act Application |
|---|---|---|
| Visibility | Must be visible to the person to whom the product is provided | For physical products: visible on the product housing; for software: accessible in UI or documentation |
| Legibility | Must be legible — not obscured, not covered, not overlaid | Must be separately identifiable from decorative text |
| Indelibility | Must not be easily removed or modified | For physical: permanent affixing; for software: must persist across product versions |
| Minimum height | 5 mm minimum height; proportions must be maintained when scaled up or down | Applies where CE marking appears as a graphic mark |
| Prominence | CE letters must be of the same height and drawn to a uniform vertical axis | No distortion of the CE symbol proportions |
Placement on physical AI system hardware: For AI systems delivered as physical hardware (robotics, medical diagnostic devices, industrial control systems), CE marking must be affixed directly on the product, or — where the product's form or size makes this impractical — on the packaging or accompanying documentation. The preference order is: product → packaging → documentation.
Exclusivity requirement: CE marking may only be affixed to products where EU harmonisation legislation explicitly requires or permits it. Affixing CE marking on a low-risk AI system that is not in Annex III scope is a prohibited misrepresentation under Art.47(4) — it creates a false impression of regulatory compliance where none applies.
Art.47(2): Digital CE Marking for Software AI Systems
Art.47(2) creates a specific affixing pathway for high-risk AI systems provided digitally — the category that covers virtually all SaaS AI applications, API-based AI services, and cloud-deployed AI systems. For these systems, there is no physical product on which to affix a label, so Art.47(2) permits digital affixing, subject to one condition: the CE marking must be easily accessible to the person to whom the system is provided.
What "easily accessible" means in enforcement context:
The standard is functional, not formal. A CE marking embedded in page 47 of a contract annex, or accessible only through a support ticket request, does not satisfy easy accessibility. Regulators applying NLF standards will assess whether a typical deployer — at the moment they receive access to the system — can locate and verify the CE marking without special knowledge or effort.
| Digital Affixing Method | Implementation | Accessibility Assessment |
|---|---|---|
| Product UI | CE marking in "About", "Compliance", or "Legal" section of the AI system interface | Readily accessible; best practice for user-facing AI systems |
| Developer documentation | CE marking displayed on the API documentation or compliance portal | Accessible for API-integrated systems |
| Technical documentation delivery | CE marking in the technical documentation package provided at contract signing | Acceptable if delivered proactively at the point of access grant |
| Instructions for use (Art.13) | CE marking included in the Art.13 instructions for use | Compliant when instructions are delivered with the system, not after |
| Platform compliance page | Dedicated compliance page listing CE marking status per system version | Best practice for multi-product SaaS platforms |
Version specificity for software CE marking: The CE marking in the UI or documentation must be tied to a specific system version. If the system is updated and the update constitutes a substantial modification under Art.3(23), the CE marking must be updated to reflect the new conformity cycle — or withdrawn from the updated version until a new conformity assessment and EU DoC are completed for that version. Version pinning in CE marking documentation is an operational requirement, not an optional best practice.
Art.47(3): Notified Body Identification Number
When a notified body participated in the conformity assessment under Art.43, Art.47(3) requires the CE marking to be followed immediately by the notified body's identification number. This requirement applies specifically when:
- The provider selected Annex VII (notified body assessment) as the conformity assessment route under Art.43(1)(b) — the Track 2 path for high-risk AI systems
- The notified body is involved in production quality assurance or product verification under Annex VII, points 6 or 8
The identification number is the NANDO number (New Approach Notified and Designated Organisations) — a four-digit number assigned by the European Commission to each designated notified body. NANDO numbers are publicly searchable at the European Commission's NANDO database, allowing market surveillance authorities, deployers, and competitors to verify which notified body conducted the assessment.
Format: The notified body number is affixed immediately after the CE mark — for example, CE 1234. Where CE marking is digital, the NANDO number appears in the same location as the CE mark. The notified body number is affixed either by the notified body directly or by the provider under the notified body's explicit instructions.
Track 1 vs Track 2 obligations:
| Assessment Track | Art.43 Path | Notified Body Role | NANDO Number Required |
|---|---|---|---|
| Track 1 | Annex VI — internal conformity control | None | No |
| Track 2 — Quality assurance | Annex VII, points 3–5 | Full assessment — Art.44 certificate issued | Yes |
| Track 2 — Production supervision | Annex VII, points 6 or 8 | Production quality supervision | Yes |
Art.47(4): Prohibition on Misleading Marks and Marks Liable to Confusion
Art.47(4) prohibits affixing marks, signs, inscriptions, or symbols on a high-risk AI system that could mislead third parties about the meaning or form of the CE marking. The prohibition targets two categories:
Category 1 — Marks resembling CE marking: Any mark that resembles the CE symbol in form, proportions, or typography — creating a risk that viewers could confuse it with the official CE marking. National conformity marks that predate the AI Act, proprietary quality marks, or stylized versions of CE-resembling typography are all within scope of this prohibition.
Category 2 — Marks that reduce CE marking's visibility or legibility: Marks, graphics, or text placed adjacent to CE marking in a way that reduces the ability of third parties to visually identify or read the CE marking. This includes excessive surrounding text that visually embeds the CE mark, overlapping graphics, and colour combinations that reduce contrast below readable levels.
Consequence: A high-risk AI system bearing prohibited marks alongside CE marking creates an independent violation under Art.47(4), separate from any underlying conformity question. Market surveillance authorities may require removal of prohibited marks as a corrective measure without necessarily challenging the underlying conformity assessment.
CE Marking in Dual-Regulated Products
High-risk AI systems that are also subject to other EU harmonisation legislation — medical devices (MDR/IVDR), machinery (Machinery Regulation 2023/1230), radio equipment (RED), or personal protective equipment (PPE Regulation) — must satisfy the CE marking requirements under each applicable regulation. The CE marking on the final product signifies conformity with all applicable legislation simultaneously.
Operational implications for AI developers:
| Sector | Additional Legislation | CE Marking Scope |
|---|---|---|
| Medical AI | MDR (2017/745) or IVDR (2017/746) | AI Act + MDR/IVDR conformity |
| Industrial AI | Machinery Regulation (EU) 2023/1230 | AI Act + Machinery conformity |
| IoT/Connected AI | Radio Equipment Directive 2014/53/EU (RED) | AI Act + RED conformity |
| Wearable AI | PPE Regulation (EU) 2016/425 | AI Act + PPE conformity |
For dual-regulated products, the conformity assessment sequence becomes more complex: each regulation has its own assessment requirements, and the notified body (if required) may be different for each regulatory instrument. The CE marking on the product then references multiple EU DoCs — one per applicable regulation — or a combined DoC that addresses all applicable regulations.
UKCA Parallel: CE Marking After Brexit
The UK Conformity Assessed (UKCA) marking is the UK's post-Brexit equivalent to CE marking for products placed on the Great Britain market (England, Scotland, Wales — not Northern Ireland). Following the end of the Brexit transition period, AI systems that require CE marking for EU market access require UKCA marking for Great Britain market access.
Key differences between CE and UKCA for AI systems:
| Dimension | CE Marking (EU AI Act) | UKCA (UK equivalent) |
|---|---|---|
| Market | EU single market | Great Britain market only |
| Legal basis | EU AI Act (Regulation 2024/1689) | UK AI regulation (in development; UKCA currently under national frameworks) |
| Notified body | EU-designated CABs (NANDO) | UK-approved bodies (UKAS) |
| Mutual recognition | Not currently recognised by UK for AI | Not currently recognised by EU |
| Northern Ireland | CE marking applies (Windsor Framework) | CE marking accepted under Windsor Framework |
Current status for AI systems (2026): The UK has not yet enacted an AI-specific regulation equivalent to the EU AI Act. UK AI governance relies primarily on sector-specific guidance and the AI Safety Institute's frameworks. For AI systems, UKCA marking in the context of AI-specific conformity does not yet have a legislative equivalent. However:
- For AI systems that are also regulated under MDR, RED, or Machinery regulation in the UK, UKCA requirements under those frameworks apply independently
- For software-only AI systems with no hardware component regulated under existing directives, UKCA does not currently impose a mandatory conformity marking requirement
- This is expected to change if the UK enacts AI-specific legislation modelled on or divergent from the EU AI Act
Practical implication: Developers building for both EU and UK markets should implement parallel conformity architectures — CE marking documentation for EU, UKCA documentation for UK — even where AI-specific UKCA requirements are not yet mandated. This future-proofs the compliance infrastructure for when UK AI regulation matures.
Art.47 × Art.46: The Enabling Relationship
CE marking under Art.47 is legally dependent on the EU declaration of conformity under Art.46. The EU DoC is the enabling instrument: without a valid EU DoC, there is no legal basis for affixing CE marking.
The practical sequence is:
- Conformity assessment completed (Art.43) → assessment procedure documented
- EU DoC drawn up (Art.46) → provider signs the Annex V document including the CE marking right
- CE marking affixed (Art.47) → provider places CE mark on product or in digital interface
- EU database registration (Art.45) → provider submits registration referencing both the EU DoC and the CE marking
If the EU DoC is subsequently updated (due to substantial modification under Art.3(23)), the CE marking must also be reviewed and, if the modification affects the scope of the DoC, the CE marking on the updated system version must reference the updated DoC. A CE marking that references an superseded DoC creates a gap in the conformity chain that market surveillance authorities can cite.
Market Surveillance Consequences
Under Art.74 and Art.76 of the EU AI Act, market surveillance authorities have specific powers regarding CE marking:
- Corrective action orders: Authorities may require providers to bring CE marking into compliance, including correcting format violations, adding missing NANDO numbers, or removing prohibited adjacent marks
- Provisional access restriction: Where CE marking is missing or materially deficient, authorities may provisionally restrict market access pending corrective action — without requiring proof of underlying technical non-conformity
- Penalties: Non-compliant CE marking is a violation of Art.47 independently of any underlying conformity question; Member States may impose administrative penalties under Art.99 through national implementing measures
Python Implementation: CEMarkingManager
from dataclasses import dataclass, field
from datetime import date
from enum import Enum
from typing import Optional
class CEMarkingTrack(Enum):
TRACK_1_INTERNAL = "Annex VI — Internal Conformity Control"
TRACK_2_NOTIFIED_BODY = "Annex VII — Notified Body Assessment"
class CEMarkingDelivery(Enum):
PHYSICAL_PRODUCT = "Physical product — indelible affixing"
PHYSICAL_PACKAGING = "Packaging — where direct product affixing impractical"
DIGITAL_UI = "Digital — product user interface"
DIGITAL_DOCUMENTATION = "Digital — technical documentation delivery"
DIGITAL_API_PORTAL = "Digital — API developer portal"
@dataclass
class CEMarkingRecord:
"""Single CE marking record tied to one system version and one EU DoC."""
system_name: str
system_version: str
doc_reference: str # Links to EU DoC under Art.46
assessment_track: CEMarkingTrack
delivery_method: CEMarkingDelivery
affixing_date: date
notified_body_nando: Optional[str] = None # Required for Track 2
multi_regulatory_scope: list[str] = field(default_factory=list)
digital_location_url: Optional[str] = None
def validate(self) -> list[str]:
errors = []
if self.assessment_track == CEMarkingTrack.TRACK_2_NOTIFIED_BODY:
if not self.notified_body_nando:
errors.append("Track 2 assessment requires NANDO number (Art.47(3))")
elif not self.notified_body_nando.isdigit() or len(self.notified_body_nando) != 4:
errors.append("NANDO number must be exactly 4 digits")
if self.delivery_method in (
CEMarkingDelivery.DIGITAL_UI,
CEMarkingDelivery.DIGITAL_API_PORTAL,
) and not self.digital_location_url:
errors.append("Digital delivery requires accessible URL (Art.47(2))")
return errors
def ce_display(self) -> str:
"""Formatted CE marking string for display or documentation embedding."""
mark = "CE"
if self.notified_body_nando:
mark += f" {self.notified_body_nando}"
return mark
@dataclass
class CEMarkingManager:
"""Manages CE marking lifecycle across system versions and markets."""
records: list[CEMarkingRecord] = field(default_factory=list)
def add_marking(self, record: CEMarkingRecord) -> list[str]:
errors = record.validate()
if not errors:
self.records.append(record)
return errors
def get_active_marking(self, system_name: str, version: str) -> Optional[CEMarkingRecord]:
return next(
(r for r in self.records
if r.system_name == system_name and r.system_version == version),
None,
)
def has_valid_marking(self, system_name: str, version: str) -> bool:
return self.get_active_marking(system_name, version) is not None
def audit_summary(self) -> dict:
return {
"total_marked_versions": len(self.records),
"digital_deployments": sum(
1 for r in self.records
if r.delivery_method in (
CEMarkingDelivery.DIGITAL_UI,
CEMarkingDelivery.DIGITAL_DOCUMENTATION,
CEMarkingDelivery.DIGITAL_API_PORTAL,
)
),
"track_2_with_nando": sum(
1 for r in self.records if r.notified_body_nando
),
"multi_regulatory": sum(
1 for r in self.records if r.multi_regulatory_scope
),
}
# Usage example: SaaS AI system digital CE marking
manager = CEMarkingManager()
errors = manager.add_marking(CEMarkingRecord(
system_name="RecruitmentScreener",
system_version="2.1.0",
doc_reference="EU-DOC-2026-RS-210",
assessment_track=CEMarkingTrack.TRACK_1_INTERNAL,
delivery_method=CEMarkingDelivery.DIGITAL_UI,
affixing_date=date(2026, 4, 23),
digital_location_url="https://app.example.com/compliance/ce-marking",
))
if not errors:
marking = manager.get_active_marking("RecruitmentScreener", "2.1.0")
print(f"CE mark: {marking.ce_display()}") # Output: CE
18-Item Art.47 CE Marking Affixing Checklist
Prerequisites (Before CE Marking is Affixed)
- Conformity assessment under Art.43 completed and documented (Track 1 or Track 2)
- Art.44 certificate obtained from notified body (Track 2 only)
- EU declaration of conformity drawn up and signed under Art.46
- Annex V EU DoC content complete and version-specific
CE Marking Form and Format (Art.47(1) + Regulation 765/2008 Art.30)
- CE mark proportions are correct (CE letters same height, uniform vertical axis)
- Minimum 5mm height satisfied where mark is physically affixed
- Mark is visible, legible, and indelible (or persistently accessible for digital)
- No prohibited marks adjacent to CE marking that reduce legibility (Art.47(4))
- No national conformity marks or CE-resembling marks that could cause confusion
Notified Body Number (Art.47(3))
- If Track 2: NANDO number identified for the notified body that issued the certificate
- NANDO number affixed immediately after CE mark (CE XXXX format)
- NANDO number affixed by notified body or by provider under its instructions
Digital CE Marking (Art.47(2) — Software AI Systems)
- Digital affixing location is easily accessible without support tickets or special requests
- CE marking references the specific system version covered by the EU DoC
- CE marking in UI or documentation is updated when substantial modifications occur
- Instructions for use (Art.13) include CE marking reference
Dual-Regulated Products
- If MDR/IVDR: AI Act CE marking scope is documented separately from device CE marking
- If RED/Machinery: conformity assessment scopes are non-overlapping and separately documented
Post-Market Obligations
- CE marking version tracking in place for future substantial modification reviews
For SaaS Developers: CE Marking Checklist Decision
If you are developing a SaaS AI system, the CE marking question reduces to a threshold check:
- Is your system a high-risk AI system under Annex III? If no → no CE marking required. If yes → proceed.
- Have you completed conformity assessment under Art.43? If no → CE marking cannot be affixed yet.
- Have you drawn up the EU DoC under Art.46? If no → CE marking cannot be affixed yet.
- Is your system delivered digitally? If yes → digital affixing under Art.47(2) applies; add CE marking to your compliance UI section and technical documentation package.
- Did a notified body participate? If yes → add the NANDO number immediately after the CE symbol.
For most cloud-based AI applications in hiring, credit scoring, biometric categorisation, or law enforcement support — the Annex III categories most relevant to SaaS developers — the compliance infrastructure required for CE marking under Art.47 is the documentation output of the full Art.9–Art.46 compliance chain. CE marking does not add new requirements; it is the public signal that those requirements have been met.