EU AI Act Art.36 Suspension of Notified Body Designation: Developer Guide (2026)
EU AI Act Article 36 governs one of the most disruptive events in a high-risk AI provider's compliance lifecycle: the suspension, restriction, or withdrawal of a notified body's designation. Where Art.33 defines who qualifies as a notified body and Art.34 defines how it must operate, Art.36 defines what happens when it ceases to qualify or operate correctly — and what providers and deployers must do when the body that certified their system loses its authority to do so.
Art.36 is structurally short — three paragraphs — but its downstream consequences are extensive. A notified body suspension can invalidate outstanding conformity certificates, freeze mid-assessment procedures, and force providers to find a replacement body under compressed timelines. The article creates a three-party governance mechanism: the national designating authority (the body that originally granted designation), the Commission (which has independent suspension authority), and the notified body itself (which retains residual obligations even after suspension).
For developers, Art.36 is not an abstract governance provision. It is a risk factor in notified body selection (Art.33 due diligence), a contingency scenario that quality management systems (Art.17 QMS) should cover, and a trigger for certificate re-assessment obligations that can affect market placement timelines.
Art.36 in the EU AI Act Conformity Governance Stack
Art.36 sits in the enforcement layer of the notified body framework:
| Article | Scope |
|---|---|
| Art.31 | Which conformity route applies — Annex VI (internal control) or Annex VII (notified body) |
| Art.33 | Who qualifies as a notified body — accreditation, competence, independence, notification |
| Art.34 | How notified bodies conduct assessments — procedures, certificates, surveillance |
| Art.35 | How notified bodies coordinate — guidance, gap-filling, methodology harmonisation |
| Art.36 | What happens when notified body qualification fails — suspension, restriction, withdrawal, and provider impact |
| Art.40/41 | Harmonised standards and common specifications — conformity baselines the notified body applies |
| Art.48 | Provider's Declaration of Conformity — depends on valid notified body certificate (Art.34) |
Art.36 is the corrective mechanism for the entire notified body system. It creates accountability for national designating authorities that approved bodies which later fail to meet requirements, and it gives the Commission independent authority to act when national authorities are slow or ineffective.
Art.36(1): National Designating Authority Powers
Art.36(1) grants national designating authorities — the Member State bodies responsible for granting notified body status — the power to suspend, restrict, or withdraw a notified body's designation where that body ceases to meet the requirements of Art.33 or fails to fulfil its obligations under Art.34.
The Three-Level Response Mechanism
Art.36(1) establishes a proportionality ladder for national authority action:
| Action | Trigger | Effect |
|---|---|---|
| Restriction | Body fails to meet Art.33/34 requirements in a specific scope or category | Designation narrowed — body may no longer assess systems in the restricted category |
| Suspension | Body fails to meet requirements more broadly, but remediation is possible | Designation frozen — no new assessments, pending assessments paused, existing certificates remain valid pending review |
| Withdrawal | Body fails to meet requirements irremediably, or fails to implement corrective measures after suspension | Designation terminated — all outstanding certificates enter transition or invalidation process |
The proportionality principle from Art.33(8) applies: the national authority must match the response to the severity of the failure. A body that temporarily loses an accreditation renewal is not treated the same as a body that is found to have systematically issued defective certificates.
Notification Obligations After Art.36(1) Action
When a national authority takes action under Art.36(1), it must:
- Notify the Commission immediately — via the NANDO (New Approach Notified and Designated Organisations) database, which is the Commission's authoritative registry of all notified bodies.
- Notify other Member States — so that authorities in other jurisdictions can adjust their reliance on the body's certificates.
- Notify affected providers and deployers — where the authority knows of outstanding certificates or mid-assessment procedures.
The notification chain is critical for providers: the first signal that a notified body is under review may not come from the body itself, but from a national authority notification published in NANDO or communicated through market surveillance authorities.
Developer Implication: NANDO Monitoring as Compliance Infrastructure
For any provider whose high-risk AI system holds a notified body conformity certificate, Art.36(1) creates a continuous monitoring obligation. A certificate that was valid at the time of issue can become operationally impaired — not legally void, but practically unreliable — if the issuing body's designation is suspended or restricted after the fact.
The practical steps:
- Query NANDO programmatically (the Commission publishes a NANDO JSON feed) to check designated body status quarterly.
- Track the designation scope of your notified body against your system's Annex III category.
- Maintain an internal registry of all certificates, including issuing body identity, designation date, and current NANDO status.
Art.36(2): Commission Independent Suspension Authority
Art.36(2) grants the Commission itself the power to suspend a notified body's designation, independently of national authority action. This is the most significant provision of Art.36 from a governance architecture perspective — it means that the Commission can act even when a national authority fails to do so.
Trigger Conditions for Commission Action
The Commission may suspend a notified body's designation where:
| Trigger | Description |
|---|---|
| Competence concerns | The Commission has information suggesting the body lacks the technical competence to assess a specific category of AI system correctly |
| Methodology defects | Evidence that the body has applied incorrect or inconsistent assessment methodology — potentially in coordination group findings under Art.35 |
| Systematic certificate defects | Multiple certificates from the same body show patterns of incomplete or incorrect assessment |
| National authority inaction | The national authority has failed to act despite the Commission's concern notifications |
The Commission's Independent Information Channels
The Commission accesses information about notified body performance through:
- Art.35 Coordination Group — methodology inconsistencies surface in coordination group sessions; the Commission chairs the group and receives all working documents.
- Market Surveillance Authorities — Art.74 gives market surveillance authorities inspection and information-gathering powers; findings about assessment quality flow to the Commission.
- Post-Market Monitoring Data — Art.30 requires providers to share serious incident and near-miss data; patterns in this data can indicate that a body's assessment methodology failed to detect a systemic risk.
- EAIB (European AI Office) — the AI Office (Art.64) serves as the Commission's operational arm for enforcement and has direct lines to national competent authorities.
Provider Implication: Commission Suspension is Faster and Less Predictable
A national authority suspension typically follows a structured review process with notification periods and opportunity for remediation. Commission suspension under Art.36(2) can move faster — the Commission is not bound by the same procedural constraints as national authorities and can act on the basis of preliminary evidence.
For providers holding certificates from a notified body that is under investigation by the Commission's AI Office or a market surveillance authority, the risk of Art.36(2) suspension is a live compliance concern — not a theoretical scenario.
Art.36(3): Commission Challenge Authority via Art.33(9) Reference
Art.36(3) cross-references Art.33(9), which gives the Commission authority to challenge a national designating authority's decision to grant (or maintain) a notified body designation where the Commission has concerns about the body's competence or independence.
The Art.33(9) → Art.36(3) Mechanism
The relationship between Art.33(9) and Art.36(3) creates a feedback loop:
- Art.33(9) Challenge: The Commission notifies the Member State that it has concerns about a notified body's designation. The Member State must investigate and report back.
- Member State Fails to Act: If the Member State's investigation does not resolve the Commission's concerns, the Commission may escalate.
- Art.36(3) Referral: The Commission can use Art.36(3) to formalise the challenge as a suspension action — effectively overriding the national authority's decision to maintain the designation.
This mechanism prevents a Member State from shielding a non-compliant notified body from Commission oversight. The Art.33(9) → Art.36(3) path is the EU AI Act's equivalent of an infringement mechanism at the notified body level.
Practical Developer Impact
For providers, the Art.33(9) → Art.36(3) path is relevant in two scenarios:
- Selecting a notified body: A body that has been subject to an Art.33(9) challenge — even if the challenge was resolved — is a higher-risk partner. The challenge is not publicly announced, but market surveillance authority communications and Commission enforcement decisions can signal it.
- Ongoing assessment: If your system is mid-assessment with a body under Art.33(9) challenge, the assessment may be paused or transferred to a different body.
Art.36 × Art.33/34/35/48 Intersection Matrix
Art.36 activates differently depending on which other article's requirements are at stake:
| Article | Art.36 Intersection |
|---|---|
| Art.33 (Notified Body Qualification) | Art.36 is the enforcement mechanism for Art.33 failures — if a body no longer meets Art.33 requirements, Art.36 suspension follows. |
| Art.34 (Procedural Obligations) | Art.36 can be triggered by systematic Art.34 violations — defective applications handling, incorrect assessment procedures, or unjustified certificate issuance. |
| Art.35 (Coordination Group) | Coordination group findings about methodology inconsistency (Art.35(3)) can trigger Art.36 action; the group is both a coordination mechanism and an early-warning system for designation failures. |
| Art.40/41 (Standards/Specifications) | If a body's certificates were issued against standards that the coordination group subsequently determined were incorrectly interpreted, Art.36 action may follow. |
| Art.48 (Declaration of Conformity) | A provider's DoC depends on a valid notified body certificate. Art.36 suspension of the issuing body does not automatically invalidate existing certificates — but creates a review obligation. |
| Art.49 (CE Marking) | CE marking is contingent on valid DoC which is contingent on valid certificate. Art.36 suspension creates a chain-link review requirement. |
| Art.23 (Substantial Modification) | If a provider makes a substantial modification requiring new conformity assessment, they cannot use a suspended notified body for the new assessment. |
Impact of Suspension on Outstanding Certificates
Art.36 does not automatically invalidate certificates issued before the suspension. The regulation distinguishes between:
| Certificate Type | Art.36 Suspension Effect |
|---|---|
| Certificates issued before suspension, no known defect | Remain valid — the issuing body's subsequent suspension does not retroactively invalidate correctly-issued certificates |
| Certificates under active surveillance when suspension occurs | Surveillance obligations transfer — either to the national authority, a replacement notified body, or the provider (with enhanced Art.30 PMM obligations) |
| Mid-assessment procedures when suspension occurs | Assessment paused — provider must find a replacement notified body or switch to an alternative conformity route if available |
| Certificates issued by a suspended body where defects are found | Subject to recall or re-assessment — market surveillance authorities may require re-testing |
| Certificates under renewal when suspension occurs | Renewal cannot be completed by the suspended body — must transfer |
The key principle: existing certificates have presumptive validity, but the provider takes on elevated monitoring obligations when the issuing body's designation is suspended or withdrawn. Maintaining documentation of the issuing body's NANDO status at the time of certificate issuance and at each annual review is the minimum compliance step.
Impact on Mid-Assessment Procedures
The most operationally disruptive scenario is a notified body suspension that occurs during an active conformity assessment. Art.36 does not specify what happens to mid-assessment procedures in detail — this is governed by the combination of Art.36, Art.34, and the contractual relationship between the provider and the notified body.
Practical impact:
| Phase of Assessment | Suspension Impact |
|---|---|
| Application submitted, assessment not started | Application documentation returns to provider. No assessment fee refund obligation in Art.36 — depends on contract. |
| Documentary review in progress | Review paused. Provider must decide: wait for body reinstatement (if suspension is temporary), transfer to new body, or request transfer of review documentation to replacement body. |
| On-site assessment scheduled | Assessment cancelled or deferred. Rescheduling with replacement body requires new application in most cases. |
| Certificate draft under preparation | Certificate cannot be issued. Assessment work product may be transferred to replacement body as prior evidence — reduces rework but requires replacement body acceptance. |
| Certificate issued, surveillance period active | Surveillance transfers. Provider should proactively contact national authority to identify replacement surveillance body. |
Provider preparation: Art.17 QMS (quality management system) should include a contingency section covering notified body failure scenarios — identifying the steps for assessment transfer, the documentation to preserve for replacement body handover, and the timeline implications for market placement.
CLOUD Act Intersection: Mid-Assessment Suspension and Jurisdictional Exposure
Art.36 creates a specific CLOUD Act risk scenario that goes beyond standard assessment record exposure. When a notified body's designation is suspended or withdrawn, its records become accessible to a wider set of authorities — including law enforcement and national competent authorities investigating the reasons for the suspension.
The CLOUD Act risk operates on two levels:
Level 1: Assessment Records Held by US-Infrastructure Notified Bodies
If a notified body stores assessment records (Annex IV technical documentation, assessment reports, QMS audit findings, test results) on US cloud infrastructure — which is common for larger European certification bodies that use Microsoft 365, Google Workspace, or AWS — then those records are subject to CLOUD Act compellability by US law enforcement, in addition to:
- EU national authority access during the Art.36 investigation
- Commission access via the AI Office
- Market surveillance authority access under Art.74
A suspended notified body's records are likely to be subject to active investigation. The CLOUD Act creates a parallel channel for US law enforcement to access those same records — without the EU procedural protections that apply to national authority investigations.
Level 2: Provider Records Submitted to the Notified Body
During conformity assessment, providers submit Annex IV technical documentation — which includes system architecture, training data description, risk management documentation, performance metrics, and cybersecurity measures. This documentation is held by the notified body.
When the notified body is suspended and its records become subject to investigation, the provider's Annex IV documentation is exposed to the same CLOUD Act jurisdiction risk. A US law enforcement request to the notified body's US cloud provider could return the provider's own proprietary technical documentation — without requiring EU procedural approval.
Mitigation: Select notified bodies that operate on EU-only infrastructure, or contractually require that Annex IV documentation submitted for assessment is stored exclusively on EU-jurisdiction servers. EU-native PaaS providers like sota.io operate entirely within EU infrastructure, providing a single-jurisdiction environment for technical documentation and assessment records without CLOUD Act exposure.
Python Implementation
DesignationSuspensionRecord
Tracks the designation status of notified bodies and alerts when suspension events occur:
from dataclasses import dataclass, field
from datetime import datetime, date
from typing import Optional
from enum import Enum
class DesignationStatus(Enum):
ACTIVE = "active"
RESTRICTED = "restricted"
SUSPENDED = "suspended"
WITHDRAWN = "withdrawn"
UNDER_CHALLENGE = "under_challenge" # Art.33(9) active
class SuspensionAuthority(Enum):
NATIONAL = "national_designating_authority"
COMMISSION = "commission_art36_2"
COMMISSION_CHALLENGE = "commission_art33_9_art36_3"
@dataclass
class DesignationSuspensionRecord:
notified_body_id: str
nando_number: str
member_state: str
designation_scope: list[str] # Annex III categories
current_status: DesignationStatus
suspension_authority: Optional[SuspensionAuthority] = None
suspension_date: Optional[date] = None
suspension_reason: Optional[str] = None
restriction_scope: Optional[list[str]] = None # for RESTRICTED status
reinstatement_deadline: Optional[date] = None
nando_last_checked: Optional[datetime] = None
certificates_issued: list[str] = field(default_factory=list) # cert IDs
def is_operative(self) -> bool:
"""Body can still conduct new assessments."""
return self.current_status == DesignationStatus.ACTIVE
def is_operative_for_category(self, annex_iii_category: str) -> bool:
"""Body is operative for a specific Annex III category."""
if not self.is_operative():
return False
if self.current_status == DesignationStatus.RESTRICTED:
return annex_iii_category not in (self.restriction_scope or [])
return annex_iii_category in self.designation_scope
def requires_provider_action(self) -> bool:
"""Returns True if providers with certificates from this body must act."""
return self.current_status in {
DesignationStatus.SUSPENDED,
DesignationStatus.WITHDRAWN,
DesignationStatus.UNDER_CHALLENGE
}
def days_since_suspension(self) -> Optional[int]:
"""Days elapsed since suspension for timeline tracking."""
if self.suspension_date is None:
return None
return (date.today() - self.suspension_date).days
def suspension_risk_level(self) -> str:
"""Risk classification for providers holding certificates from this body."""
if self.current_status == DesignationStatus.ACTIVE:
return "low"
if self.current_status == DesignationStatus.UNDER_CHALLENGE:
return "medium" # challenge may not escalate
if self.current_status == DesignationStatus.RESTRICTED:
return "medium" # depends on restriction scope vs provider's category
if self.current_status == DesignationStatus.SUSPENDED:
return "high" # certificates under review
return "critical" # WITHDRAWN — active transfer obligation
def to_monitoring_record(self) -> dict:
return {
"nando_number": self.nando_number,
"member_state": self.member_state,
"status": self.current_status.value,
"risk_level": self.suspension_risk_level(),
"certificates_affected": len(self.certificates_issued),
"suspension_authority": self.suspension_authority.value if self.suspension_authority else None,
"days_elapsed": self.days_since_suspension(),
"requires_action": self.requires_provider_action(),
}
CertificateImpactAssessor
Evaluates the impact of a notified body suspension on outstanding conformity certificates:
from dataclasses import dataclass
from datetime import date, timedelta
from typing import Optional
from enum import Enum
class CertificateStatus(Enum):
VALID = "valid"
UNDER_REVIEW = "under_review"
SUSPENDED = "suspended"
REQUIRES_TRANSFER = "requires_transfer"
INVALID = "invalid"
class AssessmentPhase(Enum):
NOT_STARTED = "not_started"
DOCUMENTARY_REVIEW = "documentary_review"
ON_SITE_ASSESSMENT = "on_site_assessment"
CERTIFICATE_DRAFTING = "certificate_drafting"
SURVEILLANCE = "surveillance"
RENEWAL = "renewal"
@dataclass
class ConformityCertificate:
cert_id: str
issuing_body_nando: str
annex_iii_category: str
issue_date: date
expiry_date: date
current_phase: AssessmentPhase
system_slug: str # provider's AI system identifier
@dataclass
class CertificateImpactAssessor:
suspension_record: DesignationSuspensionRecord
certificates: list[ConformityCertificate]
def assess_certificate_impact(self, cert: ConformityCertificate) -> dict:
"""Determine the impact of the body's suspension on a specific certificate."""
if cert.issuing_body_nando != self.suspension_record.nando_number:
return {"impacted": False, "reason": "different_notified_body"}
impact = {
"cert_id": cert.cert_id,
"impacted": True,
"suspension_status": self.suspension_record.current_status.value,
"assessment_phase": cert.current_phase.value,
"recommended_action": None,
"urgency": None,
"certificate_validity": None,
}
if self.suspension_record.current_status == DesignationStatus.WITHDRAWN:
impact["certificate_validity"] = CertificateStatus.REQUIRES_TRANSFER.value
impact["urgency"] = "immediate"
impact["recommended_action"] = (
"Certificate issuing body designation withdrawn. "
"Contact national authority for certificate status determination. "
"Identify replacement notified body. Preserve all Annex IV documentation."
)
elif self.suspension_record.current_status == DesignationStatus.SUSPENDED:
if cert.current_phase == AssessmentPhase.SURVEILLANCE:
impact["certificate_validity"] = CertificateStatus.UNDER_REVIEW.value
impact["urgency"] = "high"
impact["recommended_action"] = (
"Surveillance obligations suspended. Contact national authority "
"within 30 days to arrange transfer of surveillance to replacement body."
)
elif cert.current_phase in {AssessmentPhase.DOCUMENTARY_REVIEW,
AssessmentPhase.ON_SITE_ASSESSMENT,
AssessmentPhase.CERTIFICATE_DRAFTING}:
impact["certificate_validity"] = CertificateStatus.SUSPENDED.value
impact["urgency"] = "high"
impact["recommended_action"] = (
"Active assessment suspended. Request documentation transfer package "
"from suspended body. Identify replacement body urgently."
)
elif cert.current_phase == AssessmentPhase.RENEWAL:
impact["certificate_validity"] = CertificateStatus.REQUIRES_TRANSFER.value
impact["urgency"] = "high"
impact["recommended_action"] = (
"Certificate renewal cannot proceed with suspended body. "
"Transfer renewal to replacement notified body immediately."
)
else:
# Valid certificate, no active surveillance phase
impact["certificate_validity"] = CertificateStatus.VALID.value
impact["urgency"] = "medium"
impact["recommended_action"] = (
"Certificate issued before suspension remains valid. "
"Monitor NANDO for reinstatement or withdrawal. "
"Prepare transfer plan if suspension converts to withdrawal."
)
elif self.suspension_record.current_status == DesignationStatus.RESTRICTED:
in_scope = self.suspension_record.is_operative_for_category(cert.annex_iii_category)
if not in_scope:
impact["certificate_validity"] = CertificateStatus.UNDER_REVIEW.value
impact["urgency"] = "medium"
impact["recommended_action"] = (
f"Body designation restricted for Annex III category {cert.annex_iii_category}. "
"Verify whether restriction affects certificate validity with national authority."
)
else:
impact["impacted"] = False
impact["reason"] = "restriction_scope_excludes_this_category"
return impact
def full_impact_report(self) -> list[dict]:
"""Generate impact assessment for all certificates."""
return [self.assess_certificate_impact(c) for c in self.certificates]
def count_by_urgency(self) -> dict:
"""Summarise certificate impacts by urgency level."""
report = self.full_impact_report()
return {
"immediate": sum(1 for r in report if r.get("urgency") == "immediate"),
"high": sum(1 for r in report if r.get("urgency") == "high"),
"medium": sum(1 for r in report if r.get("urgency") == "medium"),
"not_impacted": sum(1 for r in report if not r.get("impacted")),
}
ProviderContinuityPlanner
Generates a structured continuity plan for providers affected by notified body suspension:
from dataclasses import dataclass, field
from datetime import date, timedelta
from typing import Optional
@dataclass
class ReplacementBodyCandidate:
nando_number: str
member_state: str
designation_scope: list[str]
average_assessment_duration_weeks: int
accepts_documentation_transfer: bool
eu_only_infrastructure: bool # CLOUD Act risk mitigation
@dataclass
class ProviderContinuityPlanner:
suspension_record: DesignationSuspensionRecord
affected_certs: list[dict] # from CertificateImpactAssessor.full_impact_report()
system_market_placement_date: Optional[date] = None
replacement_candidates: list[ReplacementBodyCandidate] = field(default_factory=list)
def generate_continuity_plan(self) -> dict:
"""Generate a structured continuity plan for the affected provider."""
immediate_actions = []
short_term_actions = []
documentation_requirements = []
# Step 1: Immediate notification obligations
immediate_actions.append(
"Notify internal compliance team and legal counsel of notified body suspension."
)
immediate_actions.append(
"Document NANDO status of suspended body with timestamp and screenshot."
)
immediate_actions.append(
"Contact suspended notified body to request: (1) status of all outstanding "
"assessment work, (2) documentation transfer package for mid-assessment systems, "
"(3) confirmation of certificate status for issued certificates."
)
# Step 2: Assess which certs have active surveillance obligations
high_urgency = [c for c in self.affected_certs if c.get("urgency") in {"immediate", "high"}]
if high_urgency:
immediate_actions.append(
f"{len(high_urgency)} certificate(s) require urgent action. "
"Contact national competent authority within 5 business days to report "
"suspension impact and request guidance on certificate continuity."
)
# Step 3: Replacement body identification
if self.replacement_candidates:
preferred = [c for c in self.replacement_candidates
if c.eu_only_infrastructure and c.accepts_documentation_transfer]
if preferred:
short_term_actions.append(
f"Preferred replacement body candidates (EU-only infrastructure, "
f"accepts transfer): {', '.join(c.nando_number for c in preferred)}. "
"Initiate contact within 10 business days."
)
# Step 4: Documentation requirements
documentation_requirements.extend([
"Preserve complete Annex IV technical documentation package (current version).",
"Preserve all correspondence with suspended notified body (applications, assessment queries, draft reports).",
"Preserve issued certificates with issuing body NANDO status at time of issuance.",
"Prepare documentation transfer package: Annex IV package + assessment history + prior review findings.",
"Update internal QMS contingency section with suspension event timeline.",
])
# Step 5: Timeline
timeline = self._generate_timeline()
return {
"suspension_status": self.suspension_record.current_status.value,
"suspended_body": self.suspension_record.nando_number,
"certificates_affected": len(self.affected_certs),
"immediate_actions": immediate_actions,
"short_term_actions": short_term_actions,
"documentation_requirements": documentation_requirements,
"timeline": timeline,
"cloud_act_mitigation": (
"Ensure replacement notified body operates on EU-only infrastructure. "
"Contractually require that Annex IV documentation submitted for "
"reassessment is stored exclusively on EU-jurisdiction servers."
),
}
def _generate_timeline(self) -> list[dict]:
today = date.today()
return [
{"day": 0, "action": "Suspension identified — document NANDO status"},
{"day": 5, "action": "Internal notification complete — compliance team briefed"},
{"day": 10, "action": "Suspended body contacted — documentation transfer requested"},
{"day": 15, "action": "National competent authority notified of impact"},
{"day": 30, "action": "Replacement notified body identified and application submitted"},
{"day": 60, "action": "Documentation transfer to replacement body complete"},
{"day": 90, "action": "Replacement body documentary review commenced"},
{"day": 180, "action": "Replacement body assessment complete (typical duration)"},
]
def preferred_replacement_bodies(self) -> list[ReplacementBodyCandidate]:
"""Return replacement body candidates ranked by preference."""
return sorted(
self.replacement_candidates,
key=lambda c: (
not c.eu_only_infrastructure, # EU-only infra preferred
not c.accepts_documentation_transfer, # transfer acceptance preferred
c.average_assessment_duration_weeks, # shorter duration preferred
)
)
40-Item Art.36 Compliance Checklist
Monitoring and Detection (Items 1–10)
- Implement quarterly NANDO queries to check designation status of all notified bodies holding provider certificates.
- Subscribe to NANDO change notifications or EAIB communications for bodies in your assessment scope.
- Maintain an internal registry mapping each notified body NANDO number to certificates issued and Annex III categories covered.
- Track Art.33(9) Commission challenges — monitor Commission AI Office communications and enforcement decisions.
- Record the designation status of the issuing notified body at the date of each certificate issuance.
- Alert on NANDO status changes within 24 hours of detection — do not rely on monthly batch checks.
- Verify that the notified body's designation scope covers your system's specific Annex III category at the time of application.
- Check whether the notified body is subject to any restriction in your Annex III category before submitting new applications.
- Maintain contact details for the national designating authority of each notified body you engage.
- Document the notified body's infrastructure provider to assess CLOUD Act jurisdiction risk for assessment records.
Certificate Management (Items 11–20)
- Identify all outstanding conformity certificates and their assessment phase at any point in time.
- Categorise certificates by suspension impact: valid (no action), under review, requires transfer, mid-assessment.
- Confirm with each suspended body whether existing certificates remain valid and under what conditions.
- For mid-assessment procedures, request documentation transfer package within 10 days of suspension discovery.
- Identify replacement notified bodies with designation scope covering your Annex III category before suspension events occur.
- Prioritise replacement bodies that operate on EU-only infrastructure for CLOUD Act risk mitigation.
- Confirm whether replacement body accepts prior assessment evidence to reduce rework in transfer scenarios.
- Document all certificate transfer actions in the Art.17 QMS incident log.
- Notify market surveillance authority proactively if a certificate is impaired by body suspension — do not wait for authority contact.
- Update the Art.48 Declaration of Conformity registry to reflect certificate transfer where applicable.
QMS Integration (Items 21–30)
- Include notified body suspension as a named risk in the Art.17 QMS risk register.
- Define a notified body failure contingency procedure in the QMS — steps, timeline, responsibilities.
- Assign a named QMS owner for notified body monitoring and suspension response.
- Test the contingency procedure annually — identify gaps before a real suspension event occurs.
- Include NANDO monitoring in the QMS management review agenda.
- Document the documentation transfer package contents in the QMS — what to preserve and in what format for replacement body handover.
- Integrate the continuity planner timeline into the QMS corrective action procedure.
- Record all notified body communications in the QMS document control system.
- Include notified body suspension in the Art.30 PMM post-market monitoring scope — surveillance gaps are a post-market risk.
- Reference the notified body suspension contingency in the Art.9 risk management system documentation.
CLOUD Act and Infrastructure (Items 31–35)
- Identify the infrastructure provider of each notified body used — EU-only or mixed jurisdiction.
- Contractually require that Annex IV technical documentation submitted for assessment is stored on EU-jurisdiction servers only.
- In replacement body selection, weight EU-only infrastructure as a selection criterion alongside competence and duration.
- Assess whether suspended body's assessment records — including provider's Annex IV submissions — are on US-jurisdiction cloud.
- Document the jurisdiction of suspended body's record-keeping for disclosure to national authority if requested.
Art.36(1)/(2)/(3) Specific (Items 36–40)
- Distinguish between Art.36(1) national suspension and Art.36(2) Commission suspension — Commission suspensions may be faster and less predictable.
- Monitor for Art.33(9) Commission challenges to notified body designations — these often precede Art.36(3) action.
- After national authority suspension, check whether Commission has also issued Art.36(2) action — dual suspension can affect timeline for reinstatement.
- If suspension is a restriction (not full suspension), verify exactly which Annex III categories are restricted before assuming full operational continuity.
- For withdrawal (not just suspension), treat all outstanding certificates as requiring national authority confirmation of validity — presumptive validity is strongest for suspension, not withdrawal.
See Also
- EU AI Act Art.33 Obligations for Notified Bodies: Developer Guide (2026)
- EU AI Act Art.34 Procedural Obligations of Notified Bodies: Developer Guide (2026)
- EU AI Act Art.35 Notified Bodies Coordination Group: Developer Guide (2026)
- EU AI Act Art.31 Conformity Assessment Procedure: Developer Guide (2026)
- EU AI Act Art.32 EU Database of High-Risk AI Systems: Developer Guide (2026)