EU AI Act Conformity Assessment 2026: Notified Bodies, Testing Labs & Certification for SaaS
Post #4 in the sota.io EU AI Enforcement Tools 2026 Series
EU AI Act enforcement is no longer theoretical. With the August 2, 2026 deadline approaching for prohibited practices and GPAI transparency obligations, and August 2, 2027 for high-risk AI systems, SaaS providers integrating AI must now understand exactly how conformity assessment works — and which route applies to them.
Conformity assessment under the EU AI Act (Articles 40–49) determines whether a high-risk AI system meets the Act's requirements before it can be placed on the EU market. For most SaaS developers, this means one of three paths: self-assessment (internal technical documentation), third-party audit via a notified body, or for GPAI models, evaluation by the EU AI Office. Getting this wrong means delays, fines of up to €30 million or 6% annual turnover, and potential market access bans.
This guide breaks down every element of the conformity assessment landscape — who the notified bodies are, what testing labs do, which harmonized standards apply, and how to build a compliance stack that satisfies EU auditors.
Why Conformity Assessment Matters for SaaS in 2026
Most SaaS providers initially assume they're not covered. That assumption is increasingly wrong. If your SaaS product:
- Uses AI for recruitment or HR decisions (CV screening, performance ranking)
- Powers credit scoring, insurance pricing, or loan decisions
- Processes biometric data for authentication or access control
- Assists in medical diagnosis, triage, or treatment planning
- Supports critical infrastructure management (energy, water, transport)
- Provides AI-assisted education assessment or admission decisions
- Enables law enforcement data analysis or predictive policing
…then your AI components are classified as high-risk under Annex III, and conformity assessment is mandatory before August 2, 2027.
For GPAI models (GPT-4-class systems you deploy or fine-tune), the August 2, 2025 GPAI rules already apply — and the EU AI Office has begun monitoring compliance.
The Stakes: What Non-Compliance Looks Like
| Violation | Maximum Fine |
|---|---|
| Prohibited AI practice | €35M or 7% global turnover |
| High-risk system non-compliance | €15M or 3% global turnover |
| Incorrect information to authorities | €7.5M or 1% global turnover |
| GPAI obligation breach | €15M or 3% global turnover |
For a €20M ARR SaaS company, a 3% fine is €600,000. The cost of conformity assessment (€15,000–€80,000 for a typical SaaS audit) is insignificant by comparison.
Article 40–49 Framework: The Legal Architecture
Article 40: Harmonized Standards
The primary conformity route for high-risk AI systems runs through harmonized European standards developed by:
- CEN (European Committee for Standardization)
- CENELEC (European Committee for Electrotechnical Standardization)
- ETSI (European Telecommunications Standards Institute)
The Commission issued standardization request M/570 in May 2023, tasking these bodies with developing AI standards. Key deliverables expected by Q3 2026:
| Standard | Scope | Status |
|---|---|---|
| CEN/CLC JTC 21 WI 005 | AI trustworthiness — general requirements | Draft |
| CEN/CLC JTC 21 WI 008 | Testing harmonized AI systems | Draft |
| CEN/CLC JTC 21 WI 012 | Bias detection and mitigation | In development |
| CEN/CLC JTC 21 WI 015 | Human oversight of AI systems | In development |
| ISO/IEC 42001:2023 | AI management systems | Published — referenced |
| ISO/IEC 42005:2025 | AI impact assessment | Published May 2025 |
| ISO/IEC 25059:2023 | Quality model for AI systems | Published |
Key insight: Until EU-specific harmonized standards are published in the Official Journal, AI developers can use international standards (ISO/IEC 42001, ISO/IEC 25010, IEC 62304 for medical AI) to demonstrate conformity. Notified bodies will accept these as the de facto reference.
Article 41: Common Specifications
When harmonized standards are absent or insufficient, the Commission can issue Common Specifications (CS) — essentially binding technical requirements published as Regulations. The EU AI Office published its first CS draft for general-purpose AI models in Q1 2026, focusing on:
- Model evaluation methodology
- Red-teaming requirements
- Capability thresholds for systemic risk classification
- Documentation and transparency obligations
For SaaS using GPAI via API (OpenAI, Anthropic, Google), the CS obligations fall primarily on the model provider. However, if you fine-tune or deploy weights locally, you become a GPAI provider subject to CS obligations.
Article 43: Conformity Assessment Procedures
This is the core article. It specifies which assessment procedure applies based on AI system type:
High-Risk AI (Annex III, excluding biometrics/critical infra)
├── AI system uses harmonized standards → SELF-ASSESSMENT (Annex VI)
├── No harmonized standards → THIRD-PARTY notified body (Annex VII)
└── Biometrics / critical infrastructure → ALWAYS third-party
GPAI Models
├── Systemic risk threshold crossed → EU AI Office evaluation
└── Below threshold → Code of practice + self-declaration
General AI systems (non-high-risk)
└── No conformity assessment required (only general obligations)
Critical nuance for SaaS developers: The self-assessment pathway (Annex VI) is available only when harmonized standards exist and are fully applied. Since most standards are still in draft, many developers who planned to self-certify will now need a notified body until 2027.
Article 44: Certificates of Conformity
When a notified body conducts an audit, they issue a Certificate of Conformity valid for a maximum of 4 years, subject to annual surveillance. The certificate must specify:
- The AI system and version
- The harmonized standards applied
- The conformity assessment module used (Module B, D, E, or H)
- Validity period and renewal conditions
If your AI system undergoes substantial modification (new training data, new capabilities, changed intended purpose), you must reapply for assessment — a point that catches many SaaS companies with rapid release cycles off-guard.
Article 46: Notified Body Selection
Notified bodies must be designated by member state competent authorities and notified to the Commission via NANDO (New Approach Notified and Designated Organisations). The designation process:
- Applicant submits to national authority (e.g., BSI in Germany, COFRAC in France)
- National authority assesses against Annex XI requirements (independence, competence, impartiality)
- Commission notified — 2-week objection window
- NANDO entry — publicly searchable
As of May 2026, only a handful of bodies have received full AI Act notification. The shortage is a known market bottleneck — plan for 6–18 month lead times.
Notified Bodies: Who They Are and How to Choose
Currently Designated EU AI Act Notified Bodies (May 2026)
| Body | Country | Scope | Specialization |
|---|---|---|---|
| TÜV SÜD | Germany | Broad Annex III | Automotive AI, industrial, medical |
| TÜV Rheinland | Germany | Broad Annex III | Functional safety, IEC 61508 linkage |
| TÜV NORD | Germany | Broad Annex III | Energy, railway, critical infrastructure |
| Bureau Veritas | France | Partial Annex III | HR AI, employment decisions |
| BSI Group | UK/Germany | Consulting only* | Technical documentation review |
| SGS | Switzerland/Belgium | Partial | Product compliance, IoT AI |
| DEKRA | Germany | Applying | Automotive, transport AI |
| DNV | Norway | Applying | Maritime, energy sector AI |
*BSI Group can conduct gap assessments but does not yet hold formal notification status for CE marking issuance.
How to evaluate a notified body for your SaaS:
- Check NANDO: Verify the body is formally notified for AI (Code 9900 in NANDO — provisional AI Act code). Bodies without this code cannot issue legally valid certificates.
- Ask for AI-specific accreditation: Bodies should hold accreditation from their national body (DAkkS in Germany, COFRAC in France) under EN ISO/IEC 17065.
- Review auditor CVs: The audit team should have AI/ML expertise, not just traditional product safety backgrounds. Ask for team credentials before signing.
- Understand the module: EU AI Act uses "Module B" (EC type-examination) plus Module D or E for QMS surveillance. Ensure the body is notified for all modules your pathway requires.
- Get a fixed-price quote: Costs vary enormously. Typical ranges:
- Documentation review only: €8,000–€20,000
- Full conformity assessment (audit + certificate): €25,000–€80,000
- Annual surveillance: €5,000–€15,000/year
Pre-Assessment Services
Several consultancies now offer "pre-assessment" services to prepare documentation before formal audit:
- Deloitte AI Compliance Practice — strong in financial sector AI
- PwC Responsible AI — broad SaaS coverage
- Fraunhofer IAIS (St. Augustin) — academic rigor, often cheaper for startups
- IMEC (Belgium) — strong in medical and biotech AI
- AI Auditing Platform (startup) — automated documentation generation
Pre-assessment is typically not legally required but dramatically reduces notified body audit time (and therefore cost). Most TÜV bodies now offer pre-assessment as a bundled service.
EU AI Testing Infrastructure: Article 74 Labs
Article 74 requires member states to designate EU AI Testing Infrastructure — publicly accessible testing facilities where SMEs and startups can test AI systems before market entry.
National AI Testing Labs (May 2026)
| Country | Lab | Capabilities | Access |
|---|---|---|---|
| Germany | ZITI (Zentrum für IT-Sicherheit in KI) | Adversarial robustness, bias testing, explainability | SME free tier |
| France | INRIA AI Testing Lab | NLP bias, computer vision fairness | EU-funded access |
| Spain | AESIA Testing Lab | Full Annex III pre-testing, sandbox link | AESIA registration required |
| Netherlands | TNO AI Validation Facility | Risk analysis, uncertainty quantification | Fee-for-service + SME grants |
| Finland | CSC (IT Center for Science) | Large-scale compute + bias testing | Nordic SME grant access |
| Sweden | RISE Research Institute | Explainability, robustness testing | Nordic cooperation framework |
| Belgium | imec.iMinds AI Lab | Edge AI, hardware testing | EU CLAIRE network |
What Testing Labs Actually Test
Testing labs evaluate AI systems across seven dimensions mandated by Annex IV technical documentation:
1. Accuracy and Performance
- Test dataset requirements (representative, demographically balanced)
- Performance metrics across subgroups (disaggregated accuracy)
- Benchmark comparison against baseline models
- Tools: MLflow, Weights & Biases, Evidently AI
2. Robustness
- Adversarial attack resistance (FGSM, PGD, C&W)
- Distribution shift testing (covariate shift, concept drift)
- Edge case handling
- Tools: IBM Adversarial Robustness Toolbox (ART), CleverHans
3. Bias and Fairness
- Demographic parity, equalized odds, counterfactual fairness
- Protected attribute analysis (gender, ethnicity, age, disability)
- Intersectional bias testing
- Tools: AI Fairness 360 (IBM), Fairlearn (Microsoft), What-If Tool (Google)
4. Explainability
- Post-hoc explanation methods (SHAP, LIME, Integrated Gradients)
- Counterfactual explanation generation
- Human comprehensibility assessment
- Tools: SHAP, LIME, Alibi Explain, InterpretML
5. Data Governance
- Training data provenance documentation
- Data quality metrics (completeness, consistency, accuracy)
- GDPR Art. 25 data minimization compliance
- Tools: Great Expectations, Apache Atlas, Datahub
6. Human Oversight
- Override mechanism testing
- Alert and escalation pathway validation
- Human decision audit trail
- Tools: Custom audit logging, Audit Log Viewer integrations
7. Cybersecurity
- Model extraction resistance
- Membership inference attack testing
- Model inversion attack evaluation
- Tools: ML Privacy Meter, SecML
CE Marking for AI Systems
Unlike physical products, CE marking for AI systems is a documentation-backed declaration, not a physical label on hardware. The CE marking process for high-risk AI:
Step 1: Technical Documentation (Article 11 + Annex IV)
Annex IV requires a comprehensive technical file covering:
Technical Documentation Checklist (Annex IV)
├── General description
│ ├── Intended purpose and use cases
│ ├── Interaction with hardware/software
│ ├── Version history and planned updates
│ └── AI system components diagram
├── Detailed description
│ ├── Development methods (training, validation, testing)
│ ├── Training data characteristics
│ ├── Data governance procedures
│ └── Human oversight design
├── Monitoring, functioning and control
│ ├── Logging capabilities
│ ├── Accuracy/performance metrics
│ ├── Robustness and resilience measures
│ └── Bias mitigation measures
├── Risk management documentation (Article 9)
│ ├── Known and foreseeable risks
│ ├── Risk mitigation measures
│ └── Residual risk assessment
└── Post-market monitoring plan (Article 61)
├── Feedback collection mechanism
├── Serious incident reporting procedure
└── Corrective action process
Practical estimate: A thorough Annex IV technical file for a typical SaaS AI feature takes 80–200 person-hours to prepare. Budget accordingly.
Step 2: Quality Management System (Article 17)
High-risk AI providers must implement a QMS covering:
- Design and development procedures
- Post-development AI system monitoring
- Incident management and reporting
- Supplier management (AI API dependencies)
- Record-keeping (10-year minimum)
ISO 42001:2023 (AI Management Systems) is the de facto standard for AI Act QMS compliance. Certification costs €5,000–€25,000 depending on organization size.
Step 3: Registration in EU Database (Article 71)
Before placing a high-risk AI system on the market, providers must register in the EU AI Act Database maintained by the EU AI Office. Required fields:
- Provider identity and contact
- AI system description and intended purpose
- Annex III category reference
- Conformity assessment procedure used
- Notified body identifier (if applicable)
- CE marking declaration
The database became operational Q1 2026. Access: ai-act-database.ec.europa.eu (requires EU Login account).
Step 4: Declaration of Conformity (Article 47)
A signed Declaration of Conformity must state:
- AI system identification
- That the system meets AI Act requirements
- Applicable harmonized standards used
- Notified body certificate number (if applicable)
- Date and authorized signatory
This document must be kept for 10 years after market placement and made available to authorities on request within 48 hours (72 hours for SMEs).
Step 5: Affix CE Marking
For software-only AI systems, CE marking appears:
- In the user documentation
- In the EU database registration
- In the Declaration of Conformity
- On the product's digital interface (login screen, about page, API documentation)
Self-Assessment Route: When It's Available
For SaaS developers who want to avoid notified body costs, self-assessment (Annex VI — Module A) is available when all of the following are true:
- Your AI system is classified as high-risk under Annex III, categories excluding biometric identification and law enforcement
- Harmonized standards fully covering your system's requirements have been published in the Official Journal
- Your system fully conforms to those harmonized standards
- You have implemented a QMS per Article 17
Current reality (May 2026): Most harmonized standards are still in draft. The practical availability of self-assessment for most SaaS AI is 2027 at earliest. Until then, plan for notified body involvement or document conformity against ISO/IEC 42001 + available international standards.
Exception: AI systems in the employment and workforce management category (Annex III, point 4) that exclusively use well-documented statistical methods (regression scoring, rule-based ranking) with full human oversight may be eligible for early self-assessment. Consult a notified body for a preliminary opinion.
GPAI Model Conformity: EU AI Office Evaluation
For General-Purpose AI Models with systemic risk (Article 51 threshold: cumulative training compute > 10^25 FLOPs), the conformity pathway runs through the EU AI Office, not national notified bodies.
Systemic Risk GPAI Obligations
| Obligation | Deadline | What It Means |
|---|---|---|
| Model evaluation (Art. 55(1)(a)) | Ongoing | Pre-market adversarial testing, red-teaming |
| Incident reporting (Art. 55(1)(b)) | Ongoing | Serious incidents to EU AI Office within 2 days |
| Cybersecurity protection (Art. 55(1)(c)) | Ongoing | Model weights, training infra security |
| Energy efficiency reporting (Art. 55(1)(d)) | Ongoing | Compute and energy consumption disclosure |
| Code of Practice adherence | From Feb 2025 | Self-binding through GPAI CoP |
For SaaS developers using GPAI APIs (rather than deploying models), the burden shifts to the model provider. Your obligation is to:
- Document your GPAI API usage in system risk management documentation
- Ensure your intended use falls within the model provider's terms and permitted use
- Not use a GPAI API for prohibited practices or high-risk applications without your own assessment layer
GPAI Code of Practice (CoP)
The EU AI Office published the GPAI Code of Practice v3 in April 2026. Key provisions affecting SaaS developers:
Transparency obligations (Article 53):
- Provide technical documentation to EU AI Office on request
- Publish summaries of training data (copyrighted content used)
- Implement AI content labeling for generated text, images, audio
Copyright compliance:
- Implement opt-out mechanism for rights holders (Article 53(1)(c))
- Maintain database of opted-out content
- European News Publishers Association (ENPA) has already submitted mass opt-out lists
For GPAI-integrated SaaS: If you use models like GPT-4, Claude, or Gemini within your SaaS and you generate content displayed to EU users, you need watermarking compliance by August 2, 2026 — this is your obligation, not just the model provider's.
Conformity Assessment Software Tools
The conformity assessment market has spawned a new category of compliance software. Key tools evaluated for EU AI Act fit:
Documentation and Risk Management
| Tool | Vendor | Strength | EU AI Act Fit |
|---|---|---|---|
| Credo AI | US | AI governance platform, risk scoring | High — Annex IV template library |
| IBM OpenPages | IBM | GRC integration, audit trails | High — enterprise QMS integration |
| Evident.io | US | Risk assessment automation | Medium — US compliance focus |
| Trustpilot for AI | Custom/consultancy | N/A | N/A |
| Qualys AI Risk | Qualys | Vulnerability + AI risk combined | Medium |
| ZenGRC | US | GRC workflow | Medium — not AI-specific |
| DataGuard | Germany | Privacy + AI compliance | High — GDPR+AI Act bundle, EU-hosted |
| SAIDOT | Finland | AI governance, EU AI Act native | Highest — designed for EU AI Act |
| Merantix Momentum | Germany | ML development + compliance | High — EU-native startup |
Recommended stack for a typical SaaS startup:
Conformity Assessment Stack (SaaS startup, <250 employees)
├── Documentation: SAIDOT or Credo AI (Annex IV templates)
├── Testing/Bias: IBM AIF360 + Fairlearn (open source)
├── Explainability: SHAP + Alibi Explain (open source)
├── QMS: ISO 42001 gap assessment → DataGuard or internal
├── Notified Body: TÜV SÜD or TÜV Rheinland (pre-assessment first)
└── Legal: Fieldfisher or Bird & Bird AI team (EU-specialized)
Timeline for High-Risk SaaS AI
Given the complexity, here's a realistic 18-month conformity roadmap:
Month 1-2 (May–June 2026):
├── Inventory all AI features → classify against Annex III
├── Run preliminary risk assessment
└── Select notified body → request pre-assessment quote
Month 3-4 (July–August 2026):
├── Hire AI Act legal counsel (internal or external)
├── Begin Annex IV technical documentation
└── Implement QMS foundations (ISO 42001 gap assessment)
Month 5-8 (September–December 2026):
├── Technical documentation 80% complete
├── Run internal bias/fairness/robustness testing
├── Submit to testing lab for pre-certification testing
└── QMS implementation + internal audit
Month 9-12 (January–April 2027):
├── Submit to notified body for formal assessment
├── Address findings from notified body audit
├── Receive Certificate of Conformity (if clean)
└── Register in EU AI Act Database
Month 13-16 (May–August 2027):
├── Affix CE marking (August 2, 2027 deadline)
├── Implement post-market monitoring plan
└── Annual surveillance schedule established
What Market Surveillance Authorities Actually Check
When the German BNetzA, French DINUM AI Compliance Unit, or Dutch ACM opens a conformity assessment investigation, they typically request:
- CE marking declaration — present within 2 hours
- Technical documentation (Annex IV) — present within 48 hours
- QMS records — 3-year audit trail
- Testing results — bias/fairness/robustness reports
- Incident log — post-market monitoring data
- Training data records — provenance and governance documentation
- Human oversight documentation — evidence oversight mechanisms function
They do not immediately demand access to model weights or training data itself — that level of intrusion requires a formal investigation, not routine market surveillance. But they can escalate quickly if documentation is missing.
What triggers an investigation:
- Consumer complaint filed with national authority
- Serious incident reported in media or by a user
- Random selection during sector-specific sweeps (employment AI is a focus sector in 2026)
- Referral from another authority (cross-border cases)
Practical SaaS Compliance Checklist
Immediate Actions (Before August 2026)
- Complete Annex III classification for all AI features
- Identify GPAI components requiring watermarking compliance
- Sign GPAI Code of Practice adherence (or rely on your API provider's)
- Implement AI content labeling for any generated content (Art. 50)
- Begin technical documentation for highest-risk features
Before Deploying New High-Risk AI Features
- Perform bias/fairness testing against protected characteristics
- Document training data provenance and quality metrics
- Implement human oversight mechanism with logged override capability
- Write risk assessment per Article 9
- Validate against applicable ISO/IEC standards
Before August 2027 (High-Risk Deadline)
- Complete notified body conformity assessment OR document full self-assessment pathway
- Register in EU AI Act Database
- Affix CE marking in documentation and UI
- Implement post-market monitoring plan with incident reporting
- Train customer-facing teams on AI Act obligations
EU-Hosted Conformity Tools: The Sovereignty Dimension
One underappreciated aspect of EU AI Act conformity assessment: your testing and documentation data is highly sensitive. Annex IV technical documentation includes:
- Training data descriptions (competitive intelligence)
- Model architecture details (trade secrets)
- Bias testing results (legal liability implications)
- Failure mode documentation (security vulnerability data)
This documentation should never transit US cloud infrastructure. US-based platforms (even those with EU regions) are subject to CLOUD Act orders that can compel disclosure to US authorities without EU legal process.
Recommendation: Host conformity documentation on EU-sovereign infrastructure:
- SAIDOT (Finland, EU-hosted)
- DataGuard (Germany, AWS Frankfurt + local option)
- On-premises at notified body's facilities
- sota.io deployment (EU worker-01, 91.98.33.185, Hetzner Frankfurt)
For SaaS platforms themselves, hosting the AI system on EU infrastructure reduces conformity assessment complexity: GDPR compliance is simpler, data governance documentation is cleaner, and regulators have less jurisdictional ambiguity to resolve.
Key Takeaways for SaaS Developers
1. Don't wait for harmonized standards. Self-assessment requires them. Most SaaS companies need a notified body now — start the engagement in Q2 2026, not Q4 2026.
2. Testing labs are free or low-cost for SMEs. Use AESIA (Spain), INRIA (France), or ZITI (Germany) before paying a notified body. Pre-tested documentation dramatically reduces audit costs.
3. GPAI watermarking is your problem, not OpenAI's. If you display AI-generated content to EU users, implement watermarking or labeling by August 2, 2026.
4. Technical documentation takes 3–6 months. Starting in June 2026 for an August 2027 deadline is risky. The conformity assessment queue at TÜV SÜD and TÜV Rheinland is already building.
5. EU-hosted infrastructure simplifies everything. Conformity assessment documentation is sensitive and should live on EU-sovereign infrastructure. This is the strongest argument for migrating AI workloads to European hosting before compliance deadlines.
Related Posts
- EU AI Act Regulatory Sandbox 2026: How SaaS Startups Apply & What You Get
- EU AI Act National Competent Authorities: Country-by-Country Enforcement Map 2026
- EU AI Office 2026: What SaaS Developers Must Know About Market Surveillance
- CRA Notified Bodies Developer Guide: Conformity Assessment 2026
EU-Native Hosting
Ready to move to EU-sovereign infrastructure?
sota.io is a German-hosted PaaS — no CLOUD Act exposure, no US jurisdiction, full GDPR compliance by design. Deploy your first app in minutes.