--- title: "EU AI Act conformity assessment and notified bodies for high-risk AI" canonical_url: "https://www.sorena.io/artifacts/eu/artificial-intelligence-act/conformity-assessment-and-notified-bodies" source_url: "https://www.sorena.io/artifacts/eu/artificial-intelligence-act/conformity-assessment-and-notified-bodies" author: "Sorena AI" description: "Grounded guide to EU AI Act high-risk AI conformity assessment routes, provider evidence, EU declaration of conformity, CE marking, and notified body involvement." published_at: "2026-05-09" updated_at: "2026-05-17" keywords: - "EU AI Act" - "conformity assessment" - "notified bodies" - "high-risk AI" - "technical documentation" - "quality management system" - "EU declaration of conformity" - "CE marking" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # EU AI Act conformity assessment and notified bodies for high-risk AI Grounded guide to EU AI Act high-risk AI conformity assessment routes, provider evidence, EU declaration of conformity, CE marking, and notified body involvement. *Artifact Guide* *EU* ## EU AI Act Conformity Assessment and Notified Bodies Decide whether a high-risk AI system can use internal control, needs notified body involvement, or must follow a sectoral product-law assessment route. Use the page to line up provider obligations, technical documentation, quality management evidence, declaration, CE marking, registration, and notified body records before market release. EU AI Act conformity assessment is the pre-market proof step for high-risk AI systems. Providers must first classify the system, then choose the route in Article 43: internal control for most Annex III high-risk systems, notified body assessment for specified biometric systems when standards or common specifications do not fully cover the requirements, and the relevant sectoral conformity procedure for AI embedded in products covered by Annex I product legislation. ## Route selection starts with the high-risk basis Do not start with the question "Which auditor do we need?" Start with why the AI system is high-risk. Article 6 separates product-linked high-risk AI from Annex III use cases. That split controls the conformity route, the evidence package, and whether an existing product-law notified body may become part of the assessment. For product-linked systems under Article 6(1), the AI system is high-risk when it is a safety component, or is itself a product, covered by Annex I Union harmonisation legislation and that product is already subject to third-party conformity assessment under that legislation. For Annex III systems, Article 43 generally points to internal control, with a narrower notified body route for point 1 Annex III systems in the conditions listed in Article 43(1). - Record the high-risk legal basis: Article 6(1) product route or Article 6(2) Annex III route. - For Annex III, identify the exact Annex III point and whether Article 6(3) non-high-risk reasoning is being used; if so, document the assessment before market release and register under Article 49(2). - For Annex III point 1 systems, check whether harmonised standards or common specifications fully cover the relevant Section 2 requirements and whether they have been applied without restriction. - For Annex I product systems, integrate the AI Act Section 2 requirements into the product-law conformity assessment rather than running a disconnected AI-only exercise. Sources for this answer: - [Regulation (EU) 2024/1689 (EU AI Act)](https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202401689&ref=sorena.io) - Supports the Article 6 high-risk classification split and Article 43 route selection for internal control, notified body assessment, and Annex I product-law assessment. - [European Commission - AI Act regulatory framework](https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai?ref=sorena.io) - Provides official Commission context for the AI Act risk-based framework and high-risk obligations. ## What internal control actually has to prove Internal control is not a no-evidence shortcut. Annex VI requires the provider to verify that the quality management system complies with Article 17, examine the technical documentation against the high-risk requirements in Chapter III Section 2, and verify that the design, development process, and post-market monitoring match the technical documentation. The minimum evidence package should therefore connect the Section 2 requirements to system design and operating controls: risk management, data governance, technical documentation, logging, deployer information, human oversight, accuracy, robustness, and cybersecurity. A self-assessment that only stores a policy or vendor attestation does not answer Annex VI. - Keep an Article 17 quality management file covering regulatory strategy, design control, validation, data management, risk management, post-market monitoring, serious incident reporting, communications, record keeping, resources, and accountability. - Keep Article 11 and Annex IV technical documentation with intended purpose, versions, interfaces, architecture, datasets, validation and testing reports, human oversight measures, cybersecurity measures, standards or common specifications, declaration of conformity, and post-market monitoring plan. - Keep the internal-control conclusion as a traceable sign-off that names the applied standards or common specifications and explains any alternative technical solution. - Store provider logs where under provider control and align the log design with post-market monitoring and substantial-modification detection. Sources for this answer: - [Regulation (EU) 2024/1689 (EU AI Act)](https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202401689&ref=sorena.io) - Supports Article 11 technical documentation, Article 17 quality management, Article 18 retention, and Annex VI internal control evidence. ## When a notified body enters the assessment A notified body is required under Article 43(1) for high-risk AI systems listed in point 1 of Annex III when the provider cannot rely fully on the relevant harmonised standards or common specifications, including where no such standards or specifications exist, only part of a standard is applied, a common specification is not applied, or a standard is published with a restriction for the relevant part. For high-risk AI systems covered by Annex I product legislation, Article 43(3) sends the provider to the conformity assessment procedure required by that product law. Notified bodies notified under those product laws may control conformity with AI Act Section 2 requirements if their compliance with specified AI Act notified-body requirements has been assessed in the relevant notification procedure. - Prepare a notified-body application package with the provider details, covered AI systems, Article 17 quality management documentation, Annex IV technical documentation, and a declaration that the same application has not been lodged with another notified body. - Expect the notified body to examine the quality management system, examine technical documentation, request evidence or tests, and, where necessary and proportionate to its task, access training, validation, and testing datasets. - Treat model or system changes that could affect compliance or intended purpose as notified-body change events when a Union technical documentation assessment certificate has been issued. - Keep refusals, restrictions, suspensions, withdrawals, certificates, supplements, audit reports, and reasoned assessment decisions with the product release evidence. Sources for this answer: - [Regulation (EU) 2024/1689 (EU AI Act)](https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202401689&ref=sorena.io) - Supports Article 43 notified-body triggers and Annex VII assessment of the quality management system and technical documentation. - [AI Act Service Desk - Article 31 requirements relating to notified bodies](https://ai-act-service-desk.ec.europa.eu/en/ai-act/article-31?ref=sorena.io) - Supports the independence, competence, quality management, confidentiality, and cybersecurity expectations for notified bodies. ## Provider obligations around declaration, CE marking, and registration Article 16 makes the provider responsible for the complete pre-market chain: comply with Section 2 requirements, operate a quality management system, keep documentation, run the Article 43 conformity assessment before placement or putting into service, draw up the EU declaration of conformity, affix CE marking, and register where Article 49 applies. The EU declaration is not just a cover sheet. Article 47 and Annex V require a declaration for each high-risk AI system, issued under the provider's sole responsibility, identifying the system, the provider or authorised representative, applicable Union law, relevant standards or common specifications, and, where applicable, the notified body, procedure, and certificate. - Before release, confirm the EU declaration of conformity exists, is up to date, and can be provided to national competent authorities on request. - Affix CE marking visibly, legibly, and indelibly; for digital high-risk AI systems, use a digital CE marking only if it is easily accessible through the interface or another accessible electronic means. - Where a notified body was involved, include the notified body's identification number after the CE marking and in promotional material that refers to CE conformity. - Register providers and relevant high-risk AI systems in the EU database before placement on the market or putting into service where Article 49 requires registration. Sources for this answer: - [Regulation (EU) 2024/1689 (EU AI Act)](https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202401689&ref=sorena.io) - Supports Article 16 provider obligations, Article 47 EU declaration of conformity, Article 48 CE marking, Article 49 registration, and Annex V declaration contents. - [AI Act Service Desk - Article 49 registration](https://ai-act-service-desk.ec.europa.eu/en/ai-act/article-49?ref=sorena.io) - Supports registration requirements for high-risk AI systems before placement on the market or putting into service. ## Notifying authorities and notified bodies are separate roles Notifying authorities are Member State authorities responsible for the assessment, designation, notification, and monitoring of conformity assessment bodies. They must be organised to avoid conflicts of interest and to safeguard objectivity and impartiality. A notifying authority is not the provider's assessor in the same way as a notified body; it controls which conformity assessment bodies can become notified bodies and monitors them. A notified body is the conformity assessment body that has been notified and may perform the notified-body assessment tasks within the scope of its notification. Article 31 requires notified bodies to be independent of providers and other economically interested operators, to avoid consultancy conflicts, to maintain confidentiality, and to have sufficient administrative, technical, legal, and scientific personnel for the relevant AI systems, data, computing, and AI Act requirements. - Use the notifying authority route for questions about designation, notification scope, monitoring, objections, or competence of a conformity assessment body. - Use the notified body route for assessment of the provider's quality management system, technical documentation, certificates, supplements, surveillance audits, and certificate changes. - Check the notified body's notification scope against the AI system type and conformity module before treating a certificate as applicable. - Use the Commission Single Market Compliance Space/NANDO-style listing to locate notified bodies by legislation as designations become available. Sources for this answer: - [AI Act Service Desk - Article 28 notifying authorities](https://ai-act-service-desk.ec.europa.eu/en/ai-act/article-28?ref=sorena.io) - Supports the role of Member State notifying authorities in assessing, designating, notifying, and monitoring conformity assessment bodies. - [AI Act Service Desk - Article 35 notified body identification numbers and lists](https://ai-act-service-desk.ec.europa.eu/en/ai-act/article-35?ref=sorena.io) - Supports identification numbers and public listing concepts for notified bodies. - [European Commission Single Market Compliance Space - notified bodies by legislation](https://webgate.ec.europa.eu/single-market-compliance-space/notified-bodies/by-legislation?ref=sorena.io) - Supports the official Commission route for searching notified bodies by legislation. ## Practical review checklist before release Use this checklist as a release gate for a high-risk AI system. It focuses on whether the conformity file would let a competent authority, notified body, importer, distributor, or enterprise customer understand the route chosen and verify the evidence without rebuilding the history from memory. Escalate the file for legal and regulatory review when the route depends on Annex I product law, Annex III point 1 conditions, partial standards coverage, a restricted harmonised standard, non-application of common specifications, a substantial modification, or a notified-body refusal or restriction. - High-risk basis is recorded with Article 6 reasoning and, where relevant, the exact Annex III point or Annex I product legislation. - Article 43 route decision is written: Annex VI internal control, Annex VII notified-body assessment, or product-law conformity route. - Article 17 quality management documentation and Article 11/Annex IV technical documentation are complete enough to demonstrate Section 2 compliance. - EU declaration of conformity, CE marking decision, notified body certificate details where applicable, and Article 49 registration evidence are stored together. - Change-control rules identify when a new conformity assessment, notified-body supplement, or updated declaration is needed. Sources for this answer: - [Regulation (EU) 2024/1689 (EU AI Act)](https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202401689&ref=sorena.io) - Supports the practical release-gate checks across Articles 16, 17, 18, 43, 47, 48, 49, Annex IV, Annex V, Annex VI, and Annex VII. *Recommended next step* *Placement: before sources* ## Build the conformity file before market release Sorena can help map the high-risk basis, select the Article 43 route, assemble provider evidence, and prepare notified-body or internal-control records for EU AI Act work. - [Open Research Copilot for EU AI Act](/solutions/research-copilot.md): Ask source-linked questions about conformity routes, notified bodies, provider evidence, declaration, CE marking, and registration using the cited sources on this page. - [Talk through implementation](/contact.md): Review your high-risk AI conformity route, notified-body triggers, source gaps, and evidence file with Sorena. ## Primary sources - [Regulation (EU) 2024/1689 (EU AI Act)](https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202401689&ref=sorena.io) - Primary legal text supporting high-risk classification, provider duties, conformity assessment routes, technical documentation, quality management, EU declaration of conformity, CE marking, registration, and Annex VI/VII procedures. - Quote: "Conformity assessment" - [European Commission - AI Act regulatory framework](https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai?ref=sorena.io) - Official Commission overview supporting the AI Act risk-based framework and public explanation of high-risk obligations. - Quote: "risk-based approach" - [AI Act Service Desk - Article 28 notifying authorities](https://ai-act-service-desk.ec.europa.eu/en/ai-act/article-28?ref=sorena.io) - Official article page supporting the role of notifying authorities in designation, notification, and monitoring of conformity assessment bodies. - Quote: "Notifying authorities" - [AI Act Service Desk - Article 31 requirements relating to notified bodies](https://ai-act-service-desk.ec.europa.eu/en/ai-act/article-31?ref=sorena.io) - Official article page supporting notified body independence, competence, confidentiality, quality management, and resources requirements. - Quote: "notified bodies" - [AI Act Service Desk - Article 35 notified body identification numbers and lists](https://ai-act-service-desk.ec.europa.eu/en/ai-act/article-35?ref=sorena.io) - Official article page supporting identification numbers and lists of notified bodies. - Quote: "Identification numbers" - [AI Act Service Desk - Article 49 registration](https://ai-act-service-desk.ec.europa.eu/en/ai-act/article-49?ref=sorena.io) - Official article page supporting registration requirements for high-risk AI systems before placement on the market or putting into service. - Quote: "Registration" - [European Commission Single Market Compliance Space - notified bodies by legislation](https://webgate.ec.europa.eu/single-market-compliance-space/notified-bodies/by-legislation?ref=sorena.io) - Official Commission search route for notified bodies by legislation. - Quote: "Notified Bodies" ## Related Topic Guides - [Are industry AI use cases high-risk under EU AI Act Annex III?](/artifacts/eu/artificial-intelligence-act/faq/annex-iii-industry-use-cases.md): FAQ answer on when an industry AI use case falls under EU AI Act Annex III, how Article 6 classification works, when Article 6(3) can support a non-high-risk conclusion, and what evidence providers should keep. - [EU AI Act AI System Classification Edge Cases FAQ](/artifacts/eu/artificial-intelligence-act/faq/ai-system-classification-edge-cases.md): Answers for EU AI Act edge cases: AI system definition, inference versus simple rules, GPAI models, embedded products, territorial scope, roles, and classification evidence. - [EU AI Act Applicability and Roles: Scope, Actor Map, and Evidence](/artifacts/eu/artificial-intelligence-act/applicability-and-roles.md): Determine whether the EU AI Act applies to an AI system or GPAI model, map provider, deployer, importer, distributor, and product manufacturer roles, and record evidence for classification. - [EU AI Act applicability test: scope, role, and risk classification](/artifacts/eu/artificial-intelligence-act/applicability-test.md): Stepwise EU AI Act applicability test for AI-system status, exclusions, territorial scope, operator role, prohibited uses, high-risk systems, GPAI models, transparency duties, and evidence records. - [EU AI Act Article 5 Prohibited AI Practices Screening Guide](/artifacts/eu/artificial-intelligence-act/prohibited-ai-practices.md): Screen AI systems against the EU AI Act Article 5 prohibitions, including manipulation, exploitation, social scoring, biometric and law-enforcement exceptions. - [EU AI Act Article 50 transparency disclosures FAQ](/artifacts/eu/artificial-intelligence-act/faq/article-50-transparency-disclosures.md): Article 50 FAQ for EU AI Act transparency duties covering chatbot notices, synthetic content marking, biometric and emotion notices, deepfakes, public-interest text, timing, accessibility, and exceptions. - [EU AI Act Article 50 transparency, labeling, and user disclosures](/artifacts/eu/artificial-intelligence-act/transparency-labeling-and-user-disclosures.md): Source-grounded guide to EU AI Act Article 50 duties for user interaction notices, synthetic content marking, deepfake labels, emotion recognition notices, biometric categorisation notices, and related high-risk AI instructions for use. - [EU AI Act Article 73 serious incident FAQ](/artifacts/eu/artificial-intelligence-act/faq/serious-incidents.md): FAQ on EU AI Act serious incident handling for high-risk AI systems, including Article 73 reporting, deployer escalation, corrective action, and GPAI systemic-risk distinctions. - [EU AI Act Compliance Checklist by Risk Class](/artifacts/eu/artificial-intelligence-act/checklist.md): A practical EU AI Act checklist for classifying AI systems, assigning operator roles, screening prohibited practices, and collecting evidence for high-risk, GPAI, transparency, monitoring, and incident duties. - [EU AI Act Compliance Program: roles, high-risk evidence, GPAI and incidents](/artifacts/eu/artificial-intelligence-act/compliance.md): Build an EU AI Act compliance program around provider, deployer, importer, distributor, high-risk, GPAI, transparency, monitoring, and incident evidence duties. - [EU AI Act deadlines and compliance calendar | Article 113 dates](/artifacts/eu/artificial-intelligence-act/deadlines-and-compliance-calendar.md): source-linked EU AI Act compliance calendar for Article 113 staged application dates, Article 111 transitions, GPAI, prohibited practices, AI literacy, and high-risk AI planning. - [EU AI Act FAQ: scope, roles, high-risk AI, GPAI, FRIA, and dates](/artifacts/eu/artificial-intelligence-act/faq.md): Grounded EU AI Act FAQ covering scope, provider and deployer roles, prohibited practices, high-risk classification, GPAI duties, transparency notices, FRIAs, EU database registration, serious incidents, and staged application dates. - [EU AI Act FRIA FAQ: Article 27 Scope, Contents, and Notification](/artifacts/eu/artificial-intelligence-act/faq/fria.md): Source-grounded FAQ on when Article 27 requires a fundamental rights impact assessment, which deployers are covered, what the FRIA must contain, and how it relates to DPIAs and registration. - [EU AI Act FRIA for high-risk AI systems: Article 27 scope and evidence](/artifacts/eu/artificial-intelligence-act/fria-and-high-risk-impact-assessments.md): Source-grounded guide to EU AI Act Article 27 fundamental rights impact assessments: who must run a FRIA, Article 6(2) triggers, Annex III carveouts, DPIA overlap, notification, and registration evidence. - [EU AI Act GPAI and Systemic-Risk Duties: Article 53 and 55 FAQ](/artifacts/eu/artificial-intelligence-act/faq/gpai-and-systemic-risk-duties.md): FAQ on EU AI Act duties for general-purpose AI model providers, including Article 53 documentation, copyright and training-summary duties, Article 55 systemic-risk duties, serious incidents, cybersecurity, and staged enforcement. - [EU AI Act GPAI evidence pack checklist for Article 53 and 55](/artifacts/eu/artificial-intelligence-act/gpai-evidence-pack-workflow.md): Build a source-grounded evidence pack for EU AI Act GPAI model obligations: technical documentation, downstream information, copyright policy, training-content summary, and systemic-risk records where applicable. - [EU AI Act GPAI Provider Obligations: Articles 53 and 55](/artifacts/eu/artificial-intelligence-act/gpai-and-foundation-model-obligations.md): Grounded guide to EU AI Act duties for general-purpose AI model providers: Article 53 documentation, copyright policy, training-content summary, downstream information, and Article 55 systemic-risk controls. - [EU AI Act High-Risk AI Requirements: Articles 8-16 and 26](/artifacts/eu/artificial-intelligence-act/requirements.md): Map the EU AI Act requirements for high-risk AI systems: risk management, data governance, technical documentation, logs, transparency, human oversight, accuracy, robustness, cybersecurity, and deployer duties. - [EU AI Act high-risk AI use cases by industry | Article 6 and Annex III guide](/artifacts/eu/artificial-intelligence-act/high-risk-ai-use-cases-by-industry.md): Industry-by-industry guide to EU AI Act high-risk classification under Article 6, Annex III, Annex I product safety routes, exclusions, and provider/deployer boundaries. - [EU AI Act high-risk conformity assessment route selector](/artifacts/eu/artificial-intelligence-act/high-risk-conformity-route-selector-workflow.md): Select the EU AI Act Article 43 conformity assessment route for a high-risk AI system, including Annex I product legislation, Annex III categories, notified body triggers, standards, declaration, CE marking, registration, and evidence. - [EU AI Act high-risk requirements checklist: Articles 8-15](/artifacts/eu/artificial-intelligence-act/high-risk-requirements-checklist.md): Checklist for EU AI Act high-risk AI system requirements in Articles 8-15: risk management, data governance, documentation, logs, transparency, human oversight, accuracy, robustness, and cybersecurity. - [EU AI Act penalties and fines: Article 99 tiers and GPAI exposure](/artifacts/eu/artificial-intelligence-act/penalties-and-fines.md): EU AI Act penalties explained: Article 99 fine tiers, prohibited-practice exposure, incorrect information, SME caps, Member State rules, and GPAI model fines. - [EU AI Act post-market monitoring and serious incident reporting](/artifacts/eu/artificial-intelligence-act/post-market-monitoring-and-serious-incidents.md): Grounded guide to EU AI Act Articles 72 and 73 for high-risk AI: monitoring plans, serious incident reporting, deployer escalation, corrective action, and GPAI distinctions. - [EU AI Act post-market monitoring FAQ for high-risk AI systems](/artifacts/eu/artificial-intelligence-act/faq/post-market-monitoring.md): Answer to how providers and deployers should handle EU AI Act post-market monitoring for high-risk AI systems under Article 72, with serious-incident, log, corrective-action, and lifecycle-change triggers. - [EU AI Act provider vs deployer role boundaries: Article 3 and Article 25 FAQ](/artifacts/eu/artificial-intelligence-act/faq/provider-and-deployer-role-boundaries.md): FAQ on EU AI Act provider, deployer, operator, importer, distributor, authorised representative, product manufacturer, downstream provider, and GPAI model provider boundaries. - [EU AI Act risk classification intake workflow](/artifacts/eu/artificial-intelligence-act/risk-classification-intake-workflow.md): A grounded intake structure for classifying EU AI Act scope, prohibited practices, high-risk routes, Annex III use cases, GPAI model status, roles, and reassessment triggers. - [EU AI Act serious incident reporting triage workflow: Article 73 and Article 55](/artifacts/eu/artificial-intelligence-act/serious-incident-reporting-triage-workflow.md): Triage EU AI Act serious incidents by definition, actor, reporting route, deadline, deployer escalation, corrective action, and separate GPAI systemic-risk reporting. - [EU AI Act Technical Documentation and Provider Evidence Templates](/artifacts/eu/artificial-intelligence-act/technical-documentation-and-provider-evidence-templates.md): Build AI Act evidence templates for high-risk AI providers: Article 11 technical documentation, Annex IV fields, quality management, conformity, CE marking, registration, logs, and post-market monitoring. - [EU AI Act technical documentation FAQ | Article 11 and Annex IV](/artifacts/eu/artificial-intelligence-act/faq/technical-documentation.md): What Article 11 and Annex IV require in high-risk AI technical documentation: system identity, intended purpose, architecture, data, testing, oversight, cybersecurity, conformity, and post-market monitoring. - [EU AI Act Timeline and Phasing Roadmap: practical obligations and evidence guide](/artifacts/eu/artificial-intelligence-act/timeline-and-phasing-roadmap.md): Practical EU AI Act guide to Timeline and Phasing Roadmap: scope, owners, evidence, edge cases, checklist steps, and external source-linked citations. - [EU AI Act vs ISO/IEC 42001: legal duties, controls, and evidence limits](/artifacts/eu/artificial-intelligence-act/eu-ai-act-vs-iso-42001.md): Compare the EU AI Act and ISO/IEC 42001 across legal status, risk classification, high-risk AI, GPAI, transparency, conformity, evidence, and assurance limits. - [EU AI Act vs NIST AI RMF: legal duties, risk controls, and evidence boundaries](/artifacts/eu/artificial-intelligence-act/eu-ai-act-vs-nist-ai-rmf.md): Compare the binding EU AI Act with the voluntary NIST AI RMF, including role classification, high-risk duties, GPAI, transparency, conformity evidence, and reuse limits. - [FAQ: EU AI Act conformity assessment procedures and notified body selection](/artifacts/eu/artificial-intelligence-act/faq/conformity-assessment-and-notified-bodies.md): source-linked FAQ on EU AI Act Article 43 conformity assessment routes, Annex VI internal control, Annex VII notified-body review, CE marking, declarations, and registration. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/artificial-intelligence-act/conformity-assessment-and-notified-bodies