Glossary term
Glossary term
Governance and Compliance
A process used to demonstrate that an AI system meets applicable requirements before market placement or use. The rigor depends on the regulatory context and risk category. GRC teams should treat conformity assessment as an evidence exercise, not a paperwork exercise. Claims must be traceable to controls, tests, and approvals.
EU AI Act Article 43 lays out two main conformity assessment routes for high-risk AI: internal control (Annex VI) or third-party assessment by a Notified Body (Annex VII).
AI systems in safety components of products under EU sectoral law such as Machinery Regulation or Medical Devices Regulation follow the conformity assessment under those laws.
BSI and TUV SUD are positioning to be designated Notified Bodies under the EU AI Act, building on existing roles under MDR and MDD.