Article 29 — Application of a conformity assessment body for notification (EU AI Act)

Article 29 of Regulation (EU) 2024/1689 — Application of a conformity assessment body for notification. Official text, practical interpretation, key obligations and compliance implications.

Official Text Summary

Article 29 of Regulation (EU) 2024/1689 (the EU AI Act) governs the process by which conformity assessment bodies apply to their national notifying authority to be formally notified — that is, officially designated to carry out third-party conformity assessment tasks for high-risk AI systems under Title III of the Regulation.

Under Article 29, a conformity assessment body wishing to be notified must submit an application to the notifying authority of the Member State in which it is established. The application must cover the conformity assessment activities the body seeks to perform, specifying the AI system categories and the conformity assessment procedures it intends to apply.

The preferred evidential route is the submission of an accreditation certificate issued by the national accreditation body designated pursuant to Regulation (EC) No 765/2008. That certificate must attest that the applicant satisfies the requirements established under Article 31 of the EU AI Act. Where a conformity assessment body has not pursued accreditation, it must provide the notifying authority with documentary evidence of an equivalent level of compliance, supported by appropriate verification mechanisms.

The notifying authority is responsible for evaluating the application, verifying the evidence submitted, and deciding whether to grant notification. Once granted, notification is communicated to the European Commission and the other Member States through the dedicated IT tool maintained by the Commission, ensuring cross-border transparency of notified body status across the single market.

What This Means in Practice

Article 29 is the procedural gateway for any third-party body that wants to conduct official conformity assessments of high-risk AI systems in the EU. Without completing this notification process successfully, a body cannot legally issue the certificates and opinions that certain high-risk AI system providers need to affix the CE marking and place their products on the EU market.

For conformity assessment bodies, the practical priority is to begin building competence and seeking accreditation well in advance of the dates from which high-risk AI system providers will require third-party assessments. National accreditation bodies assess whether a conformity assessment body meets Article 31 requirements — covering areas such as independence, technical competence, staff qualifications, impartiality, liability coverage, and confidentiality obligations. Securing accreditation first, then submitting the notification application, is the most straightforward path.

For AI system providers, understanding which bodies are notified — and for which categories of high-risk AI systems — is essential when planning conformity assessment. A provider of a high-risk AI system listed in Annex III that requires third-party conformity assessment must engage only a duly notified body. Choosing an accredited but not yet notified body would not satisfy the legal requirement.

For Member States, Article 29 places an obligation on notifying authorities to establish clear, transparent, and timely application procedures. Delays in processing notifications could create market access bottlenecks, particularly in the period leading up to December 2026 when many high-risk obligations become enforceable.

Practically, bodies seeking notification should treat the process as a multi-month undertaking: internal gap analysis against Article 31 requirements, accreditation assessment, application drafting, authority review, and IT system registration all take considerable time.

Key Obligations

• Conformity assessment bodies must submit a formal written application to the notifying authority of their Member State of establishment before they may perform any notified body activities under the EU AI Act.
• Applications must specify the exact conformity assessment activities, the categories of high-risk AI systems covered, and the conformity assessment procedures or modules the body proposes to apply.
• Accreditation is the preferred evidential route: applicants should obtain an accreditation certificate from their national accreditation body under Regulation (EC) No 765/2008 demonstrating conformity with Article 31 requirements; where accreditation is not pursued, equivalent documentary evidence must be provided.
• Notifying authorities must evaluate all applications, verify the evidence submitted, and take a reasoned decision on whether to grant notification, communicating the outcome to the applicant.
• Granted notifications must be registered in the Commission's IT notification tool and made accessible to the public, so that providers across the EU can identify competent notified bodies.
• Bodies that do not obtain accreditation bear a higher evidentiary burden and must ensure the notifying authority has sufficient independent verification of their compliance with Article 31.

Relationship to Other Articles

Article 29 sits at the heart of Chapter 4 (Notifying Authorities and Notified Bodies) of Title III and must be read in close conjunction with several other provisions.

Article 28 establishes the framework and powers of notifying authorities — the national bodies responsible for receiving and processing applications under Article 29. Article 30 sets out the detailed notification procedure that notifying authorities must follow once an application is submitted. Article 31 defines the substantive requirements that a conformity assessment body must meet to be eligible for notification, and it is against those requirements that Article 29 applications are ultimately assessed. Article 32 addresses notification to the Commission and Member States, which is the downstream consequence of a successful Article 29 application.

More broadly, Article 29 is the operational link between the general conformity assessment obligations for providers of high-risk AI systems under Article 43 and the existence of a functioning market of qualified, independent bodies capable of discharging those assessments. It also relates to Article 35 (operational obligations of notified bodies once notified) and Article 36 (changes to notifications).

Compliance Timeline

The EU AI Act entered into force on 1 August 2024, beginning the phased application of its provisions.

• 1 August 2024 — Regulation enters into force; the 24-month transitional clock starts for most high-risk obligations.
• 2 February 2025 — Provisions on prohibited AI practices (Article 5) became applicable.
• 2 August 2025 — Obligations relating to general-purpose AI models (Title VIII) and governance structures became applicable; this is also the point from which the notification framework infrastructure, including Article 29 application procedures, was expected to be operational in Member States.
• 2 December 2026 — High-risk AI systems listed in Annex III (excluding those already covered by existing Union harmonisation legislation) must comply with all Title III obligations, including provider requirements for conformity assessment. Notified bodies must therefore be in place before this date to service providers who require third-party assessment.
• 2 August 2027 — The final phase-in for certain high-risk AI systems already regulated under existing product safety legislation (Annex I systems) that are placed on the market or put into service under those existing frameworks.

Conformity assessment bodies and their national notifying authorities should treat the period from now through late 2026 as the critical window for completing Article 29 notification processes in order to avoid supply-side bottlenecks in the conformity assessment market.