THE EU AI ACT - SECTION 4 NOTIFYING AUTHORITIES AND NOTIFIED BODIES

Each Member State must establish a notifying authority responsible for managing the assessment and monitoring of conformity assessment bodies. This authority plays a critical role in ensuring effective cooperation among all Member States. To maintain integrity and trust in the process, these authorities must operate without any conflicts of interest, uphold objectivity, and ensure that decisions are made by individuals who are distinct from those who initially assessed the bodies. The role of the notifying authorities extends beyond mere oversight. They must keep all relevant information confidential and ensure they have a sufficient number of skilled staff to carry out their duties effectively. Additionally, these authorities are prohibited from offering services that could potentially compete with the conformity assessment bodies, ensuring a fair and unbiased assessment process.

?

When conformity assessment bodies seek approval, they are required to apply to their respective Member State's authority. This application must include comprehensive details about their activities, the AI systems they assess, and, if available, an accreditation certificate. If a conformity assessment body does not possess an accreditation certificate, it is obligated to provide alternative evidence demonstrating that it meets the necessary standards. Furthermore, conformity assessment bodies that have already been recognized under other EU laws can leverage their existing documentation to support their new application. These bodies must also ensure that their information is continuously updated to maintain ongoing compliance with the relevant standards.

?

In the regulation of AI systems, authorities play a critical role in ensuring that only qualified assessment bodies are involved in the evaluation process. These authorities are tasked with notifying assessment bodies that meet specific criteria, which ensures a standard of competence and reliability. This notification process is not just an internal matter; authorities must inform the European Commission and other Member States through an electronic tool, ensuring transparency and consistency across borders. The notifications provided by the authorities are comprehensive. They must include detailed information about the assessment activities the body will undertake, the types of AI systems they will assess, and evidence of their competence. This evidence is particularly crucial when it is not based on an accreditation certificate, as it must demonstrate that the body meets the necessary standards to carry out its tasks effectively.

?

Once a notification is made, the process does not end there. If no objections arise within the set timeframes, the assessment body can begin its operations. However, if there are concerns or objections, the Commission will engage in consultations before making a final decision on the body's authorization. This step ensures that only bodies with unquestionable qualifications and integrity are allowed to operate, safeguarding the interests of all stakeholders involved. To further ensure the credibility of the assessment process, notified bodies must be established according to national laws and must possess legal status. This legal foundation is essential for their operations, providing a framework that governs their activities and ensures compliance with relevant regulations. In addition to this legal requirement, these bodies must meet stringent standards related to quality, resources, and cybersecurity. These standards are crucial in enabling the bodies to perform their tasks with the highest level of effectiveness and reliability.

?

The structure and operations of these notified bodies are also critical. They must be designed in a way that inspires trust in their assessment results. This means that their processes, governance, and transparency must all contribute to a perception of impartiality and expertise. Independence from high-risk AI system providers is another essential requirement. This independence ensures that there is no conflict of interest that could compromise the integrity of the assessment process. The regulatory framework governing the notification and operation of assessment bodies in the AI sector is designed to ensure that only competent, independent, and trustworthy bodies are involved in the assessment of high-risk AI systems. This approach not only protects the public and stakeholders but also fosters confidence in the AI systems that are assessed and approved under this rigorous framework.

?

To ensure the integrity and objectivity of assessments related to AI systems, it is crucial that staff involved in these assessments are not simultaneously engaged in the design or marketing of the same AI systems. This separation of duties helps maintain impartiality and prevents conflicts of interest that could compromise the credibility of the assessment process. Furthermore, the confidentiality of information handled during assessments must be rigorously maintained. Organizations must have documented procedures in place to ensure that sensitive information is protected at all stages of the assessment. Notified bodies, which play a critical role in the conformity assessment process, must possess the appropriate expertise to effectively carry out their responsibilities. They should actively participate in relevant European standardization activities to stay abreast of the latest developments and maintain the quality and relevance of their assessments.

?

The European Commission is tasked with the responsibility of maintaining and updating a publicly accessible list of notified bodies. This list should include the identification numbers of these bodies, as well as the specific activities for which they have been designated. By making this information publicly available, the Commission ensures transparency and allows stakeholders to easily verify the credentials and scope of notified bodies. In the event of changes to the notification status of a notified body, it is mandatory that these changes be communicated promptly to the European Commission and other EU Member States. Should a notified body plan to cease its activities, it must inform both the notifying authority and any affected providers in advance. Under certain conditions, the certificates issued by the notified body may remain valid for up to nine months, allowing for a transition period.

?

If a notified body fails to meet the required standards or fulfill its obligations, the notifying authority is obliged to investigate the situation. Depending on the findings, the authority may take measures to restrict, suspend, or withdraw the designation of the notified body. Such actions must be communicated to both the European Commission and Member States to ensure coordinated responses and the maintenance of standards across the EU. Moreover, if a notified body’s designation is affected in any way, it is required to inform all relevant parties within ten days. This ensures that all stakeholders are aware of any potential impacts on their operations. The notifying authorities must also ensure that any associated files and certificates are handled appropriately, preserving the integrity of the conformity assessment process.

?

?