High-Risk AI ObligationRequired before market placementDeadline: 2 Aug 2026 — 4 months away

CE Marking for High-Risk AI Systems (Articles 47–48)

Name: Regumatrix
Author: Regumatrix

You cannot legally sell or deploy a high-risk AI system in the EU without the CE marking. That marking is the visible result of a 4-step sequence: conformity assessment → EU declaration of conformity (Art 47)→ CE marking (Art 48) → registration. Here is exactly what each step requires.

Non-compliance consequences

Placing a high-risk AI system on the market without CE marking violates Art 16(h). The penalty under Art 99(4):

Up to €15,000,000 fine, OR
3% of total worldwide annual turnover (whichever is higher)
For SMEs: the lower of the two figures applies

Providing false or misleading information in the EU declaration of conformity separately triggers Art 99(5): up to €7.5M / 1.5%.

Is CE marking required for your AI system?

CE marking applies only to high-risk AI systems under Article 6. Regumatrix tells you whether your system is high-risk, which conformity route applies, and exactly what you need to do — in about 30 seconds.

Check my AI system — 3 free analyses

The 4-Step CE Marking Sequence

Conformity assessment

Art 43

Complete the appropriate conformity assessment procedure before anything else. For most Annex III systems (categories 2–8), this is internal control under Annex VI. For Annex III §1 (biometrics) or Annex I (MDR/IVDR etc.) systems, a notified body may be required. The full set of requirements in Section 2 must be met.

EU Declaration of Conformity

Art 47 + Annex V

Draw up a written, machine-readable, physical or electronically signed EU declaration of conformity for each high-risk AI system. The declaration must contain all 8 Annex V elements (see below). Keep it for 10 years. Where multiple Union laws apply (e.g., MDR + AI Act), a single declaration covers both.

Affix the CE marking

Art 48

Affix the CE marking visibly, legibly and indelibly to the system — or on its packaging or accompanying documentation where this is not possible. For digitally-provided AI, use a digital CE marking (QR code or machine-readable link). If a notified body was involved, add its identification number immediately after the CE marking.

EU database registration

Art 49

Before placing the system on the market or putting it into service, register yourself and your system in the EU database (Article 71). Annex III §2 (critical infrastructure) systems register at national level. Law enforcement, migration and border control systems register in a secure non-public section of the EU database.

The 8 Required Annex V Elements

The EU declaration of conformity under Article 47(2) must contain all of the following information (Annex V). A declaration missing any element is invalid.

System identification

AI system name, type, and any additional unambiguous reference allowing identification and traceability of the AI system.

Provider identity

The name and address of the provider — or, where applicable, their authorised representative registered in the EU.

Sole responsibility statement

A statement that the EU declaration of conformity is "issued under the sole responsibility of the provider." This has legal significance: the provider cannot share accountability with a notified body or deployer.

Conformity statement

A statement that the AI system is in conformity with this Regulation, and if applicable, with any other relevant Union law that provides for the issuing of a declaration of conformity.

Personal data statement (if applicable)

Where the AI system involves the processing of personal data: a statement that the system complies with GDPR (Regulation 2016/679), EUDPR (Regulation 2018/1725), and the Law Enforcement Directive (Directive 2016/680).

Standards and common specifications

References to any relevant harmonised standards applied, or any other common specification in relation to which conformity is declared.

Notified body details (if applicable)

Where a notified body was involved: its name and identification number, a description of the conformity assessment procedure performed, and the identification number of the certificate issued.

Signature and date

Place and date of issue of the declaration, the name and function of the signatory, a statement of who they signed for, and the signature itself.

CE Marking Affixing Rules (Article 48)

▸General principles: the CE marking is subject to Regulation (EC) No 765/2008 Article 30 — it cannot be affixed to a non-conforming system and must not be misleading about what it certifies.
▸Physical systems: affix visibly, legibly and indelibly. If the system itself cannot receive the marking (e.g., a component without a housing), affix it to the packaging or accompanying documentation.
▸Digitally-provided AI (APIs, SaaS): use a digital CE marking — accessible from the service interface via an easily accessible machine-readable code or other electronic means.
▸Notified body identification number: if a notified body assessed the conformity, that body's identification number must follow the CE marking — on the system, its documentation, and in any promotional material claiming AI Act conformity.
▸Multiple Union law CE markings: if another Union law also requires CE marking (e.g., MDR for a medical device), a single CE marking on the product indicates conformity with all applicable requirements. The EU declaration of conformity must cover all relevant laws.

Common grey-area signals — check your situation

⚠Your AI is part of an MDR-certified device and you assume the MDR CE marking also covers the AI Act — it may not unless your EU declaration of conformity explicitly covers the AI Act
⚠You have completed conformity assessment but have not yet drawn up the EU declaration of conformity
⚠Your AI is provided via API and you have not addressed how the digital CE marking will be accessible
⚠The EU declaration of conformity is missing element 5 (the GDPR compliance statement) even though your AI processes personal data
⚠You used a notified body but have not added the notified body ID number after the CE marking

Check my compliance — 3 free analyses

Frequently Asked Questions

Does every high-risk AI system need CE marking?+

Yes. CE marking is an obligation for all providers of high-risk AI systems under Article 16(h). It applies whether you used the self-assessment (Annex VI) route or the notified body (Annex VII) route. The CE marking is evidence that you have completed conformity assessment and drawn up the EU declaration of conformity. Without CE marking, you cannot legally place a high-risk AI system on the EU market.

What comes first — the EU declaration of conformity or the CE marking?+

The conformity assessment (Article 43) must be completed first. Only after a successful conformity assessment can you draw up the EU declaration of conformity (Article 47) and then affix the CE marking (Article 48). The sequence is: 1 — conformity assessment, 2 — EU declaration of conformity, 3 — CE marking, 4 — registration (Article 49).

Our AI is provided as a cloud API — where do we put the CE marking?+

Article 48(2) provides that for high-risk AI systems provided digitally, a digital CE marking shall be used — but only if it can be easily accessed via the interface from which that system is accessed or via an easily accessible machine-readable code or other electronic means. A QR code linking to the EU declaration of conformity, displayed prominently in the service interface, satisfies this requirement.

We already CE mark our product under the Medical Device Regulation. Do we need a separate AI Act CE mark?+

No, not a separate marking. Under Article 47(3), where a high-risk AI system is subject to other Union harmonisation legislation that also requires an EU declaration of conformity, a single EU declaration of conformity is drawn up covering all applicable Union law. The declaration must contain all the required information for each legal act. Similarly, under Article 48(5), if other Union law provides for the affixing of CE marking, the CE marking shall indicate the system fulfils the requirements of that other law as well.

How long must the EU declaration of conformity be kept?+

The provider must keep the EU declaration of conformity available to national competent authorities for 10 years after the high-risk AI system was placed on the market or put into service, under Article 47(1). This is part of the broader documentation retention obligation under Article 18.

Related Compliance Guides

Conformity Assessment (Article 43)

Step 1: self-assessment vs notified body — what each route requires.

Technical Documentation (Article 11)

The documentation file that supports your EU declaration of conformity.

Quality Management System (Article 17)

The QMS that underpins conformity and is assessed under Annex VII.

EU Database Registration (Arts 49 & 71)

Step 4: registering your system in the EU database after CE marking.

Provider Obligations Checklist

CE marking is one of 12 obligations in Art 16 — see the full list.

Medical Device AI — Art 6(1) Annex I Pathway

Combined CE marking under MDR/IVDR and the AI Act.

No changes are proposed under COM(2025) 836 or COM(2025) 837 for this topic.

Get your full AI Act compliance picture

Regumatrix checks your AI system against Article 6, Annex III, and every other AI Act article — tells you your risk tier, whether CE marking applies, which conformity assessment route is required, and your fine exposure under Article 99. 8-section cited report, ~30 seconds, no credit card required.

Start free analysis