Annexes — referenced by Article 43(1)Article Annex VI

Annex VI: Internal Control Conformity Assessment Procedure

Applies from 2 Aug 20264 min readEUR-Lex verified Apr 2026

Annex VI sets out the internal control conformity assessment procedure that most providers of high-risk AI systems follow under Article 43. This is a self-assessment — no notified body is required. The provider verifies that the quality management system (Article 17) and technical documentation (Annex IV) comply with Chapter III, Section 2 requirements. Upon successful verification, the provider draws up the EU declaration of conformity (Article 47) and affixes the CE marking (Article 48).

Start free assessment All articles

Who does this apply to?

-Providers of most Annex III high-risk AI systems (default assessment route)
-Providers of biometric ID systems under Annex III point 1 who have applied harmonised standards (allowing internal control instead of Annex VII)
-Quality and regulatory teams conducting the internal verification

Scenarios

A provider of an Annex III employment AI system verifies its QMS and technical documentation against Chapter III requirements, self-declares conformity, and affixes CE marking.

Correct Annex VI procedure — no notified body needed for non-biometric Annex III systems.

Ref. Annex VI + Art. 43(1)

A provider rushes to market without completing the Annex VI verification steps.

Non-compliant: the EU declaration of conformity and CE marking cannot be validly issued without completing Annex VI checks.

Ref. Annex VI

The Annex VI procedure (plain terms)

The internal control procedure requires the provider to:

Step 1 — Verify the QMS: Check that the quality management system under Article 17 complies with the requirements of that article.

Step 2 — Examine the technical documentation: Verify that the Annex IV technical documentation demonstrates compliance with Chapter III, Section 2 requirements (Articles 8–15).

Step 3 — Verify consistency: Confirm that design/development, testing/validation, and post-market monitoring processes are consistent with the QMS and technical documentation.

Step 4 — Declare and mark: Draw up the EU declaration of conformity (Article 47) and affix the CE marking (Article 48).

All verification must be documented and retained for Article 18 record-keeping requirements.

When Annex VI applies vs Annex VII

| Route | Annex VI (internal control) | Annex VII (notified body) | |---|---|---| | Default for Annex III systems | Yes | No | | Biometric ID (Annex III pt 1) | Only if harmonised standards/common specs applied | Yes (default) | | Annex I product-law systems | N/A — integrated with sectoral assessment | Sectoral notified body |

Annex VI is the simpler, faster, cheaper route — available to the majority of high-risk AI providers.

Recitals (preamble) on EUR-Lex

The recitals in the same consolidated AI Act on EUR-Lex contextualise proportionality, the choice between self-assessment and third-party assessment, and the biometric exception. Use the official preamble on EUR-Lex.

Compliance checklist

Confirm that Annex VI (not Annex VII) is the correct route for your system via Article 43.
Complete and document QMS verification against Article 17.
Complete and document technical documentation review against Annex IV / Chapter III Section 2.
Verify consistency between design processes, test results, and QMS documentation.
Draw up the EU declaration of conformity (Article 47) upon successful verification.
Affix CE marking (Article 48).
Retain all verification records for authority inspection.

Read the official text on EUR-Lex

Prepare for Annex VI self-assessment—free assessment.

Start Free Assessment

Article 43: Conformity Assessment for High-Risk AI Systems

Article 17: Quality Management System for High-Risk AI

Article 47: EU Declaration of Conformity

Article 48: CE Marking for High-Risk AI Systems

Article 16: Obligations of Providers of High-Risk AI Systems

Article 99: Penalties for AI Act Infringements

Article 113: Entry into Force and Application Dates

Annex IV: Technical Documentation for High-Risk AI Systems

Annex VII: Conformity Assessment Based on Assessment of Quality Management System and Technical Documentation

Related annexes

Annex IV — Technical documentation reviewed during Annex VI
Annex VII — Notified body procedure (the alternative route)

Frequently asked questions

Is Annex VI just ticking boxes?

No. It requires genuine verification of QMS compliance, technical documentation completeness, and process consistency. Authorities and deployers can challenge a self-declaration if the underlying evidence is inadequate.

Can a deployer require Annex VII even if Annex VI is sufficient?

Contractually, yes — a deployer can require third-party assessment as a procurement condition. Legally, Annex VI is sufficient for non-biometric Annex III systems.

When is Annex VI (internal control) used instead of Annex VII (third-party assessment)?

Annex VI internal control is the default conformity assessment path for most Annex III high-risk AI systems under Article 43(2). Third-party assessment (Annex VII) is required only for biometric identification systems (Annex III point 1) and may be chosen voluntarily by any provider. If harmonised standards are not followed, Annex VII is also required.

On this page

Key terms

Internal control: A conformity assessment procedure where the provider self-verifies compliance — no external notified body is required.
EU declaration of conformity: The formal document issued by the provider declaring that the AI system meets Chapter III requirements — output of successful Annex VI assessment (Article 47).
Conformity assessment body: An organisation that performs conformity assessment activities including testing, certification, and inspection of AI systems against AI Act requirements.

Maximum penalties (Art. 99)

3% of turnover / Up to EUR 15 million or 3% of global annual turnover under Article 99(4)
SMEs / start-ups: Lower caps for SMEs and start-ups under Article 99(6)
Invalid self-declaration (skipping Annex VI steps) means the system is placed unlawfully on the market.

Timeline

2 Aug 2026
Annex VI conformity assessment applies for most Annex III high-risk systems.

At a glance

Article: Annex VI
Status: Upcoming
Timeline: 2 Aug 2026
Updated: 11 Apr 2026

Recommended next step

Run the short assessment to map risk class and obligations to your specific AI use case in minutes.

Start assessment now