SPRINKLING ACT — GLOSSARY
Position Assessment, Conformity Assessment & Certification
Three distinct concepts under the EU AI Act
Last updated: March 24, 2026
The EU AI Act introduces a layered regulatory framework where different actors perform different roles. Confusion between these roles creates legal risk. This glossary defines the three critical distinctions that every AI system deployer and provider must understand.
WHAT SPRINKLING ACT PRODUCES
1. Position Assessment
A Position Assessment is an independent, structured analysis that maps an AI system's characteristics against the EU AI Act's regulatory framework to determine its likely risk classification and applicable obligations.
- Produces a Position Assessment Report — a versioned, article-mapped document with a full audit trail.
- Based on self-declared information provided by the operator through a structured questionnaire.
- Maps to specific AI Act articles (Art. 5, 6, 50, 51) gate by gate.
- Output: a star-based classification, a score, and a traceable artefact.
- Does not constitute legal advice, legal opinion, or regulatory certification.
- Purpose: to help organisations understand their regulatory position before engaging formal conformity assessment processes.
THE FORMAL ART. 43 EU AI ACT PROCESS
2. Conformity Assessment
A Conformity Assessment is the formal procedure defined in Article 43 of the EU AI Act through which a high-risk AI system is evaluated against the requirements set out in Chapter III, Section 2 (Articles 8–15).
- Required for high-risk AI systems as classified under Article 6 and listed in Annex III.
- Can be performed via internal conformity assessment (based on Annex VI) or via third-party conformity assessment involving a Notified Body (based on Annex VII).
- Third-party assessment is mandatory for high-risk AI systems covered by Article 6(1) — those falling under Union harmonisation legislation listed in Annex I, Section A.
- For Annex III systems, providers may generally use internal assessment, except for biometric identification systems (Annex III, point 1), which require Notified Body involvement.
- Must be completed before the AI system is placed on the market or put into service.
- Results in a Declaration of Conformity (Art. 47) and CE marking (Art. 48).
WHAT ONLY NOTIFIED BODIES CAN DELIVER
3. Certification
Certification is the formal attestation issued by a Notified Body — an independent organisation designated by a Member State under Article 28 — confirming that a high-risk AI system meets the requirements of the AI Act.
- Only Notified Bodies designated under Article 28 and meeting the requirements of Article 31 can issue certifications.
- Notified Bodies must be accredited by national accreditation bodies and formally notified to the European Commission.
- Certification involves a quality management system assessment and a technical documentation assessment of the AI system (Annex VII).
- Certificates are valid for a maximum of 5 years and can be renewed (Art. 44).
- Certification can be suspended or withdrawn if the system no longer meets the requirements (Art. 44(4)).
- No private company, consultancy, or assessment tool can issue a conformity certificate — this is exclusively a Notified Body function.
Comparison at a Glance
| Position Assessment | Conformity Assessment | Certification | |
|---|---|---|---|
| Who performs it | Independent assessment service (e.g. Sprinkling Act) | Provider (internal) or Notified Body (third-party) | Notified Body only |
| Legal basis | Voluntary preparatory measure | Art. 43 EU AI Act | Art. 44, Annex VII EU AI Act |
| Output | Position Assessment Report (score + audit trail) | Declaration of Conformity + CE marking | Conformity certificate |
| Legal effect | Informational — not binding | Mandatory for market access (high-risk) | Formal attestation of compliance |
| Scope | All AI systems (any risk level) | High-risk AI systems only (Art. 6 + Annex III) | High-risk systems requiring third-party assessment |
| Timing | Any time — recommended before formal assessment | Before placing on market / putting into service | As part of third-party conformity assessment |
Important Disclaimer
Sprinkling Act produces Position Assessment Reports — not certifications. Our reports are structured, versioned artefacts designed to help organisations understand their regulatory position under the EU AI Act. They do not constitute conformity assessments under Article 43, they do not replace the involvement of Notified Bodies where required, and they do not constitute legal advice. Organisations deploying high-risk AI systems must follow the formal conformity assessment procedures defined in the AI Act.
AI Act References
- Article 6 — Classification rules for high-risk AI systems
- Article 43 — Conformity assessment for high-risk AI systems
- Article 44 — Certificates issued by Notified Bodies
- Article 47 — EU Declaration of Conformity
- Article 48 — CE marking
- Annex I — Union harmonisation legislation (Section A)
- Annex III — High-risk AI systems (areas of use)
- Annex VI — Internal conformity assessment procedure
- Annex VII — Conformity assessment based on assessment of quality management system and technical documentation
Start with a free diagnostic to understand where your AI system stands under the EU AI Act.