Article 28: Notifying Authorities
Article 28 requires each Member State to designate or establish at least one notifying authority responsible for setting up and carrying out the procedures for assessing, designating, and notifying conformity assessment bodies (notified bodies) under the AI Act. Member States may assign this role to a national accreditation body under Regulation (EC) No 765/2008. The notifying authority must be organised so as to safeguard objectivity and impartiality, with no conflicts of interest with the conformity assessment bodies it oversees. Always verify on EUR-Lex.
Who does this apply to?
- -Member States designating or establishing notifying authorities for the AI Act
- -National accreditation bodies that may serve as notifying authorities under Regulation (EC) No 765/2008
- -Conformity assessment bodies seeking notification, whose applications will be processed by the notifying authority
Scenarios
A Member State designates its existing national accreditation body as the notifying authority for the AI Act, leveraging its existing infrastructure for assessing certification bodies.
A Member State establishes a new dedicated notifying authority within its market surveillance ministry, separate from the national accreditation body.
What Article 28 does (plain terms)
Article 28 addresses the institutional setup for the notified body system under the AI Act. Each EU Member State must designate or establish at least one notifying authority. This authority is the gatekeeper: it assesses whether conformity assessment bodies meet the requirements of Article 30, designates qualifying bodies as notified bodies, and notifies the Commission and other Member States via the NANDO system (Article 33).
Member States may assign this role to their national accreditation body under Regulation (EC) No 765/2008, which already handles accreditation in areas like product safety and medical devices. Where a separate body is designated, the Member State must ensure it has no conflicts of interest with the conformity assessment bodies it evaluates.
The notifying authority must be established, organised, and operated so as to safeguard objectivity and impartiality. Its staff must not engage in any activity that could conflict with their judgement, including advisory services to conformity assessment bodies. Verify the full text on EUR-Lex Article 28.
How Article 28 connects to the rest of the Act
- Article 29 — Application process: a conformity assessment body submits its application to the notifying authority designated under Article 28.
- Article 30 — Requirements for notified bodies: the notifying authority verifies compliance with these requirements.
- Article 33 — Notification: the notifying authority formally notifies the Commission and Member States of a newly designated notified body.
- Article 34 — Changes to notifications: the notifying authority communicates scope changes, suspensions, or withdrawals.
- Article 43 — Conformity assessment: notified bodies designated under this framework conduct third-party assessments of high-risk AI systems.
- Article 113 — Application dates and staged entry into force.
Objectivity and impartiality safeguards
Article 28 requires structural separation between the notifying authority and the conformity assessment bodies it supervises. Key safeguards include:
- The notifying authority must not offer or provide any activities that conformity assessment bodies perform, nor offer advisory or consulting services on a commercial or competitive basis.
- Confidentiality of information obtained during assessment must be guaranteed.
- The authority must have sufficient competent personnel to carry out its tasks properly.
These safeguards mirror the New Legislative Framework (NLF) model used in EU product-safety legislation, adapted here for AI-specific conformity assessment.
Compliance checklist
- Confirm which notifying authority your Member State has designated for the AI Act (check the NANDO database or national government gazette).
- If your organisation is a conformity assessment body, identify the correct notifying authority in your Member State before submitting an application under Article 29.
- Verify that the notifying authority operates independently from any conformity assessment body you engage with.
- Monitor notifications from the notifying authority regarding designated notified bodies in your sector via the NANDO system.
- Align timelines with Article 113 — the notifying authority system must be operational before high-risk AI conformity assessments begin.
Map your conformity assessment pathway—start the free assessment.
Start Free AssessmentRelated Articles
Frequently asked questions
Can a Member State have more than one notifying authority?
Yes. Article 28 requires 'at least one' notifying authority. A Member State may designate multiple authorities, for example one per sector or one per type of conformity assessment activity.
Is the notifying authority the same as the market surveillance authority?
Not necessarily. The notifying authority oversees the designation of notified bodies (conformity assessment infrastructure), while the market surveillance authority (Articles 74–76) monitors products and systems already on the market. A Member State may house both functions in the same entity, but they serve different purposes.
What happens if a Member State has not designated a notifying authority by the enforcement date?
Without a designated notifying authority, conformity assessment bodies in that Member State cannot be formally notified, which blocks third-party conformity assessment of high-risk AI systems. Providers may need to use notified bodies in other Member States.