CE Marking for AI Systems Under the EU AI Act: A Complete Guide

The CE mark — those two letters in a stylised logo that appear on products from toys to medical devices — now applies to AI systems. Under the EU AI Act, any high-risk AI system placed on the EU market or put into service must bear the CE mark, indicating that the system complies with all applicable requirements of Regulation (EU) 2024/1689.

For many AI companies, especially those operating in software-only spaces with no previous product safety regulatory experience, CE marking is unfamiliar territory. This guide explains what the CE mark means for AI, the process for obtaining it, and the legal consequences of getting it wrong.

What the CE Mark Means for AI Systems

The CE mark is a declaration by the provider that the AI system has undergone the required conformity assessment and meets all applicable EU AI Act requirements. It is not a quality mark or an endorsement. It is a legal statement of regulatory compliance.

Affixing the CE mark on a high-risk AI system means the provider has:

Identified and documented the system's high-risk classification
Implemented a compliant risk management system (Article 9)
Established data governance procedures for training data (Article 10)
Prepared complete technical documentation to Annex IV (Article 11)
Implemented automatic logging capabilities (Article 12)
Provided deployers with adequate instructions for use (Article 13)
Implemented human oversight capabilities in the system (Article 14)
Achieved the required accuracy, robustness, and cybersecurity standards (Article 15)
Completed the applicable conformity assessment procedure (Article 43)
Registered the system in the EU database (Article 49)
Drawn up the EU Declaration of Conformity (Article 47)

Only when all of this is done may the CE mark be affixed. Not before.

Who Affixes the CE Mark

The CE mark is affixed by the provider — the entity that places the system on the market or puts it into service under its own name or trademark. National market surveillance authorities do not issue CE marks. Notified bodies do not issue CE marks (they issue conformity assessment certificates that the provider uses to justify the CE mark).

The provider's authorised representative in the EU may also affix the CE mark on behalf of a provider established outside the EU.

Distributors and deployers do not affix the CE mark. If a distributor places the system on the market under its own name, it becomes a provider and must follow the full provider compliance path.

The Two Routes to CE Marking

Route 1: Internal Control (Annex VI)

For most high-risk AI systems listed in Annex III, the provider can self-certify — completing the conformity assessment through an internal control procedure without involving a notified body.

Under Annex VI, the provider:

Verifies that the approved technical documentation (Annex IV) demonstrates compliance with all applicable requirements
Implements an appropriate quality management system
Draws up the EU Declaration of Conformity
Affixes the CE marking

This route is available for the majority of Annex III use cases: employment AI, educational AI, public service AI, essential service AI.

Route 2: Third-Party Assessment (Annex VII)

Some high-risk AI systems require third-party assessment by a notified body. This applies under Article 43(1) to:

AI systems that are safety components of products covered by Annex I legislation (medical devices, machinery, etc.), where the underlying sector legislation requires notified body involvement
AI systems intended to be used for the real-time or post-hoc remote biometric identification of natural persons

For these systems, the notified body:

Reviews the technical documentation
Conducts an assessment of the conformity of the AI system with the applicable requirements
Issues a conformity assessment certificate

The provider then draws up the Declaration of Conformity referencing the notified body's certificate, and affixes the CE mark.

What the CE Mark Looks Like for AI Systems

The CE marking for AI systems follows the same visual format as CE marks for other EU product categories — the standardised graphic symbol with the letters "CE" in a specific proportional format as specified in Annex V, Section 1 of the AI Act.

For AI systems that are also subject to other EU legislation with CE marking requirements (medical devices, machinery, radio equipment), a single CE mark covers all applicable regimes, provided all conformity assessments have been completed.

The CE mark must appear on the AI system or its packaging. For purely software-based AI systems with no physical packaging, it must appear in the documentation accompanying the system, in the user interface, or in a prominent location in the instructions for use.

The EU Database Registration Requirement

CE marking alone is not sufficient for AI systems. Article 49 of the AI Act requires high-risk AI systems to be registered in the EU database for high-risk AI systems before being placed on the market. The EU database is maintained by the European Commission and is publicly accessible.

Registration requires the provider to enter key information about the system, including its description, intended purpose, provider contact details, and a reference to the Declaration of Conformity. The database registration number must be included in the Declaration of Conformity.

This registration creates a public record of every high-risk AI system on the EU market — enabling market surveillance authorities, deployers, and the public to identify and verify the compliance status of any system.

What Happens If CE Marking Is Affixed Incorrectly

Affixing CE marking to an AI system that does not comply with AI Act requirements, or affixing it before the conformity assessment is complete, is a serious violation of the AI Act.

National market surveillance authorities have powers to:

Order the removal of the CE mark from a non-compliant system
Require the system to be brought into compliance or withdrawn from the market
Impose fines up to €15 million or 3% of global annual turnover for non-compliance with the conformity assessment obligations
In the case of fraudulent CE marking (knowingly affixing the mark on a non-compliant system), national criminal law may also apply

The AI Act also addresses "presumptuous CE marking" — affixing a CE mark before the required conformity assessment is complete. This is a distinct violation from post-assessment non-compliance, and carries its own penalties.

CE Marking for Systems Already Bearing Sector CE Marks

If your AI system is already CE-marked under another EU regulation (MDR, Machinery Directive, etc.), you cannot rely on that existing mark to cover AI Act requirements. You must complete the AI Act conformity assessment and the single CE mark on the product must reflect compliance with all applicable regimes.

This has practical implications for technical documentation — the documentation must cover both the sector regulation requirements and the AI Act Annex IV requirements. A coordinated approach with the notified body (where required) covering both regimes simultaneously is the most efficient pathway.

How DilAIg Helps

Before you affix the CE mark, you need your Technical Documentation, Declaration of Conformity, conformity assessment, and EU database registration in order. DilAIg generates the Technical Documentation and Declaration of Conformity as two of its four outputs from the 50-question audit — ready for review by your legal team and, where required, your notified body.

Start your free audit at dilaig.com and build the documentation foundation for your CE marking.

FAQ: CE Marking for AI Systems

Q: Do all AI systems need a CE mark? No. Only high-risk AI systems listed in Annex III or falling under Article 6(1) of the AI Act require CE marking. AI systems classified as limited risk (Article 50, transparency obligations) or minimal risk do not require CE marking.

Q: Can I sell an AI system in the EU without a CE mark if it is high-risk? No. Article 49 prohibits placing high-risk AI systems on the EU market or putting them into service without the CE marking. Distributing a non-CE-marked high-risk AI system is a violation, regardless of the provider's location — the obligation applies extraterritorially to any provider targeting EU users.

Q: How long is a CE marking valid for an AI system? CE marking does not expire as such. However, it must reflect the system's current compliance status. If the system is substantially modified after CE marking, the provider must conduct a new conformity assessment and may need to re-affix the CE mark based on updated compliance documentation.

Q: Is the EU database registration the same as CE marking? No. They are two separate obligations. CE marking indicates conformity with the technical requirements. EU database registration (Article 49) is a transparency and market oversight obligation that makes information about the system publicly available. Both are required before market placement.

Key Takeaways

The CE mark for AI systems is a legal declaration of compliance with all EU AI Act requirements — not a quality endorsement.
Only providers may affix the CE mark, and only after completing all 11 prerequisite steps.
Two routes exist: internal control (Annex VI, for most Annex III systems) and third-party assessment (Annex VII, for specific categories including biometric AI and safety components of Annex I products).
CE marking must be accompanied by EU database registration before market placement.
Incorrectly affixing the CE mark before conformity assessment is complete is a distinct violation subject to fines up to €15 million or 3% of global turnover.