How to Write an EU Declaration of Conformity for an AI System: A Practical Guide

The EU Declaration of Conformity (DoC) is the formal legal declaration by which a provider of a high-risk AI system states that the system complies with all applicable requirements of the EU AI Act. It is one of four mandatory documents under the Act, and it is the document that carries the most direct legal weight — signing it creates a binding legal commitment enforceable by national market surveillance authorities across the EU.

This guide explains exactly what the DoC must contain under Article 47 and Annex V of Regulation (EU) 2024/1689, how to draft each element, and the errors that make declarations non-compliant.

What the Declaration of Conformity Is — and Is Not

The DoC is not a certificate of conformity issued by a third party. It is a self-declaration made by the provider (the company that places the AI system on the market or puts it into service). The provider's legal representative signs it and takes full responsibility for the accuracy of its contents.

For AI systems subject to third-party conformity assessment by a notified body, the DoC still originates from the provider — but it references the notified body's assessment certificate and the certificate number. The notified body does not issue the DoC; it issues the assessment report that the provider cites.

The DoC must be drawn up before the CE marking is affixed and before the system is placed on the market or put into service. It is not a post-hoc formality.

The Nine Mandatory Elements Under Annex V

Annex V of the AI Act specifies exactly what the Declaration of Conformity must contain. There are nine required elements.

Element 1: Name and Address of the Provider

Include the full legal name of the provider company, its registered address, and — if the declaration is signed on behalf of a provider established outside the EU — the name and address of the authorised representative in the Union.

If your company has multiple legal entities across different EU jurisdictions, name the specific legal entity that bears provider responsibility for this AI system. "Provider" is a legal concept under the AI Act — it is the entity that places the system on the market or puts it into service under its own name or trademark.

Element 2: Name and Version of the AI System

Identify the system precisely: commercial name, internal version identifier, and where applicable the firmware or software version. If the system is regularly updated, specify whether the declaration covers a specific version or a version range, and describe the versioning logic used.

Vague identification ("our AI platform") is not acceptable. Regulators must be able to match the declaration to a specific deployed system.

Element 3: Statement That the AI System Complies with the AI Act

This is the core legal declaration. The exact formulation required by Annex V is: "This AI system is in conformity with Regulation (EU) 2024/1689 of the European Parliament and of the Council."

Do not modify or qualify this statement. Do not add "to the best of our knowledge" or similar hedging language. The declaration is a strict legal affirmation of compliance, not a best-efforts statement.

Element 4: Reference to Relevant Harmonised Standards or Common Specifications

List all harmonised standards (EN standards developed by CEN/CENELEC under mandate from the European Commission) or common specifications issued under Article 41 of the AI Act that the provider has applied. Cite the specific standard number, title, and edition.

As of mid-2026, harmonised standards for the AI Act are still being developed. Where no applicable harmonised standard exists for a particular requirement, note the alternative compliance approach taken (internal standards, expert assessment, etc.). Once standards are published in the Official Journal, providers should update their DoC to reference them.

Element 5: Where Applicable, Notified Body Assessment Reference

If the conformity assessment was conducted with involvement of a notified body (required for most biometric AI systems under Annex VII, and optional for other high-risk systems), include:

The name of the notified body
The notified body's EU identification number
The certificate or assessment report number
The date of issue of that certificate or report

If the conformity assessment was conducted without a notified body (the self-assessment route under Annex VI), this element is omitted, and the declaration instead notes that Annex VI was applied.

Element 6: Where Applicable, Identification of Other EU Legislation

If the AI system is also subject to other EU harmonisation legislation — for example, the Medical Device Regulation, the Machinery Directive, or the Radio Equipment Directive — list each applicable regulation and confirm compliance. This is the basis for a single CE mark covering the AI system under multiple regimes.

This element is particularly important for AI systems embedded in physical products already regulated under sectoral EU law.

Element 7: Place and Date of Issue

Specify the city and country where the declaration is signed, and the exact date of signature. The date must precede the date of CE marking and the date of placing on the market or putting into service.

Element 8: Name, Function, and Signature of Authorised Signatory

The declaration must be signed by a named individual with authority to bind the provider legally. Include:

Full name (not just initials)
Job title or function within the organisation
Handwritten or legally valid electronic signature

The signatory should be a senior officer with legal authority — CEO, Managing Director, Chief Compliance Officer, or a Director expressly authorised for this purpose. An unsigned or improperly authorised declaration is legally invalid.

Element 9: Commitment to Keep the Technical Documentation Updated

The DoC must include an explicit commitment that the provider will maintain the technical documentation (Annex IV) and make it available to national authorities upon request. This is not implicit — it must be stated.

Format and Language Requirements

The AI Act does not prescribe a specific format for the DoC — it can be a standalone document or part of a larger compliance package. However, it must:

Be in a language accepted by the national authorities where the system is placed on the market. For EU-wide deployment, this typically means producing translations for each member state where the system is marketed.
Be kept for a minimum of 10 years after the system is placed on the market or put into service (Article 18 of the AI Act).
Be made available to national market surveillance authorities on request. It should not be published publicly as a standard practice, but must be accessible to regulators.

Common Drafting Errors

Confusing the DoC with the CE Declaration under sector legislation. If your AI system already has a CE declaration under the MDR or Machinery Regulation, that declaration is separate from the AI Act DoC. The AI Act requires its own declaration, which can be incorporated into a combined document provided all elements of both regulations are covered.

Omitting the version identifier. If the declaration does not identify the specific version of the system in scope, it cannot be matched to the deployed system by auditors. Use unambiguous version identifiers.

Using boilerplate without review. Generic DoC templates downloaded from the internet often miss AI Act-specific elements or reference the wrong regulation. Always draft against Annex V of Regulation (EU) 2024/1689 specifically.

Signing before conformity assessment is complete. The DoC can only be signed once all applicable AI Act obligations have been verified. Signing early and completing documentation afterwards is a legal compliance violation.

Keeping the Declaration Current

The DoC is not static. Whenever a substantial modification is made to the AI system — whether it changes the system's intended purpose, its performance characteristics, or its risk profile — a new conformity assessment must be conducted and a new or amended DoC issued. Article 16(e) of the AI Act requires providers to keep their technical documentation and declaration of conformity up to date.

How DilAIg Helps

DilAIg generates a complete, AI Act-compliant Declaration of Conformity as one of the four documents produced from its 50-question audit. The generated DoC follows Annex V exactly, references your specific system details, and is formatted for submission to national authorities or inclusion in your CE marking file.

Start your free audit at dilaig.com and generate your Declaration of Conformity automatically.

FAQ: EU Declaration of Conformity for AI Systems

Q: Is the AI Act Declaration of Conformity the same as the CE declaration under other EU directives? No, but they can be combined. If your AI system is also subject to another EU regulation with a CE marking requirement (MDR, Machinery Directive, etc.), the AI Act requires its own declaration. However, Article 47(3) allows providers to produce a single combined declaration covering all applicable EU legislation, provided the document contains all required elements for each regulation.

Q: Can a startup or SME issue a Declaration of Conformity without a notified body? Yes, for most high-risk AI systems. The AI Act's default conformity assessment route for Annex III systems is the internal control procedure (Annex VI), which does not require a notified body. Only certain AI systems — primarily those using biometric identification in certain contexts — require mandatory third-party notified body assessment. Check Article 43 and Annexes VI and VII for the specific route applicable to your system.

Q: What happens if a DoC contains a false statement? A DoC that makes false declarations about compliance exposes the provider to enforcement action by national market surveillance authorities, fines up to €15 million or 3% of global annual turnover, and potential criminal liability in member states that have implemented AI Act enforcement through criminal law.

Q: Does the DoC need to be renewed periodically? Not on a fixed schedule. The DoC must be updated whenever a substantial modification to the system requires a new conformity assessment. An unchanged system with an unchanged technical file does not require a renewed DoC, but the 10-year retention obligation runs from the last version.

Key Takeaways

The EU Declaration of Conformity is a binding legal commitment signed by the provider before CE marking is affixed and before market placement.
Annex V requires nine specific elements: provider identity, system identification, conformity statement, standards referenced, notified body details (if applicable), other EU legislation (if applicable), place and date, authorised signatory, and commitment to maintain documentation.
The DoC must be held for 10 years and made available to national authorities on request.
It must be updated whenever a substantial modification to the system triggers a new conformity assessment.
Generic templates are inadequate — always draft against Annex V of Regulation (EU) 2024/1689.