Lilly Tech Systems
AI Conformity Assessment
Master AI conformity assessment end-to-end. 50 deep dives across 300 lessons covering conformity-assessment foundations (first/second/third-party assessment, declarations, accreditation chain, harmonised standards, presumption of conformity), the full EU AI Act conformity-assessment regime (high-risk classification, internal-control vs notified-body routes, Annex IV technical documentation, CE marking, EU database registration, FRIA), notified bodies and accreditation (designation, selection, ISO/IEC 17065, ISO/IEC 17021, IAF and EA), ISO/IEC 42001 certification (gap assessment, Stage 1 and Stage 2 audits, surveillance, recertification), technical documentation and evidence (Annex IV file, model cards, dataset documentation, risk-management file), standards and frameworks (CEN-CENELEC JTC 21 harmonised standards, ISO/IEC TR 5469, 23894, 24029, 25059, NIST AI RMF mapping), sectoral conformity regimes (FDA SaMD and PCCP, IEC 62304, ISO 26262 + SOTIF, EASA AI roadmap, SR 11-7, MDR/IVDR), and post-market and lifecycle conformity (post-market monitoring, serious-incident reporting, substantial modification, corrective action).
AI Conformity Assessment is the track for the people who have to prove an AI system is safe, lawful, and fit for its declared purpose — before it ships, again every year, and every time it is meaningfully changed. The pressure is building from several directions at once. The EU AI Act has elevated conformity assessment from a niche regulatory activity into a board-level requirement for any organisation placing or operating high-risk AI in the EU. ISO/IEC 42001 has given the world a certifiable AI management system standard, and accredited certification bodies are now issuing certificates that customers and procurers are starting to require. Sector regulators (FDA, EASA, automotive type-approval authorities, financial supervisors) have been moving in parallel and are weaving AI-specific conformity requirements into their existing regimes.
The lessons here are written for the practitioners who actually deliver conformity: regulatory affairs leads, quality managers, technical-file authors, AI/ML engineers preparing systems for assessment, internal QA teams running gap assessments, and management representatives in front of notified bodies and certification auditors. Every topic explains the legal or normative basis (which clause, which annex, which standard), the practical procedure (what evidence to collect, how to structure the documentation, who signs what), and the failure modes (what makes assessors push back, what triggers a substantial modification, what disqualifies a declaration). The aim is that a reader of this track can plan a conformity programme, build the evidence package, work successfully with a notified or certification body, maintain conformity through the post-market phase, and respond to substantial modifications without losing the certificate or marking.
All Topics
50 AI conformity assessment topics organized into 8 categories. Each has 6 detailed lessons with frameworks, procedures, and operational templates.
Conformity Assessment Foundations
Conformity Assessment Foundations
Master the foundations of conformity assessment. Learn what conformity assessment is, why regulators rely on it, the WTO TBT framework, the ISO/IEC 17000 vocabulary, and how AI fits the model.
6 LessonsFirst, Second & Third-Party Assessment
Learn the three parties to conformity assessment. Compare self-assessment (first-party), customer assessment (second-party), and independent assessment (third-party) for AI systems.
6 LessonsDeclaration of Conformity (DoC)
Issue a Declaration of Conformity. Learn the EU DoC structure, Article 47 of the AI Act, signatory authority, retention obligations, and translation requirements.
6 LessonsThe Accreditation Chain
Trace the accreditation chain. Learn how IAF/EA recognise national accreditation bodies, how those bodies accredit certification and inspection bodies, and how that chain underwrites every certificate.
6 LessonsHarmonised Standards & Presumption
Use harmonised standards strategically. Learn how an EU-cited harmonised standard creates a presumption of conformity, what to do when no harmonised standard exists, and the JTC 21 work programme.
6 LessonsGlobal Conformity Assessment Landscape
Map the global AI conformity assessment landscape. Compare EU, UK (UKCA), US (NIST/FDA), China (CCC, NEAT), Japan, Korea, Singapore, and emerging regimes.
6 LessonsEU AI Act Conformity Regime
High-Risk AI Classification (Annex III)
Classify your AI under the EU AI Act. Learn Annex III categories, the safety-component pathway, the substantive risk derogation, and prohibited-practice lines.
6 LessonsChoosing a Conformity Assessment Route
Choose the right conformity assessment route. Compare Annex VI internal control vs Annex VII notified body, when each is required, and how to plan resources for each.
6 LessonsInternal Control Procedure (Annex VI)
Run the Annex VI internal control procedure. Learn the QMS requirement, technical documentation, internal verification of QMS application, declaration of conformity, and the role of the responsible person.
6 LessonsNotified Body Route (Annex VII)
Run the Annex VII notified body procedure. Learn the QMS assessment, technical documentation review, certificate issuance and validity, surveillance, and substantial modification.
6 LessonsTechnical Documentation (Annex IV)
Build the Annex IV technical documentation. Learn the nine sections required, the appropriate level of detail, version control, redaction for confidentiality, and assessor expectations.
6 LessonsCE Marking & EU DoC
Affix CE marking to AI products. Learn the visibility, legibility, indelibility rules, the notified body number when applicable, the EU representative, and importer/distributor obligations.
6 LessonsEU AI Database Registration
Register your AI in the EU database. Learn the Article 49 / Article 71 obligations, the data fields required, the public vs restricted parts, registration triggers, and lifecycle updates.
6 LessonsFundamental Rights Impact Assessment (FRIA)
Conduct a Fundamental Rights Impact Assessment. Learn the Article 27 obligation, who must perform a FRIA, the required elements, integration with conformity, and notification to the market surveillance authority.
6 LessonsNotified Bodies & Accreditation
Notified Body Designation Process
Understand notified body designation. Learn the Article 29 designation requirements, accreditation under ISO/IEC 17065, NANDO publication, scope limits, and oversight by the designating authority.
6 LessonsSelecting a Notified Body
Select a notified body for AI. Learn how to assess scope coverage, capacity, sector experience, geographic reach, fees, and turnaround time.
6 LessonsWorking with a Notified Body
Work effectively with a notified body. Learn the application package, the assessment plan, the on-site or remote assessment, nonconformity handling, the certificate and conditions.
6 LessonsISO/IEC 17065 Product Certification
Apply ISO/IEC 17065 to AI product certification. Learn the standard's structure, certification scheme owner, surveillance, and how it underpins AI Act notified bodies.
6 LessonsISO/IEC 17021 Management System Certification
Apply ISO/IEC 17021 to AIMS certification. Learn the audit programme, audit team competence, on-site activity, and the structure that ISO/IEC 42006 will overlay specifically for ISO/IEC 42001.
6 LessonsAccreditation Bodies (EA, IAF, ANAB)
Map the accreditation bodies. Learn EA in Europe, IAF globally, the role of national bodies (UKAS, DAkkS, ANAB), MLA/MRA agreements, and how to verify a body's accreditation status.
6 LessonsISO/IEC 42001 Certification
ISO/IEC 42001 AIMS Overview
Master ISO/IEC 42001. Learn the structure (Clauses 4-10, Annex A, B, C, D), the AI management system concept, certification scope statement, and the relationship to ISO 9001 and 27001.
6 LessonsAIMS Gap Assessment
Run an AIMS gap assessment against ISO/IEC 42001. Learn how to assess Clause 4-10 readiness, Annex A control coverage, the gap report, and the remediation roadmap.
6 LessonsStage 1 (Documentation) Audit
Pass the ISO/IEC 42001 Stage 1 audit. Learn what auditors review, the scope statement check, AIMS documentation review, readiness for Stage 2, and the Stage 1 report.
6 LessonsStage 2 (Implementation) Audit
Pass the ISO/IEC 42001 Stage 2 audit. Learn the on-site audit plan, the sampling, the interview programme, evidence walkthroughs, nonconformity handling, and the certification recommendation.
6 LessonsSurveillance Audits
Maintain ISO/IEC 42001 certification through surveillance. Learn the annual surveillance scope, focus areas, evidence currency, change handling, and the relationship to recertification.
6 LessonsRecertification Cycle
Plan the ISO/IEC 42001 recertification at year three. Learn the recertification audit scope, evolution of the AIMS, lessons-learned integration, and the new three-year cycle.
6 LessonsTechnical Documentation & Evidence
Annex IV Technical File Build
Build the Annex IV technical file end-to-end. Learn project setup, section ownership matrix, evidence collection, internal review, and the assessor-ready package.
6 LessonsModel Cards for Conformity
Use model cards as conformity evidence. Learn the Mitchell et al. template, AI Act-aligned extensions, performance reporting, intended-use statement, and the relationship to Annex IV.
6 LessonsDataset Documentation Pack
Build the dataset documentation pack. Learn datasheets for datasets, data lineage and provenance, license posture, AI Act Article 10 dataset requirements, and copyright/opt-out evidence.
6 LessonsAI Risk Management File
Build the AI Risk Management File required by Article 9. Learn the lifecycle risk management system, risk identification across known and reasonably foreseeable risks, risk evaluation, residual-risk acceptance, and testing evidence.
6 LessonsConformity Evidence Package
Build the conformity evidence package. Learn the package structure, hashing and integrity, retention scheduling (10 years), index and cross-references, and the redacted version for shared review.
6 LessonsLifecycle Evidence Capture
Capture lifecycle evidence continuously. Learn the design-time, build-time, deploy-time and run-time evidence streams, automation, evidence freshness SLAs, and the evidence audit trail.
6 LessonsStandards & Frameworks
EU Harmonised Standards Roadmap
Track the EU harmonised standards roadmap. Learn the European Commission standardisation request M/593, CEN-CENELEC JTC 21 work, the AI Act-aligned harmonised standards in development, and OJEU citation timelines.
6 LessonsISO/IEC TR 5469 Functional Safety & AI
Apply ISO/IEC TR 5469 for AI in safety-related systems. Learn the AI use classes A/B/C, function properties, the safety lifecycle integration, and the evidence required.
6 LessonsISO/IEC 23894 AI Risk Management
Apply ISO/IEC 23894 to AI risk management. Learn the standard's relationship to ISO 31000, AI-specific risk sources, treatment options, and how it supports AI Act Article 9.
6 LessonsISO/IEC 24029 Robustness of Neural Networks
Apply ISO/IEC 24029 to neural-network robustness. Learn the methodology (formal, empirical, statistical), the metrics, and the assessment evidence relevant for conformity.
6 LessonsISO/IEC 25059 AI Quality Model
Apply ISO/IEC 25059 to AI quality. Learn the AI-specific quality characteristics (functional adaptability, autonomy, transparency), how they extend SQuaRE, and how they map to AI Act essential requirements.
6 LessonsNIST AI RMF Mapping to Conformity
Map NIST AI RMF to AI Act conformity. Learn the four functions (Govern, Map, Measure, Manage), how each maps to AI Act Articles 9-15, and the gap-filling content the RMF provides.
6 LessonsSectoral Conformity Regimes
FDA SaMD & PCCP
Navigate FDA conformity for AI/ML medical devices. Learn the SaMD framework, the Predetermined Change Control Plan (PCCP) for AI, 510(k) and De Novo pathways, and the GMLP principles.
6 LessonsIEC 62304 Medical Device Software
Apply IEC 62304 to AI in medical-device software. Learn the safety classification (A, B, C), the software development lifecycle, configuration management, and AMD 1 expectations for AI.
6 LessonsISO 26262 + SOTIF Automotive AI
Apply ISO 26262 + ISO 21448 SOTIF to automotive AI. Learn ASIL determination, the safety lifecycle, SOTIF for the safety of the intended functionality (covering performance limits and triggering conditions), and AI-specific clauses.
6 LessonsEASA AI Roadmap & Aviation
Track EASA's AI Roadmap. Learn the AI Trustworthiness building blocks, Concept Paper Issue 02, AI Levels (1A/1B/2/3), the W-shaped development assurance, and EASA's certification approach.
6 LessonsSR 11-7 Model Risk Management
Apply SR 11-7 to AI/ML in banking. Learn the model definition, model risk management framework, model validation, ongoing monitoring, governance, and how SR 11-7 extends to AI.
6 LessonsMDR/IVDR for AI Medical Devices
Conform AI medical devices to EU MDR and IVDR. Learn classification rules, GSPR mapping, clinical evaluation/PMCF, the relationship to AI Act, and the dual-marking requirement.
6 LessonsPost-Market & Lifecycle Conformity
Post-Market Monitoring System
Build the AI Act Article 72 post-market monitoring system. Learn the monitoring plan, data collection, performance over time, deployer feedback channels, and analysis cadence.
6 LessonsSerious Incident Reporting
Report serious incidents under AI Act Article 73. Learn the definition of serious incident, the 15-day window (2 days for life/death), the reporting recipients, the investigation duties, and the corrective-action linkage.
6 LessonsSubstantial Modification & Re-Assessment
Identify substantial modifications. Learn the AI Act test (changes that affect compliance with the AI Act requirements or alter the intended purpose), the impact on conformity, and re-assessment routes.
6 LessonsEU Database Updates & Lifecycle
Maintain EU AI Database entries through the lifecycle. Learn update triggers, the public/restricted entry refresh, withdrawal/recall entries, and the public-facing summary obligations.
6 LessonsCorrective Action & Field Safety
Run corrective action and field-safety processes for AI. Learn root-cause analysis, immediate containment, field safety notice (FSN), corrective action effectiveness verification, and CAPA closure.
6 LessonsContinuous Conformity Operation
Operate continuous conformity for AI. Learn the continuous-conformity dashboard, evidence freshness monitoring, control automation, audit-readiness rehearsal, and the maturity model.
6 Lessons