CE Marking for AI Products and Connected Software
CE marking is a legal precondition for placing your AI product on the EU market. Most non-EU teams treat it as optional.
CE marking — a market access requirement in EU
CE marking is the manufacturer’s declaration that a product meets all applicable EU legal requirements before it is placed on the EU market. It is not a quality certification, not a third-party endorsement, and not optional. For AI products and connected software, CE marking obligations arise from multiple EU regulations simultaneously — the Cyber Resilience Act, the EU AI Act for certain high-risk systems, the Machinery Regulation for AI-embedded machinery, the Medical Device Regulation for AI used as software as a medical device, and others depending on what the product does and where it operates.
The CE marking landscape for AI products is more complex than for conventional hardware. A single AI system may be subject to CE marking requirements under two or three regulations at once — each with its own essential requirements, conformity assessment pathway, and technical documentation obligations.
Placing a product on the EU market with CE marking that does not cover all applicable regulations is a compliance failure with the same legal consequences as no CE marking at all.
European Compliance Suite provides specialist CE marking assessments for AI products and connected software. We determine which regulations require CE marking for your specific product, establish the correct conformity assessment pathway for each, and deliver a documented compliance record that supports CE marking affixation and withstands market surveillance authority scrutiny.
CE Marking Assessment For Your AI Product
A lawyer-built assessment of your AI product’s CE marking obligations — applicable regulation identification, conformity assessment pathway determination, essential requirements mapping, technical documentation review, notified body requirement assessment, and a documented compliance record supporting CE marking affixation on the EU market.
How CE marking works for AI products
Multiple regulations and every applicable framework must be satisfied before affixation.
CE marking for AI products is not a single compliance exercise. Each regulation that applies to your product has its own essential requirements, conformity assessment pathway, and technical documentation obligations — all of which must be satisfied before the mark is affixed.
Cyber Resilience Act
AI software products that connect to another device or network are products with digital elements under the CRA and require CE marking from September 2026. Most AI software products qualify. The CRA’s essential cybersecurity requirements — security by design, vulnerability handling, incident reporting capability — must be met before CE marking is affixed. Default category products self-assess; Class I important products require harmonised standard alignment or notified body involvement; Class II important products require mandatory third-party assessment.
EU AI Act
High-risk AI systems under Annex III that undergo conformity assessment must affix CE marking before being placed on the EU market. The CE mark under the AI Act signals that the system satisfies the Act’s technical documentation, risk management, data governance, human oversight, and accuracy requirements. For most EU AI Act high-risk systems, self-assessment is available — notified body involvement is mandatory only for biometric identification systems and AI systems used as safety components in regulated products where existing sector legislation requires it.
Machinery Regulation
AI systems embedded in or functioning as machinery, including autonomous robots, collaborative robots, and AI-driven safety systems, are subject to the Machinery Regulation from January 2027. Machinery must carry CE marking confirming compliance with essential health and safety requirements. Where an AI system is a safety component of machinery, it must satisfy both Machinery Regulation and EU AI Act requirements simultaneously.
Medical Device Regulation
AI systems that qualify as Software as a Medical Device — performing a medical function such as diagnosis, prognosis, monitoring, or treatment support — are regulated as medical devices under MDR and require CE marking through a notified body conformity assessment. Class IIa, IIb, and III medical devices require notified body involvement. AI-based SaMD is one of the most complex CE marking scenarios — MDR and EU AI Act obligations must be satisfied simultaneously.
Radio Equipment Directive
AI products that include radio components — wireless connectivity, Bluetooth, Wi-Fi, cellular — must satisfy RED essential requirements covering radio spectrum, electromagnetic compatibility, and electrical safety. CE marking under RED is required in addition to any other applicable regulation’s CE marking requirements.
Which CE marking regulations apply to your AI product
Most AI products are subject to more than one CE marking regulation simultaneously. This table maps the most common AI product types to the regulations that require CE marking.
| AI product type | Applicable CE marking regulation(s) | Conformity assessment pathway |
|---|---|---|
| AI software connecting to network or device | Cyber Resilience Act | Self-assessment (default) or notified body (Class I/II) |
| High-risk AI system under Annex III | EU AI Act | Self-assessment or notified body (biometrics, regulated safety components) |
| AI-embedded industrial robot or machinery | Machinery Regulation + EU AI Act | Notified body for machinery safety; self-assessment or notified body for AI |
| Software as a Medical Device (SaMD) | MDR + EU AI Act | Notified body mandatory for Class IIa+ devices |
| AI product with wireless connectivity | CRA + RED + EU AI Act where high-risk | Multiple pathways — must satisfy all simultaneously |
| AI consumer product with embedded intelligence | CRA + General Product Safety Regulation | CRA self-assessment; GPSR risk assessment |
| AI used in vehicle systems | EU AI Act + type approval regulations | Type approval process plus AI Act conformity assessment |
| AI in construction products | EU AI Act + Construction Products Regulation | CPR declaration of performance plus AI Act assessment |
| AI personal protective equipment | EU AI Act + PPE Regulation | Notified body for PPE; AI Act self-assessment or notified body |
| Minimal-risk AI software, no network connection | None mandatory | No CE marking required — document the determination |
The declaration of conformity: the legal act behind the mark
The CE mark itself is the visible signal. The EU declaration of conformity is the legal substance behind it — a formal written declaration by the manufacturer that the product satisfies all applicable essential requirements of all applicable EU legislation. Affixing CE marking without a compliant declaration of conformity, or with a declaration that does not cover all applicable regulations, is not a technical non-compliance. In most EU member states it is a criminal offence.
Three things AI manufacturers consistently get wrong about declarations of conformity:
- A declaration of conformity must list every regulation that applies to the product — not just the one the manufacturer is most familiar with. An AI software product subject to the CRA, the EU AI Act, and the Radio Equipment Directive needs a declaration that covers all three. A declaration covering only one is non-compliant even if that regulation’s requirements have been fully met.
- The declaration must be kept up to date. If the product changes in a way that affects compliance — new functionality, new connectivity, new use case — the conformity assessment must be repeated and the declaration updated before the modified product is placed on the market. A declaration issued at launch does not cover modifications made after launch.
- The technical documentation supporting the declaration must be maintained for ten years after the product is placed on the market — or for the product’s expected lifetime where that is longer. Market surveillance authorities can request this documentation at any time during the retention period. AI companies that cannot produce technical documentation on request face immediate enforcement action regardless of whether their product is actually compliant.
What CE marking compliance requires for AI products
These are the CE marking requirements that apply most directly to AI products placed on the EU market across every regulation that requires the mark for your specific product.
Importer and distributor obligations — where your AI product is placed on the EU market by an importer or distributor rather than directly by the manufacturer, assessment of those parties’ CE marking verification obligations and the manufacturer’s responsibilities to support them.
Applicable regulation identification — determination of every EU regulation that requires CE marking for your specific AI product — CRA, EU AI Act, Machinery Regulation, MDR, RED, GPSR, or others — based on what the product does, how it connects, and where it operates.
Classification under each regulation — establishment of your product’s classification tier under every applicable regulation — CRA default, Class I or Class II; EU AI Act prohibited, high-risk, limited, or minimal; MDR Class I, IIa, IIb, or III — each determining the conformity assessment pathway.
Essential requirements mapping — assessment of your product against the essential requirements of every applicable regulation — security by design under CRA, technical robustness and human oversight under EU AI Act, health and safety requirements under Machinery Regulation, safety and performance under MDR — identifying gaps and remediation priorities.
Conformity assessment pathway determination — identification of the correct conformity assessment route for your product under each applicable regulation — self-assessment, harmonised standard alignment, notified body assessment, or EU cybersecurity certification scheme and confirmation of whether a notified body is mandatory.
Notified body selection and engagement — where notified body involvement is mandatory — Class II CRA products, Annex III biometric AI systems, Class IIa+ medical devices, machinery safety components — identification of an appropriate EU-recognised notified body and management of the assessment process.
Technical documentation compilation — assembly of the technical file required by every applicable regulation — covering product design, development methodology, risk assessment, testing results, essential requirements compliance evidence, and conformity assessment outcomes, maintained for the required retention period.
EU declaration of conformity drafting — preparation of a compliant declaration covering every applicable regulation, every applicable directive or regulation reference, the product identification, the manufacturer’s details, the conformity assessment pathway followed, and the notified body where involved.
CE marking affixation compliance — confirmation that CE marking is affixed correctly — on the product, its packaging, or its accompanying documentation where the product is software, in the correct format, at the correct size, and accompanied by the notified body identification number where required.
Post-market surveillance — documented system for monitoring the product’s compliance after placing it on the market, including incident reporting, corrective action procedures, and the process for updating the technical documentation and declaration of conformity where the product changes materially.
One engagement. Every CE marking obligation mapped for your AI product.
A lawyer-built CE marking assessment covering applicable regulation identification, product classification under each regime, essential requirements mapping, conformity assessment pathway determination, notified body requirement assessment, technical documentation review, EU declaration of conformity drafting support, and post-market surveillance obligations — documented and specific to your product, mapped against your full EU regulatory position.
Frequently Asked Questions About CE Marking
What is CE marking and is it mandatory for AI products?
CE marking is a manufacturer’s declaration that a product meets all applicable EU legal requirements and can be placed on the EU market. It is mandatory for any product covered by EU legislation that requires it — including AI software products subject to the Cyber Resilience Act, high-risk AI systems subject to the EU AI Act, AI-embedded machinery subject to the Machinery Regulation, and AI qualifying as a medical device under MDR. CE marking is not optional, not a quality certification, and not a third-party endorsement. It is a legal precondition for market access.
Which EU regulations require CE marking for AI products?
Multiple regulations may require CE marking for a single AI product simultaneously. The Cyber Resilience Act requires CE marking for products with digital elements — most AI software products — from September 2026.
The EU AI Act requires CE marking for high-risk AI systems completing conformity assessment.
The Machinery Regulation requires CE marking for AI-embedded machinery from January 2027. MDR requires CE marking for AI qualifying as Software as a Medical Device.
The Radio Equipment Directive requires CE marking for AI products with radio components. Every applicable regulation must be satisfied before CE marking is affixed.
Can an AI software product self-certify for CE marking?
It depends on the regulation and the product’s classification tier. Under the CRA, default category products can self-assess and self-certify. Class I important products can self-assess against a harmonised standard or use a notified body. Class II important products require mandatory third-party assessment.
Under the EU AI Act, most high-risk systems can self-assess — notified body involvement is mandatory only for biometric identification systems and AI safety components in regulated products.
Under MDR, Class IIa and above medical devices require notified body involvement. The correct answer depends on every regulation that applies to your specific product.
What is an EU declaration of conformity and what must it contain?
The EU declaration of conformity is the formal written declaration by the manufacturer that the product satisfies all applicable essential requirements of all applicable EU legislation. It must identify the product, the manufacturer, all applicable regulations and directives, the conformity assessment pathway followed, the notified body where involved, and be signed by an authorised representative of the manufacturer.
A declaration that does not cover every applicable regulation is non-compliant even where the covered regulations have been fully satisfied. Affixing CE marking without a compliant declaration is a criminal offence in most EU member states.
How does CE marking under the CRA interact with CE marking under the EU AI Act?
Where both regulations apply to the same product — an AI software product that is also high-risk under the EU AI Act — both sets of essential requirements must be satisfied before CE marking is affixed, and the declaration of conformity must reference both regulations. The technical documentation must satisfy both regulations’ requirements — which overlap significantly in technical robustness and post-market monitoring but diverge in their specific documentation requirements.
A cross-framework assessment maps where one technical file satisfies both regulations and where distinct documentation is required.
What is a notified body and when is one required for CE marking of AI products?
A notified body is an organisation designated by an EU member state to carry out third-party conformity assessment under specific EU legislation. Notified body involvement is required where self-assessment is not available — Class II CRA products, AI systems used as safety components in regulated products requiring notified body assessment, Class IIa and above medical devices under MDR, and certain machinery safety components.
Where a notified body is involved, its four-digit identification number must appear alongside the CE mark on the product. Not all notified bodies are designated for all regulations — the correct notified body must be recognised under every regulation requiring third-party assessment for your product.
Does CE marking apply to AI products placed on the market free of charge?
Yes. CE marking obligations are triggered by placing the product on the market — defined as making it available for distribution or use in the Union in the course of a commercial activity. Free of charge supply in the course of a commercial activity counts as placing on the market. An AI software product offered at no cost to EU users is subject to the same CE marking obligations as a paid product where the applicable regulations apply.
Does CE marking apply to non-EU AI manufacturers?
Yes. CE marking obligations apply to any manufacturer placing a product on the EU market regardless of where the manufacturer is established. Non-EU manufacturers must satisfy the same essential requirements, follow the same conformity assessment pathways, and issue the same EU declaration of conformity as EU-established manufacturers.
Non-EU manufacturers without an EU establishment must appoint an EU-established authorised representative — under the CRA, under the EU AI Act for high-risk systems, and under other applicable regulations — who can act on their behalf with market surveillance authorities.
How long must technical documentation be retained after CE marking?
Technical documentation supporting CE marking must generally be retained for ten years after the product is placed on the market, or for the product’s expected lifetime where that is longer. Market surveillance authorities can request this documentation at any time during the retention period.
For AI products subject to multiple regulations, the longest retention period of any applicable regulation applies. AI companies that cannot produce compliant technical documentation on request face enforcement action regardless of the product’s actual compliance status.
What are the penalties for incorrect CE marking of AI products?
Penalties are set at member state level and vary by jurisdiction and applicable regulation. They typically include fines — reaching significant amounts for serious violations — withdrawal of the product from the market, prohibition on placing the product on the market, and in serious cases criminal prosecution of responsible individuals. The CRA provides for fines up to €15 million or 2.5% of global annual turnover for non-compliance with essential requirements.
Affixing CE marking incorrectly — including marking a product as CE compliant when the conformity assessment has not been completed — is treated as a serious violation in most member states. Market surveillance authorities across the EU share information and coordinate enforcement.
How do I start CE marking compliance for my AI product?
Four steps in order. First, determine every EU regulation that requires CE marking for your specific product based on its function, connectivity, and intended use — this is the step most manufacturers get wrong by considering only the regulation they know best.
Second, establish your product’s classification tier under each applicable regulation — the tier determines whether self-assessment is available or notified body involvement is mandatory.
Third, assess your product against the essential requirements of every applicable regulation and identify the gaps.
Fourth, compile the technical documentation and draft the EU declaration of conformity covering every applicable regulation before affixing the mark.
A lawyer-built assessment covers all four steps and delivers a documented compliance position specific to your product — mapped against your full EU regulatory position.