When CE/UKCA applies

• High-risk AI categories and sector overlays; decide if your system is a component or a product.

Conformity routes

• Internal control vs NB assessment; relevant harmonised standards; use of QMS (once available for AI).

Notified body engagement

• Pre-application meeting; scope; deliverables; evidence expectations; audit logistics; remediation cycles.

Technical file expectations

• Link to this KB’s Technical File article; ensure navigable, current, and cross-referenced to evidence.

Declaration & marking

• Draft Declaration of Conformity; authorised signatory; CE/UKCA marks placement and product ID conventions.

Post-market obligations

• PMM, incident reporting, corrective actions; periodic reviews with NB/regulator when applicable.

Substantial changes & reassessment

• Triggers: model swap, data overhaul, new use, new hazards; run change assessment and notify NB when required.

Supplier attestations

• Foundation model and data suppliers provide safety/security attestations and usage constraints.

Common pitfalls

• Evidence not mapped to requirements; missing approvals; stale PMM; unclear change/waiver handling.

Timeline & readiness

• Back-plan from launch; allow cycles for NB review; include remediation buffers and re-tests.

Evidence index handover

• Exportable index; immutable snapshots; secure data room access; redaction policy.

Conformity checklist

• Route chosen; NB engaged (if needed); technical file complete; Declaration ready; PMM & incident plan live.

© Zen AI Governance UK Ltd • Regulatory Knowledge • v1 05 Nov 2025 • This page is general guidance, not legal advice.