Putting Your AI System on the Market
Pete Hannam
Data and AI Systems Architect
Ready to launch your AI? Discover how to breeze through those tricky compliance checks, grab your CE marking, and keep your system running safely with our easy guide.
Ready to launch your AI? Discover how to breeze through those tricky compliance checks, grab your CE marking, and keep your system running safely with our easy guide.
Subscribe to watch
Access this and all of the content on our platform by signing up for a 7-day free trial.
Putting Your AI System on the Market
5 mins 12 secs
Key learning objectives:
Understand how the EU AI Act is governed and enforced
Explain the conformity assessment and CE marking process
Overview:
The Act uses a multi-layered governance system to ensure everything runs smoothly. At the top, the European Artificial Intelligence Board (EAIB) acts like an orchestral conductor, co-ordinating implementation across member states, while the European AI Office provides technical expertise, especially for general-purpose AI. A conformity assessment as a driving test for your AI. You must prove it meets all requirements before it can be deployed. Compliance doesn't end the moment your AI hits the market - you need to maintain "continuous vigilance." This involves mandatory monitoring of system performance, user feedback, and any emerging risks.
Subscribe to watch
Access this and all of the content on our platform by signing up for a 7-day free trial.
Summary
How is the EU AI Act governed and enforced?
The Act uses a multi-layered governance system to ensure everything runs smoothly. At the top, the European Artificial Intelligence Board (EAIB) acts like an orchestral conductor, co-ordinating implementation across member states, while the European AI Office provides technical expertise, especially for general-purpose AI. At the local level, each country has National Competent Authorities who serve as your primary contacts. These authorities have serious market surveillance powers, meaning they can:
The Act uses a multi-layered governance system to ensure everything runs smoothly. At the top, the European Artificial Intelligence Board (EAIB) acts like an orchestral conductor, co-ordinating implementation across member states, while the European AI Office provides technical expertise, especially for general-purpose AI. At the local level, each country has National Competent Authorities who serve as your primary contacts. These authorities have serious market surveillance powers, meaning they can:
- Conduct unannounced inspections and request documentation.
- Test your AI systems for compliance.
- Order corrections or withdrawals and impose penalties for non-compliance.
Additionally, private organisations known as Notified Bodies are authorised to step in when third-party assessments are required. For global organisations, this can be complex since different national authorities might interpret things slightly differently. The best approach is to be proactive and build relationships with regulators early on rather than waiting for a problem to arise.
What is the process for conformity assessment and CE marking?
Think of a conformity assessment as a driving test for your AI. You must prove it meets all requirements before it can be deployed. There are two main paths: self-assessment, where you evaluate compliance and document everything internally, and third-party assessment, where an external Notified Body independently verifies your work. Self-assessment is common for recruitment or financial services AI, while third-party checks are mandatory for higher-risk cases like biometric identification or critical safety components. Once you pass the assessment, you prepare an EU declaration of conformity, which is your way of taking legal responsibility for the system. Finally, you affix the CE marking—this acts as your AI’s 'passport', allowing it to be sold and used across the European market. Because these assessments can add weeks or even months to your timeline, it's vital to start your documentation early so it doesn't become a bottleneck.
What are your ongoing post-market obligations after launch?
Compliance doesn't end the moment your AI hits the market - you need to maintain "continuous vigilance." This involves mandatory monitoring of system performance, user feedback, and any emerging risks. If a serious incident occurs (e.g. major disruption to infrastructure or serious harm) you must report it to the authorities within a strict 72-hour window.
Even after launch, your responsibilities continue in several ways:
What is the process for conformity assessment and CE marking?
Think of a conformity assessment as a driving test for your AI. You must prove it meets all requirements before it can be deployed. There are two main paths: self-assessment, where you evaluate compliance and document everything internally, and third-party assessment, where an external Notified Body independently verifies your work. Self-assessment is common for recruitment or financial services AI, while third-party checks are mandatory for higher-risk cases like biometric identification or critical safety components. Once you pass the assessment, you prepare an EU declaration of conformity, which is your way of taking legal responsibility for the system. Finally, you affix the CE marking—this acts as your AI’s 'passport', allowing it to be sold and used across the European market. Because these assessments can add weeks or even months to your timeline, it's vital to start your documentation early so it doesn't become a bottleneck.
What are your ongoing post-market obligations after launch?
Compliance doesn't end the moment your AI hits the market - you need to maintain "continuous vigilance." This involves mandatory monitoring of system performance, user feedback, and any emerging risks. If a serious incident occurs (e.g. major disruption to infrastructure or serious harm) you must report it to the authorities within a strict 72-hour window.
Even after launch, your responsibilities continue in several ways:
- System Updates: If you make a "significant change" that alters the risk profile, you might need a brand-new conformity assessment.
- Keeping Records Current: Your technical documentation must always reflect the current state of the AI.
- Deployer Duties: Those using the system must follow instructions, monitor for anomalies, and ensure data quality stays high.
For example, if a credit scoring AI starts making odd decisions due to outdated data, you must act immediately by stopping those decisions, notifying the provider, and potentially reporting the pattern to regulators.
Subscribe to watch
Access this and all of the content on our platform by signing up for a 7-day free trial.
Pete Hannam
Pete Hannam has over twenty years’ experience building large-scale data platforms, including those that now underpin modern AI systems. His work has ranged from national security infrastructure processing hundreds of billions of records to global enterprise platforms supporting tens of thousands of users. He has architected AI-ready systems for government, consultancies, and enterprises, with a strong focus on governance, security, and regulatory compliance. His work emphasises that successful AI deployment depends not only on technology, but on understanding the organisational, technical, and regulatory context that enables AI initiatives to deliver real value.
There are no available Videos from "Pete Hannam"