- 1.
Each Member State shall designate or establish at least one notifying authority responsible for setting up and carrying out the necessary procedures for the assessment, designation and notification of conformity assessment bodies and for their monitoring. Those procedures shall be developed in cooperation between the notifying authorities of all Member States.
- 2.
Member States may decide that the assessment and monitoring referred to in paragraph 1 is to be carried out by a national accreditation body within the meaning of, and in accordance with, Regulation (EC) No 765/2008.
- 3.
Notifying authorities shall be established, organised and operated in such a way that no conflict of interest arises with conformity assessment bodies, and that the objectivity and impartiality of their activities are safeguarded.
- 4.
Notifying authorities shall be organised in such a way that decisions relating to the notification of conformity assessment bodies are taken by competent persons different from those who carried out the assessment of those bodies.
- 5.
Notifying authorities shall offer or provide neither any activities that conformity assessment bodies perform, nor any consultancy services on a commercial or competitive basis.
- 6.
Notifying authorities shall safeguard the confidentiality of the information that they obtain, in accordance with Article 78.
- 7.
Notifying authorities shall have an adequate number of competent personnel at their disposal for the proper performance of their tasks. Competent personnel shall have the necessary expertise, where applicable, for their function, in fields such as information technologies, AI and law, including the supervision of fundamental rights.
AI Act Article EN
Article 28
Notifying authorities
Related across sources
Guidance Guidelines 07/2020 on the concepts of controller and processor in the GDPR Guidance Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Version 2.0 Adopted on 20 October 2020 Guidance Guidelines 9/2022 on personal data breach notification under GDPR Enforcement ADMINISTRACIONES BENIPON, S.L.: Insufficient fulfilment of data breach notification obligations Enforcement HISPAPOST, S.A.: Insufficient fulfilment of data breach notification obligations Enforcement Housing association: Insufficient fulfilment of data breach notification obligations