A European Investment Fund Just Asked for Your AI Credit Assessment Tool's Conformity Assessment Procedure Under Article 43: How to Answer

A European investment fund just asked for your AI credit assessment tool's conformity assessment procedure under Article 43: how to answer

Your enterprise sales lead sent the question on Monday. A regulated investment fund in Luxembourg is evaluating your AI-powered credit assessment tool for use in their portfolio company lending decisions. Their compliance team has completed the initial security review and has one remaining question before legal approval:

"Article 43 of the EU AI Act requires high-risk AI systems to undergo a conformity assessment before being placed on the market. Please describe which conformity assessment procedure applies to your AI credit assessment tool, whether you have completed it, and provide documentation."

This is a technically specific question that separates vendors who have done the regulatory work from those who have not. Here is what Article 43 requires and how to answer it accurately.

What Article 43 Establishes

Article 43 sets out the conformity assessment procedures that high-risk AI systems must follow before they can be placed on the EU market or put into service. The specific procedure depends on which category of high-risk system is involved.

For most high-risk AI systems listed in Annex III — which includes AI used in credit scoring and creditworthiness assessment under Annex III, point 5(b) — the conformity assessment procedure is the internal control procedure set out in Annex VI. This means the provider carries out the conformity assessment themselves, without requiring a third-party notified body, but must document the entire process and create the EU Declaration of Conformity.

However, for certain categories of high-risk AI systems — specifically those related to biometric identification and categorisation, and certain safety components of products already subject to EU harmonisation legislation (like medical devices or machinery) — conformity assessment involving a notified body may be required.

For a fintech AI credit assessment tool, the applicable conformity assessment procedure is almost certainly the internal control procedure under Annex VI, unless the system also constitutes a safety component of a product under another regulation.

What the Internal Control Procedure Requires

The Annex VI conformity assessment procedure has four elements that must be documented before the system is placed on the market:

Technical documentation. You must have prepared and maintained the Annex IV technical documentation. This includes the system description, design specifications, training data information, accuracy metrics, risk management records, post-market monitoring plan, and human oversight measures.

Quality management system. Under Article 17, you must have implemented a quality management system covering the development, testing, and deployment of the AI system. The QMS must include procedures for risk management, data governance, testing, post-market monitoring, and serious incident reporting.

Assessment of the technical documentation. Before placing the system on the market, you — as the provider — must assess whether the system meets the requirements of Chapter III, Section 2 (Articles 9–15). This self-assessment must be documented.

EU Declaration of Conformity. You must draw up and sign an EU Declaration of Conformity under Article 47, stating that the system meets the requirements of the EU AI Act and any other applicable EU legislation. The declaration must reference the applicable conformity assessment procedure.

How to Structure Your Answer

A complete, credible answer to the investment fund's question contains three elements:

First, identify the applicable procedure. State that your AI credit assessment tool is a high-risk AI system under Annex III, point 5(b), and that the applicable conformity assessment procedure is the internal control procedure under Annex VI, which does not require a notified body.

Second, confirm completion status. State whether you have completed the internal control assessment, when it was completed, and whether it covered your current production version. If you are in progress, state the expected completion date.

Third, offer documentation. Offer to provide your EU Declaration of Conformity under NDA, and confirm that your Annex IV technical documentation exists and can be made available to competent authorities on request.

Procurement teams at regulated financial institutions move faster when they receive a structured answer that maps their question to the specific regulatory provision and confirms documented completion — not a general assurance that you are "working toward compliance."

Try Complizo free at complizo.com