A Fortune 500 Procurement Team Just Asked If Your AI Performance Management Tool Has a CE Mark and Is Listed in the EU AI Act Database: Answering the Article 48 and 49 Registration Questions
A Fortune 500 Procurement Team Just Asked If Your AI Performance Management Tool Has a CE Mark and Is Listed in the EU AI Act Database: Answering the Article 48 and 49 Registration Questions
The questionnaire came from the global HR compliance lead at a Fortune 500 company. Your AI-powered performance management platform had cleared the security review. Legal was the final gate.
Section 6 appeared:
"Please confirm whether your AI system carries a CE marking under the EU AI Act. Provide the URL or registration number for your system in the EU AI Act database. If not yet registered, provide your timeline and the basis for any exemption claimed."
Four questions. Two checkboxes. A request for documentation by end of week.
Here is exactly what those questions are asking and how to answer each one.
Why Procurement Teams Ask About CE Marking and the EU Database
Compliance officers and procurement teams at large enterprises have read that the EU AI Act requires CE markings and a public database of high-risk AI systems. They have been told — correctly — that by August 2, 2026, providers of high-risk AI systems must have completed conformity assessment and placed the CE marking on their systems.
They are asking you to prove you are compliant. But they often do not know what CE marking means in this context, who has to get one, or that there is a difference between registering in the database and having the CE mark affixed.
Your job is to explain that clearly, then send documentation.
What CE Marking Under the EU AI Act Actually Means
Under Article 48 of the EU AI Act, a CE marking signals that a high-risk AI system has undergone the conformity assessment procedure (Article 43), meets all applicable requirements, and is accompanied by an EU Declaration of Conformity (Article 47).
The CE marking in the AI Act context is not a logo you apply for from a certification body in most cases. For the majority of B2B SaaS HR tech companies, Article 43 allows a self-assessment procedure — you assess your own system against the requirements, document the results, sign the Declaration of Conformity, and affix the CE marking.
Third-party notified body involvement is only mandatory for:
- Biometric categorisation systems
- General-purpose AI models with systemic risk (Article 51)
- Certain high-risk systems in safety-critical infrastructure
A performance management tool does not require a notified body. Your procurement contact's mental model of "ISO certification from a third-party lab" does not apply here.
Does Your AI Performance Management Tool Need a CE Mark at All?
This is the first question your answer must address. Not all AI systems require CE marking — only those classified as high-risk under Annex III of the EU AI Act.
Annex III, point 4 covers AI systems used in employment and workers management:
"AI systems intended to be used for recruitment or selection of natural persons, in particular to place targeted job advertisements, to analyse and filter job applications, and to evaluate candidates; AI systems intended to be used to make decisions affecting terms of work-related relationships, to promote or terminate contractual relationships, and to allocate tasks based on individual behaviour or personal characteristics."
If your performance management platform makes or materially influences decisions about promotions, PIPs, bonus allocation, termination risk scoring, or task distribution — it very likely falls under this classification.
If your platform only surfaces aggregate team data or provides coaching nudges without influencing individual employment decisions, you may have a reasonable basis for arguing a lower-risk classification, but you will need to document that reasoning explicitly.
The procurement team is not asking for a legal opinion from you. They are asking whether you have made this determination and documented it.
What Is the EU AI Act Database?
Article 49 of the EU AI Act requires providers of high-risk AI systems to register their systems in a publicly accessible EU database before placing them on the EU market. The database is administered by the European AI Office.
As of mid-2026, the registration portal is operational. Registration requires:
- Provider identification (company name, EU representative if non-EU-based)
- System name and version
- High-risk category under Annex III
- A summary of the intended purpose and how it works
- Status of conformity assessment
When a procurement team asks for your "EU AI Act database registration number," this is what they are asking for: the unique identifier assigned when you complete registration at the official portal.
If you have not yet registered and the August 2026 deadline is approaching, your answer needs to include your registration timeline. A credible timeline shows: (1) you know registration is required, (2) you have begun or completed the conformity assessment, and (3) you have a specific target date for completing registration.
How to Answer the Four Sub-Questions
Q: Does your system carry a CE marking?
Answer directly. If you have completed the conformity assessment, signed the EU Declaration of Conformity, and affixed the CE mark: say yes, attach the Declaration of Conformity document.
If you are in process: say you are completing the conformity assessment ahead of the August 2026 deadline, and provide the expected completion date. Attach any interim documentation (draft technical file index, risk management documentation) that demonstrates substantive progress.
Q: Is your system listed in the EU AI Act database?
If registered: provide the registration URL and identifier.
If not yet registered: explain that registration follows completion of conformity assessment and provide the timeline. Note that registration is a provider-side obligation — it does not block you from operating in the EU in the interim while assessment is in progress.
Q: What is your timeline if not yet registered?
Give a specific date. "We plan to complete registration by [date]" is more useful to a procurement team than a vague reference to the August 2026 deadline.
Q: What is the basis for any exemption?
If you believe your system is not high-risk and does not require CE marking, explain your classification reasoning with reference to Annex III and the specific factors that put your system outside the high-risk categories. Procurement legal will want this in writing.
What to Send
A well-prepared response to this section includes:
- A written statement clarifying whether your system is classified as high-risk and why
- Your EU Declaration of Conformity (Article 47) if completed, or a draft/summary if in progress
- The EU database registration URL, or a written timeline with target date if pending
- A one-page summary of your conformity assessment approach — enough to show the assessment was substantive and not a checkbox exercise
Procurement teams do not need the full technical file. They need evidence that you have done the work and understand the regulation.
The Buyer's Real Question
Every question in this section of the procurement questionnaire is asking one thing: "Will signing this contract create EU AI Act regulatory risk for us as your deployer?"
Under Article 26, deployers of high-risk AI systems have their own obligations. A deployer buying a high-risk AI system that lacks CE marking, has no conformity assessment documentation, and is not registered in the EU database is deploying a non-compliant system. The Fortune 500 HR compliance lead knows this. That is why the questions exist.
Your answer needs to show that you have taken this seriously — not as a checkbox, but as a substantive part of how you built and operate your system.
Try Complizo free at complizo.com