Notified Body & AI

What Is a Notified Body?

Under EU legislation such as the Medical Device Regulation (MDR), Machinery Regulation, or Low Voltage Directive, a Notified Body is an independent conformity assessment organization designated by an EU Member State to assess whether products meet regulatory requirements.

Examples include:

• TÜV SÜD

• BSI Group

• DEKRA

• SGS

Their role:

• Audit your QMS

• Review your Technical Documentation

• Verify risk management

• Ensure standards alignment

• Assess clinical or safety evidence (where applicable)

They assess evidence and process integrity — not writing tools.

Current Reality: There Is No AI Ban

There is no EU-wide prohibition on AI-assisted documentation and it is not expected.

Neither the MDR nor other CE legislation currently prohibits:

• AI-assisted drafting

• AI-generated first drafts

• Prompt-based risk analysis drafting

What matters is:

✔ Accuracy
✔ Consistency
✔ Traceability
✔ Correct application of harmonised standards
✔ Proper validation

What EU Actually Care About

A) Traceability

Can you show:

• Source of regulatory requirements?

• Link between hazards → risks → mitigations?

• Standard clauses correctly applied?

If AI generates generic, non-standard-specific language, that’s a red flag.

B) Technical Correctness

AI hallucinations are a serious risk.

If your documentation:

• References incorrect clauses

• Cites withdrawn standards

• Misinterprets Annex requirements

• Mixes regulatory frameworks

You will get nonconformities.

C) Process Control

This is where it gets interesting.

Under ISO-based QMS systems (e.g., ISO 13485), auditors increasingly ask:

• How do you control AI usage?

• Who validates AI output?

• Is there documented review?

• Are prompts controlled?

• Is version control maintained?

They don’t reject AI — they reject uncontrolled processes.

What Raises Red Flags

From industry feedback and regulatory discussions:

🚩 Perfectly structured but technically shallow risk files
🚩 Overly generic hazard lists
🚩 Language that mirrors public guidance too closely
🚩 Incorrect standard citations
🚩 “Copy-paste feel” across product families
🚩 No evidence of engineering judgement

AI-generated content often has identifiable patterns.

When AI Can Strengthen Your Position

If used properly, AI can improve:

✔ Consistency across documents
✔ Structured formatting
✔ Early hazard identification brainstorming
✔ Gap analysis
✔ Cross-checking requirement coverage

If you can demonstrate:

AI-assisted drafting + expert validation + documented review process

You appear modern and controlled — not reckless.

Emerging Trend: Risk-Based View of AI Use

There is increasing awareness of AI governance under the EU AI Act.

While this Act does not directly regulate CE documentation drafting, it increases scrutiny around:

• Risk management

• Governance

• Transparency

• Human oversight

This influences regulatory culture.

What Notified Bodies Are Quietly Concerned About

They worry about:

• Loss of engineering judgement

• Companies relying blindly on AI

• Reduced internal competence

• Documentation inflation without substance

• “AI-written compliance theatre”

In high-risk sectors (medical devices, machinery with safety functions), expect closer scrutiny.

Practical Advice

To stay audit-safe, companies should:

1. Document an AI Usage Procedure in their QMS

2. Require human validation before release

3. Maintain version control

4. Keep prompt templates controlled

5. Verify all standard references manually

6. Prohibit AI from inventing regulatory citations

7. Perform final clause-by-clause conformity check

If they do this, AI use becomes low-risk.

The Bottom Line

Notified Bodies do not reject AI-generated documentation.

They reject:

• Inaccurate documentation

• Uncontrolled processes

• Weak risk analysis

• Missing traceability

If AI degrades quality → nonconformity.
If AI improves structure but remains controlled → acceptable.