The EU AI Act requires that high-risk AI systems undergo a conformity assessment before being placed on the EU market. The assessment evaluates whether the system meets the act's requirements on risk management, data governance, technical documentation, transparency, human oversight, accuracy, and cybersecurity.
Most assessments are conducted internally by the provider (self-assessment) against the technical documentation requirements in Annex IV. A subset of high-risk systems, biometric identification, safety-component AI, require an external notified-body assessment, which is closer to an ISO-style audit.
For CX-AI, the practical question is whether the use case falls into the high-risk classification. Customer service AI is usually limited-risk, with lighter transparency obligations. AI used in employment decisions, credit scoring, or healthcare diagnosis lands in high-risk and triggers the full conformity-assessment regime. A vendor serving regulated verticals needs to know which side of the line their deployments sit on.
Vorel maintains Annex IV technical documentation for the high-risk slices of customer deployments (clinical screening, certain regulated finance flows). The documentation is shared with EU customers under NDA.

