How do you perform conformity assessment for the EU AI Act?

The HEART Standard provides a structured methodology for evaluating whether high-risk AI systems meet the EU AI Act's requirements. It maps to Articles 9-15 through BGF-based risk management, MAP-States record-keeping, Guardian human oversight, and Behavioral Oracle transparency.

HEART Standard & EU AI Act Compliance

How the HEART Standard addresses conformity assessment for high-risk AI systems

The HEART Standard provides the operational assessment layer between management system standards and EU AI Act conformity assessment. It offers a methodology for evaluating whether high-risk AI systems meet the Act’s requirements — filling the gap left by delayed harmonised standards from CEN-CENELEC.

The conformity assessment gap

The EU AI Act requires conformity assessment for high-risk AI systems before market placement (Article 16(f)). Harmonised standards from CEN-CENELEC JTC21 remain incomplete. The high-risk compliance deadline may extend to December 2027. In the interim, providers need a rigorous methodology for demonstrating compliance effort.

Three compliance pathways exist: harmonised standards (Article 40), common specifications adopted by the Commission (Article 41), and independent interpretation of the legal text. The HEART Standard positions across all three — as a contribution to harmonised standards development, a candidate for common specifications, and a rigorous independent methodology available now.

Article-by-article coverage

AI Act Article	Coverage	HEART Component
Art. 9: Risk Management	Strong	BGF four-dimension assessment + Behavioral Oracle continuous monitoring + Guardian reporting
Art. 10: Data Governance	Partial	Behavioral impact assessed through BGF; direct data pipeline auditing is complementary
Art. 11: Technical Documentation	Strong	Certification pipeline produces comprehensive, dated documentation
Art. 12: Record-Keeping	Strong	Behavioral Oracle tamper-evident automatic logging with on-chain anchoring
Art. 13: Transparency	Strong	Transparency is a core BGF dimension with non-compensatory enforcement
Art. 14: Human Oversight	Strong	Guardian profession provides structurally independent human oversight
Art. 15: Accuracy/Robustness	Partial	Governance accuracy and robustness assessed; technical accuracy testing is complementary

Not a competitor — an operational layer

The HEART Standard does not compete with ISO/IEC 42001 or the NIST AI Risk Management Framework. Those describe how organizations manage AI governance processes. The HEART Standard is the measurement instrument that makes those management systems auditable. ISO 42001 tells you to have a policy. The HEART Standard tells a Guardian how to evaluate whether the AI system follows it.

Engagement pathways

The HEART AI Foundation welcomes engagement from:

European Commission / AI Office — Consider BGF and MAP-States as technical contributions to common specifications under Article 41
CEN-CENELEC JTC21 — Review HEART specifications as ready-made contributions to accelerate harmonised standards development
Notified Bodies — Evaluate the HEART Standard as a conformity assessment methodology for Annex VII procedures
Providers of high-risk AI systems — Adopt the HEART Standard to demonstrate compliance effort while harmonised standards remain unavailable

Contact: See the Contact page for Foundation inquiries.

Related Terms

HEART Standard → Guardian → MAP-States (evidence format) → Full EU AI Act Mapping (PDF) → For Insurers →