Conflict of Interest Declarations
Each assessor participating in the internal conformity assessment completes a conflict of interest declaration before the assessment begins. The declaration confirms that the assessor has no direct involvement in the system’s development, no financial interest in the assessment outcome, and no personal relationship with the development team that could compromise objectivity.
The declaration is a formal document, signed and dated, retained alongside the Assessment Plan. Where a potential conflict is identified, the AI Governance Lead assesses whether it is material and, if so, replaces the assessor or implements mitigating measures (such as additional review by an independent party). The conflict assessment and its outcome are documented.
For organisations using external consultants as assessors, the declaration should also cover the consulting firm’s commercial relationships with the organisation, ensuring that the assessment is not compromised by a desire to maintain a lucrative advisory relationship.
Key outputs
- Signed conflict of interest declaration per assessor
- Material conflict assessment with documented outcome
- External consultant commercial relationship coverage
- Retained alongside the Assessment Plan
Functional Independence from Development
The AI Act does not require external assessors for internal conformity assessment, but it does require that the assessment be credible. The assessor team must have no direct involvement in the system’s development, to avoid self-review bias. A developer assessing their own work will unconsciously confirm their own assumptions and overlook gaps that an independent reviewer would catch.
Functional independence means the assessor does not report to the same management chain as the development team for the purposes of the assessment. An engineer from a different business unit, an internal audit professional, or an external consultant can all satisfy this requirement. The independence arrangement is documented in the Assessment Plan and verified by the AI Governance Lead.
For smaller organisations where complete separation is impractical, compensating measures include peer review arrangements with other organisations, external consultants for critical assessment phases, or additional oversight by the Internal Audit Assurance Lead.
Key outputs
- Functional independence from the development team
- Independence arrangement documented in the Assessment Plan
- Compensating measures for smaller organisations
- AI Governance Lead verification
Competence Framework
The credibility of an internal conformity assessment depends on the assessor’s competence. The organisation defines a competence framework specifying the knowledge, skills, and experience required for assessment roles, covering three domains.
Regulatory knowledge: assessors must have a working understanding of the AI Act’s requirements for high-risk systems (Articles 8–15, Article 17, Annex IV, Annex VI), the conformity assessment procedures, and the interaction between the AI Act and related regulations (GDPR, NIS2, sector-specific legislation). Technical knowledge: assessors must be able to read and evaluate technical documentation for the types of AI system they assess, including model architectures, training methodologies, evaluation metrics, fairness measures, and data governance practices, at a level sufficient to verify accuracy and identify unsupported claims. Audit methodology: assessors should have training in structured assessment methodology (evidence collection, sampling, verification, non-conformity classification, reporting), with ISO 19011 (guidelines for auditing management systems) as a suitable foundation.
The competence framework is documented in the QMS and applied during assessor selection for each assessment cycle.
Key outputs
- Three-domain competence framework (regulatory, technical, audit methodology)
- ISO 19011 foundation for audit methodology
- Application during assessor selection
- QMS documentation
CPD & Refresher Training
The AI Act’s regulatory landscape is evolving. Harmonised standards are under development, AI Office and national competent authority guidance is being published, and enforcement practice is emerging. Assessors participate in continuing professional development (CPD) that keeps their regulatory and technical knowledge current. A minimum of 20 hours per year of AI Act-relevant CPD is a reasonable expectation.
CPD activities include attending AI Act training courses, participating in industry working groups, reviewing published enforcement actions and AI Office guidance, and studying emerging harmonised standards. The organisation tracks CPD hours and topics per assessor, retaining the records as competence evidence.
New assessors complete a calibration exercise and an orientation covering the organisation’s AISDP framework, QMS, and assessment methodology before conducting their first live assessment. Refresher training is triggered when significant regulatory changes occur, such as the publication of harmonised standards or new AI Office guidance that affects the assessment methodology.
Key outputs
- Minimum 20 hours per year AI Act-relevant CPD per assessor
- CPD tracking with hours and topics recorded
- Orientation and calibration for new assessors
- Refresher training on significant regulatory changes