A formal interaction protocol is established with the notified body before the assessment begins. The protocol covers the single point of contact on each side (the Conformity Assessment Coordinator for the provider, the lead assessor for the notified body), the communication channels and document exchange mechanisms (encrypted transfer for sensitive materials), the scope of access required (source code repositories, training infrastructure, production systems), the confidentiality arrangements for proprietary model architectures and commercially sensitive data, and the dispute resolution procedure.

The Conformity Assessment Coordinator maintains a formal interaction log recording every substantive communication: meeting minutes, document submissions, questions raised, responses provided, interim findings received. This log serves as evidence of cooperative engagement, which is a mitigating factor under Article 99(7) if compliance issues arise later.

Internal SLAs for responding to Requests for Information (RFIs) and Requests for Evidence (RFEs) are established: five business days for routine queries and two business days for urgent queries. Delayed responses extend the assessment timeline and signal inadequate internal coordination.

Key outputs

• Formal interaction protocol with SPOC, channels, access scope, confidentiality
• Interaction log as compliance evidence
• Internal SLAs for RFI/RFE response (5 days routine, 2 days urgent)
• Dispute resolution procedure