How do you perform conformity assessment for the EU AI Act?

The HEART Standard provides a structured methodology for evaluating whether high-risk AI systems meet the EU AI Act's requirements. It maps to Articles 9-15 through BGF-based risk management, MAP-States record-keeping, Guardian human oversight, and Behavioral Oracle transparency.

HEART Standard & EU AI Act Compliance

How the HEART Standard addresses conformity assessment for high-risk AI systems

The HEART Standard provides the forensic operational layer between governance requirements and reviewable evidence. It offers a methodology for preserving behavioral evidence, attesting governance controls, and supporting independent Guardian review under frameworks such as the EU AI Act, NIST AI RMF, ISO 42001, and state-level AI legislation.

The conformity assessment gap

The EU AI Act requires conformity assessment for high-risk AI systems before market placement (Article 16(f)). Harmonised standards from CEN-CENELEC JTC21 remain incomplete. In the interim, providers and deployers need rigorous methodology for demonstrating compliance effort with evidence.

Three compliance pathways exist: harmonised standards (Article 40), common specifications adopted by the Commission (Article 41), and independent interpretation of the legal text. The HEART Standard positions across all three — as a contribution to harmonised standards development, a candidate for common specifications, and a rigorous independent methodology available now.

Article-by-article coverage

AI Act Article	Coverage	HEART Component
Art. 9: Risk Management	Strong	BGF four-dimension assessment + Behavioral Oracle continuous monitoring + Guardian reporting
Art. 10: Data Governance	Partial	Behavioral impact assessed through BGF; direct data pipeline auditing is complementary
Art. 11: Technical Documentation	Strong	Certification pipeline produces comprehensive, dated documentation
Art. 12: Record-Keeping	Strong	Behavioral Oracle tamper-evident automatic logging with on-chain anchoring
Art. 13: Transparency	Strong	Transparency is a core BGF dimension with non-compensatory enforcement
Art. 14: Human Oversight	Strong	Guardian profession provides structurally independent human oversight
Art. 15: Accuracy/Robustness	Partial	Governance accuracy and robustness assessed; technical accuracy testing is complementary

Not a competitor — an operational layer

The HEART Standard does not compete with ISO/IEC 42001 or the NIST AI Risk Management Framework. Those describe how organizations manage AI governance processes. The HEART Standard is the forensic measurement and evidence layer that makes those management systems reviewable. ISO 42001 tells you to have a policy. HEART tells a Guardian how to evaluate the evidence that the governance system follows it.

More precisely, HEART evaluates whether the deployer’s governance system produces reviewable evidence that its controls operate in deployment. The model may change. The certified governance scope is the wrapper, monitoring regime, evidence infrastructure, and response process that persists across model changes.

Engagement pathways

The HEART AI Foundation welcomes engagement from:

European Commission / AI Office — Consider BGF and MAP-States as technical contributions to common specifications under Article 41
CEN-CENELEC JTC21 — Review HEART specifications as ready-made contributions to accelerate harmonised standards development
Notified Bodies — Evaluate the HEART Standard as a conformity assessment methodology for Annex VII procedures
Providers of high-risk AI systems — Adopt the HEART Standard to demonstrate compliance effort while harmonised standards remain unavailable
Deployers and public-sector buyers — Use HVC and GTE-backed evidence as procurement and oversight signals

Related: Adoption Engine and For Funders.

Contact: See the Contact page for Foundation inquiries.