What is the primary objective of EN 1090?

EN 1090 ensures controlled execution and conformity assessment of structural steel and aluminium components for CE marking under the Construction Products Regulation (CPR). It comprises EN 1090-1 for conformity assessment via certified Factory Production Control (FPC), EN 1090-2 for steel technical requirements (welding, tolerances, inspection), and EN 1090-3 for aluminium. Risk-based Execution Classes (EXC1–EXC4) scale controls by consequence class (CC1–CC3), service category (SC1–SC2), and production category (PC1–PC2), enabling market placement with Declaration of Performance (DoP).

Who is legally or professionally required to comply with EN 1090?

Manufacturers of load-bearing steel and aluminium structural components and kits for permanent construction works in the EEA must comply with EN 1090 to affix CE marking. This includes fabricators supplying buildings, bridges, and industrial structures. Notified Bodies certify FPC; non-compliance blocks market access. Applies to all EXC levels, with defaults to EXC2 if unspecified.

Does EN 1090 require an external audit or third-party certification?

Yes, EN 1090-1 mandates third-party certification of Factory Production Control (FPC) by a Notified Body under AVCP systems. This involves initial inspection, Initial Type Testing (ITT) or Type Calculation (ITC) review, certificate issuance, and ongoing surveillance audits. Certification enables CE marking and DoP issuance.

How often should an assessment for EN 1090 be performed?

EN 1090 requires initial Notified Body certification followed by continuous surveillance audits, typically annually. Frequency scales with Execution Class (EXC) per EN 1090-1 Table B.3; higher EXC (e.g., EXC4) demands more intensive monitoring. Internal audits and FPC reviews must be ongoing to maintain constancy of performance.

What are the consequences of non-compliance with EN 1090?

Non-compliance with EN 1090 prevents lawful CE marking, risking market exclusion, product withdrawal, and certificate suspension by Notified Bodies. CPR violations trigger fines, legal liability for structural failures, and public reporting of suspensions. Major non-conformities in FPC, welding, or traceability lead to additional audits and halted production.

Can EN 1090 be mapped to other international frameworks?

EN 1090 integrates with standards like ISO 3834 for welding quality and Eurocodes for design, but direct mappings to non-EU frameworks require case-by-case verification. Its FPC aligns with ISO 9001 structures; ISO 3834 levels scale by EXC. No universal mapping exists due to CPR-specific CE marking.

What is the first step to begin implementing EN 1090?

Conduct a scope and Execution Class (EXC) assessment to classify products by consequence class (CC), service category (SC), and production category (PC). Default to EXC2 if unspecified, then gap-analyze against EN 1090-1 FPC requirements and engage a Notified Body early.

What is the primary objective of EU AI Act?

The primary objective of the EU AI Act is to establish a risk-based regulatory framework that prohibits unacceptable AI practices, imposes strict obligations on high-risk AI systems, mandates transparency for limited-risk systems, and promotes safe AI innovation across the EU. Regulation (EU) 2024/1689, effective from 1 August 2024, classifies AI into four tiers: unacceptable risk (Article 5 bans like social scoring and manipulative techniques), high-risk (Annexes I/III requirements under Articles 9–15), limited-risk (Article 50 transparency), and minimal-risk (largely unregulated).

Who is legally or professionally required to comply with EU AI Act?

Providers, deployers, importers, distributors, and authorized representatives of AI systems whose outputs are used in the EU must comply with the EU AI Act, regardless of location. Providers (Article 3(3)) develop or place systems on the market; deployers (Article 3(4)) are professional users. High-risk obligations (Articles 16–21) apply primarily to providers, with deployers handling monitoring, logging, and fundamental rights impact assessments (Article 27). Extraterritorial reach captures third-country entities via EU output nexus.

Oes EU AI Act require an external audit or third-party certification?

High-risk AI systems require conformity assessment, which may involve third-party notified bodies and external audits, but internal assessments suffice in some cases. Article 43 mandates assessments per Annex VI (internal) or VII (third-party for certain Annex III uses). Notified bodies (Articles 28–39) issue certificates (Article 44), enabling EU Declaration of Conformity (Article 47) and CE marking (Article 48). Quality management systems (Article 17) undergo periodic surveillance audits.

How often should an assessment for EU AI Act be performed?

Conformity assessments for high-risk AI systems must be performed before market placement or service, with continuous post-market monitoring and reassessment upon substantial modifications. Article 43 requires pre-market checks; Article 72 mandates ongoing monitoring. Logs must be retained at least six months (Article 19), with full documentation for 10 years post-market (Article 18). Serious incidents trigger reporting (Article 73).

What are the consequences of non-compliance with EU AI Act?

Non-compliance with the EU AI Act incurs tiered administrative fines up to 7% of worldwide annual turnover or €35 million for prohibited practices, plus market bans and corrective actions. Article 99 sets penalties: up to 7% (€35M) for Article 5 bans; 3% (€15M) for other Chapter III obligations; 1.5% (€7.5M) for remaining violations. Enforcement by national authorities (Article 70) includes product recalls, suspensions, and AI Office oversight for GPAI (Article 101).

An EU AI Act be mapped to other international frameworks?

Yes, the EU AI Act can be mapped to other international frameworks through harmonized standards that create presumption of conformity. Article 40 enables standards (e.g., upcoming CEN/CENELEC/ETSI) for Articles 9–15 requirements. Recognized cybersecurity schemes under the Cybersecurity Act support Article 15. GPAI Codes of Practice (Article 56) aid compliance, with alignments to global practices like ISO 42001 for AI management systems.

What is the first step to begin implementing EU AI Act?

The first step to implement the EU AI Act is to conduct an AI inventory and risk classification to identify prohibited, high-risk, GPAI, or transparency obligations. Map all systems/models against Article 5 bans, Article 6/Annexes I/III for high-risk, and Chapter V for GPAI (e.g., >10^25 FLOPs systemic threshold). Document decisions (Article 6(4)) to establish governance baseline for phased deadlines (prohibitions: Feb 2025; GPAI: Aug 2025; high-risk: Aug 2026).

Standards Comparison

EN 1090 vs EU AI Act

EN 1090

Mandatory

2009

European standards for steel/aluminium structural execution and conformity

EU AI Act

Mandatory

2024

EU regulation for risk-based AI governance and safety

Quick Verdict

EN 1090 mandates CE marking for structural steel/aluminium via FPC for EU construction market access, while EU AI Act regulates high-risk AI with conformity assessments and fines up to 7% turnover. Companies adopt EN 1090 for fabrication compliance, AI Act for safe AI deployment.

Structural Metalwork

EN 1090

EN 1090 Execution of steel and aluminium structures

Cost

€€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Mandates CE marking through certified Factory Production Control
Risk-based Execution Classes EXC1-EXC4 scaling requirements
Integrates ISO 3834 welding quality management system
Enforces full material traceability and NDT inspections
Enables EU market access for structural components

Artificial Intelligence

EU AI Act

Regulation (EU) 2024/1689 Artificial Intelligence Act

Cost

€€€

Complexity

Medium

Implementation Time

18-24 months

Key Features

Risk-based classification of AI systems
Prohibits unacceptable-risk AI practices
High-risk conformity assessments and CE marking
GPAI model transparency and systemic risk duties
Post-market monitoring and incident reporting

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

EN 1090 Details

What It Is

EN 1090 is a harmonized European standard family (EN 1090-1, -2, -3) under the Construction Products Regulation (CPR). It governs execution and conformity assessment of steel and aluminium structural components/kits for construction works. Primary purpose: ensure controlled fabrication, welding, tolerances, and inspection for CE marking. Key approach: risk-based scaling via Execution Classes (EXC1-EXC4) linking consequence, service, and production categories.

Key Components

**EN 1090-1FPC certification, AVCP systems, DoP issuance.
**EN 1090-2/-3Technical rules for steel/aluminium (materials, welding per ISO 3834, tolerances, corrosion protection, NDT).
Core principles: traceability, qualified personnel, inspection regimes.
Compliance model: Notified Body certification with ongoing surveillance.

Why Organizations Use It

Mandated for EU/EEA market access; reduces liability, rework, failures. Drives capability building, competitive bidding, stakeholder trust via CE marking.

Implementation Overview

Phased: gap analysis, FPC development, welding quals, NB audits. Targets fabricators; 6-12 months typical; requires certification for EXC-rated production.

EU AI Act Details

What It Is

The EU Artificial Intelligence Act (Regulation (EU) 2024/1689) is a comprehensive regulation establishing the first horizontal framework for AI in the EU. It entered into force on 1 August 2024 with phased applicability. Its primary purpose is to ensure AI systems are safe, transparent, and respect fundamental rights across sectors. The risk-based approach classifies AI into unacceptable (prohibited), high-risk, limited-risk (transparency), and minimal-risk categories.

Key Components

Prohibited practices (Article 5), high-risk requirements (Articles 9-15: risk management, data governance, documentation, human oversight, cybersecurity).
GPAI model obligations (Chapter V), conformity assessments, CE marking, EU database registration.
Built on product safety principles with up to 7% global turnover fines.
Compliance via self-assessment or notified bodies.

Why Organizations Use It

Mandatory for EU market access, avoiding fines up to €35M or 7% turnover.
Enhances risk management, trust, and competitiveness.
Builds stakeholder confidence in regulated sectors like healthcare, finance.

Implementation Overview

Phased: inventory, classify AI, build RMS/QMS, conformity, post-market monitoring.
Applies to providers/deployers globally if outputs used in EU; cross-functional for all sizes.

Key Differences

Aspect	EN 1090	EU AI Act
Scope	Execution of steel/aluminium structural components	Risk-based regulation of AI systems lifecycle
Industry	Construction, fabrication (EU/EEA market)	All sectors using AI (EU-wide, extraterritorial)
Nature	Harmonized standard under CPR (mandatory CE)	Directly applicable EU regulation (mandatory)
Testing	FPC certification, surveillance audits by NB	Conformity assessment, notified body for high-risk
Penalties	Market exclusion, no CE marking	Fines up to 7% global turnover

Scope

EN 1090

Execution of steel/aluminium structural components

EU AI Act

Risk-based regulation of AI systems lifecycle

Industry

EN 1090

Construction, fabrication (EU/EEA market)

EU AI Act

All sectors using AI (EU-wide, extraterritorial)

Nature

EN 1090

Harmonized standard under CPR (mandatory CE)

EU AI Act

Directly applicable EU regulation (mandatory)

Testing

EN 1090

FPC certification, surveillance audits by NB

EU AI Act

Conformity assessment, notified body for high-risk

Penalties

EN 1090

Market exclusion, no CE marking

EU AI Act

Fines up to 7% global turnover

Frequently Asked Questions

Common questions about EN 1090 and EU AI Act

EN 1090 FAQ

EU AI Act FAQ

You Might also be Interested in These Articles...

Measuring NIST CSF 2.0 Success: KPIs, Dashboards, and Continuous Improvement Using Tiers & Profiles

Transform NIST CSF 2.0 into quantifiable success: Define board-ready KPIs for Functions, build Profile dashboards, track Tier progression. Prove ROI amid cyber

NIST CSF 2.0 Implementation Tiers Roadmap: Step-by-Step Guide from Partial to Adaptive Cybersecurity Maturity

Master NIST CSF 2.0 Implementation Tiers with a step-by-step roadmap. Assess your tier, build gap analyses, and advance from Partial (Tier 1) to Adaptive (Tier

SOC 2 Audit Survival Guide: Auditor Questions, Red Flags, and Evidence Prep for First-Time Pass

Ace your SOC 2 audit with predicted auditor questions, model answers, red flags, and evidence checklists from CPA best practices & SignWell's journey. Reduce st

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Explore More Comparisons

See how EN 1090 and EU AI Act compare against other standards

Other EN 1090 Comparisons

Other EU AI Act Comparisons

What It Is

Key Components

**EN 1090-1FPC certification, AVCP systems, DoP issuance.

**EN 1090-2/-3Technical rules for steel/aluminium (materials, welding per ISO 3834, tolerances, corrosion protection, NDT).

Core principles: traceability, qualified personnel, inspection regimes.

Compliance model: Notified Body certification with ongoing surveillance.

What It Is

Key Components

Prohibited practices (Article 5), high-risk requirements (Articles 9-15: risk management, data governance, documentation, human oversight, cybersecurity).

GPAI model obligations (Chapter V), conformity assessments, CE marking, EU database registration.

Built on product safety principles with up to 7% global turnover fines.

Compliance via self-assessment or notified bodies.

Aspect

EN 1090

EU AI Act

Scope

Execution of steel/aluminium structural components

Risk-based regulation of AI systems lifecycle

Industry

Construction, fabrication (EU/EEA market)

All sectors using AI (EU-wide, extraterritorial)

Nature

Harmonized standard under CPR (mandatory CE)

Directly applicable EU regulation (mandatory)

Testing

FPC certification, surveillance audits by NB

Conformity assessment, notified body for high-risk

Penalties

Market exclusion, no CE marking

Fines up to 7% global turnover