Hi Nada,
Thoughful question! Very wise to seek for advices around such a topic.
So the end-user of your Mendix app wants Self-Service process to change its own e-mail address.
I would say it mainly depends on:
1. where do you use the e-mail address for and
2. what are the already applied security measures.
Some examples:
On simple apps, you could just say: you're logged in, so yeah: you may change anything you want in this account.
Also the other extreme is true: you already passed 2FA, know your mother's maiden name and your library card number to login, so sure: you may change your e-mail.
If changing your e-mail also changes your login or is used to send e-mails with personal information, you can definitely consider it as a high sensitive operation and require (recent) MFA before you may perform such an operation. If you don't login with MFA, you could implement a one-time token to be send to the previous e-mail to confirm the process. The most important downside is that users without access to their previous e-mailaccount cannot do this, and will need support.
Don't forget to verify the same things as you (hopefully) do on creation: validate the new e-mailaddress (maybe also with confirmation link), check uniqueness, etc.
Hopefully this gives some thought!