%20(1)%20(1).png?width=309&height=69&name=image-001%20(2)%20(1)%20(1).png "periculo")
EU AI Act and Medical Devices: What You Need to Know
A New Era for AI in Healthcare
Artificial Intelligence (AI) is transforming healthcare — improving diagnosis, personalising treatment, and supporting clinical decisions. But with innovation comes new regulation. The EU’s Artificial Intelligence Act (AIA) adds another layer of compliance on top of the Medical Device Regulation (MDR) and In Vitro Diagnostic Regulation (IVDR).
This blog explains how these rules work together and what medical device manufacturers need to do to stay compliant.
Understanding Medical Device Artificial Intelligence (MDAI)
The term Medical Device Artificial Intelligence (MDAI) refers to AI systems designed for medical use. This covers a wide range of technologies — from diagnostic algorithms and decision support tools to AI-assisted surgical robotics.
According to the European Commission’s latest guidance (MDCG 2025-6), the definition of MDAI now also extends to MDR Annex XVI products, accessories to medical devices, and in vitro diagnostic (IVD) devices and their accessories.
The New Compliance Framework
Manufacturers of AI-enabled medical devices must now work within three overlapping regulatory regimes: the MDR or IVDR, and the AIA. The AI Act does not replace the MDR or IVDR; it complements them by introducing AI-specific requirements focused on safety, transparency, and trustworthiness.
The key principle is that both sets of rules apply simultaneously. If a medical device contains a high-risk AI component, it must meet the requirements of both the MDR/IVDR and the AIA.
When Is an MDAI High-Risk?
The AI Act uses a risk-based approach, applying the strictest rules to systems that could directly affect patient safety.
A medical device that incorporates AI is considered high-risk if:
-
The AI acts as a safety component within a product, or qualifies as a medical device itself; and
-
It is subject to a third-party conformity assessment by a notified body under the MDR or IVDR.
In practice, most AI-enabled devices in the higher MDR or IVDR classes will automatically fall into the high-risk category.
| Device Classification | Notified Body Involved? | AIA High-Risk? |
|---|---|---|
| MDR Class I (non-sterile, non-measuring) | No | No |
| MDR Class I (sterile, measuring, reusable surgical) | Yes | Yes |
| MDR Class IIa, IIb, III | Yes | Yes |
| MDR Annex XVI | Yes | Yes |
| IVDR Class A (non-sterile) | No | No |
| IVDR Class A (sterile) | Yes | Yes |
| IVDR Class B, C, D | Yes | Yes |
It’s important to note that the AIA high-risk classification doesn’t change a device’s existing MDR or IVDR risk class — rather, it depends on it.
Key Compliance Requirements
For high-risk MDAI systems, the AIA sets out a comprehensive list of obligations across the entire product lifecycle.
Manufacturers must implement a Quality Management System (QMS) that aligns with both the AIA and MDR/IVDR. This includes procedures for regulatory compliance, risk management, data governance, and post-market monitoring.
A continuous approach to risk management is also required — covering both traditional device-related risks and new, AI-specific ones. Risks must be identified, assessed, and monitored throughout the device’s lifecycle.
Data quality and governance are central to compliance. The data used to train, test, and validate AI models must be relevant, accurate, and free from bias, with full adherence to GDPR and related privacy standards.
Manufacturers must also maintain clear and complete technical documentation, demonstrating conformity with both the AIA and MDR/IVDR. Integrating AI documentation into existing files helps streamline audits and conformity assessments.
Transparency and human oversight are key principles. AI systems must be explainable, and users should be informed of their capabilities, limitations, and decision logic. Human intervention must always be possible when necessary.
Finally, enhanced post-market monitoring ensures real-world performance is tracked after deployment. This is vital for AI models that evolve with new data, helping to detect issues early and maintain safety.
Moving Forward
The convergence of the AI Act with MDR and IVDR represents a major step forward for medical device safety and accountability. While it introduces new challenges, it also builds a framework for transparency and trust in AI-powered healthcare.
By taking a proactive, structured approach to compliance, manufacturers can meet these new requirements while unlocking the full potential of AI to improve patient outcomes and drive innovation.
How Periculo Can Help
The combined requirements of the AIA, MDR, and IVDR create a complex compliance landscape. At Periculo, we help medical device and digital health organisations navigate this space confidently.
Our team can help you assess your device’s classification, implement compliant Quality Management Systems, carry out thorough risk assessments, and establish strong data governance frameworks. We also assist with technical documentation and post-market monitoring processes.
With a 100% success rate in security audits and deep expertise in medical device regulation, Periculo is a trusted partner for AI-driven healthcare innovation.
