Skip to content
All posts

MHRA SaMD Classification for Agentic AI: Is Your Agent a Medical Device?

By  Harrison Mussell  ·  4 minute read

I have spent the better part of a decade navigating the intersection of cybersecurity and regulated industries, from the high-stakes environment of the Ministry of Defence (MOD) to the labyrinthine digital health corridors into the NHS. Now that we are entering the era of agentic AI—autonomous systems that don't just suggest, but act on their own accord—the regulatory stakes have shifted from "theoretical compliance" to "operational survival."

The question I get asked most often by health-tech founders and NHS innovation leads is some variation of: "We're building an AI agent to help clinicians; do we really need to register this with the MHRA?" The answer is usually more complex than they want to hear. In the UK, the Medicines and Healthcare products Regulatory Agency (MHRA) is the gatekeeper. If your AI agent qualifies as Software as a Medical Device (SaMD), you are no longer just a software company; you are a medical device manufacturer.

The Foundation: What is SaMD in the UK?

Under the Medical Device Regulations 2002 (as amended), software is a medical device if it is intended by the manufacturer to be used for a medical purpose. This includes diagnosis, prevention, monitoring, treatment, or alleviation of disease. The "intended purpose" is the North Star here.

Note: The UK Medical Device Regulations are currently under reform. The MHRA is developing updated regulations to replace the Medical Device Regulations 2002. Readers should check the MHRA website for the latest regulatory position before relying on this guidance.

For AI agents, the line is often blurred. If you build an agent that automates the scheduling of appointments, that is administrative automation—not a medical device. However, if that same agent starts prioritising those appointments based on a "clinical risk score" it generated by reading patient notes, you have crossed the rubicon. You are no longer just moving data; you are performing a diagnostic or triaging function that directly impacts patient outcomes.

The Classification Engine: Rule 11

The most significant hurdle for AI agents in the UK and EU right now is Rule 11. Rule 11 changed the game by specifically targeting software intended to provide information used to take decisions with diagnosis or therapeutic purposes.

Under Rule 11, the classification depends entirely on the potential for harm if the software gets it wrong:

  • If the decision driven by the software could cause death or an irreversible deterioration of health, the software is Class III.
  • If it could cause a serious deterioration or require a surgical intervention, it is Class IIb.
  • Most other clinical decision support (CDS) software falls into Class IIa.
  • The "Class I" bucket for clinical software has effectively shrunk to almost nothing.

The Decision Tree for AI Agents

Pillar Key Question Regulatory Impact
Intended Purpose Does the agent's core function align with the definition of a medical device? If yes, it is SaMD. If no, it is general software.
Automation Type Is the agent performing administrative or clinical tasks? Clinical tasks trigger SaMD requirements.
Clinician Role Does the agent inform a clinician who makes the final call, or does it replace clinical judgment? "Black box" agents that replace judgment are high-risk.
The distinction between "informing" and "replacing" is where most AI agents live. Many developers claim their agent is "just a co-pilot." But here is the reality check: if the clinician cannot realistically verify the agent's output in the time available, the MHRA argues that the agent has effectively replaced clinical judgment.

The Four Risk Classes

  1. Class I (Low Risk): Software that does not directly influence a diagnostic or therapeutic decision. Think of a simple BMI calculator. For AI agents, this is rare.
  2. Class IIa (Medium Risk): The "default" for most clinical AI. If your agent provides information used to make a decision for diagnosis or treatment, you need a Notified Body to audit your technical file.
  3. Class IIb (Medium-High Risk): If the agent's output could lead to a serious deterioration of a patient's state of health. The level of clinical evidence required jumps significantly.
  4. Class III (High Risk): The "Red Zone." If a failure could lead to death or irreversible health damage. Think of agents controlling insulin pumps or autonomous surgical robots.

Post-Brexit: UKCA vs. CE Marking

Since Brexit, the UK has moved to its own marking system: the UKCA (UK Conformity Assessed). While the UK government still accepts CE-marked devices for a transitional period—currently extending until 2028 or 2030 depending on device type—you eventually need to transition to the UKCA mark for the Great Britain market. Northern Ireland still requires the CE mark or UK(NI) mark due to the Windsor Framework.

"Pro-innovation" does not mean "deregulated." In many ways, the MHRA is building specific, modern pathways for AI that might actually be stricter than the EU in terms of transparency, bias monitoring, and post-market surveillance.

The MHRA AI/ML Action Plan and PCCPs

Enter the Predetermined Change Control Plan (PCCP). This allows a manufacturer to define, at the point of initial authorisation, exactly how the AI will change over time, what specific data it will use to learn, and how the engineering team will verify that these changes are safe and effective. If you stay within the strict bounds of your approved PCCP, you can update your model without going back for a full re-registration every time.

Without a PCCP, you are essentially freezing your AI in time, which in the fast-moving world of machine learning is a recipe for obsolescence.

Worked Example: The Radiology Triage Agent

Suppose you've built an AI agent that reads incoming radiology reports and "flags" findings that suggest an urgent condition to the duty radiologist.

  • Is it a Medical Device? Yes. Its intended purpose is the "diagnosis or monitoring" of a medical condition.
  • What is the Classification? Under Rule 11, this is likely Class IIa or IIb. If the agent misses a life-threatening emergency and the radiologist relies on its triage list, the patient could die.
  • What are the Obligations? You need a Quality Management System (ISO 13485), a full Technical File, a Clinical Evaluation Report (CER), and an audit by a UK Approved Body. You also need a post-market surveillance plan.

A Practical Checklist for AI Teams

  1. Define the Intended Purpose: Write down exactly what the agent does in one sentence. If that sentence includes words like "diagnose," "treat," "triage," or "monitor," you are likely building a medical device.
  2. Audit Your Marketing: Look at your website. The MHRA will use your marketing claims to classify you.
  3. Identify the Risk Class: Use Rule 11. Be honest about worst-case scenarios.
  4. Assess the "Human-in-the-Loop": Is the clinician really making the decision, or are they just clicking "OK" on whatever the AI says?
  5. Plan for Change: If your agent is going to learn from new data, start thinking about a PCCP now.
  6. Check Your Marking: If you are aiming for the NHS, UKCA marking is non-negotiable.

Conclusion

Agentic AI has the potential to solve the NHS's capacity crisis. But this will only happen if we build these systems on a rock-solid foundation of trust, safety, and accountability. The MHRA's SaMD framework isn't a "blocker"—it is a blueprint for building software that clinicians can actually rely on when a patient's life is on the line.

At Periculo, we help teams navigate the MHRA landscape and build governance into the heart of their AI agents through our platform, raigo. If you are struggling to figure out where your agent sits, let's talk.

Contact Us

Related posts