Language
Branch
Start Your Career

MDR Meets the AI Act: The Regulatory Trilemma for AI Software.

AI software in medical technology is no longer regulated solely by the MDR or IVDR. With the new EU AI Act, a third, overlapping regulatory framework has entered the picture. The result is a regulatory trilemma in which classification decisions have immediate consequences.

AI software in medical technology is no longer regulated solely by the Medical Device Regulation (MDR) or the In Vitro Diagnostic Regulation (IVDR). With the EU’s new Artificial Intelligence Act (AI Act), a third, overlapping regulatory framework has entered the picture.

The result is a regulatory trilemma in which classification decisions in one set of rules have immediate and critical consequences in another.

A common misconception is that the AI Act applies only to "true" high-risk AI systems, such as autonomous driving. In the medtech sector, however, a relentless automatic process is at work.

The Decisive Trigger: Why MDR/IVDR Lead Directly to the AI Act

The intended use of the software is the deciding factor. As soon as AI software is classified as a Class IIa medical device or higher according to the classification rules of the MDR (often Rule 11) or the IVDR, or if a Notified Body must be consulted for conformity assessment, it falls almost without exception into the high-risk category (High-Risk AI) under the AI Act.

This means that classification under the MDR/IVDR is the direct trigger for the most stringent requirements of the AI Act. The regulations can no longer be viewed in isolation.

Free White Paper

Want to dive deeper into the practical aspects?

In our new white paper , "AI in MedTech – AI Act, MDR & IVDR in Interplay," we break down regulatory complexity into concrete action steps. It includes the 6 steps for your manufacturer roadmap through 2028.

Download the white paper for free →

The Gap: From Classification to Implementation

Unfortunately, knowing that your product is a high-risk AI is only the first step. The far more complex task for manufacturers lies in operational implementation. Articles 8 through 15 of the AI Act require specific measures that go well beyond the traditional understanding of the MDR:

  • Data Governance: Strict requirements for training, validation, and test datasets to prevent bias.
  • Transparency & Human Oversight: AI decisions must remain understandable to users (doctors) and be subject to human override (Explainable AI).
  • Cybersecurity & Robustness: Significantly higher requirements for the systematic reliability of the models.

These aspects must now be seamlessly integrated into the existing risk management system (ISO 14971) and quality management system (ISO 13485). Given the extended deadlines, many manufacturers feel they are in the clear, as the final application of Annex I for high-risk medical devices will not take effect until 2028.

However, this period is not a buffer for sitting back and waiting, but rather a critical phase during which Notified Bodies are still finalizing their own testing standards. Those who do not begin now with a gap analysis and proper documentation (e.g., of data governance) will find themselves blocked in 2028 by a system architecture that cannot be audited.

Share this article.

Facebook
Twitter
LinkedIn
XING
WhatsApp
Email

Newsletter.

Read more.

Blog
MDR postponed. By EU. Because of Corona.
Due to the SARS-CoV-2 pandemic, the EU has proposed to extend the ...
Blog
Wind of Change. How Britain and Switzerland became third countries.
Switzerland and the UK have recently been designated by the EU as ...
Blog
The world is reacting. To the coronavirus pandemic. Blog post by Dr. Ralf Hess.
A biologist with a PhD and member of the Entourage Task Force, Dr. ...
Blog
Qualified Person on Demand: Flexible QP expertise for your batch release.
Flexible QP expertise exactly when you need it. Whether it's...
Blog
The stuff of dreams: The vaccine to protect against SARS-CoV-2 infection.
The emergence of a vaccine and an outlook on the question of ...