DocMCP Knowledge Base

中文

English

中文

English

Appearance

MDCG 2025-6:MDR/IVDR与AI法案互动FAQ

文件编号:MDCG 2025-6
发布日期:2025年9月
适用法规:EU MDR 2017/745 / EU IVDR 2017/746 / EU AI Act
官方PDF下载

文件目的

本FAQ文件阐明了EU MDR/IVDR与EU AI法案(Regulation (EU) 2024/1689)之间的互动关系,帮助制造商理解AI医疗器械软件的双重监管要求。

核心问题解答

Q1:哪些AI医疗器械软件同时受MDR/IVDR和AI法案监管?

:同时满足以下条件的软件:

  1. 符合医疗器械定义(受MDR/IVDR监管)
  2. 属于AI法案定义的"AI系统"
  3. 被归类为AI法案下的"高风险AI系统"(附件III第5类:医疗器械)

结论:大多数AI医疗器械软件(MDSW)同时受两套法规监管。

Q2:MDR/IVDR与AI法案的要求如何协调?

:AI法案第6(1)条规定,对于已受MDR/IVDR监管的高风险AI系统,合规评估须遵循MDR/IVDR的程序。

关键协调机制

  • AI法案的技术文件要求与MDR/IVDR技术文件整合
  • 质量管理体系(QMS)要求协调
  • 上市后监督要求协调

Q3:AI法案对临床评价有何影响?

:AI法案不改变MDR/IVDR的临床评价要求,但增加了:

  • 数据治理要求(训练数据质量)
  • 透明度要求(AI系统的可解释性)
  • 人工监督要求(Human Oversight)
  • 准确性、鲁棒性和网络安全要求

Q4:AI法案的"高风险"分类与MDR/IVDR分类的关系?

MDR/IVDR分类AI法案高风险?说明
Class III附件III第5类
Class IIb附件III第5类
Class IIa是(通常)附件III第5类
Class I可能不是须逐案评估
IVDR Class D/C附件III第5类

Q5:AI法案的适用时间表?

条款适用日期
AI法案发布2024年8月1日
禁止性AI实践2025年2月2日
高风险AI系统(附件III)2026年8月2日
其他高风险AI系统2027年8月2日

对制造商的实践影响

技术文件更新

AI医疗器械软件的技术文件须额外包含:

  • AI系统描述(架构、训练方法、数据集)
  • 准确性指标和测试结果
  • 人工监督措施
  • 数据治理措施

QMS更新

须将AI法案要求整合到现有QMS:

  • 数据管理程序
  • AI系统监测程序
  • 偏差和漂移检测程序

相关文件

官方文件全文

AIB 2025-1

MDCG 2025-6

Interplay between the Medical Devices Regulation (MDR) & In vitro Diagnostic Medical Devices Regulation (IVDR) and the Artificial Intelligence Act (AIA)

June 2025

This document has been endorsed by the Artificial Intelligence Board (AIB) and the Medical Device Coordination Group (MDCG) established by Article 65 of Regulation (EU) 2024/1689 and Article 103 of Regulation (EU) 2017/745. Both groups are composed of representatives of all Member States and are chaired by a representative of the European Commission MDCG and a Member State (AIB).

The document is not a European Commission document and it cannot be regarded as reflecting the official position of the European Commission. Any views expressed in this document are not legally binding and only the Court of Justice of the European Union can give binding interpretations of Union law.

Interplay between the Medical Devices Regulation (MDR) 1 & In vitro Diagnostic Medical Devices Regulation (IVDR) 2 and the Artificial Intelligence Act (AIA) 3

Introduction

This document provides a first set of answers, that will be continuously developed and updated, to the most frequently asked questions related to the joint application of the AIA and the MDR or IVDR 4 for manufacturers. This Frequently Asked Questions (FAQ) document is primarily aimed at (but not limited to) medical device manufacturers, notified bodies and competent authorities. All references to 'manufacturer' within the meaning of the MDR/IVDR should be understood as references to 'provider' in accordance with the AIA. 'Deployer' defined in the Article 3(4) AIA as a natural or legal person, public authority, agency or other body using AI systems under their authority, unless the use is for a personal non-professional activity. The AIA does not define the concept of 'user' which is defined in the MDR/IVDR as any healthcare professional or lay person who uses a device. Therefore, the concept of 'deployer' under AIA cannot be understood as referring to 'user' under MDR/IVDR.

The MDR and IVDR requirements address risks related to medical device software, however, they do not explicitly address risks specific to AI systems. The AIA complements the MDR/IVDR by introducing requirements to address hazards and risks for health, safety and fundamental rights specific to AI systems. In line with the New Legislative Framework approach, this means a simultaneous and complementary application of the MDR/IVDR and the AIA for medical devices that contains one or more high-risk AI system.

For the purposes of this document, AI systems used for medical purposes are referred to as Medical Device Artificial Intelligence (MDAI). All references to MDAI shall be understood to also cover MDR Annex XVI products, accessories to medical devices, in vitro diagnostic medical devices and accessories to in vitro diagnostic medical devices.

The guidance provided in this document is without prejudice to the guidance that the European Commission may adopt on the basis of the AIA.

In order to ensure consistency, avoid duplication and minimise additional burdens, manufacturers of MDAI, in accordance with paragraph 2 of Article 8 of the AIA, have a choice of integrating, as appropriate, the necessary testing and reporting processes, information and documentation they provide with regard to their MDAI into documentation and procedures that already established under the MDR/IVDR. Manufacturers of MDAI, are strongly encouraged to use this flexibility provided in paragraph 2 Article 8 of the AIA. In applying this flexibility, MDAI manufacturers, however, shall ensure that MDAI are fully compliant with all applicable requirements of the AIA, MDR or IVDR and any other applicable Union legislation.

I. Scope of application and classification

1. When does the AIA apply to the 'medical device software'?

According to MDCG 2019-11 5 , "medical device software" (MDSW) refers to software intended, either alone or in combination, to fulfil a medical purpose as defined in Article 2(1) MDR or Article 2(2) IVDR. The AI Act (AIA) defines an AI system in Article 3(1) as a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments. 6

Note 1: all references to Medical Device Artificial Intelligence (MDAI) shall be understood to also cover MDR Annex XVI products, accessories to medical devices, in vitro diagnostic medical devices and accessories to in vitro diagnostic medical devices.

Note 2: Refer to MDCG 2019-11 for further details on the qualification and classification of software, including the distinction between MD and IVD software and on the definition of an AI system to the Commission Guidance on the AI system definition 7 .

2. Under what conditions is a MDAI considered a high-risk AI system within the meaning of the AIA?

A MDAI is considered a high-risk AI system under Article 6(1) AIA if it meets both of the following conditions:

  1. the MDAI is a safety component 8 9 ,or the AI system is itself a medical device and
  2. the MDAI is subject to a third-party conformity assessment by a notified body in accordance with the MDR/IVDR (See table 1 below).

Table 1: Non-exhaustive list of AIA Article 6(1) application to MDR/IVDR

ClassificationNotified Body Involved?AIA High-Risk (Art. 6(1)) conditions fulfilled?
MDR Class I (non-sterile, non-measuring, non- reusable surgical)NoNo
MDR Class I (sterile, measuring, reusable surgical)YesYes
MDR Class IIa, IIb, IIIYesYes
MDRAnnex XVI 10YesYes
IVDR Class A (non-sterile)NoNo
IVDR Class A)YesYes
IVDR Class B, C, DYesYes
In-house device according to Art. 5(5) MDR/IVDRNoNo

3. When do provisions on high-risk AI systems apply to MDR Annex XVI devices?

The AIA applies to devices covered by the MDR and therefore also applies to an Annex XVI device if it is or it contains an AI system and fulfils the conditions of Article 6(1) AIA (refer back to Q2).

4. Does the AIA impact the risk classification of MDAI under the MDR/IVDR?

The classification of an AI system as a high-risk under Article 6(1) AIA does not imply that the medical device or in vitro diagnostic medical device falls in a higher risk class under the MDR and IVDR. 11 Therefore, the AIA does not impact the risk classification of medical devices or in vitro diagnostic medical devices (IVDs) under the MDR or IVDR.

It is rather the classification of a medical device under the MDR/IVDR which determines whether the AI system qualifies as high-risk under Article 6(1) AIA (refer back to Q2). The classification of MDAI under the MDR or IVDR determines the applicable legal requirements for high-risk AI systems under Article 6(1) AIA and therefore impacting the regulatory scrutiny and oversight required for the high-risk MDAI.

The application of Article 5 AIA, prohibited AI practices and Article 50 AIA transparency obligations for providers and deployers of certain AI systems does not depend on the MDR/IVDR classification. 12

II. Requirements

1. Management Systems

5. How do the MDR/IVDR and AIA address the lifecycle management for MDAI?

The MDR and IVDR require manufacturers to manage the entire lifecycle of MDAI, ensuring that the MDAI remains safe and performant throughout its use. 13

The AIA reinforces this by also expecting continuous review, oversight, and consistent performance of high-risk MDAI throughout the lifecycle 14 and post-market monitoring that is proportionate to the nature and risks of the AI system 15 .

This includes design choices allowing natural persons to oversee functioning of highrisk MDAI and to ensure that they are used as intended and that their impacts are addressed over the system's lifecycle, 16 a risk management system that shall be understood as a continuous iterative process planned and run through the entire lifecycle of a high-risk AI system, requiring regular systematic review and updating, analysing data provided by deployers or collected through other sources on the performance of the high-risk MDAI in its lifetime to assess continued compliance.

This may include activities such as high-risk MDAI design, development, testing, deployment, monitoring, and updates, along with comprehensive documentation of all relevant changes and their impacts.

For high-risk MDAI that continues to learn after being deployed the post-market monitoring system is key to ensuring continued performance and compliance. It helps identify and address emerging risks in a timely and efficient manner and ensures that updates are communicated to relevant parties, including patients or professional users (as applicable), deployers and notified bodies, as necessary. 17

6. How do the MDR, IVDR and the AIA address the implementation of a quality management system?

Jointly, the AIA and MDR or IVDR emphasize the importance of quality management to ensure the safety and performance of MDAI. The MDR and IVDR require manufacturers to establish, document, implement, maintain, keep up to date and continually improve a quality management system to ensure compliance with the MDR and IVDR in the most effective manner and in a manner that is proportionate to the risk class and the type of the device.

Similarly, the AIA mandates that providers/ manufacturers implement quality management systems for AI systems to ensure compliance with the AIA. 18 The quality management system required under the AIA covers substantive requirements, procedural obligations and at least thirteen aspects, to be implemented in a proportionate manner according to the size of the provider's organization. Similar to the MDR / IVDR, this includes a strategy for regulatory compliance, the documentation of a quality management system, which should encompass written policies, procedures, and instructions regarding aspects such as risk management and performance testing. 19

The quality management system obligations under the AIA are specifically targeted to the AI system. Therefore, the AIA requirements are complementary to the quality management system required under the MDR or IVDR and applicable to the overall MDAI. As the quality management system obligations under the AIA are specifically targeted to the AI system, additional requirements such as data and data governance, record-keeping, transparency, human oversight must be integrated, as appropriate (non-exhaustive). 20

To ensure this complementarity and to avoid unnecessary administrative burden, manufacturers of AI systems may include the elements of the quality management system provided by the AIA as part of the existing quality management system provided by the MDR and IVDR. 21

In addition, the development of harmonised European and international standards relevant to quality management systems for high-risk MDAI is ongoing, including under the framework of the AIA and MDR/IVDR, to support consistent implementation and compliance across manufacturers.

7. What risk management requirements are outlined in the MDR, IVDR and AIA for high-risk MDAI?

The MDR, IVDR and AIA require a risk management system that is a continuous iterative process throughout the entire lifecycle of the device, including in both the pre-market and post-market phases. 22 The process primarily aims at identifying and mitigating risks on health, safety and fundamental rights. 23

Risk management requirements specific to high-risk MDAI include ongoing assessments of known and reasonably foreseeable risks that the high-risk MDAI can pose to fundamental rights, data biases, and system robustness, including identification, analysis, and mitigation of risks related to system design, development, and deployment, and may include training to deployers. This includes measures to ensure the safety and reliability of high-risk MDAI in healthcare settings through comprehensive risk assessments, documentation of risk mitigation measures, and continuous monitoring of system performance. 24 These requirements aim to prevent, and address known and reasonably foreseeable risks to ensure the safety and performance of MDAIs.

Manufacturers of high-risk MDAI may integrate the additional risk management requirements specific to MDAI set out in paragraphs 1-9 of Article 9 of the AIA into the testing, reporting processes, information and documentation required under the AIA into their existing documentation and procedures under the MDR and IVDR. 25 Risk management systems under both AIA and MDR/IVDR require a manufacturer to reduce the identified and assessed risks, and to address risks in their risk management systems that can reasonably be mitigated. This refers not only to organisational measures, but also to specific actions taken during the development and design of MDAI.

2. Data Governance

8. What data governance requirements are specified in the AIA, MDR and IVDR for high-risk MDAI?

Data is addressed in both the AIA and the MDR/IVDR, though with a different scope and focus.

The MDR/IVDR mandate that clinical data used for device evaluation is robust, reliable, and derived from well-designed studies. To support the generation of sufficient clinical evidence, the clinical or performance evaluation must be based on clinical data representative of the intended use of the device. The procedures and techniques for verifying, validating and controlling the design of the devices as well as documented information arising from those procedures and techniques, should be documented as part of the clinical evidence (and reviewed by the notified body).

Article 10 AIA provides further specifications related to the data and datasets of AI systems. Moreover, it includes a provision for exceptional processing of special categories of personal data. 26 These requirements aim to ensure that high-risk MDAI is built and validated on trustworthy data.

To ensure that MDAI performs as intended and safely, high-quality data plays a central role in providing structure and in ensuring performance, especially for the development of high-risk MDAI-based on machine learning techniques. High-quality data sets for training, validation and testing of MDAI require the implementation of appropriate data governance and management practices. The data governance and management practices, in the case of personal data, should be fully compliant with the GDPR provisions and include transparency about the original purpose of the data collection. The requirements related to data governance can be complied with by having recourse to third parties that offer certified compliance services including verification of data governance. 27

To ensure comprehensive data governance practices for MDAIs, datasets for training, validation, and testing must be relevant, sufficiently representative, and, to the best extent possible, free of errors and complete. 28 When training, validating and testing high-risk MDAI, manufacturers must ensure that the datasets are sufficiently representative of the target population, and in relation to the performance study population specifications on selection criteria and decisions related to the size of the performance study population are defined. 29 Manufacturers must implement procedures ensuring data transparency and integrity and examine the data in view of possible biases, with detailed documentation of compliance. For further information on generation on clinical evaluation (MDR) / performance evaluation (IVDR) of MDSW, see MDCG 2020-1.

9. What requirements are in place under the AIA, MDR and IVDR to ensure monitoring and mitigation of unwanted bias in MDAI?

The AIA requires high-risk MDAI manufacturers to implement data governance and management practices appropriate for the claimed intended purpose, including with a view of possible biases that are likely to affect the health and safety of persons, have a negative impact on fundamental rights or lead to discrimination prohibited under Union law, especially where data outputs influence inputs for future operations

Furthermore, manufacturers must implement appropriate measures to detect, prevent and mitigate possible biases identified.

In addition, the AIA introduces requirements on record keeping arising from logging capabilities implemented for high-risk MDAI, which aim to facilitate the traceability, such as identification of situations whereby an MDAI may present a risk due to potential bias in the training, validation or testing data sets in the initial system development or as a result of substantial modification. The AIA, as one of the essential requirements, requires all high-risk MDAI to have technical capabilities for the automatic recording of events (logs) over the lifetime of the MDAI.

The record-keeping and logging requirements under the AIA also involve sufficiently representative datasets analysing relevant data provided by the deployers. The MDR and IVDR complements this by requiring that clinical data used in device evaluation be robust and reliable, ensuring that high-risk MDAI perform consistently across the intended use population. Documentation of these activities and their effectiveness is required by all three regulations (refer to Section 3 for more on technical documentation).

Furthermore, the requirements for appropriate record keeping include logging capabilities as part of post-market monitoring. The aim is to ensure that manufacturers put in place appropriate mechanisms to detect possible bias not originally detected in pre-market activities but rather as a result post-market monitoring or learning.

10. How does the AIA define different types of data required to demonstrate compliance of the AI system?

The AIA introduces four definitions related to data that include:

Article 3 (29) AIA defines 'training data' as data used for training an AI system through fitting its learnable parameters;

Article 3 (30) AIA 'validation data' means data used for providing an evaluation of the trained AI system and for tuning its non-learnable parameters and its learning process in order, inter alia, to prevent underfitting or overfitting;

Article 3 (31) AIA 'validation data set' means a separate data set or part of the training data set, either as a fixed or variable split;

Article 3 (32) AIA 'testing data' means data used for providing an independent evaluation of the AI system in order to confirm the expected performance of that system before its placing on the market or putting into service.

11. How do the MDR, IVDR and AIA address training, validation and testing data used for high-risk MDAI?

The importance of utilising data which is appropriate for the intended purpose of the MDAI is essential in order to produce accurate and (clinically) relevant outputs. In accordance with the claimed intended purpose of the device. The training data used must be representative of the intended patient population. 30

The MDR and IVDR require that clinical data used for device evaluation is robust, reliable, and derived from well-designed studies. 31 Data collection protocols aim to ensure that the relevant characteristics of the intended patient population (for example, in terms of age, gender, sex, race, ethnicity, geographical location, medical condition), intended use environment, and measurement inputs are sufficiently represented in a sample of adequate size in the datasets for training, validation, testing, and monitoring so that results can be reasonably generalized to the targeted population. These are fundamental for clinical / performance evaluations and important to manage any unintended bias or dataset drift, promote appropriate and generalizable performance across the intended patient population, assess usability, and identify circumstances and subgroups where the model may underperform including over time.

Manufacturers should employ stringent data governance practices to maintain data integrity and prevent unwanted bias. 32 In addition, the validation of training data used MDAI is paramount and should be demonstrated as part of the studies to ensure the accuracy, reliability, and effectiveness of the MDAI.

As outlined in the AIA, training, validation and testing data sets for high-risk MDAI must be of high quality, sufficiently representative, free of errors (to the best extent possible), complete in the view of the intended purpose , include the appropriate statistical properties and be examined in view of possible biases that are likely to affect the health and safety of persons, have negative impact on fundamental rights ore lead to discrimination prohibited under Union law. 33 The AIA also requires the inclusion of measures to address data privacy and security concerns, as well as transparency in data collection and processing.

Note: In line with the AI Act the Commission will develop horizontal guidelines on the practical implementation of the requirements and obligations for high-risk AI systems including on the requirements included in Article 10 34 on data and dataset. 35 Moreover, in line with the European Commission standardisation request CEN/CENELEC Joint Technical Committee 21 is working on the developing a harmonised standards on data and bias.

The Commission horizontal guidelines and the harmonized standards in support of the AI Act will provide further clarifications on the scope of the requirements related to data and data governance of the AI Act. The specific application of AI act provisions on data and data governance in the context of medical devices will be developed following the adoption of horizontal guidelines.

3. Technical Documentation

12. What technical documentation is required by the MDR/IVDR and AIA for MDAI?

The MDR, IVDR and the AIA mandate the provision of comprehensive technical documentation for MDAI. The MDR/IVDR require detailed descriptions of software, software architecture, data processing methods, and risk management strategies. 36 The AIA requires additional documentation, focusing on transparency and accountability, including risk assessments, data governance practices, and performance testing outcomes of the high-risk MDAI. 37

Joint Artificial Intelligence Board and

This documentation should include detailed information about the device's design, development, key design choices, functionality, performance characteristics, system architecture, computational resources to develop, train and test, and intended use and purpose. Manufacturers must also provide evidence of conformity with relevant regulatory requirements, including training, validation and test data, risk assessments, and quality management processes. 38 All three regulations aim to ensure that manufacturers maintain detailed and up-to-date records to demonstrate compliance.

Note: Where it relates to technical documentation, Article 11 (2) of the AIA indicates that a single set of technical documentation shall be drawn up for high-risk MDAI.

13. Will the assessment of the technical documentation by a notified body as it is defined in Annex VII of the AIA follow a sampling of MDR Class IIa / Class IIb and IVDR Class B / Class C devices as it is laid out in MDCG 2019-13?

Yes, sampling rules of the governing conformity assessment procedure remain applicable. Therefore, high-risk MDAI are governed by the applicable sampling rules under the MDR and IVDR.

Background: The MDR and IVDR establish the need to assess the technical documentation of at least one representative device per generic device group (for Class IIb and Class C) and for each category of devices (for Class IIa and Class B) prior to issuing a certificate. 39 Section 2.3 and 3.4 of Annex IX of IVDR and MDR (and section 10 of Annex XI of the MDR) defines that the quality management system assessment must be accompanied by the assessment of technical documentation for devices selected on a representative basis.

4. Transparency and human oversight

14. What requirements do the AIA and MDR/IVDR impose regarding transparency and for MDAI?

The AIA and MDR/IVDR put in place complementary obligations that address both manufacturers and deployers to ensure transparency in the development, deployment and use of MDAI.

Under the AIA, transparency is a core requirement for high-risk MDAI. It introduces on providers a legally binding requirement to design and develop high-risk MDAI in such a way as to ensure that operation of high-risk MDAI is sufficiently transparent to enable deployers, to interpret outputs correctly and use the system appropriately, supported by clear and comprehensible instructions for use. 40

Furthermore, manufacturers must ensure that high-risk MDAI intended to interact directly with natural persons are designed and developed in such a way that the concerned users of high-risk MDAI, regardless of risk class, are informed that they are interacting with an AI system unless this is obvious from the point of view of a user who is reasonably well-informed, observant and circumspect, taking into account the circumstances and the context of use. 41,42 Additionally, it imposes transparency obligations on deployers, including the requirement to inform providers appropriately and ensure proper use of the system. 43

The MDR/IVDR embed transparency requirements within the General Safety and Performance Requirements (GSPRs). 44 They require that manufacturers provide clear and accessible information regarding the device's intended purpose, operation and limitations. 45 In addition, they require that software development follows the state of the art, incorporating lifecycle and risk management processes that inherently support traceability, documentation, and usability. 46 These elements contribute to transparency and the broader goal of ensuring that deployers and notified bodies can understand how the MDAI contributes to its performance and risk profile. In addition to Annex I, Annex II and III of the MDR/IVDR also impose detailed documentation requirements, including on software development and performance evaluation, which contribute to transparency and traceability throughout the device lifecycle.

Accordingly, the MDR/IVDR and AIA collectively support a coherent regulatory framework that ensures MDAI systems are designed, documented, and deployed in a transparent and explainable manner. Therefore, transparency requirements are not optional design features, but essential requirements to be addressed within the manufacturer's risk and quality management systems and verified through the conformity assessment procedure. These requirements collectively ensure that users, deployers, and patients are adequately informed about the nature, operation and limitations of MDAI.

15. How do the MDR/IVDR and the AIA address transparency, explainability and data processing requirements for high-risk MDAI?

The AIA provides that transparency, including the accompanying instructions for use, should assist deployers in the use of the system and support informed decision making by them. 47 Deployers should, inter alia, be in a better position to make the correct choice of the system that they intend to use in light of the obligations applicable to them, be educated about the intended and precluded uses, and use the AI system correctly and as appropriate. This is further supported by requirements for clear and comprehensible instructions for use, the provision of information on the system's capabilities and limitations, and documentation that enables the explainability of AI-based decisions.

Transparency requirements related to data processing include obligations regarding data quality, management, and documentation. 48 Data used for training, validation and testing of high-risk MDAI must be relevant, representative of the intended purpose, free of errors and bias, (to the extent possible) and sufficiently comprehensive. These provisions aim to ensure the robustness and performance of high-risk MDAI but also their transparency in terms of data processing. As explained in Question 11 above, the Commission will provide horizontal guidelines on the practical implementation of Article 10 AI act on data and data governance which will provide further clarifications on the meaning and practical application of this provision. This is aligned with MDR/IVDR which require manufacturers to ensure that users are provided with comprehensive and comprehensible information regarding the device, its performance and risks (Annex I). Where applicable, the information provided must describe how software, including AI components, contributes to the performance of the device, and must be reflected in the instructions for use or user interface. Furthermore, MDR/IVDR Annex I, Chapter III, also supports informed decision-making by users.

In this sense, the AIA expands and reinforces the MDR and IVDRs foundational principle that information provided to deployers must be clear, complete, and actionable, especially when decisions may impact health outcomes or fundamental rights. Taken together, the MDR/IVDR and AIA establish a framework in which transparency and explainability are not only expectations but binding obligations for high-risk MDAI. Manufacturers must ensure that deployers can understand the logic, limitations, and behaviour of AI components within a medical device. This includes implementing safeguards, interpretation tools, and user interfaces that make AI outputs meaningful and trustworthy. The integration of these requirements throughout the high-risk MDAI lifecycle, design, documentation and record-keeping, labelling, and post-market surveillance ensures that MDAI is developed and deployed in a manner that supports patient safety, professional accountability, and public trust.

16. How do the MDR/IVDR and the AIA address the accountability of MDAI?

Accountability is addressed in both the AIA and the MDR/IVDR, though with a different scope and focus.

The MDR/IVDR, include requirements for documentation and clinical and performance evaluation. They require that the information provided to users be clear and complete, including details on how the device operates and, where applicable, how embedded software components (including MDAI) contribute to device functionality. 49 The documentation 50 required must describe the design and functioning of the software, including how inputs are processed and how outputs are generated, thereby supporting explainability and accountability in practice. To promote trust and accountability, the AIA introduces explicit obligations concerning transparency. 51 Transparency contributes to explainability which in turn facilitates accountability.

As such, high-risk MDAI must be designed and developed in a manner that enables deployers to understand how the system functions and reaches its outputs. This includes information on the characteristics, capabilities, and limitations of the highrisk MDAI, as well as documentation to support interpretability of outputs.

These combined obligations enable both developers and deployers of high-risk MDAI to demonstrate and communicate how high-risk MDAI-based decisions are made. Moreover, these obligations support robust traceability of changes, informed use, and post-market control mechanisms that reinforce the safe and trustworthy deployment of MDAI and enhance accountability throughout the product lifecycle.

17. How do the MDR, IVDR and AIA address usability engineering for MDAI?

The MDR and IVDR require manufacturers to apply usability engineering principles to MDAI in the design and development to ensure their safe and effective use by intended users. Manufacturers must eliminate or reduce as far as possible risks related to use errors, having particular regard to the knowledge of the user and consideration of whether training might be appropriate. It is recommended that AI systems, especially those in healthcare, be designed with user-centric principles to facilitate safe and effective interaction. Documentation of usability engineering processes and outcomes is required under all three regulations.

18. What human oversight requirements are included in the MDR, IVDR and AIA for high-risk MDAI?

The AIA emphasizes the importance and sets a legal obligation on the manufacturer to design and develop AI systems, including high-risk MDAI, with appropriate human oversight mechanisms.

In particular, human oversight measures should guarantee that the system is designed by the manufacturer with in-built operational constraints that cannot be overridden by the system itself and is responsive to the human operator. 52 This involves designing high-risk MDAI to allow human intervention in critical decisionmaking processes. The MDR and IVDR support this by requiring that MDAI, be designed for safe and performant use. 53 The AIA details that oversight measures should be commensurate with the risks, level of autonomy, and context of use of the high-risk MDAI. Thus, clearly defined and documented human oversight mechanisms as well as appropriate instructions for use 54 will be necessary to ensure safe and performant use and deployment of high-risk MDAI and allow appropriate supervision by healthcare professionals and institutions.

19. Can human oversight for medical devices be understood as a part of existing risk management measures such as a design measure (e. g. 'stop' button)?

Human oversight in addition to the design and operational requirement (see Q18), is also considered a risk mitigating factor that aims to prevent or minimise the risks to health, safety or fundamental rights when a high-risk AI system is used in accordance with its intended purpose or under conditions of reasonably foreseeable misuse. 55 Proper human oversight could be understood as a risk management measure which calls for manufacturers to, in the following order of priority:

  • a) eliminate or reduce risks as far as possible through safe design and manufacture take adequate protection measures, and
  • b) (where appropriate) include including alarms, if necessary, in relation to risks that cannot be eliminated and
  • c) provide information for safety.

For MDAI, specific considerations as to what level of human oversight is necessary and appropriate according to the level of risk associated with possibly e.g. robotic driven surgical medical device intervention where a healthcare professional oversees the operation and has variable possibilities to 'override' the MDAI. However, the software design should not allow human intervention in critical parts of the surgical operation of a highly autonomous surgical MDAI whereby leaving the patient at risk. The manufacturer must include considerations as part of the risk assessment and management.

20. How do the MDR/IVDR and AIA approach informed consent in the context of MDAI?

The MDR/IVDR and AIA both include provisions aimed at protecting individual rights through transparency and informed interaction with MDAI.

Under the MDR and IVDR, informed consent is explicitly required in the context of clinical investigations and performance studies. 56 These provisions ensure that individuals participating in such studies are adequately informed of the risks, benefits, and objectives of MDAI.

The AIA complements these requirements by introducing additional transparency obligations that extend to the general deployment of high-risk AI systems (see Question 14). Furthermore, the requirements on human oversight 57 and transparency 58 reinforce the need to provide deployers and affected persons with sufficient information to understand the system's capabilities, limitations, and potential risks.

Together, these requirements contribute to safeguarding patient autonomy and support the ethical deployment of MDAI.

21. How do the MDR/IVDR and AIA address the traceability of high-risk MDAI?

Traceability is a key component of both regulatory frameworks, albeit with different focal points.

The MDR and IVDR require that devices, including those incorporating AI, are traceable throughout the supply chain and device lifecycle. 59 This includes obligations related to Unique Device Identification (UDI), registration, and postmarket surveillance.

With the same intent, under the AI Act the EU declaration of conformity, among other information, requires 'AI system name and type and any additional unambiguous reference allowing the identification and traceability of the AI system' to be included. Moreover, Article 12 AIA introduces requirements related to functional traceability. Article 12 mandates that high-risk AI systems maintain logs of system performance and behaviour throughout their lifecycle to support monitoring and post-market monitoring. Article 12 and recital 71 underscore that logging and documentation are essential to ensure system traceability of the functioning of a high-risk AI system.

Thus, the concept of traceability is applied in two interrelated ways: (1) traceability of device movement and lifecycle and (2) traceability of system functioning and performance. Together, these ensure that both the hardware and software dimensions of high-risk MDAI are adequately monitored and controlled.

5. Accuracy, Robustness and Cybersecurity

22. What cybersecurity measures are required by the AIA and MDR/IVDR?

The MDR, IVDR and AIA emphasise the need for robust cybersecurity measures in both the pre-market and post-market stages of high-risk MDAI. The MDR and IVDR underline that any risks associated with the operation of the device must be acceptable so as to enable a high level of protection of health and safety, taking into account the generally acknowledged state of the art. This can only be achieved through the establishment of an adequate balance between benefit and risk during all possible operation modes of a device. To this end, there is a need to consider the relationship between "safety' and 'security" related risk. 60

The cybersecurity measures implemented by manufacturers must aim to prevent unauthorised access, cyberattacks, exploits, manipulation and ensure operational resilience. The AIA requires for high-risk MDAI the implementation of technical solutions to address AI specific vulnerabilities. 61 Manufacturers of high-risk MDAI should ensure a level of cybersecurity appropriate to the risks and take suitable measures to secure AI specific assets such as training data sets or trained model as well as appropriate the underlying ICT (Information and communications technology) infrastructure. 62

Manufacturers of MDAI should implement measures to secure data transmission and storage, prevent unauthorised access, 63 data and model poisoning, and detect and respond to cybersecurity incidents. These requirements are also applicable at the level of data governance (e.g. at the time of developing the MDAI, through the use of training, validation and testing data).

Manufacturers must also conduct risk assessments to identify potential cybersecurity vulnerabilities and implement appropriate mitigation measures. 64 The technical solutions aiming to ensure the cybersecurity of MDAIs shall be appropriate to the relevant circumstances and the risks.

As cybersecurity 65 is part of the essential requirements for high-risk AI systems, and thus an obligation of the manufacturer, 66 it should be part of the risk management system, 67 and the quality management system 68 and therefore subject to conformity assessment. 69 All three regulations require manufacturers to establish procedures to consider safety and security risk aspects from an early stage of design and throughout the entire life cycle, taking into account the operational environment of use and ICT infrastructure. 70

Note: medical devices and in vitro diagnostic medical devices are out the scope of Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act).

III. Clinical /Performance Evaluation and Testing

23. What criteria is specified in the AIA for evaluating the performance of MDAI?

The AIA specifies criteria for ensuring the safety, reliability, and effectiveness of highrisk MDAI. While the AIA does not explicitly use the term 'clinical evaluation' or "performance evaluation," it mandates requirements such as accuracy, robustness, and cybersecurity for high-risk MDAI, which are essential aspects of performance 71 as well as specifically requires testing of high-risk MDAI against prior defined metrics and probabilistic thresholds to ensure that high-risk MDAI perform consistently for their intended purpose and that they are in compliance with the requirements of the AIA. 72 Article 9 (8) specifically states that testing of high-risk MDAI shall be performed, as appropriate, at any time throughout the development process.

The AIA mandate validations of AI training pipelines to ensure the reliability and accuracy of the AI systems. This includes validating design, manufacturing, data collection, preprocessing, model training, and quality management processes under various conditions, with continuous monitoring to address potential issues. 73

24. What specific requirements do the MDR, IVDR and AIA impose for the clinical (MDR) or performance (IVDR) evaluation of high-risk MDAI?

The MDR and IVDR require manufacturers to validate MDAI outputs through rigorous testing in the form of clinical or performance evaluation to ensure compliance and that the MDAI performs as intended. 74 Manufacturers must perform software verification and validation activities to ensure that MDAI meets specified requirements and functions correctly. This requires clinical validation to demonstrate that the MDAI is safe and provides accurate, reliable, and clinically relevant outputs. 75 Similarly, the AIA mandates verification and validation of high-risk MDAI to ensure it operates as intended and meets safety and performance requirements. In addition to the MDR and IVDR, the AIA introduces the requirement for the validation of high-risk MDAI, in terms of transparency, human oversight, accuracy, robustness and cybersecurity. 76 Furthermore, the AIA requires that validation of high-risk MDAI involves verifications that the high-risk MDAI does not infringe on fundamental rights.

All three frameworks emphasize testing under various conditions, documentation of evaluation processes, and continuous monitoring to ensure compliance. These regulations require manufacturers to provide evidence to support their claims, ensuring that MDAI adhere to rigorous safety and performance standards.

This includes testing documentation of validation processes, and continuous monitoring to address any issues that may arise. 77 The regulations provide flexibility in choosing validation methods but emphasise the importance of demonstrating that the MDAI functions correctly and meets specified requirements. In addition, clinical or performance evaluation should also support the generation of clinical evidence of the MDAI including clinical benefit within the intended patient population, in alignment with the intended purpose and risk classification of the device.

For high-risk MDAI that continue to learn after being placed on the market or put into service, the AIA introduces an additional consideration to be taken into account as part of the clinical or performance evaluation in the form of pre-determined changes. 78

For further information on establishing clinical evidence, see MDCG 2020-01 'Guidance on Clinical Evaluation (MDR) / Performance Evaluation (IVDR) of Medical Device Software'.

Note: Guidance on Pre-determined Change Control Plans for MDAI is currently under development at the level of the International Medical Device Regulators Forum (IMDRF) which will likely serve as a basis for future EU guidance on the subjectmatter.

25. How might manufacturers conduct clinical investigations and clinical performance studies in conformity with both MDR/IVDR and the AIA?

High-risk MDAI must be supported by clinical evidence to demonstrate the device's safety, performance, and, where applicable, clinical benefit. In accordance with the MDR and IVDR, such clinical evidence may need to be generated through a clinical investigation (under the MDR) or a performance study (under the IVDR), as appropriate.

Where high-risk MDAI undergoes a clinical investigation or performance study, this constitutes real-world testing under the AIA. 79 In such cases, paragraph 3 of Article 60(1) applies, which allows real-world testing of high-risk AI systems prior to their placing on the market or putting into service, provided that such testing is in accordance with applicable Union or national laws, including those under the MDR and IVDR.

Although the AIA does not apply to AI systems that are not yet placed on the market or put into service, 80 the AIA introduces a specific provision for Annex III high-risk AI systems which states that under certain conditions, these systems may undergo testing in real-world conditions prior to their placing on the market or putting into service. 81 Article 60(1), third subparagraph, explicitly states that such real-world testing is permitted "without prejudice to Union or national law on the testing in realworld conditions of high-risk AI systems that are medical devices or in vitro diagnostic medical devices.'

26. What processes are outlined in the MDR, IVDR and AIA for generating clinical evidence to support the safety and performance of MDAI?

The MDR and IVDR introduce requirements on the generation of clinical evidence to support the safety and performance of MDAI. The MDR/IVDR require manufacturers to generate clinical evidence through the conduct of clinical/performance evaluations, which may be generated through clinical investigations and clinical performance studies (as applicable) to demonstrate conformity with the applicable requirements. 82 This involves designing and conducting studies to evaluate the performance, reliability, and (clinical) impact of MDAI, with specific requirements for study design, data collection, and statistical analysis. All three regulations emphasise the importance of generating robust evidence to demonstrate the safety, performance and effectiveness of MDAI.

IV. Conformity assessment

27. Which conformity assessment procedure apply to AI systems in the scope of the MDR/IVDR and AIA?

For AI systems classified as high-risk MDAI under Article 6(1) (See Q2) the relevant conformity assessment procedure is determined by the MDR/IVDR. 83 For high-risk MDAI, where both AIA Annexes I and III apply, Annex I alone should prevail for that MDAI.

An AI system that is classified as high-risk MDAI based on Article 6(2) AIA and falls into one of the areas listed in Annex III points 2 to 9, in accordance with paragraph 2 Article 43 (2) AIA, shall follow the conformity assessment procedure set in Annex VI AIA. This is the procedure based on internal control which does not provide for the involvement of a notified body.

An AI system that is classified as a high-risk MDAI based on Article 6(2) AIA, and falls into area listed in Annex III point 1, in accordance with Article 43(1) AIA, shall follow one of the conformity assessment procedures provided in this article.

For example, if an AI system used for healthcare, such as an emergency triage system, qualifies as MDAI, then the conformity assessment procedure following AIA Art. 6 (1) is applicable. AI systems that qualify as high-risk AI systems under Article 6(1) AIA must comply with both MDR or IVDR and the AIA.

However, if an AI system qualifies solely as a biometric categorisation system under Annex III Section 1 (b) AIA, then this system must comply only with the requirements and obligations of the AIA and undergo a conformity assessment procedure in accordance with Article 43 (1) AIA.

28. What is the process for demonstrating conformity to both the AIA and MDR/IVDR?

High-risk MDAI undergoes the relevant conformity assessment procedure based on the device's risk classification under the MDR and IVDR. 84 Most MDAI are classified as Class IIa (MDR), B (IVDR), or above, meaning that they require a notified body to conduct a quality management system audit, technical documentation review, and inspections to ensure compliance with all regulatory requirements.

According to Article 43(3) AIA, for high-risk MDAI the requirements set in Articles 8 to 15 AIA and specific provisions related to the assessment of quality management system and technical documentation covered in Annex VII point 4.3, 4.4, 4.5, and the fifth paragraph of point 4.6 AIA must be assessed or taken into consideration as part of the conformity assessment procedure under MDR and IVDR.

V. Substantial Modification/significant change

29. Will the type of substantial modifications under AIA be aligned with the changes that could necessitate a new conformity assessment under MDR/IVDR?

The concept of substantial modification is an autonomous concept under the AIA which is defined in Article 3 (23). In accordance with Article 43(4) of the AIA, high-risk MDAIs that have been subject to a conformity assessment procedure shall undergo a new conformity assessment procedure in the event of a substantial modification, regardless of whether the modified system is intended to be further distributed or continues to be used by the current deployer.

In accordance with Article 96 (1) (c) AIA, the Commission will develop guidelines on the practical implementation of the provisions related to substantial modification. Once published, an assessment on application to medical devices and in vitro diagnostic medical devices will be necessary.

30. When do changes to a high-risk MDAI after being placed on the market or put into service not constitute a substantial modification under AIA and MDR/IVDR?

In addition to MDR/IVDR requirements for the implementation of procedures to manage updates and modifications to MDAIs, high-risk MDAIs that continue to learn after being placed on the market or put into service have the possibility of having predetermined changes plan checked at the time of the conformity assessment (Article 43(4) AIA). Changes to high-risk MDAIs that have been pre-determined by the manufacturer and assessed at the moment of the initial conformity assessment and are part of the information contained in the technical documentation referred to in AIA Annex IV point 2(f) shall therefore not constitute a substantial modification.

Therefore, such pre-determined change should not be understood as a change to the certified medical device or IVD under MDR Annex IX Section 4.10 and IVDR Annex IX Section 4.11. The above-specified rule should be included in the change management procedure of the MDR/IVDR device and in the technical documentation as provided in AIA Annex IV point 2(f). It is essential that at the time of conformity assessment, the pre-determined changes must be clearly specified and adaptable to the device's evolving nature. This performance, documented in the technical documentation, should include a detailed description of the initial performance expectations alongside mechanisms for validating and managing changes that occur post-market.

  1. Do high-risk MDAI that are already on the market and that undergo a significant change in the design (Article 111 AIA) before 2 August 2027 need to undergo a new conformity assessment following the entry into force of the AIA?

No. Considering that as per the 'Blue Guide' on the implementation of EU product rules 2022[1], the term 'placing on the market' refers to each individual product rather than to a type of product.

AIA Art. 6(1) sets out the conditions for an 'Annex I high-risk AI system'. The date of application of obligations for 'Annex I high-risk AI systems' is 2 August 2027, meaning:

  • If the medical device has been placed on the market/put into service before 2 August 2027 :
  • If the AI system is subject to any significant changes in its design on or after 2 August 2027, EU AIA obligations apply , including obligations for 'Annex I high-risk AI systems'
  • If the AI system is subject to any significant changes in its design before 2 August 2027: obligations for 'Annex I high-risk AI systems' do not yet apply
  • If the medical device is placed on the market/put into service on or after 2 August 2027, then EU AIA obligations apply , including obligations for 'Annex I high-risk AI systems'

Note: Article 111 (2) AIA gives provisions for high-risk AI systems already placed on the market or put into service and says that the EU AIA applies to high-risk AI systems that are subject to significant design changes already as of 2 August 2026. However, because EU AIA, Art. 6 (1) only applies as of 2 August 2027 (as specified in EU AIA, Art. 113 (c)), AI systems that are part of a medical device (or that are themselves medical devices) are not classified as high-risk AI systems prior to 2 August 2027, and therefore Art. 111 (2) does not apply to them prior to 2 August 2027. It is, however, to be assumed that Article 111 (2) applies to such 'Annex I highrisk AI systems' by analogy, i.e. for significant changes on or after 2 August 2027.

VI. Post-market monitoring

32. What post-market surveillance requirements are outlined in the MDR/IVDR and AIA for MDAI?

Both the MDR/IVDR and AIA mandate that manufacturers establish and implement post-market monitoring and surveillance systems to monitor the performance and safety of MDAI after they are placed on the market. This includes systematic collecting and analysing data on device performance, risk analysis, adverse events assessment and reporting, and other safety-related issues, as well as taking appropriate corrective and preventive actions as necessary. Manufacturers must also implement a vigilance system, report adverse events and other safety-related information to regulatory authorities and users as required. 85 Manufacturers must regularly update their risk and quality management systems and compliance strategies based on post-market monitoring and regulatory feedback.

33. How do the MDR/IVDR and AIA mandate continuous performance monitoring mechanisms for MDAI?

The MDR/IVDR require manufacturers to establish post-market surveillance systems to monitor the performance and safety of medical devices and IVDs, including MDAI, after they are placed on the market. 86 Similarly, the AIA mandates post-market monitoring and a post-market monitoring plan to actively and systematically collect, document, and analyse relevant data on the performance of high-risk MDAIs through their lifetime and ensure continuous compliance with requirements of Article 8 to 15 AIA. The post-market monitoring system shall be proportionate to the nature of the technology and the risks of the system, to ensure ongoing compliance with safety and performance standards. 87

34. What new dimensions of requirements does the AIA introduce to the existing post-market surveillance requirements of the MDR/IVDR?

Firstly, what doesn't change is the obligation of the manufacturers for post-market monitoring of MDAI. Both MDR/IVDR and AIA include obligations on the manufacturer to establish and document a post-market monitoring system that is riskbased and clearly established in the quality management system that the device continues to operate as intended.

The major monitoring change required by the AIA will be the need, where relevant, to detect for interaction with other AI systems, including other devices and software. Furthermore, deployers are required to monitor the operation 88 and where relevant inform the manufacturer. 89

In accordance with Article 72(3) AIA, the Commission shall adopt implementing act laying down detailed provisions establishing a template for the post-market monitoring plan and the list of elements to be included in the plan by 2 February 2026. In accordance with Article 72 (4) paragraph 4, the necessary elements of the post-market monitoring plan and the elements of the template adopted under the AIA may be integrated into already existing post-monitoring plan under the MDR/IVDR, provided it achieves an equivalent level of protection.

VII. Other questions

35. Should 'in-house' MDAI manufactured and used only within health institutions be classified as a high-risk AI system?

As stated in Question 2 of this FAQ, one of the conditions to determine if an AIsystem is high-risk is that the MDAI must be subject to a third-party conformity assessment by a notified body designated under the MDR and or IVDR.

Consequently, MDR/IVDR in-house developed medical devices and in vitro diagnostic medical devices manufactured and used only within health institutions established in the Union are not subject to third-party conformity assessment, provided that the conditions of Article 5(5) are met.

Therefore, such a MDAI is not classified as a high-risk AI system. Nevertheless, other AIA obligations apply including but not limited to prohibited practices.

Note: due to the inherent possible risks associated with in-house MDAI and in order to ensure their safety and performance, the AIB and MDCG will provide further guidance and clarifications on appropriate requirements for in-house MDAI.

36. Are MDAI manufacturers required to define some minimum AI training e.g. to medical physics experts and radiologists to be able to understand potential risks of diagnostic support tools?

The MDR, IVDR and AIA require manufacturers to ensure training of deployers using MDAI when appropriate as part of their risk management to ensure appropriate use, reduce foreseeable misuse and oversight during its deployment. One of the essential requirements of the AIA for high-risk AI systems includes transparency and provision of information for deployers. 90

As explained in Recital 72 of the AIA, the accompanying instructions for use, should assist deployers in the use of the system and support informed decision making by them. Deployers, should be in a better position to make the correct choice of the system that they intend to use in light of the obligations applicable to them, be educated about the intended and precluded uses, and use the AI system correctly and as appropriate.

In addition, when human oversight measures are identified commensurate with the risk, level of autonomy and context of use, the natural persons to whom human oversight is assigned must be enabled to understand the capabilities and limitations and be able to duly monitor. Manufacturers should advise on education and training which would provide a sufficient understanding on the MDAI interpretability of the generated output to mitigate reasonably foreseeable misuses. Similarly, MDR and IVDR require manufacturers to supply information on special training required to use the device. 91

Furthermore, the AIA obliges manufacturers and deployers of AI systems, to ensure, to their best extent, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf, taking into account their technical knowledge, experience, education and training and the context the AI systems are to be used in, and considering the persons or groups of persons on whom the AI systems are to be used. 92

For further information on AI literacy, please consult the following Questions and Answers document on the topic.

Footnotes

  1. Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April 2017 on medical devices 2 Regulation (EU) 2017/746 of the European Parliament and of the Council of 5 April 2017 on in vitro diagnostic medical devices
  2. Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence
  3. On the basis of the New Legislative Framework, as clarified in the Commission notice 'The 'Blue Guide' on the implementation of EU product rules 2022', the general rule is that more than one legal act of Union harmonisation legislation, such as the MDR and the IVDR and the AIA, may be applicable to one product, since the making available or putting into service can take place only when the product complies with all applicable Union harmonisation legislation.
  4. MDCG 2019-11: Guidance on Software Qualification and Classification.
  5. Commission Guidelines on the definition of an artificial intelligence system established by Regulation (EU) 2024/1689 (AIA).
  6. Commission Guidelines on the definition of an artificial intelligence system established by Regulation (EU) 2024/1689 (AI Act), C(2025) 924 final.
  7. AIA Art 3(14) defines safety component as 'a component of a product or of an AI system which fulfils a safety function for that product or AI system, or the failure or malfunctioning of which endangers the health and safety of persons or property'. European Commission is preparing horizontal guidelines on the classification of AI systems as high-risk that will also cover the concept of 'safety component'.
  8. As regards AI systems that are safety components of products, or which are themselves products, falling within the scope of [MDR or IVDR], it is appropriate to classify them as high-risk under the AIA if the product concerned undergoes the conformity assessment procedure with a third-party conformity assessment body pursuant to the [MDR or IVDR].
  9. Note: Except for non-invasive devices which are classified as Class I in accordance with 'Guidance on qualification and classification of Annex XVI products - A guide for manufacturers and notified bodies'.
  10. Recital 51 AIA.
  11. Commission Guidelines on prohibited artificial intelligence practices established by Regulation (EU) 2024/1689 (AI Act), C(2025) 884 final.
  12. e. g. Art. 10, Chapter VI, Chapter VII Annex I, Annex II, Annex IX, Annex X, Annex XIV.
  13. Article 9 para 2, Article 15, par. 1 AIA
  14. Article 72, par. 1, AIA
  15. Article 14 and recital 73 AIA
  16. AIA Recital 155, Article 15(4), Article 9, 11, 15, Annex IV.
  17. Article 17
  18. AIA, Article 17
  19. Refer to Section 2 Chapter III)
  20. Recital 81, Article 8 (2) and Article 17 (3) AIA
  21. Annex I Chapter MDR or IVDR
  22. Article 9 AIA
  23. AIA, Article 72
  24. Recital 64 AIA
  25. Article 10(5) AIA
  26. Recital 67 AIA
  27. AIA Article 10, recital 67
  28. see IVDR Annex XIII part 2.3.2 (m); Article 10 para 3 AIA
  29. Annex II TD section 3, a and b and section 6 on product verification and validation MDR and IVDR
  30. MDR, Art. 57 (3)).). Annex XIV - MDCG 2020-1 Guidance on clinical evaluation (MDR) / Performance evaluation (IVDR) of medical device software).
  31. AIA, Article 10
  32. AIA, Article 10
  33. e.g. high quality, sufficiently representative, free of errors (to the best extent possible).
  34. e.g. principles related to separation of datasets.
  35. MDR and IVDR Annex II, MDR/IVDR Annex III
  36. AIA, Article 11 and 72
  37. MDR, Annex II; IVDR Annex II, AIA, Article 11).
  38. Article 52(4) and (6) MDR and Article 48(7) and (9) IVDR
  39. Article 13 AIA.
  40. Further transparency requirements for certain AI systems are contained in AIA Article 50.
  41. Article 50 AIA.
  42. Article 26 AIA.
  43. Annex I MDR and IVDR.
  44. Annex I GSPR 23 MDR and IVDR.
  45. Annex I GSPR 14.2(h) MDR and IVDR.
  46. Articles 12 and 13 AIA, as clarified in recitals 71 and 72 AIA.
  47. Article 10 AIA.
  48. Annex I MDR and IVDR.
  49. Annex II MDR and IVDR.
  50. Article 13 AIA.
  51. AIA, Article 14.
  52. MDR and IVDR, Annex I.
  53. MDR and IVDR Annex I.
  54. Article 14(2) of the AIA.
  55. Article 69 MDR and Article 59 IVDR.
  56. Article 14 AIA.
  57. Article 13 AIA.
  58. Article 25 MDR and Article 22(1) IVDR.
  59. See MDCG 2019-16.
  60. Article 15 AIA
  61. MDR, Annex I, section 17, IVDR, Annex I, section 16, MDCG 2019-16 rev. 1 and Recital 76 and 77 AIA
  62. See MDCG 2019-16.
  63. MDR, Annex I, Section 17; AIA, Article 15, Annex IV, Section 2.h.
  64. Article 15 AIA.
  65. Article 9 AIA.
  66. Article 16 (a) AIA.
  67. Article 17 AIA.
  68. Article 43 AIA.
  69. Based on MDR, Annex I, section 17, IVDR, Annex I, section 16, MDCG 2019-16 rev. 1 and Recital 76 AIA.
  70. Article 61 and Annex XIV MDR, Article 56 and Annex XIV IVDR, Article 15 and recital 74 AIA.
  71. Article 9 AIA.
  72. Article 10 and 13 AIA.
  73. Article 61 and Annex XIV MDR, Article 56 and Annex XIV IVDR.
  74. MDR and IVDR Annex XIV.
  75. Chapter III, Section 2 AIA.
  76. Articles 9, 10, 12 and 17 AIA.
  77. Article 43 AIA.
  78. Article 60(1) AIA.
  79. Article 2(8) AIA.
  80. Article 60.
  81. Annex XIV MDR and IVDR.
  82. Article 43 (3) AIA
  83. Article 16(f) and Article 43(3) AIA, Article 52 MDR or Article 48 IVDR
  84. Article 83 MDR; Article 78 IVDR Article 72 AIA
  85. MDR, Article 83, IVDR Article 78
  86. Article 72 AIA.
  87. Article 26 AIA.
  88. Article 72 AIA.
  89. Article 13 AIA
  90. Annex I MDR and IVDR.
  91. Article 4, as explained in Recital 20 AIA.

内容以 CC BY 4.0 许可证授权

Copyright © 2026 RASAAS