Trusq

factual analysis · traceable to primary sources

Topics Opportunities Take the check Work with us LinkedIn NL·EN
Explainer

AI as a medical device: the dual conformity (MDR + AI Act)

Adopted 2026-06-20 · ≈ 2 min read · Dirk Baaijen

If your AI is a medical device, it must meet both the MDR (clinical evaluation, CE) and the AI Act (high-risk requirements). The regulations are meant to run together through a single conformity assessment and one notified body — not two separate tracks.

Short answer: If your AI is a medical device (or a safety component of one), it must meet two regulations at once: the MDR (or IVDR) with clinical evaluation and CE marking, and the AI Act with the requirements for high-risk AI (Annex I). The legislator designed this so both can run through a single conformity assessment and one notified body — it is expressly not intended that you run two separate tracks.

Why two regimes

The MDR ensures a medical device is safe and clinically substantiated. The AI Act adds the AI-specific requirements: risk management, data quality and bias examination, technical documentation, logging, transparency, human oversight and requirements on accuracy and robustness. For AI diagnostics or decision support, both apply.

How to combine them

  • One CE marking covers conformity; you add the AI Act requirements to your existing MDR technical documentation rather than building a separate dossier.
  • The same notified body assesses both where possible, so you don't get audited twice.
  • Build on what you have: your clinical evaluation, risk management (ISO 14971) and quality system are the basis; you layer the AI Act requirements (and EN ISO/IEC 42001 for AI management) on top. See the conformity assessment for high-risk AI.

The timeline

The high-risk obligations for AI in regulated products (Annex I, such as medical devices) apply in phases and later than stand-alone Annex III systems. That gives manufacturers time to weave the AI Act requirements into their existing MDR processes — but you can start now.

What to do

  • Confirm the qualification: is it a medical device (MDR/IVDR) with AI as a component?
  • Map the AI Act requirements and link them to your existing MDR documentation.
  • Coordinate with your notified body on a combined assessment.
  • Strengthen data governance and human oversight — the two areas where AI adds most to the MDR.
  • See the broader framework in AI in healthcare.

Two regimes, one device: those who already master the MDR route build the AI Act on top of it most efficiently, not alongside.

Sources

  1. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
    Regulation (EU) 2024/1689 (AI Act): Art. 6 and Annex I; alignment of the conformity assessment with sectoral product law.
  2. https://eur-lex.europa.eu/eli/reg/2017/745/oj
    Regulation (EU) 2017/745 (MDR): clinical evaluation and conformity assessment for medical devices.

Share on LinkedIn

Read next

U

AI in healthcare: the AI Act and the Medical Device Regulation (MDR)

Medical AI often falls under two regimes at once: as a medical device under the MDR (CE marking) and as high-risk AI under the AI Act (Annex I). The regulations align the conformity assessment as far as possible. Health data is also special-category personal data under the GDPR.

W

CE marking and notified bodies for high-risk AI

High-risk AI receives a CE marking after a successful conformity assessment. Sometimes the provider assesses itself; sometimes an independent notified body must be involved. This guide explains when each route applies and what the CE marking means.

U

Conformity assessment and CE marking for high-risk AI: how does it work?

Before placing a high-risk AI system on the market you run a conformity assessment (Art. 43), draw up technical documentation, issue an EU declaration, affix the CE marking and register in the EU database.

Dirk Baaijen

About this knowledge base

Compiled and maintained by YRproject — programme and project direction at the intersection of digital transformation, AI and regulation. Every factual claim is traceable to its primary source. YRproject is led by Dirk Baaijen About & method →

A project or programme? Work with YRproject →

The monthly briefing

AI regulation in five minutes: what changed, what is coming and what it means. No spam, unsubscribe anytime.

Your address is used for this only and stored on our own servers.