Do AI medical devices need separate assessments under MDR and AI Act?

No. The AI Act integrates its assessment into MDR procedures. The Notified Body evaluates both in a single process.

Are all AI medical devices high-risk under the AI Act?

AI systems that are medical devices or safety components are classified as high-risk under Annex III, Category 5(b), broadly regardless of MDR risk class.

When do AI Act requirements apply?

From August 2026 for high-risk AI systems including AI medical devices. Manufacturers should already be preparing.

How do MDR and AI Act data requirements differ?

MDR requires clinical data for safety/performance. AI Act adds training/validation data quality requirements. Both must be satisfied, plus GDPR for personal data.

Can ISO 13485 cover AI Act QMS requirements?

Yes. ISO 13485 can be extended to address AI Act QMS requirements by identifying and filling gaps.

Quick answer

AI medical devices in the EU must comply with both the MDR for device safety and the AI Act's high-risk requirements under Annex III for AI components.

Updated June 2026 · MmowW AI Compliance

EU MDR and AI Act: Dual Compliance for AI Medical Devices (2026)

Dual Regulatory Framework

The EU has created comprehensive regulation for AI medical devices through the Medical Device Regulation (EU 2017/745, MDR) and the AI Act (EU 2024/1689). Manufacturers must satisfy both simultaneously.

How the Frameworks Interact

The AI Act states its requirements apply in addition to MDR requirements, but conformity assessment is integrated into MDR's existing procedures. The Notified Body evaluating under MDR also assesses AI Act compliance.

Area	MDR	AI Act	Interaction
Risk management	ISO 14971	Article 9	ISO 14971 extended for AI risks
Clinical evidence	Clinical evaluation	Testing/validation	Evaluation incorporates AI testing
Post-market	PMS plan	Monitoring required	Single PMS system
Documentation	Annexes II/III	Annex IV	Integrated documentation
QMS	ISO 13485	QMS required	ISO 13485 extended

High-Risk Classification

The AI Act classifies AI systems that are medical devices or safety components as high-risk under Annex III, Category 5(b), regardless of MDR risk class. Even Class I devices with AI components may be high-risk under the AI Act, facing full requirements for risk management, data governance, documentation, transparency, human oversight, accuracy, robustness, and cybersecurity.

Data Governance

Both regulations impose data requirements from different perspectives. MDR requires clinical data demonstrating safety and performance. The AI Act requires training, validation, and testing datasets to meet quality criteria including representativeness and error management. GDPR adds requirements for personal data, creating three-way compliance.

Conformity Assessment Integration

For Class IIa, IIb, and III devices, the same Notified Body assesses both MDR and AI Act compliance. For Class I self-certifying devices, manufacturers must still ensure AI Act compliance independently.

Practical Approach

Begin with MDR classification under Annex VIII, then confirm AI Act classification under Annex III
Extend ISO 14971 risk management for AI-specific risks
Build integrated QMS based on ISO 13485 covering AI Act requirements
Create unified technical documentation satisfying both regulations
Implement single post-market surveillance system
Ensure labeling covers transparency requirements from both
Engage your Notified Body early on AI Act expectations

Timeline

AI Act requirements for high-risk systems apply from August 2026. Manufacturers should already incorporate AI Act requirements. Devices already on market should be assessed for compliance gaps.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.