From medical device to high-risk AI system
The AI Act meets the MDR. 16 core areas, one interplay of regulations — interactively broken down: what gets added, what can be reused from existing processes, what needs to be done anew.
AI Act meets MDR — explained concisely
The complete classification of the AI Act in conjunction with the MDR: what is added, what can be reused from existing processes, and what needs to be set up anew.
External video — loaded from YouTube on playback.
An approved product becomes a high-risk system
Medical devices that are an AI system or integrate one are generally considered high-risk AI. In that case, the AI-specific requirements of the AI Act apply in addition to the MDR.
MDR-compliant medical device
Already approved and certified under the Medical Device Regulation.
AI integrated or AI system
A learning or inferring component changes the risk profile.
High-risk AI system
The AI Act and MDR apply together — the AI-specific obligations are added.
What is added?
Which AI Act requirements apply in addition to the existing MDR obligations?
What can be reused?
Where can existing MDR processes be reused and extended?
What is new to do?
Where are standalone, AI-specific measures indispensable?
Is my product a high-risk AI system?
Whether the AI Act high-risk obligations apply does not depend on the AI itself — but on whether your product is subject to a conformity assessment by a notified body.
Your product meets both conditions under Art. 6(1) AI Act. The AI Act high-risk obligations apply in addition to the MDR/IVDR.
Simplified guidance based on MDCG 2025-6, Table 1. The AI Act does not change the MDR/IVDR risk class itself. The case-by-case assessment remains decisive.
16 core areas of the AI Act — how far the MDR covers them
Each area shows the AI-specific obligation on the left, the MDR connecting point on the right, and the degree of overlap in the middle. Tap a tile.
AI Act · Requirement
- Continuous, iterative process throughout the entire lifecycle
- Identify, assess and mitigate AI-specific risks
- Testing procedures, where appropriate under real-world conditions (Art. 60)
MDR · Connecting point
- RMS pursuant to Annex I Section 3 already established
- AI risks can be integrated into existing processes (10)
- New risks must be added and documented
Four levers for efficient implementation
The AI Act often allows existing structures to be reused — but requires targeted AI-specific additions.
One integrated system
Build the QMS and risk management jointly for the AI Act & MDR — no duplicate structures.
Add AI-specific capabilities
Add data quality, transparency, robustness, cybersecurity and record-keeping in a targeted way.
New obligation: AI literacy
Art. 4 requires demonstrable competence among providers and deployers.
The law stays dynamic
Keep an eye on the Digital-Omnibus on AI and the EU health package.
Standards (CEN/CENELEC JTC 21)
- prEN ISO/IEC 42001 — AI management system
- prEN 18286 — QMS for the AI Act
- EN ISO/IEC 23894 — Risk management
- EN ISO/IEC 5259 series — Data quality
- prEN 18282 — Cybersecurity
EU guidelines (MDCG)
- MDCG 2025-6 — Interplay AI Act / MDR
- MDCG 2019-16 — Cybersecurity
- MDCG 2020-1 — Clinical evaluation
- MDCG 2019-13 — Sampling
- MDCG 2019-11 — Software classification
Legal bases
- AI Act — Reg. (EU) 2024/1689
- MDR — Reg. (EU) 2017/745
- IVDR — Reg. (EU) 2017/746
- GDPR — Reg. (EU) 2016/679
- Digital-Omnibus on AI (draft)
Valeri Milke
Valeri combines deep audit experience with an entrepreneurial perspective and guides organizations from ISO 27001 through NIS2 to the AI Act — from concept to certification. He makes complex security and compliance topics tangible and practical.
- ✓ ISO 27001 & ISO 42001 Lead Auditor
- ✓ Expert in AI Act, MDR & NIS2 compliance
- ✓ Building ISMS, QMS & GRC programs
- ✓ Author & sought-after speaker
Before you start.
What manufacturers of medical AI most frequently ask about the interplay between the AI Act and MDR.
A medical AI system is high-risk AI under Art. 6(1) AI Act when both conditions are met: it is a medical device or a safety component, and it is subject to a conformity assessment by a notified body under MDR/IVDR. In practice, this covers MDR Class IIa–III as well as IVDR Class B–D.
No. Classification as high-risk AI does not alter the MDR/IVDR risk class. Conversely, the MDR/IVDR class determines whether the AI Act high-risk obligations apply (MDCG 2025-6, Recital 51).
No. Art. 17(3) AI Act allows ONE integrated QMS that covers both legal acts. Risk management, technical documentation and post-market monitoring can be embedded into existing MDR processes — supplemented by the AI-specific aspects.
The least overlap concerns record-keeping (Art. 12, no MDR equivalent), data governance (Art. 10), testing in AI regulatory sandboxes (Art. 57/58) and AI literacy (Art. 4). These must largely be set up independently.
The AI Act (Regulation (EU) 2024/1689) has been in force since 1 August 2024; the requirements for high-risk AI systems apply in a staggered manner. The MDR (Reg. (EU) 2017/745) additionally remains decisive for medical AI.
High-risk AI confidently implemented
An integrated system for the AI Act and MDR, purposefully extended with AI-specific elements. We take your AI medical device from classification through to conformity — pragmatic and audit-ready.
Non-exhaustive overview · Legal status as of end of 2025 · Full compliance with the AI Act and MDR remains the responsibility of the manufacturers.