Sector — HealthTech / MedTech
Medical AI under the EU AI Act
The MDR + AI Act intersection — and what it means for your conformity pathway.
Most medical AI systems classified MDR Class IIa or higher are automatically high-risk under the AI Act (Art. 6(1)). The two regulations don’t replace each other — they layer. MDCG 2025-6 maps the interaction. This page summarises the rule, the four obligations that don’t derive from MDR, and the deadline that matters for your team.
- · Independent · Brussels-based · BCE BE 1034.962.482
- · Pre-conformity advisory firm · No commercial relationship
- · Methodology versioned · sources MDCG 2025-6 + AIA + MDR/IVDR
Classification Rule
When medical AI is automatically high-risk
Two cumulative conditions under Art. 6(1) AIA (MDCG 2025-6 Q2): (1) the medical AI is a safety component (Art. 3(14) AIA) OR the AI system is the medical device / IVD itself; AND (2) the medical AI is subject to third-party conformity assessment by a Notified Body under MDR (Reg. 2017/745) or IVDR (Reg. 2017/746). If both conditions are met → high-risk under Art. 6(1). If not → Art. 5 (prohibited practices) and Art. 50 (transparency) still apply independently.
Mnemonic: “Notified Body involved = high-risk AIA.”
| MDR/IVDR classification | Notified Body | High-risk AIA (Art. 6(1)) |
|---|---|---|
| MDR Class I — non-sterile, non-measuring, non-reusable surgical | No | No |
| MDR Class I — sterile / measuring / reusable surgical | Yes | Yes |
| MDR Class IIa, IIb, III | Yes | Yes |
| MDR Annex XVI | Yes | Yes (except non-invasive Class I) |
| IVDR Class A — non-sterile | No | No |
| IVDR Class A — sterile | Yes | Yes |
| IVDR Class B, C, D | Yes | Yes |
| In-house device — Art. 5(5) MDR/IVDR | No | No (but Art. 5 AIA still applies) |
Source: MDCG 2025-6 / AIB 2025-1 — Interplay between MDR & IVDR and AIA (June 2025), Table 1 page 6.
Timeline
The MedDev deadline is 2 August 2027 — not 2 August 2026
Most companies in the AI ecosystem focus on 2 August 2026 (Art. 50 transparency). For medical AI under Art. 6(1), the relevant date in the regulation as currently in force is 2 August 2027 — when high-risk obligations on Annex I AI systems become applicable (Art. 113(c)).
Devices already placed on the market before 2 August 2027 do not trigger new AIA obligations until the first significant design change on or after that date (MDCG 2025-6 Q31).
Note on Digital Omnibus negotiations: the EU’s Digital Omnibus on AI is currently in trilogue (Parliament and Council positions adopted March 2026). Both co-legislators have converged on postponing Annex III standalone deadlines to 2 December 2027 and Annex I product-embedded deadlines (which include AI-enabled medical devices) to 2 August 2028, with divergence on the precise treatment of Annex I categories. Final text not yet adopted. Plan as if 2 August 2027 holds; monitor Omnibus adoption.
Sources: Reg. 2024/1689 Art. 113 · MDCG 2025-6 Q31 · Digital Omnibus on AI (legislative train, EP).
Four deltas
Four obligations that don’t derive from MDR
MDR is a strong foundation for medical AI conformity. But it does not cover four AI-specific obligations introduced by the AIA. These deltas need to be added to the existing technical file (single QMS approach, MDCG 2025-6 endorsed).
Delta 1 — Substantial modification (autonomous concept)
Art. 3(23) AIA defines “substantial modification” independently of MDR’s “significant change.” A change can be substantial under AIA without being significant under MDR — and vice versa. The two assessments must be done in parallel.
Delta 2 — Human oversight (architectural enforcement)
Art. 14 AIA requires that the design of the system supports meaningful human oversight, including the technical ability for human operators to intervene and override system behaviour. MDR’s safe-design principle covers operational safety and usability; AIA Art. 14 adds an explicit architectural-enforcement layer for AI-specific oversight.
Delta 3 — Automatic logging at runtime
Art. 12 AIA requires automatic event logs at runtime, for each prediction or inference, throughout the operational life of the system. MDR imposes device-level traceability; AIA adds behavioural logs at the inference level.
Delta 4 — AI literacy of deployers
Art. 4 AIA imposes a transverse permanent obligation on the manufacturer to ensure that downstream users (HCPs, institutions) have a sufficient level of AI literacy. This is not a CE-marking requirement; it is a structural deployer-side obligation that flows back to the manufacturer.
Sources: Reg. 2024/1689 Art. 3(23), 4, 12, 14 · MDCG 2025-6 Q14, Q19, Q20.
Report scope
What our assessment covers for medical AI
The Sprinkling Act report for a medical AI system covers the six gates of the standardised methodology, with the medical AI specificity layered in.
- →G1 — Art. 5 — Are any of the 8 prohibited practices triggered?
- →G2 — Art. 6(1) — Is the AI system a safety component of an EU-regulated product (MDR/IVDR pathway)? — core gate for medical AI
- →G3 — Art. 6(2) + Annex III — Does any high-risk domain apply in addition (e.g. employment, education, public services)?
- →G4 — Art. 50 — Does an end user interact with the AI without knowing?
- →G5 — Art. 51/53 — Does the system use or distribute a general-purpose AI model?
- →G6 — Art. 6(3) — Can the “no significant risk” exception apply?
Medical AI specificity:
- ·MDR/IVDR class verification against MDCG 2025-6 Table 1
- ·Article 6(1) determination with Notified Body status check
- ·Substantial modification vs significant change mapping (Delta 1)
- ·4 deltas applied to the candidate’s existing technical file
- ·Timeline orientation (2 August 2027 + significant change trigger)
Out of scope (explicit):
- ×Not a conformity assessment under Art. 43 AIA
- ×Not a CE-marking opinion under MDR/IVDR
- ×Not a Notified Body certification
- ×Not legal advice — consult qualified counsel for legal decisions
- ×Not a substitute for clinical evaluation under MDCG 2020-1
Integration
Single QMS, single technical file (MDCG 2025-6 §3)
MDCG 2025-6 explicitly endorses integration rather than duplication. The manufacturer maintains one QMS and one technical documentation (Art. 11(2) AIA + Art. 17(3) AIA + Recital 81). The Sprinkling Act assessment is structured to feed directly into your existing technical file — not to duplicate it.
What we add: the article-by-article AIA mapping that sits on top of your MDR work, identifying which AIA articles trigger and where they integrate into your existing controls (risk management Art. 9, data governance Art. 10, technical documentation Art. 11, logging Art. 12, transparency Art. 13, human oversight Art. 14, accuracy/robustness/cybersec Art. 15, deployer information Art. 26).
Source: MDCG 2025-6 §3 + Art. 8(2), 17(3), Recital 81 AIA.
International alignment
Aligned with WHO guidance for medical AI
Our methodology is consistent with the World Health Organization’s Regulatory considerations on artificial intelligence for health (WHO, 19 October 2023, ISBN 9789240078871). The WHO identifies six topic areas for AI regulation in healthcare, mapped below to EU AI Act + MDR articles. The Sprinkling Act assessment is also informed by the WHO Generating evidence for AI-based medical devices framework (WHO, 17 November 2021, ISBN 9789240038462).
| WHO topic area (2023) | EU AI Act + MDR mapping (Sprinkling Act interpretation) |
|---|---|
| 1. Documentation and transparency | Art. 11 + Annex IV AIA · Annex II MDR |
| 2. Total product lifecycle approach and risk management | Art. 9 AIA · MDR Annex I §3 |
| 3. Intended use and analytical / clinical validation | MDCG 2020-1 · Art. 13 AIA |
| 4. Data quality, privacy and data protection | Art. 10 AIA · GDPR · MDR Annex II |
| 5. Engagement of stakeholders | Art. 26-27 AIA (deployer obligations) |
| 6. Collaboration across regulatory bodies | MDCG 2025-6 (issued by MDCG + AIB jointly) |
These WHO publications are advisory — they do not replace EU AI Act and MDR/IVDR legal obligations, but they provide an international reference layer that informs methodology choices for medical AI manufacturers operating across jurisdictions.
Sources: WHO 9789240078871 (2023) · WHO 9789240038462 (2021).
Document your AI Act position before your next significant design change
Independent · article-mapped · verifiable hash-stamped report · delivered by email.
Sprinkling Act is an independent pre-conformity advisory firm. It is not a law firm, not a Notified Body, not a certification body, and not affiliated with the European Commission, the European Parliament, or any national supervisory authority. Reports are an informative indication, not legal advice. Companies should consult qualified legal counsel and a Notified Body for compliance and certification decisions. Based on EU AI Act — Regulation 2024/1689 + Medical Devices Regulation (Reg. 2017/745) + IVDR (Reg. 2017/746) + MDCG 2025-6 / AIB 2025-1.