Healthcare
AI in healthcare can save lives, but also cause harm. Medical diagnostics, treatment recommendations and patient triage directly affect patient safety. The EU AI Act overlaps with the Medical Device Regulation (MDR) and IVDR. AI as a medical device is high-risk by definition. The stakes are highest here.
AI applications in this sector
Medical diagnostics
AI systems that analyze medical images (radiology, pathology, dermatology) or provide diagnostic suggestions. When certified as a medical device, these fall under Annex I, section A (via the MDR) and are high-risk by definition.
Treatment recommendations
AI systems that suggest treatment plans based on patient data, medical literature and clinical guidelines. The boundary between decision support and autonomous decision-making determines the risk classification.
Patient triage
AI for prioritizing patients based on urgency, symptoms and available capacity. Direct impact on patient safety when the system makes errors in urgency assessment.
Drug discovery
AI for identifying potential pharmaceuticals and predicting efficacy. During the research phase, this usually falls under minimal risk, but can become high-risk in clinical application.
AI as medical device
Software that qualifies as a medical device under the MDR (class IIa or higher). The EU AI Act explicitly references the MDR and IVDR in Annex I: these AI systems are automatically high-risk and must comply with both regulations.
High-risk classification
The EU AI Act (Regulation 2024/1689) classifies the following healthcare applications as high-risk:
AI as medical device
Annex I, section A (via MDR 2017/745)AI systems that qualify as a medical device or in-vitro diagnostic medical device under the MDR or IVDR are automatically high-risk under the EU AI Act. This includes diagnostic software, clinical decision support systems and medical image analysis.
Safety components of medical devices
Annex I, section AAI systems that function as a safety component of a medical device. This applies even when the AI system itself does not qualify as a medical device, but fulfills a safety-relevant function.
Access to healthcare
Annex III, point 5(a)AI systems used by public authorities or on their behalf to evaluate whether persons are eligible for healthcare services. This affects triage, waiting list management and healthcare access decisions.
Specific challenges
Overlap with MDR and IVDR
The EU AI Act explicitly references the MDR (2017/745) and IVDR (2017/746). AI systems that qualify as medical devices must comply with both regulations. The conformity assessment procedures partially overlap but are not identical. You need expertise in both frameworks.
Patient safety
Errors in medical AI can directly lead to wrong diagnoses, missed conditions or incorrect treatments. The EU AI Act requires robust risk management (Article 9) and human oversight (Article 14). In healthcare, the threshold for "acceptable risk" is lower than in other sectors.
Clinical validation
Medical AI systems must be clinically validated. The MDR requires clinical evidence, the EU AI Act requires that training data is representative and of high quality (Article 10). Both requirements demand a structured validation approach.
Data sensitivity
Medical data is special category personal data under the GDPR (Article 9). The EU AI Act sets additional requirements for data governance of high-risk systems (Article 10). You need robust data processing agreements, pseudonymization and access controls.
Our approach for healthcare
Healthcare requires an approach that accounts for the overlap between the EU AI Act, the MDR/IVDR and the GDPR. We combine knowledge of AI regulation with understanding of the clinical context and help you set up an integrated compliance framework.
Compliance Quickscan
AI Literacy Training (Article 4)
Governance Framework
In healthcare, AI compliance is about patient safety.
Medical AI affects people at their most vulnerable. The EU AI Act and the MDR rightly set the highest requirements here. In a free 30-minute intake we map out which AI systems your institution uses, how the MDR and EU AI Act apply to your situation, and what the first steps are.
Book your free intakeNot satisfied after the Quickscan? You pay nothing.