The rise of artificial intelligence in healthcare is more than a story of algorithms and compute power. It’s equally a story of regulation. In Europe, two frameworks now define how medical AI will be built, certified, and deployed: the Medical Device Regulation (MDR) and the AI Act. Together, they create a “double framework” that every innovator must understand — and navigate wisely.
MDR: The Medical Device Baseline
The EU Medical Device Regulation (MDR 2017/745) has been in force for several years. By 2025, it is no longer new — Notified Bodies have established clear routines for assessing software as a medical device (SaMD).
For AI in healthcare, MDR sets the first line of accountability:
- Classification: Most diagnostic or decision-support software falls under Rule 11, Class IIa.
- Requirements: Clinical evaluation, risk management, usability engineering, and post-market surveillance.
- Process: A structured technical file, quality management system (QMS), and interaction with a Notified Body.
In practical terms, MDR is the gatekeeper for placing an AI module on the European market. No CE marking under MDR means no deployment in clinical care.
The AI Act: Raising the Bar
Starting in 2026, the EU’s AI Act adds a new layer. Healthcare AI is explicitly defined as “high-risk”, triggering strict obligations on top of MDR:
- Transparency: Developers must document datasets, training processes, and limitations.
- Governance: Risk management systems must include bias detection, monitoring, and human oversight.
- Ongoing Compliance: Continuous logging, monitoring, and reporting throughout the lifecycle — not just at launch.
While MDR focuses on the safety and performance of medical devices, the AI Act zooms in on the specific risks of artificial intelligence. Think of it as MDR + continuous AI-specific oversight.
Why Both Matter Together
It’s tempting to see MDR and the AI Act as separate hurdles. In reality, they reinforce each other:
- MDR ensures that software behaves as a safe, effective medical device.
- The AI Act ensures that AI inside that device is lawful, explainable, and trustworthy.
Together, they form Europe’s most comprehensive framework for medical AI — a double safeguard for patients, clinicians, and society.
The Challenge for Innovators
For startups and established companies alike, the double framework can feel daunting:
- Timelines: MDR submissions already take months; AI Act obligations add continuous effort.
- Documentation: Every dataset, model update, and risk mitigation step must be recorded.
- Resources: Compliance is not a one-time cost but an ongoing operational function.
Late entrants may find themselves bogged down in long review queues, while those who design compliance into their platforms from day one will move faster.
The Opportunity: Native Compliance
The key is not to treat MDR and the AI Act as afterthoughts but as foundations. Platforms that are “natively compliant” — with a core approval strategy under MDR and AI Act-ready monitoring baked in — will have a strategic advantage.
By aligning early, companies can:
- Accelerate market access with modular approvals.
- Reduce the risk of expensive rework.
- Build trust with hospitals, regulators, and patients.
Conclusion
The future of medical AI in Europe will be shaped as much by law as by technology. MDR provides the medical device backbone, while the AI Act ensures that artificial intelligence itself meets the highest standards of transparency and trustworthiness.
For innovators, this double framework is both a challenge and an opportunity. Those who embrace compliance as a design principle — rather than a checkbox — will be the ones to define the next era of healthcare AI.