Industry · Healthcare
AI in a medical device sits under two regulators.
Annex I of the EU AI Act + the Medical Device Regulation (MDR) + GDPR Article 9 special-category data + national notified bodies. Four regulatory tracks for one product. We've shipped this with two pharma companies and one med-device manufacturer.
Annex I · MDR overlap
two regulators · one workflow
Annex I
MDR overlap
AI as safety component of a regulated medical device — full high-risk regime.
Art. 9
GDPR
Special-category health data — extra controls + DPIA.
EUDAMED
Registration
Sectoral registration sits alongside Article 71 EU AI Act database.
Aug 2, 2027
Annex I deadline
Annex I high-risk regime applies — overlapping with MDR conformity assessment.
How to operationalise
Five things every regulated healthcare AI team should do.
Don't double-document
Map every Annex IV section to the existing MDR technical-file section. Most clinical-evaluation evidence already covers Articles 13, 14, 15 — we surface the equivalence so you only write the delta.
Article 27 FRIA for triage models
Patient-facing triage that affects clinical pathway = essential-services deployer obligation under Art. 27. The FRIA template includes the fundamental-rights nexus required by Article 27(1)(c).
GDPR Art. 9 special-category controls
Field-level encryption + access controls per system. Visible on the system Overview tab + included in the Annex IV data governance section automatically.
Article 73 clock + MDR vigilance
Serious-incident clock starts the moment the incident is filed. Same incident feeds the MDR vigilance system without re-entry.
Notified-body pre-engagement
Schedule it. Annex I AI conformity assessment requires notified-body engagement before deployment — we host the submission packet for them to review.
Multi-lingual evaluation
Required for triage + clinical decision support across EU member states. The accuracy module tracks per-language evaluation with threshold gates.
See it on a clinical AI use case.
Bring a triage or diagnostic-support model. We'll classify, run the FRIA template, and surface the MDR overlap on the call.