In June 2025, the MDCG published its sixth new guidance of the year: MDCG 2025-26. This document provides answers on certain aspects of the interplay between the Medical Devices Regulations (MDR and IVDR) and the Artificial Intelligence Act (AI Act).
Classification and requirements on medical devices using AI
A “medical device software” (MDSW) is a software intended, either alone or in combination, to fulfil a medical purpose. The AI Act defines an AI system as a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment and infers how to generate outputs based on the input it receives.
The AI Act is not impacting the classification of the medical devices using AI. On the contrary, it is medical device classification under the MDR or IVDR to determine the risk class under the AI Act:

AI requirements: lifecycle management, QMS, risk management, data governance
The AI Act reinforces the obligation of manufacturers to ensure that the device remains safe and performant throughout its entire life. In this context, manufacturers shall keep a risk management system as a continuous iterative process. Among others, this includes activities such design, development, testing, deployment, monitoring, and updates of the medical device using AI. In particular, the post-market monitoring system is crucial for ensuring performance and compliance of AI devices that continue learning after being deployed.
Risk management requirements of high-risk medical devices using AI include ongoing assessments of known and reasonably foreseeable risks that the high-risk device can pose. Particularly, the assessment shall take into account risks to fundamental rights, data biases, and system robustness. System robustness include analysing and mitigating risks related to system design, development, and deployment, and may include training to deployers.
Similar to the MDR and IVDR, the AI Act requires manufacturers to implement a quality management system (QMS) for AI devices. The AI Act QMS obligations are complementary to the QMS required under the MDR or IVDR. Specifically, the provisions of the AI Act target aspects of the AI system such as data governance, record-keeping, transparency, and human oversight must be integrated. To comply with the data governance requirements, manufacturers shall implement data governance and management practices appropriate for the claimed intended purpose. For instance manufacturers shall consider possible biases that are likely to affect the health and safety of the patient using the device and have a negative impact on fundamental rights or lead to discrimination. Importantly, manufacturers must implement appropriate measures to detect, prevent, and mitigate possible biases identified.
The new guidance MDCG 2025-6 provides further explanation on the implementation of data governance provisions from Q8 to Q11,
AI requirements: technical documentation, transparency, human sight
According to the AI provisions, the technical documentation of medical devices using AI shall include:
- Details about the device’s design
- Development, key design choices, functionality, performance characteristics, system architecture
- Computational resources to develop, train, and test
- Intended use and purpose
- Evidence of conformity with relevant regulatory requirements
Under the AI Act, transparency is a core requirement. To meet this requirement, manufacturers shall ensure that operations of high-risk medical devices are enough transparent to enable deployers to interpret outputs correctly and use the system appropriately. Clear and comprehensible instructions for use should support its operations. Additionally, users should always be informed that they are interacting with AI system, unless obvious for the user. The transparency requirements of the AI Act further reinforce the MDR and IVDR transparency requirements within the General Safety and Performance Requirements (GSPRs).
From Q12 to Q17, the guidance provides more context on the content of the technical documentation, including provisions on transparency, explainability, and data processing requirements as well as on accountability and usability.
One further key aspect to address in the design of AI systems is the human oversight (Q18 to Q20). Human oversight measures should guarantee that the system is designed in a way that cannot be overridden by the system itself and is responsive to the human operator.
Cybersecurity forms part of the risk management system and QMS system. The MDR, IVDR and AI Act emphasise the need for robust cybersecurity measures. Especially, the cybersecurity measures shall aim to:
- prevent unauthorised access, cyberattacks, exploits, manipulation
- ensure operational resilience
- secure data transmission and storage
- detect and respond to cybersecurity incidents
Clinical and performance evaluation: AI Act and MDR/IVDR
According to the MDR and IVDR, manufacturers shall perform software verification and validation activities to ensure that the device meets the applicable requirements and functions correctly. This requires clinical validation to demonstrate that devices using AI produce accurate, reliable, and clinically relevant outputs. A clinical investigation for medical devices and a performance study for IVDs generate clinical evidence. The AI Act does not explicitly use the term “clinical evaluation” or “performance evaluation”. However, its sets requirements for accuracy, robustness, and cybersecurity for high-risk medical devices.
Real-word testing is possible under the AI Act as long as such testing is in accordance with applicable Union or national laws. Notably, the AI Regulation does not apply to AI systems not yet placed on the market or put into service. Nonetheless, it includes provisions for high-risk AI systems that undergo testing in real-world conditions prior to their placing on the market or putting into service.
MDCG 2025-6 provides Q&A on many other aspects concerning the interplay of the AI Act with medical devices using AI, including conformity assessment and substantial modifications.
MDlaw Library of Documents has specific sections dedicated to medical devices using AI. Contact us for more details.
Leave a Reply