⚡ 760 days. That’s all that remains.
On 2 August 2027 every AI‑powered medical device that ships into the EU must prove simultaneous compliance with both the Medical Device Regulation (MDR) and the AI Act—with no grace period. Reuters report
On 19 June 2025 the Medical Device Coordination Group released MDCG 2025‑6, its first FAQ explaining how the AI Act overlays MDR/IVDR for medical‑device AI (MDAI) systems. Official FAQ
If your team waits until 2026 to react, you will already be behind.
1 | What exactly changed?
New clarification
- Dual classification – AI software that is a safety component or standalone SaMD is automatically high‑risk under AI Act Article 6(1).
- Notified Bodies – Your technical file is audited twice: once for MDR Annex II/III, once for AI Act Annex IV.
- Cumulative evidence – Your QMS must now prove data‑governance, bias‑mitigation, transparency & cybersecurity in addition to MDR safety/performance.
Existing IEC 62304 docs are necessary but not sufficient.
- Post‑market AI monitoring – Real‑world performance & bias‑drift must feed a continuous update loop mirrored in your PMS plan.
You need live telemetry dashboards, not annual PDFs.
The FAQ confirms: the AI Act complements MDR/IVDR — it does not replace them.
2 | Three hidden blockers most teams underestimate
- Bias‑tested datasets (AI Act Article 10) – Collecting, versioning & labelling representative clinical data is harder than validating algorithm accuracy.
- Twin technical files – Converting MDR documentation into an AI Act Annex IV format can double paperwork if workflows stay siloed.
- Real‑world evidence – CSV exports won’t cut it; regulators expect near‑real‑time dashboards for safety, accuracy and bias.
3 | Your 12‑Month Gap‑Analysis Playbook
Goal: Exit month 12 with a Notified‑Body‑ready technical file covering both regulations.
| Month |
Milestone |
Key actions & deliverables |
| 1–2 |
Scope & map |
- Confirm MDR class & AI‑Act high‑risk status.
- Build requirements grid cross‑referencing MDR Annex I, AI Act Annex I & IV.
|
| 3–4 |
Data‑governance uplift |
- Catalogue all training/validation datasets.
- Document bias‑mitigation strategy (sampling, synthetic data, re‑weighting).
|
| 5–6 |
QMS expansion |
- Integrate AI‑specific risk management into ISO 14971.
- Define trigger points for model re‑training & software updates.
|
| 7–8 |
Secure‑by‑design controls |
- Implement secure boot, signed updates, SBOM monitoring.
- Run threat‑modelling on model, data pipeline & firmware.
|
| 9–10 |
Post‑market monitoring set‑up |
- Deploy live telemetry dashboards & automated alerts.
- Set KPI thresholds for accuracy, bias & drift.
|
| 11 |
Technical‑file consolidation |
- Produce unified tech file (MDR Annex II/III + AI Act Annex IV).
- Pre‑submit questions to your Notified Body (optional).
|
| 12 |
Internal audit & NB booking |
- Run mock audit; close gaps.
- Reserve NB slot before the 2027 rush.
|
4 | Where BioT fits
- Regulatory‑Aware Analytics – Attribute‑based privacy, consent & anonymization enforced at query time enable real‑time AI dashboards without exporting PHI.
- AI Model Registry & Version Control – Each model version is cryptographically signed, linked to data lineage and auto‑archived in the Design History File.
- Live Post‑Market Monitoring – Device & model telemetry feeds rule‑based alerts, detecting bias‑drift before it harms patients or triggers an FSCA.
- Proven in the field – See how Neteera deployed proprietary AI on BioT to deliver contactless vital‑sign monitoring in months, not years.
Because BioT bakes MDR, AI Act and cybersecurity controls into the infrastructure, your engineers focus on clinical innovation—not stitching together DevOps, MLOps & compliance toolchains.
FAQ — quick answers for busy teams
Q1 | What is the EU AI Act?
The AI Act is the EU’s horizontal regulation for artificial‑intelligence systems. It classifies certain applications—like AI that influences medical decisions—as “high‑risk”, triggering strict requirements for data governance, transparency, post‑market monitoring and human oversight.
Q2 | What is MDCG 2025‑6?
MDCG 2025‑6 is the Medical Device Coordination Group’s FAQ (published 19 June 2025) that clarifies how the AI Act overlays the MDR and IVDR for medical‑device AI.
Q3 | When do the new requirements apply?
For high‑risk AI medical devices already on the market, full compliance is required by 2 August 2027. New products launched after the AI Act enters into force must comply immediately.
External Sources
