EU Rethinks How to Regulate AI in Medical Devices – Interplay between the MDR and AIA under current and proposed legislation

The scope of application of the MDR and the AIA under current legislation

The current interplay between the EU MDR and IVDR¹ (Regulations (EU) 2017/745 and 2017/746) and the AIA is complex. The AIA has a much broader scope and applies across industry sectors. Consequently, not all concepts under the AIA and the MDR are fully harmonized. Currently, the MDR and the AIA apply in parallel. When a product is a medical device as defined in Art. 2(1) MDR and, at the same time, is or incorporates an AI system, as defined in Art. 3(1) of the AIA, that product is subject to both medical device and AI regulatory regimes.

This applies regardless of whether the AIMD in question is purely a software device (Software as a Medical Device, SaMD) – e.g., a diagnostic tool that proposes a diagnosis on the basis of a patient’s health information – or whether the device is a physical one with an embedded AI system that controls the operation of the physical device (e.g., a surgical robot steered by an AI system).

The risk-based approach of the MDR and AIA

The MDR and AIA have in common that they follow a risk-based approach and the CE mark pathway. I.e., medical devices, respectively AI systems need to undergo a conformity assessment and must fulfill stricter requirements, the higher the risk associated with the respective device or system is. Notably, all AIMDs that fall into a risk class under the MDR that requires a conformity assessment procedure involving a notified body (which means all medical devices of risk class IIa and higher) will be considered high-risk AI systems under the AIA (cf. Art. 6(1) AIA).

Pursuant to classification Rule 11 under Annex VIII of the MDR, all software that provides information used to take decisions with diagnostic or therapeutic purpose is classified as risk class IIa (or even higher when the decisions taken may have a significant impact on patient health). Supporting diagnostic or therapeutic decisions is exactly where AI systems can provide a significant benefit and improvement. Therefore, it is to be assumed that the majority of medical devices that either are AI systems or include an AI system as a safety component will fall into risk class IIa, IIb or III under the MDR and will consequently be high-risk AI systems under the AIA.

High-risk AI systems are subject to the most stringent requirements under the AIA, in particular the general requirements set forth in Chapter III, Section 2 of the AIA and the specific obligations for certain operators under Chapter III, Section 3 of the AIA. This includes the establishment of risk and quality management systems, data governance structures, technical documentation and the conduct of a conformity assessment procedure and the CE marking of the system. These requirements are largely similar to those of the MDR, resulting in overlaps and a duplication of regulatory responsibilities and obligations for key operators under the MDR and AIA.

The obligations for high-risk AI systems would become applicable from 2 August 2027, pursuant to currently applicable Article 113 of the AIA.

Proposed exemption of AIMDs from the scope of the AIA

In an attempt to simplify and streamline the regulation of AIMDs, the European Commission Proposal dated 16 December 2025 introduced a disruptive shift to the current framework as described above. While the Proposal is framed as a simplification, it eventually does not mean deregulation.

The Proposal foresees that the EU medical device legislation would be moved from Section A to Section B of Annex I to the AIA. In essence, this would mean that the AIA would no longer apply to medical devices except for very few provisions (cf. Article 2(2) of the AIA).

Economic operators of AIMDs would then no longer have to fulfill the requirements under both the MDR and AIA and would cease to have a double role as an economic operator under MDR and an operator under the AIA with respect to the same AIMD. Instead, solely the MDR requirements and obligations would apply.

However, this will not mean that all requirements applicable to AIMDs under the AIA will cease to apply: The Proposal provides that the European Commission may use its implementing and delegated powers to lay down specific requirements regarding AI used in medical devices, taking into account the requirements set out in Chapter III, Section 2 of the AIA. This is a reference to the chapter of the AIA laying down “Requirements for high-risk AI systems”, such as the establishment of risk management systems, data governance structures, technical documentation and the human oversight requirement. We, therefore, anticipate that significant parts of the AIA’s material requirements will be incorporated into the MDR through updates of common specifications and general safety and performance requirements applicable to AIMDs.

Therefore, the Proposal if enacted will remove the overlapping roles and responsibilities of operators involved in the supply chain of AIMDs but likely not how AIMDs need to be designed to be marketable in the European Union.

What the Proposal means for operators of AIMDs

The Proposal and its contemplated streamlining and simplification of the rules applicable to AIMDs are an important development and have been recognized positively by the industry.

Nevertheless, the current situation poses challenges. While manufacturers of AIMDs were working towards ensuring compliance with high-risk AI legislation from mid-2027, the Proposal introduces uncertainty as to which requirements are still going to apply to AIMDs in the future.

Despite the uncertainty, it is recommended that parties involved in the development of AIMDs continue pursuing the path to ensuring AIA compliance under the currently applicable rules. First, this is what the currently applicable legislation foresees, and the enactment of the Proposal and respective timelines are still unclear (although most observers anticipate that the Proposal is going to be enacted). Second, the substantive product-related requirements for AIMDs are likely not to change substantially.

Key takeaways

• Under current legislation, AIMDs that qualify as medical devices and incorporate AI are simultaneously subject to the MDR and AIA, causing regulatory overlap and duplicated obligations.
• Most AIMDs will qualify as high-risk AI systems, triggering the AIA’s most stringent requirements applicable from 2 August 2027 (including risk management, data governance, technical documentation, conformity assessment).
• The European Commission’s December 2025 Proposal would remove AIMDs from most AIA requirements, so only MDR obligations would remain.
• However, essential AIA requirements will likely still apply under the MDR, because the European Commission may introduce AI‑specific requirements into MDR common specifications or general safety and performance requirements.
• Despite regulatory uncertainty, companies should continue preparing for AIA compliance, since timelines for the enactment of the Proposal are unclear and ultimate technical requirements for AIMDs likely will not change substantially.

On May 13-14, Hogan Lovells and the AI Healthcare Coalition will host their fifth annual AI Health Law & Policy Summit in Washington, D.C., registration for which is available online here. In this forward-looking program, thought leaders and policymakers will discuss rapidly evolving health care AI regulatory frameworks, legislative developments, AI ethics, privacy issues, novel reimbursement concepts, and more.

Authored by Arne Thiermann and Benjamin Goehl.