Definition of AI-projects based on Medical Device Regulation

AI-based projects in healthcare must align with the Regulation (EU) 2017/745 on medical devices (MDR) and the Regulation (EU) 2017/746 on in vitro diagnostic medical devices (IVDR) to ensure patient safety, performance reliability, and compliance with European legal standards. According to the Medical Device Coordination Group (MDCG) 2019-11 Guidance, AI software intended for medical purposes—including diagnosis, monitoring, and treatment—qualifies as a medical device and is subject to strict classification based on its risk level. High-risk AI applications, such as automated diagnostic tools, require conformity assessments and clinical validation to meet the General Safety and Performance Requirements (GSPR) of the MDR.

Additionally, Directive 2016/1148 on security of network and information systems (NIS Directive) and MDCG 2019-16 Rev.1 Guidance on Cybersecurity for Medical Devices establish mandatory cybersecurity measures to protect AI-based medical devices against cyber threats and unauthorized alterations. These regulations require a privacy-by-design approach, ensuring strong data governance, secure encryption, and comprehensive traceability of AI decisions to safeguard from unauthorized access or system manipulation.

In compliance with the MDR, AI developers must also ensure transparency and explainability, particularly for high-risk AI models. Systems must provide sufficient documentation and justification for their outputs, allowing healthcare professionals to interpret AI-generated decisions. Adherence to these regulations is essential to maintain trustworthiness, accountability, and ethical compliance in AI-driven healthcare solutions.