EU MDR/IVDR classification rules and EU AI Act high-risk AI system requirements
It is the expertise to map medical devices and in vitro diagnostics to their correct risk class under the EU MDR/IVDR, and to ensure AI systems integrated into those devices comply with the high-risk obligations of the EU AI Act, such as risk management, data governance, and human oversight.
This dual regulatory skill is critical for market access to the EU, the world's largest healthcare market, as non-compliance results in legal barriers to entry, product recalls, and significant financial penalties. It directly impacts business outcomes by enabling product commercialization, mitigating legal risk, and building trusted, premium brand positioning.
1Careers
1Categories
9.1 Avg Demand
15%
Avg AI Risk
How to Learn EU MDR/IVDR classification rules and EU AI Act high-risk AI system requirements
Focus on foundational terminology and core structures. Study the MDR Annex VIII classification rules, especially Rule 11 (software) and rules for invasive devices. Memorize the EU AI Act's definition of 'high-risk AI system' (Annex III) and its 8 specific categories, focusing on 'biometrics' and 'critical infrastructure'. Understand the concept of the 'planned purpose' as a key determinant for both MDR/IVDR and AI Act classifications.
Apply knowledge to real device portfolios. Practice classifying actual medical device software (SaMD) using the MDR's rule-based flowchart. Analyze how the intended use statement drives classification under both frameworks. Study the practical overlap: an AI-powered SaMD for diagnosis (MDR Class IIa/IIb) is almost certainly a high-risk AI system under the AI Act. Begin creating gap analyses against the AI Act's high-risk requirements (e.g., conformity assessment procedures, technical documentation).
Develop strategic regulatory intelligence. Master the interplay between the EU AI Act's 'risk management system' (Article 9) and the MDR's 'risk management process' (Annex I, Chapter I). Architect integrated quality and regulatory management systems (QMS) that satisfy both MDR (Annex IX) and AI Act (Annex IV) technical documentation requirements simultaneously. Lead cross-functional teams through complex Notified Body assessments and Competent Authority audits for combined AI-MD products.
Practice Projects
Beginner
Project
MDR/IVDR Classification Decision Tree Mapping
Scenario
You are a regulatory specialist at a startup. Your first task is to classify three new software applications: 1) A patient diary app, 2) an AI algorithm that analyzes X-rays for fractures, 3) an IVDR companion diagnostic for a cancer drug.
How to Execute
1. Obtain the technical file for each product, focusing on intended use. 2. Map each product against MDR Annex VIII rules, starting with Rule 1 (non-invasive) and proceeding to Rule 11 (software). Document the classification rationale step-by-step. 3. For the IVDR product, apply the IVDR Annex VIII rules, emphasizing Rule 1 (for near-patient testing) and Rule 6 (for companion diagnostics). 4. Prepare a 1-page summary report for each product with final class and justification.
Intermediate
Case Study/Exercise
Integrated Gap Analysis for an AI-Powered SaMD
Scenario
A company has a CE-marked Class IIa SaMD (MDR) that uses machine learning for preliminary image analysis. The latest software update incorporates a new deep learning model trained on patient data. The company needs to prepare for the EU AI Act.
How to Execute
1. Confirm the AI system's classification as high-risk under AI Act Annex III, category (a) (biometrics) or (b) (critical infrastructure), depending on its specific use. 2. Conduct a side-by-side requirement mapping: compare MDR Annex I (General Safety and Performance Requirements) with AI Act Articles 8-15 (high-risk requirements). 3. Identify specific gaps, such as the need for an AI-specific risk management system (AI Act Article 9) or detailed data governance documentation (AI Act Article 10). 4. Draft a remediation plan that integrates the missing AI Act requirements into the existing MDR technical file and QMS procedures.
Advanced
Case Study/Exercise
Notified Body Submission Strategy for a Novel AI-MD Product
Scenario
You are the Head of Regulatory Affairs leading the conformity assessment for a novel Class IIb AI-powered implantable medical device. The Notified Body is experienced with MDR but new to the AI Act. Your submission must be robust enough to secure approval and set a precedent.
How to Execute
1. Develop a hybrid submission dossier: structure the technical documentation per MDR Annex II & III, but embed AI Act Annex IV requirements within each relevant section (e.g., detailed training data description in Section 6.2). 2. Pre-brief the Notified Body's reviewers by providing a high-level overview of the AI Act's high-risk requirements and how your dossier addresses them. 3. Prepare a detailed 'AI System Description' annex, explicitly linking the AI model's lifecycle (development, validation, monitoring) to the MDR's clinical evaluation and post-market surveillance plans. 4. Script responses for potential review questions that challenge the product's 'high-risk' classification or the adequacy of human oversight measures.
Tools & Frameworks
Regulatory Classification & Mapping Tools
MDR Annex VIII Classification Rules FlowchartIVDR Annex VIII Classification Rules FlowchartEU AI Act Annex III High-Risk AI System Checklist
Use these official decision trees and checklists as the primary methodical tool for every new product assessment. They provide the legally binding logic for determining regulatory obligations.
ISO 13485 is the mandatory QMS foundation for MDR/IVDR. ISO 42001 provides a structured approach to implementing AI Act requirements. ISO 14971 is the common risk management thread that must be extended to cover AI-specific risks.
Interview Questions
Answer Strategy
Demonstrate a structured, dual-framework analysis. Start with MDR classification based on intended purpose and risk, then independently apply the AI Act, and finally analyze the convergence. 'First, for the MDR: The algorithm is software intended to provide information for diagnostic decisions, making it a medical device under Article 2(1). Based on its intended purpose in a clinical trial for a serious disease and its role in screening, it would likely be classified as Class IIa under Rule 11 of Annex VIII, as it provides information used to make decisions for diagnostic purposes but is not intended to directly monitor vital physiological processes. For the EU AI Act: As it uses biometric data (voice) to categorize individuals based on health status, it falls under Annex III, Category (a) 'biometrics', making it a high-risk AI system. The key convergence is that its Class IIa MDR status automatically triggers the high-risk AI Act obligations, requiring conformity with Articles 8-15, especially concerning data governance and human oversight for the clinical trial setting.'
Answer Strategy
Test problem-solving, influence, and practical regulatory judgment. Use a specific STAR method example. 'In a previous role, we had a mobile app that combined a patient diary (MDR Class I) with an AI-based mood pattern analysis tool. The core ambiguity was whether the AI component elevated the entire app to a higher class under Rule 11. I resolved it by initiating a formal pre-submission meeting with a Notified Body, presenting a detailed intended use and risk analysis. Their feedback was that because the AI output was for the patient's self-awareness only and not for a healthcare professional to make a diagnostic decision, the entire system remained Class I. This clarity, obtained in 4 weeks, allowed us to avoid the full Notified Body audit, saving an estimated 3 months and significant cost, and we proceeded to self-declaration with a robust technical file.'
Careers That Require EU MDR/IVDR classification rules and EU AI Act high-risk AI system requirements