Skip to content
TamRx · Medical AI compliance

Is my AI high-risk under the EU AI Act?

If your AI is a CE-marked medical device regulated under MDR or IVDR with Notified Body involvement, it is automatically high-risk under the EU AI Act — there is no separate AI risk-classification step. What matters then is which obligations apply, and by when.

Run this assessment free →

Automatic high-risk classification

Any AI system that is itself a medical device, or a safety component of one, regulated under MDR or IVDR and requiring third-party conformity assessment, is automatically high-risk. A Class IIa diagnostic imaging AI, a Class III decision-support algorithm and a Class C IVD with an AI interpretation engine are all high-risk. Rule-based software with no learning component is not covered by the AI Act.

What high-risk actually requires

High-risk obligations span Articles 9–15: a risk management system, data governance, technical documentation, automatic logging, transparency to users, human oversight, and accuracy/robustness/cybersecurity. For MDR-compliant teams, data governance (Article 10) and logging (Article 12) are usually the widest genuine gaps.

The deadlines moved — know which applies

The original high-risk dates were 2 August 2026 and 2 August 2027. Under the Digital Omnibus, the date for AI embedded in regulated products like medical devices moved to 2 August 2028 — but the change is not yet law until formally published. The AI literacy obligation (Article 4) stays fixed at 2 August 2026. Run the live assessment for the exact current position.

Frequently asked questions

Is all medical AI high-risk under the EU AI Act?
Effectively yes for AI that is a medical device or safety component regulated under MDR/IVDR with Notified Body involvement — it is automatically high-risk. AI with no learning component, or with no medical device status, may fall outside or into a lower-risk category.
When do EU AI Act obligations start for medical devices?
The original date was 2 August 2027 for AI in regulated products; the Digital Omnibus moves this to 2 August 2028, but only once formally adopted. Until then, 2 August 2026 remains an active baseline and AI literacy (Article 4) applies from 2 August 2026 regardless.
Does MDR compliance mean I already meet the AI Act?
No. They are parallel frameworks. MDR governs safety and performance; the AI Act governs how the AI was built, trained and governed. Risk management and documentation partly reuse MDR work, but data governance, logging and AI literacy are typically new.
Related
Decision-support only. AI-generated content may contain errors. Not legal or medical advice, and no guarantee of regulatory approval. Verify against primary legislation, guidance and qualified professional judgement before submission.