Is my AI high-risk under the EU AI Act?
If your AI is a CE-marked medical device regulated under MDR or IVDR with Notified Body involvement, it is automatically high-risk under the EU AI Act — there is no separate AI risk-classification step. What matters then is which obligations apply, and by when.
Run this assessment free →Automatic high-risk classification
Any AI system that is itself a medical device, or a safety component of one, regulated under MDR or IVDR and requiring third-party conformity assessment, is automatically high-risk. A Class IIa diagnostic imaging AI, a Class III decision-support algorithm and a Class C IVD with an AI interpretation engine are all high-risk. Rule-based software with no learning component is not covered by the AI Act.
What high-risk actually requires
High-risk obligations span Articles 9–15: a risk management system, data governance, technical documentation, automatic logging, transparency to users, human oversight, and accuracy/robustness/cybersecurity. For MDR-compliant teams, data governance (Article 10) and logging (Article 12) are usually the widest genuine gaps.
The deadlines moved — know which applies
The original high-risk dates were 2 August 2026 and 2 August 2027. Under the Digital Omnibus, the date for AI embedded in regulated products like medical devices moved to 2 August 2028 — but the change is not yet law until formally published. The AI literacy obligation (Article 4) stays fixed at 2 August 2026. Run the live assessment for the exact current position.