Abstract
Purpose
To clarify overlapping post-market obligations under the EU Artificial Intelligence Act (AIA) and EU Medical Device Regulation (MDR) for high-risk artificial intelligence (AI) Software as a Medical Device (SaMD), and to map the regulatory landscape for manufacturers, healthcare providers, AI providers, and AI deployers.
Methods
We conducted a qualitative doctrinal legal analysis of post-market provisions in the AIA and MDR, using a case study of a high-risk Class III AI SaMD for prostate cancer radiology. No empirical clinical or performance data were collected. The analysis focused on key stakeholders, including device manufacturers and deployers (e.g., healthcare providers). We sought to identify (1) convergence, where both regulations impose overlapping or complementary requirements, and (2) divergence, where obligations are addressed by only one regulation, revealing potential regulatory gaps.
Results
We organized the extracted post-market obligations into ten categories. Overall, both regulations place increasing emphasis on lifecycle traceability and continuous monitoring. We identified convergence in areas such as documentation and performance monitoring, while divergences emerged in domains like human oversight (in the AIA) and reporting non-serious patterns (in the MDR). We also identified gaps in regulatory guidance, particularly regarding system updates, human oversight, and the evolving responsibilities of healthcare providers.
Conclusion
The AIA and MDR share common ground in some post-market areas but also diverge in key responsibilities. To ensure safe and effective use of high-risk AI in healthcare, clearer coordination between the two frameworks is needed, especially in areas such as human oversight and system modification, where current guidance remains limited.