Classification of AI-Enabled Medical Devices

Under the AI Act, AI systems are categorized based on their risk levels:

• Unacceptable Risk: AI applications that pose a clear threat to safety or fundamental rights are prohibited.
• High Risk: AI systems that could significantly affect health, safety, or fundamental rights, such as those used in medical devices, are subject to stringent regulations.
• Limited and Minimal Risk: These categories involve fewer obligations, focusing primarily on transparency and oversight.

AI-enabled medical devices are classified as high-risk due to their direct impact on patient health and safety. Consequently, they must comply with rigorous requirements to ensure their reliability and ethical use.

Key Obligations for High-Risk AI Systems

Manufacturers of AI-enabled medical devices must adhere to several critical obligations:

• Quality Management System (QMS): Implement a QMS that ensures compliance with the AI Act’s standards, encompassing processes for design, development, testing, and post-market surveillance.
• Technical Documentation: Maintain comprehensive documentation detailing the AI system’s design, intended purpose, performance metrics, and risk assessments.
• Data Governance: Ensure that training, validation, and testing datasets are relevant, representative, and free from errors to prevent biases and inaccuracies.
• Transparency and Information Provision: Provide clear instructions for use, including the AI system’s capabilities, limitations, and any associated risks, enabling users to operate the device safely and effectively.
• Human Oversight: Design AI systems to allow human intervention, ensuring that operators can oversee and, if necessary, override AI decisions to maintain patient safety.
• Accuracy and Cybersecurity: Ensure the AI system’s accuracy, robustness, and resilience against cybersecurity threats, protecting patient data and device functionality.

Support for Small and Medium-Sized Enterprises (SMEs)

Recognizing the potential burden on SMEs, the AI Act includes provisions to assist these entities in achieving compliance:

• Regulatory Sandboxes: Establishment of controlled environments where companies can develop and test AI systems under regulatory supervision, facilitating innovation while ensuring adherence to standards.
• Educational Support: Member states are encouraged to provide SMEs with education and information to navigate compliance requirements effectively.
• Fee Adjustments: Notified bodies are urged to consider fee reductions for conformity assessments and translation services for smaller entities, alleviating financial pressures.

Challenges and Considerations

Despite efforts to harmonize regulations, manufacturers may face challenges, including:

• Resource Constraints: Notified bodies may require additional expertise to assess AI systems adequately, potentially leading to delays and increased costs. 
• Regulatory Overlaps: Navigating overlapping requirements between the AI Act and existing medical device regulations could create complexities, particularly concerning definitions and compliance procedures.
• Data Privacy Concerns: Aligning the AI Act’s data governance requirements with the General Data Protection Regulation (GDPR) is crucial to ensure patient data privacy and security.