The AI Act and the MDR post-market requirements for semiautonomous AI SaMD: a radiology case study in prostate cancer.

Authors

Abstract

To clarify overlapping post-market obligations under the EU Artificial Intelligence Act (AIA) and EU Medical Device Regulation (MDR) for high-risk artificial intelligence (AI) Software as a Medical Device (SaMD), and to map the regulatory landscape for manufacturers, healthcare providers, AI providers, and AI deployers. We conducted a qualitative doctrinal legal analysis of post-market provisions in the AIA and MDR, using a case study of a high-risk Class III AI SaMD for prostate cancer radiology. No empirical clinical or performance data were collected. The analysis focused on key stakeholders, including device manufacturers and deployers (e.g., healthcare providers). We sought to identify (1) convergence, where both regulations impose overlapping or complementary requirements, and (2) divergence, where obligations are addressed by only one regulation, revealing potential regulatory gaps. We organized the extracted post-market obligations into ten categories. Overall, both regulations place increasing emphasis on lifecycle traceability and continuous monitoring. We identified convergence in areas such as documentation and performance monitoring, while divergences emerged in domains like human oversight (in the AIA) and reporting non-serious patterns (in the MDR). We also identified gaps in regulatory guidance, particularly regarding system updates, human oversight, and the evolving responsibilities of healthcare providers. The AIA and MDR share common ground in some post-market areas but also diverge in key responsibilities. To ensure safe and effective use of high-risk AI in healthcare, clearer coordination between the two frameworks is needed, especially in areas such as human oversight and system modification, where current guidance remains limited.

Tags

Topics