EU MDR Meets EU AI Act: Double Compliance for Medical Device Software

If you're building AI software that qualifies as a medical device in the EU, congratulations. You now have two regulatory frameworks to deal with. The Medical Device Regulation (MDR) and the EU AI Act. Different requirements. Different timelines. Same product. It's exactly as annoying as it sounds. Why Two Frameworks? MDR regulates medical devices. Has since 2017 (fully applied May 2021). It covers safety, clinical evidence, post-market surveillance, and the CE marking process. It knows what a medical device is. The EU AI Act regulates AI systems. It covers transparency, risk management, human oversight, and data governance. It knows what an AI system is. An AI diagnostic tool is both. So both apply. The EU knew this would happen. Article 6(1) of the AI Act says that AI systems which are safety components of products covered by EU harmonization legislation (like MDR) are automatically high-risk under the AI Act. No escape hatch. No exemption. If your AI is a medical device, it's high-risk AI. Period. What MDR Already Requires If you've been building medical device software in the EU, you already know most of this. IEC 62304 software lifecycle compliance (Annex I, Section 17).