Software in Medical Devices, by MD101 Consulting

This white paper is a summary of AI Act content and its interactions with MDR / IVDR. It contains also BSI's interpretation of AI Act requirements and interaction with MDR /IVDR.

This document is a quite interesting and practical one for people wanting to have a summary of the AI Act without reading the body text of that regulation. Examples given at the end of the document are also quite interesting and practical. For those who already read the AI Act (!), these examples will give you or confirm your interpretation.
Since it is already a summary, no need to summarise here the summary (I let other medical device news websites post a LLM-generated summary of this white paper :-).

A few remarks

Here are a few remarks picked up when reading this white paper:

In section AIA classification and Interplay with MDR

• The document insists on the concept of safety function depending on the type of device that manufacturers place on the market. Especially MDSW and software which drives or influences a medical device. MDCG guidance or AI Office guidance should confirm BSI's interpretation,
• Annex III of AI Act is considered as not applicable to medical devices. This is perhaps at too quick assertion. We could imagine a medical device, which intended purpose relies on performance of an AI system doing biometric categorisation or emotion recognition.

In section Quality Management System

• It puts emphasis on data management and data governance. Implementing the AI Act requirements into an existing MDR-compliant QMS will require a new data management process, to cover AI Act requirements on data, as well as GDPR and other regulations referenced in the AI Act,
• It references ISO 42001 and ISO 23894. It's worth noting that these standards won't be harmonized according to the CEN-CLC/JTC 21, the working group in charge of AI Act standards harmonization,
• Especially, ISO 23894 uses the concept of risk defined in ISO 31000: Effect of uncertainty. This definition isn't suitable for medical devices. Thus, this standard should be left apart when seeking conformity both to AI Act and MDR.

In section Technical documentation requirements

• The document mentions that the AI Act imposes more rigorous documentation and monitoring requirements, going beyond what is required by the MDR. It is right that the AI Act goes beyond the MDR on AI-specifics. But it is rather wrong that the AI Act imposes more rigorous documentation and monitoring requirements. Hey, BSI, by experience, you know how rigorous MD documentation shall be (manufacturers who chose you still recall)!

In section Product requirements

• It mentions the human oversight but doesn't question the suitability of such requirement for medical devices. Take a close-loop device: Is it relevant to have human oversight the way it is required in the AI Act? Article 14 of AI Act uses the words as appropriate and proportionate to implement human oversight. Maybe BSI's intent is to stay consensual and give early guidance, in the absence of AI Office guidance or MDCG guidance,
• Likewise, it mentions accessibility requirements and the need to integrate accessibility requirements to ensure inclusivity for all users. Such requirements may not be suitable, depending on the medical device intended purpose.

In section Changes to AI system

• It heavily insists on the definition of significant changes according to the MDR versus the AI Act. And this remains a good question. Further guidance from the AI Office and/or the MDCG is welcome!
• It also mentions the FDA PCCP guidance. It's true that state-of-the-art on changes on AI systems can be found in this FDA document. We hope that future MDR or AI Act guidance or standards will be aligned with FDA PCCP principles.

Conclusion

This white paper is a good reading if you want an introduction to AI Act requirements and its interactions with MDR.
I raises the good questions on topics subjects to interpretation, which need clarification by the AI Office and/or the MDCG.


Note: why naming a fictitious French manufacturer Reality Vieux. That sounds so awkward to fluent French speakers. Voilà, this is probably a private joke.