TÜV AI.LAB White Papers - whack a mole game
By Mitch on Thursday, 14 August 2025, 13:29 - Regulations - Permalink
The TÜV AI.Lab published two white papers on the interaction between the AI Act and the MDR:
Better Safe Than Sorry? ISO 13485 and the EU AI Act
and:
AI Act and MDR - A match made in heaven or double the trouble.
Some serious content behind the itching titles.
What is TÜV AI.Lab?
The TÜV AI.Lab was founded in October 2023 as an independent joint venture of the TÜV companies: TÜV Süd, TÜV Rheinland, TÜV Nord, TÜV Hessen and TÜV Thüringen.
Its mission, present its website is (excerpt):
The TÜV AI.Lab takes on the task of implementing social and regulatory requirements, e.g. the EU AI regulation, into test criteria and processes and to accompany the development of standards for the testing of safety-critical AI applications.
Knowing the problems that Notified Bodies are going to face with the AI Act, this venture is welcomed.
Note: to my best knowledge, only TÜV Süd, Nord, and Rheinland are designated for the MDR. Thus, this venture also addresses other products in the scope of the AI Act.
Problems and Solutions
These white papers adopt the German way:
- Listing and analyzing problems,
- Giving existing solutions,
- And, if necessary, giving a plan to find other solutions.
ISO 13485 vs AI Act
Problem
There is no standard to implement a QMS compliant to AI Act requirements.
Existing solution
The white paper ISO 13485 and the EU AI Act contains a traceability matrix between AI Act article17 on AI management system and ISO 13485 clauses. The traceability also gives a coverage ratio of ISO 13845 to fulfil AI Act article 17 requirements.
This is the first little gem of these white papers.
Use it to drawn you gap analysis and your conformity transition plan for your QMS, from ISO 13485 + MDR QMS to ISO 13485 + MDR + AI Act QMS.
We see in this traceability matrix that the biggest gap is on Article 17.1.f. It requires to establish a new data management process into our existing ISO 13485 QMS.
Plan to find other solutions
This white paper mentions the future harmonized standards on QMS, from the CEN/CLC/JTC21 working group, as future source of information.
It also mentions ISO 42001 as another solution to close gaps found in the traceability matrix. More than seeking an ISO 42001 certification, MDAI manufacturers should use ISO 42001 as a tool, as a reference, to find information on how to fill the gaps.
For JTC21 standards, we have to wait for the final version of these standards. Since they will match AI Act requirements for any impacted industry, they may be too generic for MDAI manufacturers, compared to MDAI standards being cooked by some other working groups.
AI Act vs MDR
Problem
AI Act contains lots of new requirements, applicable to MDAI manufacturers.
Solution
The white paper AI Act and MDR contains a comparison showing what MDR and AI Act have in common. This is quite a lot. Of course, lot of gaps remain. To do so, the paper contains an assessment of impact of AI Act requirements on High-risk AI systems: Articles 10 to 15.
There is nothing like an annex with General Safety and Performance Requirements (GSPR) in the AI Act. Articles 10 to 15 are a kind of list of GSPR applicable to the product.
This gap analysis is the second little gem of these white papers.
Use it to drawn your gap analysis and your conformity transition plan for your MDAI technical file, from MDR CE mark to MDR + AI Act CE mark.
Remark: the pyramid representation of MDR classes and AI Act risks is a questionable choice. There is no such thing as a correspondance between the two systems.
Plan to find other solutions
Like in other white papers previously reviewed, this one contains more questions than answers: Definition of safety component, human supervision, sandboxed testing, substantial changes, and continuous learning systems.
Finding solutions will be a long journey: a close cooperation and dialogue with all stakeholders.
Unfortunately, this sounds more like wishful thinking than concrete actions. Manufacturers still remember how unbalanced was any kind of dialogue with other stakeholders.
Welcomed work
Of course, TÜV AI.Lab’s work in welcomed. But so much needs to be done.
It looks like a Whack-a-mole game. As soon as a problem is fixed, a new one pops-out.
This looks also like a contest between Notified Bodies, Authorities, Commission, AI Bureau and MDCG. Everyone listing their own problems and possibly giving their own solutions.
This isn't going to stop soon. When you see how many known unknowns we have in the AI Act. Plus all the unknown unknowns to discover.
Of lot of work for TÜV AI.Lab.
