Book Free Call
AI in Healthcare
ai-act

EU AI Act for Healthcare Providers: High-Risk AI Compliance 2026

Healthcare AI can save lives. It can also cause serious harm if it fails. The EU understood this—medical AI faces some of the most comprehensive regulation under the AI Act, layered on top of existing medical device requirements. Our EU AI Act compliance overview explains how the regulation’s risk tiers apply, and healthcare sits firmly in the highest tier.

For German healthcare providers and medtech companies, compliance is complex but navigable.

Medical Devices Are High-Risk

AI that qualifies as a medical device under the MDR is automatically high-risk under the AI Act. Diagnostic AI, clinical decision support, treatment planning systems, patient monitoring with clinical implications—all high-risk. Our AI medical diagnosis compliance guide details the documentation and oversight obligations for diagnostic systems specifically.

The good news: MDR compliance counts. If you’ve done conformity assessment under the Medical Device Regulation, you don’t need separate AI Act conformity assessment. But you still need to meet the substantive AI Act requirements, and the notified body process must address AI-specific risks.

Administrative AI Is Different

Not all healthcare AI touches patients. Scheduling systems, resource allocation, billing optimization, administrative automation—these support operations without making clinical decisions. They’re generally lower risk, though worker-affecting systems need transparency.

The distinction is clinical vs. administrative. AI that affects patient care is high-risk. AI that affects hospital operations usually isn’t.

Research and Development

AI used purely for medical research, before any clinical application, has more flexibility. But the moment AI moves toward patient care—even in clinical trials—medical device and AI Act requirements engage. Research teams accelerating with AI should consult our AI drug discovery compliance guide at the outset, before clinical transition triggers full obligations.

What This Means Practically

Healthcare organizations need to classify AI by function. Clinical AI needs integrated MDR and AI Act compliance. Administrative AI needs basic documentation and worker transparency—our AI employee monitoring compliance guide is relevant for HR and workforce management tools. The BfArM and medical device notified bodies are building AI Act expertise. For infrastructure decisions, Azure OpenAI and AWS Bedrock both publish healthcare-specific compliance documentation worth reviewing.

How Compound Law Helps

  • AI system classification for healthcare
  • MDR and AI Act integration
  • Clinical AI compliance frameworks
  • Administrative AI documentation
  • Notified body coordination

Frequently Asked Questions

Does MDR compliance satisfy AI Act? Partly. MDR conformity assessment is recognized under Article 28 EU AI Act, but you still need to meet the substantive AI Act requirements for high-risk systems — including technical documentation under Articles 11–17, human oversight, and post-market monitoring.

Is scheduling AI high-risk? Generally no. Administrative tools that don’t affect clinical decisions are lower risk.

What about AI in clinical trials? Research AI has flexibility, but clinical application triggers full medical device and AI Act requirements.

Do I need legal support for an AI diagnostic tool that falls under both the MDR and the EU AI Act? Yes. AI diagnostic tools that qualify as medical devices under the EU Medical Device Regulation (MDR) and as high-risk AI under the EU AI Act must simultaneously comply with both regulatory frameworks — and the intersection creates specific legal and technical challenges. The MDR requires CE marking via a notified body; that conformity assessment process is recognised under Article 28 EU AI Act. However, you still need to meet the substantive AI Act requirements separately: technical documentation, risk management, quality management, human oversight, and post-market monitoring. Compound Law advises MedTech companies and diagnostic AI developers on navigating the MDR–AI Act intersection, including dual-framework documentation strategies and notified body coordination. Our AI medical diagnosis compliance guide details the specific obligations, and our pharmaceutical AI Act page covers related GxP and clinical trial compliance situations.

How do the EU AI Act and the EU MDR interact for AI-powered medical devices? The EU AI Act and the EU Medical Device Regulation (MDR) create overlapping but distinct compliance obligations for AI-powered medical devices in Germany. Under EU AI Act Article 28, AI systems already subject to MDR conformity assessment by a notified body do not need a separate AI Act conformity assessment — but they must still satisfy the substantive AI Act requirements for high-risk systems (Articles 9–17), including technical documentation, quality management, and post-market monitoring. Both frameworks align on transparency, documentation, and human oversight, but diverge on definitions and specific procedural requirements. MedTech companies should conduct a dual-framework gap analysis to identify where existing MDR compliance already satisfies AI Act obligations and where additional steps are needed. Compound Law advises healthcare and MedTech companies in Germany and the DACH region on integrated MDR and EU AI Act compliance strategies.

Related Industry Guides

EU AI Act August 2026 compliance deadline checklist for companies in Germany
ai-act

EU AI Act August 2026 Deadline: What Companies Must Do Before August 2

EU AI Act compliance deadline is August 2, 2026. High-risk AI system deployers must complete conformity assessments, FRIA, and EU database registration now.
EU AI Act compliance for hotels and the hospitality sector in Germany
ai-act

EU AI Act for Hotels & Hospitality: Requirements & Compliance

What does the EU AI Act require from hotels and hospitality businesses in Germany? Risk classes, compliance duties, and deadlines explained.
AI in Agriculture
ai-act

AI Act and Agriculture: What German Farms Need to Know

How the EU AI Act affects precision farming, autonomous tractors, and agricultural AI in Germany.

Frequently asked questions

Does MDR compliance satisfy AI Act?

Partly. MDR conformity assessment is recognized under Article 28 EU AI Act, but you still need to meet the substantive AI Act requirements for high-risk systems — including technical documentation under Articles 11–17, human oversight, and post-market monitoring.

Is scheduling AI high-risk?

Generally no. Administrative tools that don't affect clinical decisions are lower risk.

What about AI in clinical trials?

Research AI has flexibility, but clinical application triggers full medical device and AI Act requirements.

Do I need legal support for an AI diagnostic tool that falls under both the MDR and the EU AI Act?

Yes. AI diagnostic tools that qualify as medical devices under the EU Medical Device Regulation (MDR) and as high-risk AI under the EU AI Act must simultaneously comply with both regulatory frameworks — and the intersection creates specific legal and technical challenges. The MDR requires CE marking via a notified body; that conformity assessment process is recognised under Article 28 EU AI Act. However, you still need to meet the substantive AI Act requirements separately: technical documentation, risk management, quality management, human oversight, and post-market monitoring. Compound Law advises MedTech companies and diagnostic AI developers on navigating the MDR–AI Act intersection, including dual-framework documentation strategies and notified body coordination. Our [AI medical diagnosis compliance guide](/en-DE/compliance/ai-medical-diagnosis/) details the specific obligations, and our [pharmaceutical AI Act page](/en-DE/ai-act/pharmaceuticals/) covers related GxP and clinical trial compliance situations.

How do the EU AI Act and the EU MDR interact for AI-powered medical devices?

The EU AI Act and the EU Medical Device Regulation (MDR) create overlapping but distinct compliance obligations for AI-powered medical devices in Germany. Under EU AI Act Article 28, AI systems already subject to MDR conformity assessment by a notified body do not need a separate AI Act conformity assessment — but they must still satisfy the substantive AI Act requirements for high-risk systems (Articles 9–17), including technical documentation, quality management, and post-market monitoring. Both frameworks align on transparency, documentation, and human oversight, but diverge on definitions and specific procedural requirements. MedTech companies should conduct a dual-framework gap analysis to identify where existing MDR compliance already satisfies AI Act obligations and where additional steps are needed. Compound Law advises healthcare and MedTech companies in Germany and the DACH region on integrated MDR and EU AI Act compliance strategies.

Book Free Call