AI Regulation Tracker / Guidance and standards
EU Regulators Explain How the AI Act, MDR, and IVDR Fit Together for AI Medical Devices
In June 2025 the Medical Device Coordination Group and the Joint Artificial Intelligence Board published MDCG 2025-6, an FAQ that maps how the EU AI Act sits on top of the medical device rules for AI-enabled devices. Originally published June 19, 2025; this is non-binding MDCG guidance on AI Act/MDR/IVDR interplay, not new binding law. It changes no legal duty on its own.
AI-enabled medical devices in Europe now sit inside two rulebooks at once. The MDR and the IVDR have governed how software and devices reach the market for years. The AI Act, Regulation (EU) 2024/1689, adds a separate layer of requirements aimed specifically at AI systems. Manufacturers kept asking the obvious question: how do these fit together, and what do I actually have to do twice? MDCG 2025-6 is the regulators' first attempt to answer that in plain terms.
The document was endorsed by the Medical Device Coordination Group and the Joint Artificial Intelligence Board and published in June 2025. It is written as a frequently-asked-questions guide, and it says up front that it is a first set of answers that will be developed and updated over time. It is aimed at manufacturers, notified bodies, and competent authorities.
The core idea: two regimes, applied at the same time
The starting point is that the MDR and IVDR were not written with AI-specific risks in mind. As the guidance puts it, "The AIA complements the MDR/IVDR by introducing requirements to address hazards and risks for health, safety and fundamental rights specific to AI systems." The consequence is what the document calls a simultaneous and complementary application of both frameworks for a medical device that contains a high-risk AI system.
Throughout the document, AI systems used for medical purposes are called Medical Device Artificial Intelligence, or MDAI, and that label also covers accessories, IVDs, and MDR Annex XVI products. The practical point is that a manufacturer of one of these systems is not choosing between the device rules and the AI rules. Both apply, and the job is to make them work together without doing the same paperwork twice.
When an AI medical device is high-risk under the AI Act
The guidance sets a clear two-part test. In its words, "A MDAI is considered a high-risk AI system under Article 6(1) AIA if it meets both of the following conditions: 1. the MDAI is a safety component, or the AI system is itself a medical device and 2. the MDAI is subject to a third-party conformity assessment by a notified body in accordance with the MDR/IVDR."
That second condition does most of the work. If your device already needs a notified body under the MDR or IVDR, its AI is high-risk under the AI Act. The guidance includes a table walking through the classes: the lowest-risk MDR Class I devices with no notified body involvement fall outside the high-risk bucket, while MDR Class IIa, IIb, and III, Annex XVI products, and IVD Classes B, C, and D land inside it. So the more scrutiny the device already draws under the medical rules, the more likely the AI layer is treated as high-risk.
One point the guidance is careful about: being high-risk under the AI Act does not bump your device into a higher class under the device rules. As it states, "The classification of an AI system as a high-risk under Article 6(1) AIA does not imply that the medical device or in vitro diagnostic medical device falls in a higher risk class under the MDR and IVDR." The two classifications run on separate tracks.
The part that saves work: integrated documentation
The most useful section for anyone actually building these devices is the guidance on avoiding duplication. The AI Act requires high-risk systems to have management systems, data governance, technical documentation, transparency and human oversight, and accuracy, robustness, and cybersecurity controls. A lot of that overlaps with what the MDR and IVDR already demand.
The guidance leans into that overlap. Under Article 8(2) of the AI Act, it says, manufacturers "have a choice of integrating, as appropriate, the necessary testing and reporting processes, information and documentation they provide with regard to their MDAI into documentation and procedures that already established under the MDR/IVDR." It strongly encourages manufacturers to use that flexibility, while making clear the device still has to be fully compliant with the AI Act, the MDR or IVDR, and any other applicable EU law. In other words, you can fold the AI Act evidence into your existing technical file rather than build a parallel one, but the substance still has to be there.
What this is, and what it is not
I want to be precise, because a regulator's name on a document tempts people to read more into it than is there.
This is guidance. It is explicitly non-binding. The document itself says its views "are not legally binding and only the Court of Justice of the European Union can give binding interpretations of Union law." It does not create a new duty, and it says it is without prejudice to any guidance the European Commission may later adopt. The binding duties live in the AI Act, the MDR, and the IVDR themselves. MDCG 2025-6 tells you how the regulators read the fit between them.
Timing matters here. The AI Act entered into force in 2024 and its obligations phase in over several years. For Article 6(1) medical-device AI, MDCG points to August 2, 2027; other high-risk routes, including Annex III, have different applicability timing. So this guidance is not describing a duty that already bites for most medical-device AI. It is the map for a compliance deadline that is now getting close, which is exactly why it is worth reading before then rather than after.
What this means for US medtech, pharma, and their counsel
If you are a US company placing AI-enabled devices or diagnostics on the EU market, this document is close to a checklist for how your EU obligations stack. The device rules you already navigate through a notified body are the trigger that pulls the AI Act high-risk requirements on top. The guidance tells you that if you need a notified body, your AI is high-risk, and it tells you that you can build the AI Act evidence into the technical documentation you are already assembling rather than run a second track.
For US healthcare providers, in-house counsel, and compliance leads tracking where international AI-in-medicine standards are heading, the value is directional. The EU is the first major market to layer a horizontal AI law over sector-specific medical device rules, and MDCG 2025-6 is the clearest read yet on how regulators intend the two to coexist. The pattern it describes, high-risk pegged to existing conformity assessment, AI evidence integrated into the device file, and separate but parallel classification, is the kind of structure other regulators tend to borrow. It is a benchmark for what serious oversight of medical AI looks like, not a rule that binds a US filing.
The practical thread is documentation and governance. The AI Act requirements the guidance walks through, data governance, technical documentation, human oversight, and post-market monitoring, are the same disciplines that decide whether an audit or an inspection goes well anywhere. Where did the data come from, who oversees the model, how do you handle a substantial modification, and can you show your work. The guidance does not invent those questions. It tells you the EU expects documented answers for medical AI.
What to do now
Read the finding, not the headline. MDCG 2025-6 is a map of how existing rules interact, not a new obligation that landed in June 2025. If you make AI-enabled devices for the EU, check whether your device draws a notified body, because that is the switch that makes your AI high-risk under the AI Act. Plan to integrate the AI Act evidence into your MDR or IVDR technical documentation rather than duplicate it, since the guidance explicitly invites that. Watch the August 2, 2027 date for high-risk medical-device AI obligations, and remember this FAQ is a living document the regulators expect to update. And do not treat non-binding guidance as the rule itself. Base any compliance decision on the AI Act, MDR, and IVDR text and qualified EU regulatory advice.
Questions professionals are asking
Did MDCG 2025-6 create a new rule for AI medical devices?
No. It is a non-binding FAQ published in June 2025 by the MDCG and the Joint AI Board that explains how the AI Act, MDR, and IVDR apply together. The document states its views are not legally binding. The duties live in the AI Act, MDR, and IVDR themselves.
When is an AI medical device high-risk under the EU AI Act?
When both conditions are met: the AI is a safety component or is itself a medical device, and it is subject to a third-party conformity assessment by a notified body under the MDR or IVDR. In practice, if your device needs a notified body, its AI is high-risk under Article 6(1) of the AI Act.
Does AI Act high-risk status change my device class under the MDR or IVDR?
No. The guidance states that classifying an AI system as high-risk under Article 6(1) of the AI Act does not imply the device or IVD falls into a higher risk class under the MDR or IVDR. The two classifications run on separate tracks.
Do I have to build separate AI Act and MDR documentation?
Not necessarily. The guidance points to Article 8(2) of the AI Act, which lets manufacturers integrate the AI-specific testing, reporting, and documentation into the documentation and procedures already established under the MDR or IVDR. The device still has to be fully compliant with all three, but you can avoid duplicating the file.
When do these AI Act obligations start to apply?
For AI that is a regulated product or safety component under sectoral law such as the MDR and IVDR, the high-risk obligations under Article 6(1) apply from August 2, 2027, the later end of the AI Act transition. MDCG 2025-6 is guidance to prepare for that, not a duty that already binds today.
RELATED BRIEFINGS
Browse the full AI Regulation News tracker
Informational analysis for working professionals, not legal or regulatory advice. Confirm how any standard or requirement applies to your situation with qualified professionals in the relevant jurisdiction.