The new MDCG guidance on the AI Act and MDR/IVDR integration (MDCG 2025-6) has finally dropped. For many in the industry, it’s what we expected: a summary of what we already knew, wrapped in regulatory language that leaves many of the hardest practical questions unanswered.

Having official confirmation that the MDR/IVDR framework already covers many AI Act requirements is incredibly useful. The guidance clarifies that clinical investigations can be used to support AI systems outside of formal AI Sandboxes, which removes one barrier for innovators. But beyond these welcome confirmations, we're still left with the same implementation gaps that have been a source of uncertainty for months.

The document essentially tells us to add AI-specific sections to our Technical Documentation—something any competent AI medical device manufacturer was likely already doing. What it doesn't yet provide is a clear path for navigating the messy realities of dual compliance, especially when timelines don't align or how notified bodies will actually assess these integrated requirements in practice. This is made more challenging by the current lack of harmonized standards and the potential for conflicting standards between the AI Act and MDR/IVDR.

Despite these gaps, the document serves as a foundational FAQ for navigating this new landscape. For developers of Medical Device Artificial Intelligence (MDAI), here’s a chapter-by-chapter breakdown of what you need to know and do.

I. Scope of Application and Classification

The first step is determining if your AI-enabled device is a "high-risk AI system" under the AIA. The guidance clarifies that an MDAI is deemed high-risk if it meets two conditions:

1. It is a medical device itself or a safety component of one.
2. It requires a third-party conformity assessment by a notified body under the MDR or IVDR.

This means most MDAIs—specifically those classified as MDR Class I (sterile, measuring, or reusable surgical), Class IIa, IIb, and III, and IVDR Class A (sterile), B, C, and D—will be considered high-risk AI systems. Crucially, the AIA risk classification doesn't change your device's MDR/IVDR class; rather, the MDR/IVDR class determines if the AIA's high-risk rules apply.

II. Integrating AI Act Requirements into Your QMS

This section details the practical integration of AIA requirements into the existing MDR/IVDR framework.

• Quality and Risk Management Systems

  Your existing QMS must be updated to incorporate AIA-specific requirements. You are strongly encouraged to integrate these into your current system to avoid duplication. This integrated QMS must now formally address data governance, record-keeping, transparency, and human oversight for AI. Similarly, your risk management process must expand to identify and mitigate risks to fundamental rights, data biases, and system robustness.

• Data Governance

  High-quality data is paramount. For high-risk MDAI, training, validation, and testing datasets must be relevant, representative, and as error-free as possible. You must document procedures for data transparency, integrity, and the examination of potential biases, using logging capabilities to trace and identify situations where bias might arise.

• Technical Documentation and Transparency

  The message is clear: create a single, unified set of technical documentation that satisfies both regulations. It must detail the device's design, architecture, data processing methods, and performance testing for AI components. High-risk MDAI must also be designed for transparency, providing clear instructions that enable users to correctly interpret the system's output.

• Human Oversight and Cybersecurity

  You must design high-risk MDAI with built-in human oversight mechanisms, such as a "stop" button or the ability for a clinician to override the AI's decisions. The AIA also requires technical solutions to address AI-specific cybersecurity vulnerabilities, which must be integrated into your existing cybersecurity risk management.

III. Clinical Evaluation, Conformity, and Post-Market Monitoring

• Clinical Investigations as "Real-World Testing"

  The guidance confirms a crucial point: clinical investigations (under MDR) or performance studies (under IVDR) are considered "real-world testing" under the AIA. This allows for pre-market testing of high-risk systems without needing to use a formal "AI Sandbox," removing a significant potential barrier for innovators.

• Conformity and Substantial Modifications

  For high-risk MDAI, the notified body assessing the device under MDR/IVDR will also assess compliance with AIA requirements. The AIA introduces its own definition of "substantial modification," which will trigger a new conformity assessment. However, for AI systems that continuously learn post-market, changes that were pre-determined and assessed during the initial conformity assessment will not be considered "substantial."

• Integrated Post-Market Surveillance (PMS)

  Manufacturers must integrate AIA post-market monitoring requirements into their existing PMS systems. A new dimension is the need to monitor the MDAI's interaction with other AI systems and software. Additionally, deployers (users) are now required to monitor the system's operation and report back to the manufacturer.

The Road Ahead: My View on What's Still Missing

The document acknowledges that many practical questions remain unanswered, explicitly promising future guidance on several key topics, including data requirements, substantial modifications, and post-market monitoring plans. This list of forthcoming guidance is where the real challenge lies.

It confirms that we are still in a "wait-and-see" period for the most critical implementation details. The guidance doesn't yet solve the messy realities of dual compliance when timelines don't align, nor does it clarify how notified bodies will assess these integrated requirements without harmonized standards. We face the very real possibility of navigating conflicting standards between the AIA and MDR/IVDR.

So, while MDCG 2025-6 provides a foundational map, manufacturers of AI-powered medical devices must proceed with caution and diligence. We need to prepare our systems and documentation for a future where compliance is a moving target, all while eagerly awaiting the harmonized standards and detailed implementation guidelines that will ultimately determine the true path forward.