MedTech Europe je objavil pozicioni dokument, ki poziva

TL;DR (Kaj je pomembno za RA/QA)

• Zakon o umetni inteligenci timing & scope. Industry asks to push full application for medical tech to 2 August 2029, align “substantial modification” with MDR/IVDR “significant change,” and let MDR/IVDR-designated Notified Bodies carry the Zakon o umetni inteligenci load—sensible if coupled with concrete readiness milestones.
• Zakon o podatkih boundaries. Make Chapter II data-sharing voluntary for regulated MedTech, extend application to September 2029, exclude legacy products, and rebalance trade-secret protections—coherent with design control and safety.
• Cybersecurity. Keep EU cybersecurity certification voluntary and harmonise NIS2 transposition/reporting to prevent a patchwork that drains assurance capacity.
• EHDS scope. Narrow “EHR system” definition to primary intended purpose, avoid double regulation of devices, and allow modular self-certification where components overlap.

Kaj dokument pravilno opisuje (iz perspektive QA/RA)

1. Avoiding duplicate risk systems. Recognising that vertical MDR/IVDR processes (e.g., ISO 14971 risk management within QMS) should fulfil horizontal Zakon o umetni inteligenci obligations reduces audit friction and preserves traceability.
2. Extending Zakon o umetni inteligenci timelines—with guardrails. A move to 2 Aug 2029 reflects standards lead time, NB capacity, and evolving guidance; wins only if tied to deliverables (AI Office guidance, harmonised standards, NB designation pathways).
3. Fixing the pre-market evidence trap. Clinical/performance studies should not be misconstrued as “put into service.” Exemptions (when studies follow MDR/IVDR rules) avoid blocking evidence generation.
4. Terminology alignment on change control. Map Zakon o umetni inteligenci “substantial modification” to MDR/IVDR “significant change” to prevent routine updates from triggering re-certification.
5. Pragmatic stance on Zakon o podatkih & EHDS. Mandatory raw-data sharing in safety-critical products can jeopardise security and mislead users; prioritising EHDS as the sectoral mechanism and protecting trade secrets aligns with PMS goals.

Kje argumentu manjka jasnosti

• No blank-cheque delays. Extensions should be conditional: publish a MedTech AI implementation roadmap (standards, NB designation, guidance on learning systems and post-market update control) with public milestones.
• Operational definition of “learning safely.” Alignment must include model lifecycle controls: data governance, drift/bias monitoring, rollback, real-world performance evidence, and field-update validation—mapped to MDR/IVDR PMS/PMCF and Zakon o umetni inteligenci risk management.
• EHDS modularity in practice. Define component boundaries, assurance artefacts, and labelling to keep modular conformity assessments auditable.
• One-stop incident reporting. Implement a single-intake, multi-routing model (taxonomy, SLAs, deduplication) to reduce RA/QA overhead across CRA/NIS2/EHDS/MDR.

Učinek za vodje RA/QA

1. Convergence, not duplication. Build a single, integrated risk-and-assurance stack where Zakon o umetni inteligenci duties are referenced from MDR/IVDR processes (design control, risk, usability, cybersecurity, PMS).
2. Evidence pathways for pre-market AI. Create a protocol template for AI clinical/performance studies that documents non–“put into service” status plus data-protection and safety controls.
3. Model-update governance. Define safety-relevant vs non-relevant model changes; set gates for V&V, field release, PMS analytics; and pre-agree with your NB on reporting.
4. Zakon o podatkih hygiene. Establish a risk-based data-sharing playbook: when to share, what to share (processed vs raw), how to protect (trade-secret screening, minimisation, security handbrake).
5. EHDS scoping. Apply a primary intended-purpose test; where overlap with EHR functions exists, scope a modular conformity dossier and confirm expectations early with authorities.

90-dnevni vodnik QA/RA (Praktičen in preverljiv)

Day 0–30: Baseline & Gap Map

• Ustvari matriko sledenja zahtev: AI Akt ↔ klavzule MDR/IVDR, opazujete
• Katalogirajte modelne spremembe v zadnjih 12 mesecih; razredčite s pre
• Identificirajte izdelke s funkcijami podobnimi EHR in izvedite EHDS ob

Day 31–60: Controls & Templates

• Objavite modelno posodobitev SOP: nadzor podatkov, V&V, vgradnja,
• Predložite dodatek predprodajnega AI študija protokola, ki jasno
• Ustanovite strokovno skupino za deljenje podatkov (RA + Pravno + Varno

Day 61–90: Assurance & External Alignment

• Pilotne sekcije integriranega tehničnega dokumenta, ki povezujejo artef
• Se srečajte z vašim Obveščenim telom, da se strinjate s tehnološkimi ko
• Določite eno incidentno prijavo, ki jo je mogoče popolnoma zapolniti s

Predlogi za politiko (Namenski in preverljivi)

1. Conditional Zakon o umetni inteligenci extension to 2029, tied to:
   • Objava vodil za MedTech AI (upravljanje sprememb, učenje sistemi, povez
   • Pot do označevanja NB, ki ponovno uporablja tehnološke kodi MDR/IVDR, k
   • Dostava relevantnih harmoniziranih standardov do leta 2026 z podporo za
   • Legal clarity for pre-market studies: Exclude MDR/IVDR investigations/performance studies from “placing on the market/putting into service” under the Zakon o umetni inteligenci when compliant with sectoral rules.
   • Recognise sectoral risk systems: Confirm that MDR/IVDR-conformant risk management fulfils Zakon o umetni inteligenci risk obligations; avoid duplicate audits.
   • Zakon o podatkih health carve-out: Make device/IVD/EHR data obligations voluntary; extend to 2029; exclude legacy products; rebalance trade-secret protections.
   • EHDS scope precision: Anchor “EHR system” to primary intended purpose; enable modular self-certification of overlapping components; issue consistent guidance to Member States.
   • Cybersecurity coherence: Preserve voluntary EU certification; harmonise NIS2 definitions, timelines, and reporting; reuse the CRA single reporting platform for NIS2 (“report once”).

Zaključni misel

“Simplifikacija” should mean one set of controls that satisfies many laws, not many parallel systems that exhaust teams. The position paper points in the right direction—now it needs deliverable-level specificity so QA/RA leaders can execute with confidence.

---

Note: This article is for informational purposes only and does not constitute legal or regulatory advice.