EU AI Act Healthcare: High-Risk AI Requirements for Clinical Decision Support and Medical AI

Q: How does EU AI Act Article 9 risk management apply to clinical AI?

Article 9 requires providers of high-risk AI systems to implement a risk management system that is: (a) a continuous iterative process run throughout the entire lifecycle; (b) designed to identify and analyze known and foreseeable risks; (c) designed to evaluate risks emerging from unintended uses; and (d) designed to adopt risk mitigation measures. For clinical AI, this means: conducting pre-deployment clinical validation studies; testing performance across patient sub-populations (age, sex, ethnicity, comorbidities); identifying failure modes and their clinical consequences; implementing technical controls to detect and limit errors at inference time; and maintaining a risk management file that documents all of these activities. The risk management system must include post-market monitoring and be updated when evidence of new risks emerges from real-world use.

EU AI Act Healthcare: High-Risk AI Requirements for Clinical Decision Support an

Annex III: Which Clinical AI Is High-Risk?

EU AI Act Annex III, Section 5 classifies the following categories of AI systems as high-risk in the healthcare context:

AI intended to be used as a safety component of a medical device or as a medical device itself, within the meaning of EU Regulation 2017/745 (MDR) and EU Regulation 2017/746 (IVDR).
AI used for evaluation of the eligibility for treatment, care, or services — including clinical pathway recommendations, surgical planning, and resource allocation.

The practical scope of this classification is extremely broad. Any AI system that outputs a clinical recommendation — a diagnosis suggestion, a risk score, a treatment option, a drug dosing recommendation — and that clinicians are expected to act upon, is almost certainly covered. The key threshold is intended use: if the system is designed to inform clinical decisions, it is high-risk regardless of whether it ultimately requires clinician confirmation.

Classification Test for Clinical AI

Ask: Does this AI system output a recommendation, risk score, diagnosis, or treatment suggestion that a clinician would reasonably rely on in making a clinical decision? If yes, it is almost certainly Annex III high-risk. The test applies whether the system is deployed at the point of care (bedside), in population health analytics, in administrative prior authorization, or in remote monitoring. "Clinical decision support" as a category is not limited to formal CDSS products — it includes any AI that processes patient data to generate clinically actionable outputs.

MDR/IVDR Overlap and the Gap Analysis Requirement

EU AI Act Article 8(1) provides limited double-regulation relief: where an AI system is already subject to MDR or IVDR, conformity with certain MDR/IVDR requirements satisfies corresponding AI Act requirements. However, this overlap is narrower than many vendors expect.

Satisfied by MDR Compliance

General Safety and Performance

MDR Annex I GSPR compliance satisfies the AI Act's safety requirements for the same technical characteristics. Overlapping design and manufacturing controls are not duplicated.

Satisfied by MDR Compliance

Technical Documentation

MDR Annex II Technical Documentation partially satisfies AI Act Article 11 technical documentation requirements. The MDR Technical File serves as the base document.

Gap: AI Act Adds Requirements

Risk Management (Article 9)

MDR ISO 14971 risk management does not address AI-specific failure modes: distributional shift, adversarial inputs, demographic performance gaps. Article 9 requires AI-specific risk analysis extending MDR scope.

Gap: AI Act Adds Requirements

Logging and Audit Trail

MDR traceability is UDI-based and product-level. AI Act Article 12 requires automatic logging of individual AI system events — inputs, outputs, confidence, model version — at each deployment instance.

New Requirement — No MDR Equivalent

Quality Management System (Article 17)

AI Act Article 17 requires a QMS addressing AI-specific elements: data governance policies, training and validation procedures, post-market AI monitoring, and AI incident response procedures. MDR QMS does not cover these.

New Requirement — No MDR Equivalent

Accuracy, Robustness, Cybersecurity (Article 15)

Article 15 requires specific accuracy metrics, robustness against adversarial manipulation, and cybersecurity measures appropriate for medical AI. MDR does not include AI-specific adversarial robustness requirements.

Article 9: Risk Management for Clinical AI

Article 9 requires a risk management system that is a continuous, iterative process throughout the entire AI lifecycle — not a one-time pre-market activity. For clinical AI, this obligation is substantially more demanding than the ISO 14971 risk management familiar from MDR compliance.

AI-Specific Risk Categories

Clinical AI risk management under Article 9 must address risk categories not covered by traditional device risk analysis:

Article 9 Risk Categories — Clinical AI

Distributional shift Model performance degrades when deployed on patient populations differing from training data (different ethnicity, age, disease prevalence, imaging equipment). Risk management must characterize expected performance bounds across target populations.

Demographic disparities Model accuracy must be evaluated across sex, age, ethnicity, and relevant co-morbidity groups. Performance gaps exceeding pre-specified thresholds must trigger mitigation or restricted deployment.

Automation bias Risk that clinicians over-rely on AI recommendations, reducing the effectiveness of human oversight. Risk management must address interface design, training requirements, and feedback mechanisms that preserve genuine clinical judgment.

Adversarial inputs Risk that inputs are manipulated to produce incorrect AI outputs — relevant for imaging AI, NLP-based clinical notes, and patient-reported data. Article 15 robustness requirements apply.

Edge cases at deployment AI performance in unusual clinical presentations not well represented in training or validation datasets. Risk management must document known performance limits and implement warnings for out-of-distribution inputs.

Post-Market Risk Management

Article 9 requires that the risk management system be updated based on real-world performance data. For clinical AI, this means the vendor must collect post-deployment outcome data, analyze performance against pre-specified metrics, and update the risk management file when adverse events or unexpected performance gaps are identified. This creates a feedback loop between post-market surveillance (MDR Annex III) and AI risk management (Article 9) that must be explicitly managed.

Article 13: Transparency for Clinical AI

Article 13 requires that high-risk AI systems are designed and developed to ensure transparency — sufficient for deployers (healthcare organizations) and users (clinicians) to understand the AI's purpose, capabilities, and limitations.

For clinical AI, Article 13's transparency requirements translate into specific technical and documentation obligations:

Instructions for use with AI-specific content: The clinical AI system's IFU must include: the intended purpose and the clinical decisions it is designed to inform; the expected accuracy and its variation across patient subpopulations; known clinical conditions or patient characteristics where performance is uncertain or degraded; the level of oversight required from clinical users; and procedures for detecting and reporting unexpected AI outputs.
Confidence and uncertainty disclosure: The AI system must communicate its confidence level or output uncertainty to users in a manner that supports clinical judgment. Binary outputs (positive/negative) without confidence information may not satisfy this requirement for diagnostic AI.
Performance metric disclosure: Article 13 requires that providers make performance metrics available in a standardized format accessible to deployers — sensitivity, specificity, AUC, positive predictive value, and subgroup performance statistics.

Instructions for Use vs. Marketing Claims

A common gap in clinical AI transparency is the discrepancy between marketing claims ("99% accuracy") and IFU content (which must describe performance in specific clinical contexts with appropriate statistical qualification). The AI Act's transparency requirements are assessed against the IFU and technical documentation — not marketing materials. Vendors should audit their IFU against Article 13 requirements before AI Act enforcement begins, as unsupported performance claims in IFUs are a documented enforcement target.

Article 14: Human Oversight in Clinical Settings

Article 14 requires that high-risk AI systems are designed and developed to enable effective oversight by human persons during the period of use. In clinical settings, this obligation requires careful attention to interface design, workflow integration, and training requirements — because the AI Act evaluates not just whether human oversight is theoretically possible but whether the system design genuinely supports it.

What Article 14 Requires for Clinical AI

Design Requirement

Override Capability

Clinicians must be able to disregard or override AI recommendations without technical barriers. The interface must not make overriding more difficult than accepting. Override rates must be logged.

Design Requirement

Explanation Access

For each AI output, clinicians must have access to the contributing factors — relevant data points or features. This may require explainability infrastructure integrated with the AI system at the point of care.

Workflow Requirement

Interrupt Capability

Deployers must be able to stop the AI system's use in real time when unexpected behavior is observed. A stop-use procedure must be defined and tested as part of the deployment protocol.

Training Requirement

User Competency

Healthcare organizations deploying AI must train users on the system's capabilities, known limitations, and oversight responsibilities. The vendor must provide training materials as part of Article 13 documentation.

Article 17: Quality Management System

Article 17 requires providers to implement a quality management system covering all aspects of the AI system's lifecycle. The QMS must address eight specific subject areas — several of which have no direct equivalent in existing MDR QMS requirements.

QMS Elements Specific to AI

Beyond the standard QMS elements familiar from ISO 13485 medical device quality systems, Article 17 requires the QMS to address:

Data governance: Policies and procedures for training data selection, labeling, quality assurance, and management of data used throughout the AI lifecycle. This includes documentation of training datasets — sources, exclusion criteria, preprocessing, and annotation procedures.
AI model validation: Procedures for validating AI system performance prior to deployment and after material changes, including validation study design, statistical analysis, and acceptance criteria.
Post-market AI monitoring: Systematic collection and analysis of real-world performance data, including procedures for detecting performance degradation, demographic disparities, and unexpected clinical outcomes associated with AI use.
AI incident response: Procedures for detecting, documenting, and responding to AI system failures — including workflows for suspending AI use when unexpected behavior is detected, notifying the notified body and competent authority when required under Article 62, and conducting root cause analysis.
Change management for AI: Procedures that define when changes to AI models, training data, or deployment configuration constitute a material change requiring reassessment of conformity.

Article 12: Logging Requirements

Article 12 requires that high-risk AI systems automatically log events relevant for identifying risks and ensuring traceability throughout the AI system's lifetime. For clinical AI deployed in healthcare organizations, logging requirements have direct implications for the AI governance infrastructure that must be in place at the point of care.

Article 12 Logging Requirements — Minimum Content

Event capture System activity periods (on/off); range of input data used for each inference; output classifications and associated confidence; clinician overrides with timestamp; system errors and fallback behaviors.

Traceability Each logged event must be linkable to the model version, configuration version, and deployment identifier that produced it. Model updates must create a new traceability identifier.

Integrity Logs must be protected against unauthorized modification. Tamper-evident storage with cryptographic chain integrity is the technically appropriate control. Plain log files stored in mutable filesystems are insufficient.

Retention Logs must be retained for at least 6 months from the event or until a post-market surveillance obligation requires longer retention. Healthcare-specific retention requirements (MDR Article 83, national clinical records law) may require longer periods.

CoreGuard Coverage for Healthcare AI Compliance

CoreGuard's governance infrastructure addresses the AI Act's technical requirements in healthcare settings, providing the audit trail, policy enforcement, and documentation artifacts that Articles 9, 12, 13, and 17 require.

CoreGuard Integration — Clinical AI Pipeline

Clinical Input

→

Input Validation

→

AI Inference

→

Output Classification

→

Article 12 Log

pad

→

pad

→

pad

↓

Edge Case → Escalate to Clinician

EU AI Act Article	Requirement	CoreGuard Coverage
Article 9 — Risk Management	Continuous AI risk identification and mitigation	Satisfied — Real-time output anomaly detection; demographic performance monitoring; configurable risk thresholds; post-market surveillance data collection
Article 12 — Logging	Automatic event logging with tamper evidence	Satisfied — HMAC-SHA256 signed decision certificates with model version, input context hash, output classification, and chain integrity verification
Article 13 — Transparency	Deployer access to performance metrics and limitations	Satisfied — Policy pack configuration documents classification thresholds and decision rules; output statistics exportable per Article 13 format
Article 14 — Human Oversight	System design enabling effective clinician oversight	Partial — Configurable escalation thresholds route uncertain outputs to human review queue; override logging; stop-use policy enforcement. Interface design is vendor-specific.
Article 15 — Accuracy and Robustness	Adversarial input detection; accuracy monitoring	Satisfied — Input classification detects adversarial patterns and out-of-distribution inputs; performance metric dashboards track accuracy metrics over time
Article 17 — Quality Management System	QMS covering data governance, AI monitoring, incident response	Partial — CoreGuard provides technical controls and audit artifacts; QMS procedures and documentation must be developed by the provider. CoreGuard's compliance documentation package includes AI QMS template for healthcare.

Enforcement Timeline

EU AI Act enforcement timelines for healthcare AI are critical for compliance planning:

August 2024: AI Act enters into force.
February 2025: Prohibited AI systems obligations apply.
August 2025: GPAI model obligations and governance provisions apply.
August 2026: High-risk AI system obligations (Articles 9–17) apply to new systems placed on the market. This is the primary deadline for clinical AI vendors.
August 2027: High-risk AI obligations extend to AI systems already on the market before August 2026 that have undergone substantial modification.
August 2030: Full application including AI systems embedded in MDR-regulated devices already on the market without modification.

Start Compliance Work Now

The August 2026 deadline for new clinical AI systems is 18 months from the date of this article. Given the documentation depth required by Articles 9, 11, 13, and 17 — and the need to conduct clinical validation studies, build QMS procedures, and implement logging infrastructure — organizations that begin compliance work in 2026 will struggle to meet the deadline. Healthcare AI vendors should initiate gap analysis against the high-risk AI requirements immediately and prioritize the QMS and logging infrastructure, which have the longest lead times.

Frequently Asked Questions

Which clinical AI applications are classified as high-risk under EU AI Act Annex III? +

EU AI Act Annex III, Section 5 classifies AI systems in the following healthcare areas as high-risk: AI intended to be used as safety components of medical devices or to be used as medical devices themselves, as covered by EU Regulation 2017/745 (MDR) and 2017/746 (IVDR). This covers: diagnostic AI (imaging analysis, pathology screening, symptom checkers that inform diagnosis), clinical decision support systems that recommend treatment, medication dosing AI, patient risk stratification models, surgical planning AI, and predictive models for ICU deterioration or sepsis. The key threshold is whether the AI is intended to support a clinical decision — if it outputs a recommendation that clinicians are expected to act on, it is almost certainly Annex III high-risk.

How does EU AI Act Article 9 risk management apply to clinical AI? +

Article 9 requires a risk management system that is a continuous iterative process run throughout the entire lifecycle, designed to identify and analyze known and foreseeable risks, evaluate risks from unintended uses, and adopt risk mitigation measures. For clinical AI: conduct pre-deployment clinical validation studies; test performance across patient sub-populations (age, sex, ethnicity, comorbidities); identify failure modes and their clinical consequences; implement technical controls to detect and limit errors at inference time; and maintain a risk management file. The risk management system must include post-market monitoring and be updated when evidence of new risks emerges from real-world use. ISO 14971 risk management satisfies MDR but must be extended for AI-specific failure modes.

What does 'meaningful human oversight' mean for clinical AI under Article 14? +

Article 14 requires that high-risk AI systems are designed to enable effective human oversight during use. For clinical AI, meaningful oversight means more than a clinician theoretically being able to override an AI recommendation — the AI must be designed to support genuine clinical judgment. Specifically: the AI must clearly communicate its confidence and contributing factors; the interface must make it easy to access patient data independently; the AI must not present recommendations as conclusions rather than findings for evaluation; and there must be a mechanism for clinicians to flag AI errors back to the vendor. EU AI Act Guidance on Article 14 makes clear that 'human in the loop' checklists without genuine cognitive engagement do not satisfy this requirement.

If a clinical AI system is already MDR-certified, does it need separate EU AI Act compliance? +

Yes, but with partial overlap. EU AI Act Article 8(1) provides that conformity with MDR Annex I (General Safety and Performance Requirements) satisfies corresponding AI Act requirements for overlapping areas. However, the AI Act adds requirements not fully addressed by MDR: Article 9's risk management must be extended to address AI-specific risks beyond device safety; Article 12's logging requirements are more specific than MDR's traceability requirements; and Article 17's quality management system must include AI governance elements. MDR-certified medical device AI vendors should conduct a gap analysis between their existing MDR Technical Documentation and QMS and the AI Act's additional requirements. The gap is typically in AI-specific testing documentation, bias analysis, and runtime monitoring.

What are the penalties for EU AI Act non-compliance in healthcare AI? +

EU AI Act violations carry tiered penalties: up to €35 million or 7% of global annual turnover for prohibited AI systems; up to €15 million or 3% of global turnover for non-compliance with high-risk AI obligations (Articles 9-17); and up to €7.5 million or 1.5% of global turnover for providing incorrect information to authorities. For healthcare AI vendors, the most likely enforcement pathway is through MDR/IVDR notified body audit processes incorporating AI Act checks. The EU Artificial Intelligence Office coordinates cross-border AI enforcement, and healthcare AI is explicitly identified as a priority enforcement area.

EU Healthcare AI Compliance

Meet EU AI Act Article 9, 12, and 17 Requirements for Clinical AI

CoreGuard provides the tamper-evident logging, output monitoring, and governance documentation infrastructure that clinical AI vendors need to satisfy EU AI Act high-risk obligations before August 2026.

Explore CoreGuard Request Demo