Towards Agile Certification of AI-Enabled Medical Devices under MDR and the EU AI Act

The increasing use of artificial intelligence (AI) in software as a medical device (SaMD) challenges traditional certification and change control processes under the Medical Device Regulation (MDR). Conventional conformity assessment change management remain largely static and document-centric, while AI-based systems are characterized by rapid, iterative, or even continuous updates including evolving risk profiles, particularly for adaptive and continuously learning AI systems. 

This presentation positions continuous and structured communication between manufacturers and notified bodies as the core element of an agile certification process for AI-enabled medical devices. Instead of treating certification as a series of isolated assessment events, the proposed approach emphasizes an ongoing regulatory dialogue throughout the AI system’s lifecycle. Comprehensive AI risk management serves as a central anchor of this dialogue, enabling a shared understanding of the AI system, its intended use, performance limitations, AI-specific hazards, risk–benefit considerations, and appropriate risk mitigation measures. 

However, risk management is currently an area with great uncertainty and divergence of expectations, particularly for AI-based SaMD. Differing interpretations of AI risks, model behavior, data-related hazards, and acceptable controls frequently lead to delays and unpredictable assessment of outcomes. These challenges are further intensified by the EU Artificial Intelligence Act (AI Act), which introduces binding requirements for AI-specific risk management and expands regulatory oversight beyond established medical device safety concepts.  

The presentation discusses how an agile certification model, built on continuous communication, structured AI description and risk management, predefined change plans, and transparent handling of substantial changes enables timely updates while maintaining safety, trust, and regulatory predictability.