Summary
The regulatory landscape for AI-enabled medical devices continues to evolve, and one of the latest developments attracting attention is prEN 18286, the proposed European standard intended to support Quality Management System (QMS) requirements under the EU AI Act. In his latest analysis, Leon Doorn examines where this draft standard fits within the broader regulatory framework and whether organisations should view it as the future of AI management systems in healthcare.
A key theme throughout the article is the growing uncertainty around the role of ISO/IEC 42001, the international AI Management System standard published in 2023. Although ISO/IEC 42001 was developed before the AI Act entered into force and provides a structured approach to AI governance, it was never designed specifically to demonstrate compliance with European AI legislation. Leon highlights several fundamental differences between the standard and the AI Act, particularly in the way risk is defined and managed. While ISO/IEC 42001 follows broader ISO risk-management principles, the AI Act focuses specifically on risks that may lead to harm.
These differences have significant consequences for the medical device sector. According to the article, both the European Commission’s Joint Research Centre (JRC) and industry stakeholders have questioned whether ISO/IEC 42001 is sufficiently aligned with the AI Act and existing medical device frameworks such as MDR, IVDR, and ISO 14971. As a result, the standard currently has limited regulatory value for manufacturers seeking a clear compliance pathway within Europe.
The article then explores the emergence of prEN 18286, a draft European standard being developed specifically to support Article 17 of the AI Act, which requires providers of high-risk AI systems to implement a Quality Management System. Unlike ISO/IEC 42001, prEN 18286 has been designed with European regulatory requirements in mind and is being aligned more closely with ISO 13485 and existing medical device quality-management principles.
Leon explains that the draft standard introduces provisions covering AI-specific governance topics, including data governance, regulatory compliance processes, and quality-management activities linked directly to high-risk AI systems. However, he also notes that important questions remain unresolved. In particular, concerns exist around how risks associated with the management system itself should be assessed and whether some requirements extend beyond what is reasonably expected under the AI Act.
The article also discusses recent developments affecting the standardisation process, including CEN/CENELEC decisions and broader European proposals aimed at simplifying the interaction between the AI Act, MDR, and IVDR. These initiatives could ultimately influence whether AI Act standards, including prEN 18286, become directly relevant to medical device manufacturers or whether future harmonisation will occur through existing medical device legislation instead.
The conclusion is clear: organisations developing AI-enabled medical devices face an evolving regulatory environment where standards, legislation, and compliance expectations are still taking shape. Until greater clarity emerges, manufacturers will need to make carefully considered decisions about which frameworks to implement and how best to demonstrate compliance across overlapping regulatory regimes.
Read Leon Doorn’s full article for a detailed analysis of prEN 18286, future of the EU’s AI management system standard.
