BLOG

Artificial intelligence and cybersecurity in the light of MDR

The European legal framework, including the Medical Device Regulation ("MDR") and the soon to come into force AI Regulation ("AI Regulation"), places strict requirements on the safety and performance of AI-based medical devices.

The relationship between the Medical Device Regulation and the AI Regulation is characterized by supplementary certification requirements: While the MDR regulates the safety and performance of physical medical devices, the AI Regulation addresses specific risks and the data integrity of AI systems. Products that fall under both sets of regulations must meet the requirements of both regulations in order to be certified, which provides a double safety guarantee for both physical and software-related safety.

Kuenstliche-Intelligenz-und-Cybersecurity-im-Lichte-der-MDR
Kuenstliche-Intelligenz-und-Cybersecurity-im-Lichte-der-MDR

Artificial intelligence and cybersecurity in the light of MDR

The European legal framework, including the Medical Device Regulation ("MDR") and the soon to come into force AI Regulation ("AI Regulation"), places strict requirements on the safety and performance of AI-based medical devices.

The relationship between the Medical Device Regulation and the AI Regulation is characterized by supplementary certification requirements: While the MDR regulates the safety and performance of physical medical devices, the AI Regulation addresses specific risks and the data integrity of AI systems. Products that fall under both sets of regulations must meet the requirements of both regulations in order to be certified, which provides a double safety guarantee for both physical and software-related safety.

Teilen Sie diesen Beitrag:

Teilen Sie diesen Beitrag:

What is the challenge?

The challenge is to find a balance between promoting technological innovation and ensuring the necessary safety standards.

The legal framework must be constantly evolving to meet both advances in AI technology and patient safety requirements. This requires a continuous review and adaptation of regulatory provisions to promote and protect both innovation and patient safety.

News in brief from various areas of law:

Unauthorized data queries in hospitals

The State Commissioner for Data Protection and the Right of Access to Files (LDA Brandenburg) published its activity report for 2023 on 22.4.2024. The report identified cases of unauthorized data queries in various hospitals in which employees had accessed a colleague’s electronic patient file without an official reason.

These breaches of data protection were classified as employee excesses, for which fines were imposed on the employees concerned. However, it was emphasized that a possible breach of data protection must be investigated in such cases.

Possible amendment to the Federal Data Protection Act

The Federal Government is planning amendments to the Federal Data Protection Act (BDSG) in order to implement agreements made in the coalition agreement and to implement the results of a BDSG evaluation. The draft bill envisages institutionalizing the Data Protection Conference (DSK) in the BDSG and introducing additional paragraphs to improve the enforcement and consistency of data protection.

Companies and research institutions with cross-border projects could in future only be subject to one state data protection supervisory authority, which should avoid legal uncertainties. Other provisions concern the application of the BDSG only for data processing with a domestic reference and the revision of the regulations on video surveillance of non-public areas.

BVMed and VDGH develop white paper

The German Medical Technology Association (BVMed) and the Association of the Diagnostics Industry (VDGH) have written a joint position paper. The paper highlights problems such as inefficient regulatory structures and bureaucratic obstacles that have arisen as a result of the regulations.

The white paper offers concrete proposals for solutions, including the introduction of fast-track procedures for innovations, efficiency gains through the implementation of good administrative practices and harmonization through centralization to make Europe a competitive MedTech location again.

LSG Baden-Württemberg on digital health applications

According to a ruling by the LSG Baden-Württemberg dated April 3, 2024 (Ref.: L 11 KR 579/24 ER-B), digital health applications pursuant to Section 33a (1) SGB V are low-risk class medical devices whose main function is based on digital technologies and are intended to support the detection, monitoring, treatment or alleviation of diseases in insured persons or in the care provided by service providers.

The main function of the digital health application must be characterized by digital technologies in all areas of application. These applications must not merely serve to supplement or control other medical devices. This applies in particular if the software merely reminds patients of the procedure and provides recommendations for adjusting the therapy, as the software does not offer any independent diagnostic or therapeutic services.

Germany shows no improvement in the CPI index

Transparency International published the Corruption Perceptions Index (CPI) 2023 at the end of January 2024, which is based on data from 12 independent institutions. Germany scored 78 points, one point less than the previous year and the same score as ten years ago.

The organization’s criticisms include gaps in the fight against corruption, particularly among elected officials, shortcomings in whistleblower protection and the lack of effective corporate criminal law. Denmark, Finland, New Zealand and Norway top the ranking, while South Sudan, Syria, Venezuela and Somalia are at the bottom of the list.

Contact us

Are you planning to place a medical device on the market and looking for an experienced legal manufacturer? Contact us for a non-binding consultation. Together we will develop the right strategy for your medical device.

More exciting news for you

  •
    25. March 2026

    Your MedTech Journey with BAYOOCARE

  • 24. March 2026

    Contract management for medical devices

  •
    24. March 2026

    Post-market services for medical devices and IVDs