MDR / IVDR — Medical Device Regulation
Last updated: 24 May 2026 · 6 min read
AI-mediated medical disclosures + clinical evidence chain. Backed by PHI compartmentalisation (patent-pending).
MDR in force since 2021 · IVDR phased to 2027
Notified body certification ongoing.
Medical devices + medical-purpose software
Hospitals, clinics, medtech, digital health providers.
National regimes + market withdrawal
National penalty regimes plus potential civil liability.
PHI Compartmentalisation (patent-pending) + Evidence Vault (API 04) — roadmap
Designed for crypto-shredded PHI and signed clinical-evidence export.
What MDR and IVDR require
MDR and IVDR impose lifecycle obligations on any product placed on the EU market for a medical purpose: technical documentation, clinical or performance evaluation, post-market surveillance, incident reporting and traceability through the EUDAMED database. When AI is part of that product — symptom triage, diagnostic support, treatment adherence — every patient interaction is clinical evidence and must be retained accordingly.
Healthcare deployments also sit at the intersection of GDPR Article 9 (special-category data), national health-data laws and the EU AI Act’s high-risk regime. Patient-facing AI agents must therefore deliver mandated disclosures, route safely on red-flag symptoms, log every clinical statement and retain protected health information under strict access controls.
How Audact covers MDR / IVDR
- PHI Compartmentalisation (patent-pending)— protected health information is designed to be encrypted with per-record keys, segregated from the LLM provider, and crypto-shredded on retention expiry.
- Scope-of-practice guardrails— the Governance Gate blocks diagnostic claims that exceed the approved clinical scope and triggers safe-handoff flows on red-flag triage signals.
- Clinical evidence export— every interaction, consent and policy verdict is signed, with a planned export via API 04 / API 06 as an MDR-ready evidence bundle for notified body review or post-market surveillance.
Frequently asked questions
What are MDR and IVDR?
MDR (Regulation EU 2017/745) covers medical devices; IVDR (Regulation EU 2017/746) covers in-vitro diagnostic devices. Both are in force across the EU and impose strict clinical-evidence, post-market surveillance and labelling obligations on manufacturers and distributors.
When does an AI voice agent fall under MDR?
Whenever software has a medical purpose — diagnosing, monitoring, treating or alleviating disease — it can be a medical device in its own right. AI agents handling symptom triage, medication reminders, post-op follow-up or remote monitoring frequently fall in scope.
How does Audact compartmentalise PHI?
Audact’s PHI Compartmentalisation (patent-pending) is designed so that protected health information is segregated from the LLM provider, encrypted with per-record keys, and crypto-shredded on retention expiry. Only the policy engine and evidence vault hold the keys.
Where can I read the technical details?
See API 04 (Evidence Vault) and API 06 (Multi-Regulation Bundle) in the documentation, and contact us for a clinical-evidence sample export.
Next steps
A sandbox healthcare scenario with seeded PHI compartmentalisation and signed clinical-evidence export is on the roadmap. Talk to us about early access.
Disclaimer: This page is for informational purposes only and does not constitute legal advice. Consult qualified legal counsel for your specific compliance obligations.