Surgical Robot AI and the EU AI Act: The MDR-Integrated Compliance Route
Surgical robot AI is high-risk via Article 6(1) + Annex I (MDR). AI Act duties fold into the MDR notified-body audit. Compliance deadline: 2 August 2028.
Surgical robot AI is high-risk under the EU AI Act — but not because it appears on the Annex III list. The correct classification path is Article 6(1) combined with Annex I. A surgical robot is, or incorporates as a safety component, a medical device regulated under the Medical Devices Regulation (EU) 2017/745 (MDR), which already requires third-party notified-body conformity assessment before market placement. That double condition — regulated product plus mandatory third-party assessment — is precisely what Article 6(1) describes. The consequence matters operationally: the EU AI Act requirements are folded into the MDR conformity assessment under Article 43(3) of the AI Act. There is no separate standalone AI Act conformity assessment procedure. And the deadline is 2 August 2028, not 2 December 2027.
This distinction is not a technicality. Device manufacturers entering a compliance programme designed for Annex III systems — self-assessment, Annex VI internal control, 2027 deadline — will be on the wrong track from day one.
Why the Annex III Route Does Not Apply Here
Article 6(2) lists the eight Annex III use-case categories: biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, and justice. Surgical robots do not appear there. The original source article misclassified them under Annex III Category 2 (safety components of critical infrastructure) or Category 5 (essential services). Neither holds: a surgical system is not a component of digital network infrastructure or utility supply, and the "essential services" category in Annex III point 5 refers to creditworthiness scoring, health and life insurance pricing, and emergency dispatch — not surgical procedures.
The AI Act's drafters anticipated exactly this scenario. Annex I lists Union harmonisation legislation whose products already carry conformity assessment obligations, and the MDR is on that list. Where an AI system is a product — or a safety component of a product — covered by Annex I legislation, and that product is required to undergo third-party conformity assessment under that legislation, the system is high-risk via Article 6(1). Both conditions are satisfied for virtually every surgical robot AI on the EU market: the robot is a Class IIb or Class III medical device under MDR, and Class IIb/III devices require notified-body involvement.
What "Integrated" Conformity Assessment Means in Practice
Article 43(3) of the AI Act is the operative provision. For AI systems covered by Section A of Annex I — which includes the MDR — the provider follows the conformity assessment procedure required under that sector legislation. The EU AI Act requirements in Section 2 of Chapter III (Articles 9–15) become part of that assessment. Notified bodies already notified under the MDR are entitled to control compliance with the EU AI Act requirements as part of the same audit, provided their competence was assessed during their MDR notification.
What this means concretely for a surgical robot manufacturer:
- There is one conformity assessment, run by your MDR-notified body, not two.
- The notified body reviews EU AI Act compliance (risk management, data governance, technical documentation, human oversight, accuracy/robustness/cybersecurity) alongside MDR clinical evaluation and device safety requirements.
- You produce one integrated technical file covering both regulatory frameworks, not separate documentation sets.
- You apply for and maintain one CE mark, which covers both the device and its embedded AI system.
The AI Act does not introduce a second CE mark or a second declaration of conformity. It adds a layer of requirements that the existing MDR notified-body audit absorbs.
Provider Obligations: The Full High-Risk Stack
The device manufacturer is the provider under Article 16 of the AI Act. The high-risk obligations apply in full; the only difference from an Annex III system is how and where compliance is demonstrated.
Article 9 — Risk Management System
Article 9 requires a documented, ongoing risk management system. For surgical robots, this runs in parallel with MDR Annex I requirements and maps closely to ISO 14971 (medical device risk management). An ISO 14971-aligned file covers most of the Article 9 substance — hazard identification, risk estimation, risk control measures, residual risk evaluation, and ongoing monitoring. The AI-specific gaps that ISO 14971 does not automatically close: failure modes unique to machine learning components (model drift, distribution shift, adversarial inputs), boundary conditions under which outputs should not be acted upon without human judgment, and retraining/revalidation thresholds integrated into MDR change management. The risk management file should explicitly cross-reference both frameworks so the notified body can audit them together.
Article 10 — Data and Data Governance
Article 10 governs training, validation, and testing data. Training datasets must be representative of the intended patient population — including variation by anatomy, comorbidity, surgical approach, and imaging equipment — documented with sufficient transparency for the notified body to assess bias and generalisability. Validation data must be statistically independent and demonstrate performance across subgroups.
Surgical imagery and intraoperative data are health data — a special category under GDPR Article 9 — requiring an explicit legal basis for processing. Where data was sourced from EU hospitals, data processing agreements must be in place and the technical documentation must record the legal basis and any de-identification steps.
Article 11 / Annex IV — Technical Documentation
Article 11 requires technical documentation in accordance with Annex IV's nine content areas: general description and intended purpose; detailed description of the system and development process; training and validation information; monitoring, functioning and control; interpretability and transparency; data governance; risk management; post-market monitoring; and declaration of conformity and registration details.
For surgical robots, this documentation is integrated into the MDR technical file. The structure should make both sets of requirements traceable — a reviewer locates the Annex IV elements within the MDR file without searching across separate documents. Retention: 10 years after the last system is placed on the market (Article 18).
Article 14 — Human Oversight
Surgeon-in-the-loop oversight is the clinical norm, but Article 14 makes it a legal obligation. The provider must design the system so that surgeons can:
- Understand the system's outputs and their limitations before acting on them.
- Intervene, override, or stop the system at any point during a procedure.
- Identify when the system is operating outside conditions for which it was validated.
The instructions for use (IFU) — a mandatory MDR deliverable — should document all three. Where the AI system makes autonomous real-time adjustments (instrument trajectory, force limits, imaging enhancement), the IFU must specify exactly which actions are within the system's autonomous scope and which require explicit surgeon approval.
A surgical robot that cannot be cleanly stopped or overridden mid-procedure does not satisfy Article 14, regardless of its clinical accuracy.
Article 15 — Accuracy, Robustness, and Cybersecurity
Article 15 requires high-risk AI systems to achieve, across their lifecycle, appropriate levels of accuracy, and to be resilient to errors, faults, and adversarial manipulation. For surgical AI, the practical requirements include:
- Documented accuracy metrics stratified by the relevant clinical subpopulations, with performance thresholds set during validation and monitored post-market.
- Fallback behaviour when confidence falls below validated operating conditions — the system should alert the surgeon and hand back control, not attempt to extrapolate.
- Cybersecurity measures proportionate to the risk of hostile access to the surgical control system. A surgical robot with a wireless interface is an attack surface; the technical documentation must show how that surface is managed.
Robustness here is Article 15's statutory term — not marketing language. The notified body will test for it.
Deployer Obligations: Hospitals and Surgical Centres
The hospital deploying the system is the deployer under Article 26. Deployer obligations are lighter than provider obligations, but they are not optional.
Article 26 requires the deployer to use the system according to the manufacturer's IFU, ensure that surgeons have the necessary competence and authority to oversee and override it, monitor operation and flag anomalies and serious incidents to the manufacturer, and retain logs for at least six months.
Article 27 FRIA obligations apply to public-body deployers and to deployers of certain Annex III systems — surgical robot AI is classified under Annex I, not Annex III, so the FRIA duty does not automatically apply. Public hospitals should check national implementing guidance; some member states may extend equivalent requirements. Regardless of the formal obligation, assessing patient autonomy, informed consent, and equal performance across patient demographics is sound clinical governance and will be reviewed by the notified body as part of the Article 14 human-oversight assessment.
Incident reporting runs on two tracks. Under Article 26, the deployer flags serious incidents to the manufacturer. Under the MDR (MDR Article 83 — the MDR's post-market surveillance and vigilance framework), the manufacturer reports field safety corrective actions and serious incidents to national competent authorities. The AI Act's serious-incident reporting obligation under Article 73 sits with the provider, who must report to the market surveillance authority of the member state where the incident occurred: within 15 days of becoming aware of the incident (Article 73(2)), or 2 days for widespread infringement or serious irreversible harm to critical infrastructure (Article 73(3)), or 10 days where a person has died (Article 73(4)).
In practice, the MDR vigilance system and the AI Act incident-reporting system will run in parallel for surgical robot events. Manufacturers should design their incident management process to satisfy both simultaneously.
Post-Market Monitoring: Article 72 Alongside MDR Article 83
Article 72 requires providers to actively gather, document, and analyse data on system performance after market placement — not passive adverse-event collection, but a structured programme to detect model drift, accuracy degradation, new failure modes, and population shifts.
For surgical robots, the Article 72 plan specifies: data inputs (procedure logs, surgeon override rates, adverse outcomes where attributable, model confidence distributions over time); the thresholds that trigger corrective action; and the connection to the MDR post-market surveillance (PMS) plan required under MDR Article 83. Where possible, unify them into one surveillance programme. The MDR's post-market clinical follow-up (PMCF) requirements are a natural fit for the Article 72 performance data — integration reduces duplication and produces a more coherent file for the notified body's periodic review.
Clinical Evaluation and Health Data
Clinical evaluation under MDR is required before CE marking, demonstrating that the device achieves its intended clinical purpose and that risks are acceptable in light of clinical benefits. The AI Act does not introduce a separate clinical evaluation; the Article 10 data requirements and the Article 15 accuracy metrics feed directly into what the clinical evaluation must substantiate.
Patient data processed by the system — intraoperative imagery, patient identifiers, surgical outcome records — is health data under GDPR Article 9. The technical documentation must address the legal basis for processing (typically Article 9(2)(h) for medical purposes) and the cross-border transfer arrangements where cloud processing is involved.
Penalties
Non-compliance with the EU AI Act requirements falls under Article 99(4): fines up to €15,000,000 or 3% of total worldwide annual turnover for the preceding financial year, whichever is higher. For smaller manufacturers, Article 99(6) provides that fines are capped at the lower of the percentage or the fixed amount — a genuine proportionality protection.
The MDR carries its own enforcement consequences under national law in each member state, including suspension of CE certificates by the notified body and market withdrawal orders from national competent authorities. A serious AI failure in a surgical robot could trigger both regimes simultaneously.
The Deadline: 2 August 2028
Under the Digital Omnibus agreed in May 2026, the application dates for high-risk AI systems were deferred. Stand-alone high-risk systems under Annex III must comply from 2 December 2027. High-risk AI systems that are safety components of products covered by Annex I — the category surgical robot AI falls into — must comply from 2 August 2028.
That is more runway than the original 2 August 2026 date, but it is not unlimited time. Notified bodies under the MDR are working at capacity; adding AI Act compliance scope to an existing review or scheduling a new conformity assessment will take time to arrange. Manufacturers whose MDR certificates are due for renewal before 2028 should integrate the AI Act scope into that renewal process rather than treating it as a separate exercise.
How Confir Helps
Confir's classification engine determines whether a system falls under Article 6(1) via Annex I or Article 6(2) via Annex III based on plain-English questions about the product type, existing sectoral regulation, and conformity assessment requirements. For a surgical robot, the engine will output the Article 6(1) + Annex I (MDR) route and cross-map the EU AI Act obligations to the MDR technical file structure — within two to three minutes, using deterministic rule-based logic. The result is a structured documentation checklist that shows exactly where AI Act obligations land in an MDR-format technical file, ready for review by a notified body. No consultants required to reach that starting point.
Frequently Asked Questions
Is surgical robot AI classified under Annex III of the EU AI Act?
No. Surgical robot AI is classified as high-risk under Article 6(1) in combination with Annex I, not under the Annex III list. The Annex III list covers use cases such as biometrics, employment, and creditworthiness. A surgical robot is a medical device — or incorporates AI as a safety component of a medical device — and the MDR (EU) 2017/745 is listed in Annex I. Because Class IIb and Class III devices require third-party conformity assessment under MDR, both Article 6(1) conditions are satisfied. The EU AI Act obligations still apply in full; the difference is that compliance is demonstrated within the MDR conformity assessment procedure, not separately.
What is the compliance deadline for surgical robot AI under the EU AI Act?
The deadline is 2 August 2028. Under the Digital Omnibus agreed in May 2026, high-risk AI systems embedded in or constituting safety components of products covered by Annex I harmonisation legislation (including the MDR) have until 2 August 2028 to comply. This is different from the 2 December 2027 deadline that applies to stand-alone Annex III systems.
Does the hospital deploying the robot need to do anything?
Yes. The deploying hospital is the deployer under Article 26 and must use the system per the manufacturer's instructions, ensure surgeons have appropriate training and authority to oversee and override the system, monitor operation and flag incidents to the manufacturer, and keep operational logs for at least six months. Deployers do not conduct conformity assessment — that is the manufacturer's obligation — but they are accountable for how the system is used in practice.
How do the EU AI Act obligations fit into the MDR technical file?
Article 43(3) of the AI Act confirms that for Annex I products, the EU AI Act requirements become part of the sector-law conformity assessment. The MDR-notified body reviews AI Act compliance alongside MDR clinical and safety requirements. In practice, manufacturers build one integrated technical file with the AI Act's nine Annex IV content areas traceable within the MDR file structure. There is one CE mark and one declaration of conformity covering both frameworks.
Does the surgeon's hospital need to conduct a Fundamental Rights Impact Assessment?
Not automatically. Article 27 FRIA obligations apply to public-body deployers and deployers of certain Annex III systems (creditworthiness and insurance). Surgical robot AI is an Annex I system, not Annex III. However, public hospitals should check national implementing guidance — some member states may extend equivalent requirements. Regardless of formal obligation, assessing patient autonomy, informed consent, and equal performance across patient demographics is good clinical governance and will be examined by the notified body as part of the Article 14 human-oversight review.
What are the penalties for non-compliance?
Fines under Article 99(4) can reach €15,000,000 or 3% of worldwide annual turnover, whichever is higher. Smaller manufacturers benefit from the Article 99(6) cap, which limits the fine to the lower of the percentage or the fixed amount. MDR non-compliance can additionally result in notified-body suspension of the CE certificate and national market withdrawal orders — both frameworks can be triggered by the same failure event.
Related guides
- Article 9 risk management system
- Article 6 high-risk classification
- risk classification decision tree
- risk assessment methodology
- medical device AI requirements
- Annex III high-risk uses
- EU AI Act risk levels
- determine your AI risk status
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →