Skip to content
8foldgovernance master
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • +44 (0)1273 569172
Book a Call

← From our blog

Expert Insights: How AI will impact your ISO 13485 Quality Management System

  • Published: July 18, 2025
  • Category: Medical Devices

Share this post

Headshot of a man with long hair, a beard and glasses, wearing a patterned shirt
Dan York

Share this post

With the increasing power and accessibility of AI systems, more and more medical devices and IVDs are integrating artificial intelligence. This could be directly, through using AI as part of a diagnosis or evaluation function; or indirectly through recommendation systems or chatbots. In the UK we recently had the worlds first Class III Medical Device for autonomous skin cancer detection (DERM by Skin Analytics) approved by the MHRA. 

Increasing AI usage in the healthcare sector is naturally coupled with increasing regulatory scrutiny and requirements. After the introduction of the EU AI Act, governing the use of high-risk AI in Europe, many countries are expected to implement their own equivalent requirements over the coming years. 

As a medical device organisation, you should already have an established and effective ISO 13485 compliant QMS to handle your products and processes. Choosing to include AI in your medical device is an exciting and potentially valuable improvement for you and your customers, but doing so will have an impact. In this blog, we outline the potential impacts and some practical strategies to consider when building an AI medical device or integrating AI into existing medical devices.

Quality Management System and Documentation for AI

AI brings with it the need for new processes (or steps within existing processes) within your organisation, relating to everything from development and testing to risk assessment and cybersecurity. These procedures must be documented as part of your QMS and kept up-to-date in the same way as any other QMS process. You may also need to create new forms of records to capture key information, particularly related to transparency and explainability of the AI system. 

AI must also be considered at the quality policy level, establishing an AI portion of the quality policy provides your organisation with an overview of the purpose and goals of using AI within your product. 

Given the rate of technological change associated with AI, it can be helpful to re-evaluate your periodic document review timelines to make sure that you don’t end up with staff referring to out-of-date information.

Training and Awareness of AI

Training and competence are an important facet of your ISO 13485 QMS, to ensure that competent people are involved with the production of medical devices. 

Under the EU AI Act, if your organisation creates or markets an AI product, your staff must have a baseline awareness and understanding of the technology and the impacts and risks associated with it. This should be documented as part of your training records and maintained as any other critical training is. In addition, you should also be verifying the competence of any staff or suppliers who are providing technical input to your AI system or managing cybersecurity, particularly if the AI has any associated clinical or usability risks.

Need help with AI Literacy?

Take a look at our AI Literacy training course to give your staff the knowledge they need.

Start your free course
AI governance in healthcare, EU AI Act compliance, Medical AI compliance, AI risk management, Healthcare AI regulations, ISO 42001 certification, AI regulation

Labelling and Communication in AI

Labelling in medical devices is an important regulatory requirement, and you should already have a procedure to handle the creation, review and display of labels appropriate to your device, whether that is through physical labels or in-software identification.

AI systems must also be clearly labelled and explained to their users, this can be in many forms, but an Instructions for Use (IFU) or user guide is a common way to provide users with information such as intended use, technical capabilities and limitations, and use-cases.

AI and Internal Audit

Working with high-risk AI under the EU AI Act (which all AIaMD is classified as), ISO 42001 and other upcoming local regulations should impact the scope of your internal audits. Internal audit is an important tool for verifying that your procedures are effective at maintaining compliance with standards and regulations, and this should include anything AI-related if it impacts your product. Expanding the scope of internal audits to include new standards or regulations also likely impacts your auditor competence requirements and how often audits should be carried out.

AI Risk Management and Post-Market Surveillance

Introducing AI into a medical device also introduces a new set of risks and potential hazards, both from a clinical perspective and from a technical and security perspective. AI risks can be found across your processes, from ensuring their output is clinically valid to protecting your training datasets from poisoning or excessive, unmitigated bias. 

BS/AAMI 34971:2023 is a great resource for identifying AI-specific risks and how to handle them to ensure a safe medical device, so much so that it is currently being considered for adoption as an ISO standard (as ISO/CD TS 24971-2). We recently wrote about this new standard in another blog here.

Relatedly, your Post Market Surveillance (PMS) plan, which should be an input to your risk management strategy should also be revised to consider AI-related post-market activity. You should be collecting and analysing data which is specifically related to the performance of the AI components as well as changes in the state-of-the-art around AI.

Post-Market Surveillance

The UK has new regulations coming into force in June 2025 around Post-Market Surveillance; check whether you are compliant with a free review from 8foldGovernance. 

Get your free Review
ISO 13485 Quality Management System Expert Insights: How AI will impact your ISO 13485 Quality Management System ISO 13485 Quality Management System

Summary

Integrating AI into a medical device product can be a huge competitive advantage for your organisation and your customers, expanding the potential for you to help patients and improve clinical outcomes and your Quality Management System is the tool to help you ensure this is done safely for patients and your business. Having a strong and effective foundational QMS that is compliant with ISO 13485 already will make any changes much easier to handle.

Still unsure?

Struggling with your QMS or the specifics of AI-as-a-Medical Device? 

We can help your team understand the requirements around AI and ensure a smooth implementation of changes.

Book a Call with our Expert Team

Other Articles​

Loading...
IEC 62304 vs EU MDR classification

Implementing IEC 62304: 5 Common Mistakes

Read More →

July 3, 2026
FAQ: What is a Technical File?

FAQ: What is a Technical File?

Read More →

May 9, 2026
What is IEC 62304

FAQ: What is IEC 62304?

Read More →

April 27, 2026
8foldgovernance master

+44 (0) 1273 569172

info@8foldgovernance.com

SERVICES

  • AI Governance
  • Medical Device Registration
  • ISO Compliance
  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • CQC Services
  • Cyber Security
  • 8foldTraining

LINKS

  • Contact
  • About
  • Meet The Team
  • Blog
  • Join Us
  • Case Studies
  • Charity Work
  • Partnerships
  • FAQs
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
NPSORE
ABHI Member

 © 2026 8fold | Privacy Policy | Cookie Policy | Terms & Conditions

X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept