AI in Healthcare SMBs: Compliance Across the AI Act, GDPR, and MDR

Healthcare AI sits at the intersection of three regulations: the EU AI Act, GDPR (with the strict Article 9 special-category-data regime), and possibly MDR/IVDR if your AI use qualifies as a medical device. The Omnibus extension changes the AI Act timing — GDPR and MDR demands are unchanged.

Common AI use in healthcare SMBs

• Ambient clinical scribing (Nuance DAX, Suki, Heidi, Nabla).
• Patient appointment scheduling and triage chatbots.
• Radiology AI (Aidoc, Lunit, Annalise.ai).
• Pathology AI (PathAI, Paige).
• Drug interaction checking AI.
• Patient communication automation.

Three regulations, one assessment

• EU AI Act perspective: which Annex III category applies; deployer or provider; risk tier. Full obligations from 2 December 2027.
• GDPR perspective: special category data under Article 9; lawful basis under Article 9(2)(h) for direct care or Article 9(2)(j) for research. Applies today.
• MDR perspective: does the AI qualify as a medical device under MDR/IVDR? Applies today.

Patient communication and consent

'This [CLINIC] uses AI tools to support clinical care. A qualified clinician always reviews AI output before any treatment decision.'

Done-for-you compliance for healthcare SMBs

The Ready AI Act Premium Compliance Programme (€899) includes the Healthcare sector add-on: full MDR + AI Act crosswalk, vendor due-diligence pack for Nuance DAX / Suki / Heidi / Nabla / Aidoc / Lunit / Annalise.ai, clinical governance integration, multilingual patient communication library (EN, NL, FR, DE, ES, IT), adverse event reporting workflow, special category data DPIA, NIS2-aligned operational documentation. Delivered within 5 business days, reviewed by qualified ICT/privacy counsel.