Patient-safety harm from model error
A wrong or missed prediction can directly affect diagnosis and treatment — the highest-stakes failure mode of all.
ISO/IEC 42001 by industry
AI supports diagnosis, triage, imaging, clinical decisions and patient administration — where an error is a patient-safety event, not a bug ticket. ISO/IEC 42001 gives healthcare providers and medical-AI developers an auditable governance system that sits alongside MDR/IVDR, patient-safety and health-data obligations.
Why this is high-risk
AI that is a safety component of a medical device or in-vitro diagnostic falls under the EU AI Act's product route (Annex I), tied to MDR/IVDR conformity — these obligations apply from 2 August 2028. AI used to triage or dispatch emergency healthcare is high-risk under Annex III. On top of the AI Act sit MDR/IVDR technical documentation and clinical evaluation, medicines-agency and FDA expectations for software as a medical device, patient-safety duties, and GDPR's special-category health-data rules. ISO 42001 complements the device route — it does not replace it — by governing the AI management system around it.
The risks
In healthcare the cost of getting AI governance wrong is measured in patient harm:
A wrong or missed prediction can directly affect diagnosis and treatment — the highest-stakes failure mode of all.
Datasets that under-represent groups produce models that perform worse for them, deepening health inequities.
Clinical training data with unclear origin, consent basis or quality undermines both safety and lawfulness.
Automation bias — clinicians deferring to AI without meaningful review — erodes the human oversight the law requires.
Model performance degrades as populations, devices and practice change; without monitoring it goes unnoticed.
Decisions that can't be explained are hard to trust, act on, or defend.
How ISO/IEC 42001 covers it
The toolkit maps each risk to a specific Annex A control and a ready-made document:
| Annex A control | Toolkit document | Why it matters |
|---|---|---|
| A.5 — Impact assessment | AI Impact Assessment (RISK-TPL-01) | Assess effects on patients and clinicians before deployment — feeds directly into MDR clinical and risk documentation. |
| A.6 — Lifecycle & validation | V&V Plan and Report + Model Card + Technical Documentation Pack (VV-PLN-01 / VV-REC-01 / LIFE-TPL-05 / LIFE-TPL-04) | Rigorous validation and documentation that align with device technical files. |
| A.7 — Data quality, provenance & bias | Data Quality Assessment + Provenance Log + Bias and Fairness Record (DATA-TPL-03 / DATA-TPL-02 / DATA-TPL-05) | Demonstrate representative, well-sourced, lawful clinical data and monitored fairness across groups. |
| A.9.3 — Human oversight | Human Oversight Plan (USE-PLN-01) | Keep a clinician meaningfully in the loop and guard against automation bias. |
| A.6.2 / Clause 9 — Monitoring | Monitoring Plan & KPI Register (MON-PLN-01) | Post-market performance monitoring and drift detection — expected by both the AI Act and device regulators. |
| A.8.4 — Incident response | AI Incident Response Procedure (INC-PRO-01) | A defined severity and escalation workflow for safety-relevant AI events, with evidence preservation. |
How to get there
Register every clinical and administrative AI system, with an owner and a link to any device conformity file.
Run impact, bias and data-quality assessments; validate and document each model.
Embed clinician oversight, transparency and a safety-grade incident process.
Monitor post-market performance and drift, and align the AIMS with MDR/IVDR evidence.
Questions
No. Medical-device AI still needs its regulatory route. ISO 42001 governs the AI management system around the device — impact and bias assessment, data governance, oversight, monitoring and incident response — and its evidence complements the technical documentation those routes require.
AI that is a safety component of a device under MDR/IVDR follows the product route with obligations from 2 August 2028; emergency-triage AI is Annex III with obligations from 2 December 2027. The substantive requirements are unchanged — the runway is for building the system.
Yes. As a deployer you're responsible for human oversight, monitoring, and using the AI within its intended use. ISO 42001 gives providers the deployer-side controls to do this defensibly.
The toolkit ships the impact, validation, data-quality, oversight, monitoring and incident controls medical AI demands — ready to tailor and to sit alongside your device documentation.