MedTech Europe Calls for Greater Alignment in EU Digital Omnibus Proposals
MedTech Europe has published its response to the European Commission’s Digital Omnibus consultation, highlighting key challenges and recommendations for the medical technology sector—particularly in relation to the AI Act and EU data legislation.
The association welcomes the initiative as a critical step toward simplifying and aligning EU digital legislation, but stresses that further refinements are needed to ensure regulatory coherence, legal certainty, and practical implementation for manufacturers.
AI Act: Key Concerns for Medical Device Manufacturers
Timing and Readiness Remain Major Risks
One of the central concerns is the timeline for high-risk AI obligations. MedTech Europe argues that current deadlines—August 2027 and 2028—do not reflect the reality of:
Limited notified body capacity
Incomplete harmonised standards
Lack of detailed guidance
Instead, they recommend that obligations should apply two years after the system is fully ready, including standards and infrastructure.
👉 What this means for manufacturers:
Continued regulatory uncertainty for AI-enabled devices
Challenges in investment planning and product development timelines
Risk of premature compliance efforts without clear requirements
Notified Body Capacity and Dual Regulation Challenges
The proposal introduces a single application process for notified body designation under both the AI Act and MDR/IVDR. While positive, MedTech Europe highlights ongoing issues:
Separate legal frameworks still apply
Increased need for AI-specific expertise
Risk of capacity bottlenecks
Impact:
Manufacturers may still face delays in conformity assessment, particularly for AI-based devices requiring both MDR/IVDR and AI Act compliance.
Misalignment of Definitions Creates Compliance Risks
The AI Act introduces new concepts such as:
“Substantial modification”
“Safety component”
These are not aligned with MDR/IVDR terminology or MDCG guidance, especially regarding significant changes.
Impact:
Risk of duplicate or conflicting change-control processes
Potential for unnecessary re-certification
Increased interpretation burden and inconsistency across notified bodies
Clinical Investigations and Market Placement
MedTech Europe highlights a critical gap: investigational devices and performance study devices are not explicitly excluded from being considered “placed on the market” under the AI Act.
Impact:
Possible application of full AI Act requirements during clinical studies
Increased administrative burden
Risk of delays in clinical evidence generation
Risk Management: Avoiding Duplication with ISO 14971
Manufacturers already comply with lifecycle risk management under MDR/IVDR, typically aligned with ISO 14971.
The concern is that AI Act requirements may introduce overlapping systems if not properly aligned.
Impact:
Duplicate risk management processes
Increased complexity in technical documentation and conformity assessment
Potential delays in market access
Data Legislation: Increasing Complexity for Manufacturers
GDPR Adjustments: Positive but Not Yet Sufficient
The proposal includes updates to GDPR, including:
Revised definition of personal data
Clarification of scientific research
New provisions for AI-related data processing
While welcomed, MedTech Europe warns of:
Fragmented interpretation across Member States
Risk of overly prescriptive requirements
Impact:
Manufacturers developing AI or using health data may face continued legal uncertainty, especially in multi-country operations.
Incident Reporting: Move Toward a Single Entry Point
The introduction of a Single Entry Point for incident reporting is seen as a positive step.
Impact:
Potential reduction in duplicate reporting obligations
Improved efficiency across regulatory frameworks (e.g. MDR, GDPR, NIS2)
However, operational details remain unclear, including coordination between authorities.
Data Act: Major Concerns for Medical Devices
MedTech Europe raises significant concerns regarding data access obligations under the Data Act:
1. Mandatory Data Sharing
May expose raw or unprocessed medical data
Risks misinterpretation and patient safety issues
2. Overlap with European Health Data Space (EHDS)
Potential duplication and regulatory fragmentation
3. Legacy Devices
Lack of clarity could require retrofitting older devices
May trigger re-certification under MDR/IVDR
4. Trade Secrets
Current protections are considered insufficient
Impact for manufacturers:
Increased compliance burden and redesign requirements
Risks to intellectual property
Potential delays in innovation and market access
Key Takeaway for Manufacturers
MedTech Europe’s response makes one point clear:
The main challenge is not new regulation—but the interaction between existing frameworks (MDR/IVDR, AI Act, GDPR, Data Act).
Without stronger alignment, manufacturers may face:
Duplicated requirements
Conflicting interpretations
Increased time to market
Higher compliance costs
Conclusion
The Digital Omnibus represents a significant opportunity to simplify the EU regulatory landscape, but its success will depend on:
Alignment with MDR/IVDR frameworks
Clear and harmonised definitions
Proportionate, risk-based implementation
Adequate notified body capacity
For medical device manufacturers, the coming years will be shaped not only by new legislation, but by how effectively these frameworks are integrated in practice.
Read the full document below.
