<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Archiving and Interchange DTD v1.0 20120330//EN" "JATS-archivearticle1.dtd">
<article xmlns:xlink="http://www.w3.org/1999/xlink">
  <front>
    <journal-meta>
      <journal-title-group>
        <journal-title>Regulation (EC)
No 178/2002 and Regulation (EC) No 1223/2009 and repealing Council Directives 90/385/EEC
and 93/42/EEC (Text with EEA relevance. ). Official Journal of the European Union Series L
117/1</journal-title>
      </journal-title-group>
    </journal-meta>
    <article-meta>
      <title-group>
        <article-title>Analysis of the Classification of Medical Device Software in the AI Act Proposal</article-title>
      </title-group>
      <contrib-group>
        <contrib contrib-type="author">
          <string-name>Karla A. Cepeda Zapata</string-name>
          <email>karla.cepeda@dkit.ie</email>
          <xref ref-type="aff" rid="aff0">0</xref>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Ritesh Patil</string-name>
          <email>ritesh.patil@insight-centre.org</email>
          <xref ref-type="aff" rid="aff0">0</xref>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Tomás Ward</string-name>
          <email>tomas.ward@dcu.ie</email>
          <xref ref-type="aff" rid="aff0">0</xref>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Róisín Loughran</string-name>
          <email>roisin.loughran@dkit.ie</email>
          <xref ref-type="aff" rid="aff0">0</xref>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Fergal McCaffery</string-name>
          <email>fergal.mccaffery@dkit.ie</email>
          <xref ref-type="aff" rid="aff0">0</xref>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <aff id="aff0">
          <label>0</label>
          <institution>Insight SFI Research Centre for Data Analytics, School of Computing, Dublin City University</institution>
          ,
          <addr-line>Dublin</addr-line>
          ,
          <country country="IE">Ireland</country>
        </aff>
        <aff id="aff1">
          <label>1</label>
          <institution>Regulated Software Research Centre, Dundalk Institute of Technology</institution>
          ,
          <addr-line>Dublin Road, Dundalk</addr-line>
          ,
          <country country="IE">Ireland</country>
        </aff>
      </contrib-group>
      <pub-date>
        <year>2021</year>
      </pub-date>
      <issue>178</issue>
      <abstract>
        <p>The Artificial Intelligence Act (AIA) proposal by the European Commission (EC) is considered the first legal attempt to harmonize rules for AI systems. The proposal is designed to regulate AI systems in different European economic sectors, including Medical Devices (MD). This paper aims to examine the classification of AI systems in the AIA and their alignment with the Medical Device Regulation (MDR). The analysis focuses on Software as a Medical Device (SaMD) and Software in a Medical Device (SiMD), excluding generalpurpose AI systems and machinery products (i.e., driven systems and safety components), as investigation in the Machinery Directive legislation is required. The strategy is to identify the classification conditions for AI systems by mapping key terms and definitions related to Article 6 in the AIA. Then, these conditions are translated into propositions suitable for the MD domain and presented in a flow chart for discussion. The primary source of information for the analysis is the MDR and the AIA, considering the latest revisited version of the proposal (Presidency compromise text, document 11124/22). We conclude this paper by discussing the classification pathway for SaMD and SiMD according to the AIA and additional discussion on terminology-related concerns and suggestions.</p>
      </abstract>
      <kwd-group>
        <kwd>1 Artificial Intelligence Act Proposal</kwd>
        <kwd>Medical Device Regulation</kwd>
        <kwd>Medical Device Software</kwd>
        <kwd>AI System Classification</kwd>
      </kwd-group>
    </article-meta>
  </front>
  <body>
    <sec id="sec-1">
      <title>Introduction</title>
    </sec>
    <sec id="sec-2">
      <title>The Medical Device Regulation</title>
      <p>The Medical Device Regulation (MDR) aims to ensure the safety of concerned patients and to enhance
the quality of Medical Devices2 (MD) in the European Union (EU) without ignoring innovative and
creative technologies [1, 2]. Since the MDR focuses on MDs, it is domain-specific rather than generic.
The main objective of the new regulation is to strengthen protection against risks posed by MDs and to
update regulations to account for new technologies. The MDR replaces the previous EU Medical Device
Directive (MDD) to modernize the EU legal framework system to address the market’s current needs
and new technologies [3]. The MDR has more focus on device safety as compared to the MDD. The
MDR provides general guidelines and regulations that must be followed before putting MDs into the
market, regardless of the technology used for developing MDs. Thus, regulations provided by the MDR
apply to all medical devices irrespective of the technology perceived. The classification rules for MDs
follow a risk-based approach, considering the vulnerability of the human body and the potential risk
associated with the device (MDR, recital 59) [4, 5]. The classification of MDs is divided into four
2 The use of the term device is implemented in this paper as a synonym of medical device.
classes: I, IIa, IIb, and III (MDR, Article 51). For manufacturers to identify the appropriate Class of a
device, 22 rules must be considered, divided into invasive, non-invasive, and active devices and other
special rules (MDR, Annex VIII). Once the Class of an MD is identified, the manufacturer must follow
the applicable obligations and safety and performance requirements [4]. The European Medicines
Agency (EMA), a decentralized agency of the EU, associated a level of risk to the classes where Class
I has the lowest risk and Class III the highest (see Figure 1) [6, 7].</p>
    </sec>
    <sec id="sec-3">
      <title>The Artificial Intelligence Act Proposal</title>
      <p>The Artificial Intelligence Act (AIA) is a proposed European law on Artificial Intelligence (AI) – the
first law on AI by a significant regulator anywhere [8]. The AIA is predicted to be a Global Standard
in the future, as it focuses on determining to what extent AI has a positive rather than negative effect
on everyone’s life. The legal framework proposed is generic, attempting to provide generalized
obligations, procedures, and requirements that could be adopted across disciplines to ensure AI
applications are safer, more robust, and more ethical in the European market. As the name suggests, the
AIA focuses on regulations essential for applying AI to applications and systems; therefore, it is
technology specific. The proposal applies to all products that either contain a component that uses AI,
or an AI system is considered a product itself [8]. Based on the Subject Matter (Article 1), most of the
obligations and requirements proposed are aimed at regulating AI systems. The proposal is divided into
four main sections: prohibited practices, obligations and requirements for high-risk AI systems,
additional transparency obligations for specific practices, and rules for monitoring purposes [9]. The
AIA also includes classification rules for high-risk AI systems, further discussed in Section 3.1. An
Explanatory Memorandum (EM) is attached at the beginning of the AIA, a document that explains the
proposal and used by National Parliaments to examine the AIA. The EM introduces the background,
reasons, and context of the proposal and, within subsection 5.2.2, the classification of AI systems.
Although, the EM will not be part of the Act once enacted [10].
1.3</p>
    </sec>
    <sec id="sec-4">
      <title>What is a Medical Device?</title>
      <p>The MDR defines the term Medical Device (MD) as a single or combination of articles intended for
medical purposes, for which those purposes are formulated by medical action (e.g., diagnosis,
prevention, and monitoring) and medical states (e.g., disease, disability, and physiological state) [11].
Within this definition, software is included as an article. In general, the implementation of software in
the MD domain is divided into two categories: Software as a Medical Device (SaMD) and Software in
a Medical Device (SiMD). SaMD is software for medical purposes which may not necessarily be part
of the hardware [12]. This term is not used in the MDR, although the definition of an MD indicates that
software is considered an MD if its intended use is for medical purposes [11, 12]. In other cases,
software could also be utilized as an accessory and combined with other articles. An accessory is
embedded into an MD to support its performance, which is also known as SiMD [12]. The task of an
accessory is to drive or influence the performance of a device, but as a stand-alone component does not
perform medical actions [4, 11, 12]. According to Recital 12 in the MDR, accessories could also be
regulated under the Machinery Directive (MDI). This depends on the definition stated in Article 2.a
(MDI), which is referred to as machinery, an assembly that contains connected components, including
driven systems. In Europe, the Medical Device Coordination Group, a group of representatives of
Member States dealing with issues and guidelines related to MDs, SaMD is referred to as Medical
Device Software (MDSW) [4, 12].</p>
      <p>This paper aims to understand the different classifications that an MD may have under the AIA. This
is essential to understand the classification of MDs in the AIA proposal and inspect for inconsistency
between both documents, the MDR and the AIA. Hence, the research question of this paper is to answer:
What is the classification scope for MDs in the AIA? Note that this analysis should not be taken as legal
guidance but as a necessary exercise to better understand the future of MDs under the AIA proposal.
The rest of the paper is divided as follows: in Section 2, we define the scope and describe the strategy
for the analysis of the classification of MDSW in the AIA; in Section 3, we performed the analysis by
understanding in more detail the classification rules in the AIA, initial mapping of the classification in
the AIA and the MDR, and building a flow chart based on propositions and conclusion for further
discussion; in Section 4, we discuss the pathway of the classification of MDs shown in the flow chart
and other concerns observed in terms of terminology; and finally, in Section 5 we present our
conclusions and directions for future work.
2</p>
    </sec>
    <sec id="sec-5">
      <title>Methodology</title>
      <p>In this section, we explain the strategy carried out for the examination of the classification of MDs
adopting AI techniques according to the AIA. This process was performed by understanding and
mapping terms and definitions from the rules established in the proposal. The scope of our analysis
focuses on SaMD, with the assumption that most of the MDs adopting AI will be stand-alone software
solutions [13]. To slightly expand the scope, we include SiMD but exclude devices considered
machinery products3, as this requires further analysis of an additional legal document, the MDI.
Additionally, the latest revisited version of the proposal includes new provisions for general-purpose
AI systems in response to recent emergent technologies such as ChatGPT [14]. This is also out of the
scope of this analysis. Additional provisions regarding obligations and requirements for
generalpurpose AI systems were introduced in the new Title IA. The primary data sources for this analysis are
two legal documents: the MDR and the AIA4. We consider the latest revised version available5. In the
rest of this paper, we will refer to three main sections from each legal document as follows: recitals,
which introduce reasons for the enacting terms and are located after the word ‘whereas:’; articles,
which are the normative part of an Act (enacting terms); and, annexes, which contain rules or technical
data and are generally mentioned in articles [15]. Other official EU sources, such as posts, articles, and
reports, and the Explanatory Memorandum (EM) attached to the proposal are excluded from the
analysis as a measure to avoid prejudice.</p>
      <p>We analyzed by mapping terms and definitions, finding relevant conditions, and building
propositions in a logical reasoning approach to reduce subjectivity. First, we performed an exercise to
understand the classification rules stated in the AIA. Based on that process, and as a starting point, we
generated an initial graph showing the relationship between the AIA and the MDR. Afterward, we
identified relevant conditions from the classification of AI systems in the AIA and expanded them based
on related recitals, articles, definitions, and annexes. Then, these conditions were translated into
propositions in terms of MDs using logical reasoning symbols, and subsequently, these propositions
were combined using logic connectives, depending on a conclusion. Propositions are statements with
true and false values, whereas logic connectives, e.g., AND/OR Boolean operators, connect
propositions associated with a conclusion. We refer to the conjunction of the propositions and
connectives with their respective conclusions as implications, equivalent to “if… then…” [16, 17]. At
the end of the analysis, we deliver a flow chart based on these implications as an outcome of the analysis
process, representing the classification processes of MDs. By building propositions and a flow chart,
we expect to cover relevant rules and pathways of the classification of MDs under the AIA for greater
discernment. The symbols and elements used in Section 3.3 (Building Propositions and the Flow ) with
their corresponding meaning are shown in Table 1.
3 For instance, driven systems and safety components.
4 Available in https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52021PC0206.
5 Presidency Compromise text on the AI Act (document 11124/22). Available in
https://data.consilium.europa.eu/doc/document/ST-111242022-INIT/en/pdf.</p>
    </sec>
    <sec id="sec-6">
      <title>Analysis</title>
    </sec>
    <sec id="sec-7">
      <title>Understanding the Classification of AI Systems</title>
      <p>
        This section will examine the classification rules for AI systems based on the AIA proposal. The AIA
proposes a clearly defined risk-based approach to specify rules for AI systems due to the potential
generation of “... risks and cause harm to the public interest and rights that are protected by Union law
...” (AIA, recital 14) [9]. This arrangement of rules proposes the classifications for AI systems, which
are associated with risks and threats to fundamental rights and values. The AIA directly introduces
highrisk as a classification for those AI systems with a specific modality, i.e., stand-alone solutions and
safety components, and purpose, i.e., products within the NLF (Annex II) and other use cases (Annex
III) [20]. Once providers comply with legal obligations and requirements set out in Title III, high-risk
AI systems are permitted in the Union Market (AIA, Article 6) [9, 21]. Besides high-risk AI systems,
it is possible to identify6 three other AI system classifications: (
        <xref ref-type="bibr" rid="ref1">1</xref>
        ) unacceptable, (2) non-high, and (3)
deceiving7 risk [9]. We explain these in turn. First, the unacceptable risk classification is identified in
the list of prohibited practices in the AIA (Article 5). When the intended use of an AI system falls under
one or more of these descriptions of practices, the AI system is banned from the market because of
unacceptable risks associated with fundamental rights and the European Union’s interest (AIA, recital
14). Examples of unacceptable risk AI systems could be subliminal manipulation (e.g., toys with voice
assistance encouraging dangerous activities), social scoring, and real-time biometric identification
systems [21, 22]. It is important to note that, according to Recital 27, high-risk AI systems must not
pose an unacceptable risk to place on the Union market or put into service. Secondly, the proposal also
refers to non-high-risk AI systems as those that voluntarily apply a code of conduct based on the
requirements set out in Chapter 2 of Title III (AIA, Article 69) and optional requirements associated
with sustainability, accessibility, and diversity (AIA, Recital 81) [9]. Using the prefix “non-” in the
non-high-risk classification suggests that high- and non-high-risk AI systems do not overlap8, although
this is not clarified in the AIA. Lastly, deceiving-risk classification is identified in Article 52,
segregation of AI systems that are associated with impersonation and deception risks and subjected to
transparency obligations [9, 21, 23]. According to Recital 70, deceiving-risk AI systems could overlap
with high-risk classification (without predisposition to the obligations in Title III) or non-high-risk
classifications, suggesting an AI system is not deceiving on its own [9]. The overlapping behaviour of
the AI system classification is illustrated in Figure 2, and the summary of the classification of AI
systems is shown in Table 2, in which we introduce definitions for each classification formulated based
on the rules in the AIA.
6 By means that the AIA does not directly state that unacceptable, deceiving, and non-high-risk AI systems are classifications. But we are
considering them as these rules segregate AI systems and differentiate them from the high-risk once. Hence, applicable obligations and
requirements will depend on the classification assigned to the AI system.
7 Other sources refer to this as limited risk. But, as these AI systems are associated to impersonation and deception risks, we consider using
the term deceiving to refer to both types of risks.
8 When referring to overlapping behavior, we refer to characteristics of two objects, e.g., high- and non-high-risk AI system, that could be
similar or commonly happen together.
Unacceptable
      </p>
      <p>Deceiving</p>
      <p>High
Non-High</p>
      <p>AI systems perceived as a potential threat to
people’s fundamental rights and EU values,
which are associated with significant potential
for manipulation, exploitation, and social
control. Consequently, these are banned from
the market. This classification does not overlap
with any of the other classifications.</p>
      <p>AI systems associated with impersonation and
deception risks must comply with specific
transparency obligations (Article 52).</p>
      <p>AI systems are products themself or safety
components and belong to the NFL (Annex II) or
specific use cases (Annex III). These must
comply with obligations and requirements set
out in Title II. Although some high-risk AI
systems may be considered deceiving,
additional transparency obligations must be
applied.</p>
      <p>AI systems that are free of use and voluntarily
follow legal requirements from Chapter 2 of
Title III. Some Non-High systems may be
considered deceiving; hence transparency
obligations must be considered.</p>
      <p>In the</p>
      <p>AIA
Recital 15 and
Article 5.</p>
      <p>Recital 70 and</p>
      <p>Article 53.</p>
      <p>Subliminal
techniques,
exploitation of the
vulnerability of
specific groups.</p>
      <p>Chatbots
Medical Devices and
Machinery Systems.</p>
      <p>Recital 27 and</p>
      <p>Article 6.</p>
      <p>Accessories
Medical
(excluding
machinery devices)</p>
      <p>for
Devices</p>
      <p>Recital 81 and
Article 69.</p>
      <p>In the following subsection, we examined the relationship between the MDR and AIA, including a
graphical representation of the classification and its association with the MDR.
3.2</p>
    </sec>
    <sec id="sec-8">
      <title>Initial Mapping Process</title>
      <p>In this section, we present the first steps to analyze the classification of AI Systems under the AIA and
their association with the MDR. This is to understand the relationship between the legal document and
the proposal in a general approach. Based on Section 1.1 (The Medical Device Regulation) and Section
3.1 (Understanding the Classification of AI Systems), we created an initial representation of the
classification of devices in the AIA and the MDR, shown in Figure 3. The direction of this graph starts
from the AIA (at the top) to the MDR (at the bottom), as the former refers to MDs in Annex II, section
a, but the MDR does not mention the AIA (yet). When analyzing this graph, our first presumption is
that all MDs adopting AI might belong to the high-risk classification under the AIA. This is visible by
following the orange line drawn in Figure 3, which covers all device classes. This is particularly
concerning, as Class I devices adopting AI techniques, considered devices with the lowest risk
associated (see Figure 1), might be subject to additional regulatory procedures. Although, we shall see
that a deeper analysis of the classification rules reveals some further distinctions to be recognized. For
the following subsection, we will focus mainly on Article 6 (Classification rules for high-risk AI
systems) to verify whether MDs belong to this classification by default.</p>
    </sec>
    <sec id="sec-9">
      <title>Building Propositions and the Flow Chart</title>
      <p>
        We next perform a more comprehensive analysis of the classification of AI systems and their
association with MDs incorporating AI techniques. The following step describes a more extensive
analysis by (
        <xref ref-type="bibr" rid="ref1">1</xref>
        ) building general conditions from the classification rules of AI systems, (2) formulating
these conditions into propositions in an MD perspective, (3) building implications with a combination
of propositions, and (4) building a flow chart based on the implications. As already examined in Figure
3, it seems that MDs adopting AI techniques are classified as high-risk under the AIA, regardless of the
Class assigned to the device. Although, we assume that MDs might fall into other classifications
depending on the conditions.
      </p>
      <p>The first step in this broader analysis is identifying relevant conditions in the AIA for classifying AI
systems. The starting point of this process was Article 6 (AIA), which contains the rule classifications
for high-risk systems for safety components or stand-alone products. We identified other conditions
related to Article 6 by mapping key recitals, definitions, and annexes. The mapping process also
considered other recitals and articles mentioned in Table 2. This mapping process is illustrated in Figure
4, in which the dashed lines that connect sections are referred to as edges and enumerated for easy
reference. Green edges and areas correspond to the classification of high-risk AI systems. Edges and
orange areas are associated with Article 6, so the edges started from this article to other relevant
sections. Pink edges and areas in other recitals and articles are related to Article 6, so the dashed lines
started from these to Article 6. This process derived four conditions, shown in Table 3, which are used
as the basis to analyze the route classification of SaMD and SiMD in the AIA.</p>
      <p>The conditions in Table 3 were translated into a suitable form for an MD to formulate propositions
and conclusions, shown in Table 4. Although to perform this process, we altered the direction of the
analysis from the MDR to the AIA to prioritize MDs. First, we must ensure that the product performs
medical purposes [24], regardless of the article, technology, or method utilized by the manufacturer
(proposition a). Then, as an MD could be as simple as a sticking plaster, it is considered that an MD
must contain software9 (proposition b). Such software should contain an AI system using specific
methods and approaches indicated in the definition of AI (proposition c); otherwise, the device is out
of the scope of the AIA. Next, the intended use of AI systems embedded into MDs must not fall into
unacceptable risk (proposition d); otherwise, the AI system will be banned from the European Union.
Then, deceiving practices were considered in proposition e, which are applicable for high- or
non-highrisk. Lastly, even though the term product itself is not defined in the AIA and the MDR, we assume this
term refers to devices that perform a medical purpose and are intended to be placed on the market or
put into service. Therefore, regarding software, SaMD is identified as a product itself (proposition f). If
an MD contains an AI system, but the latter does not perform medical purposes (accessory), this is not
regulated under the AIA, and the AI system is classified as a non-high-risk system.
(d)  belongs to prohibited practices ( ).
(e)  belongs to deceiving practices ( ).
(f)  performs medical purposes (</p>
      <p>).</p>
      <sec id="sec-9-1">
        <title>C1  under the scope of the AIA.</title>
        <sec id="sec-9-1-1">
          <title>C2  is unacceptable risk ( ).</title>
        </sec>
      </sec>
      <sec id="sec-9-2">
        <title>C3  is a high-risk system ( ).</title>
        <sec id="sec-9-2-1">
          <title>C4  is a non-high-risk system ( )</title>
          <p>9 The definition of software is in accordance with the ISO/IEC/IEEE 24765:2017 as a “[…] combination of statements in a programming
language […] that enable computer hardware to perform computational or control functions […]”.</p>
          <p>
            We connected the propositions with logic connectives and associated them with a specific
conclusion, shown in Table 5. Overall, when any proposition in implication (
            <xref ref-type="bibr" rid="ref1">1</xref>
            ) is false, the MD is out
of the scope of the AIA, i.e., the AIA is not applicable for compliance. The implication number (
            <xref ref-type="bibr" rid="ref1">1</xref>
            ) is
critical to establishing an initial decision on whether the device might be considered under the AIA,
which is preconditioned by the definition of an AI system (Article 2.1). Once this implication is true,
the pathway to determine what classification in the AIA the device begins by assessing unacceptable
practices. We establish implication (2) as predominant among implications (3) and (4). This is because
there is no relevance whether the AI system (device itself or an AI accessory) is classified as high- or
non-high-risk; this will be banned from the European Union market if its intended purpose falls into
unacceptable risks. When implication (2) is false, the following implications determine whether the
device is high- (implication 3) or non-high-risk (implication 4) and deceiving risks if applicable. When
it is determined that an MD falls under the scope of the AIA, obligations, and requirements shall be
considered alongside the MDR (Article 43). It is important to note that the safety components of a
product (condition 3.b, Table 3) are not considered for this analysis, as this is related to devices
considered machinery and requires further analysis of the MDI. A graphical representation of these
implications is shown in Figure 5, which is further discussed in Section 4.1 (Classification of devices
in the AIA). The color code in the flow chart represents the following: items in yellow are the designed
propositions, orange elements are conclusions, and the blue ones are additional information related.
Some items included an identification (ID) code for easy referencing when discussing the diagram. The
syntaxis of this code is the prefix FC{N} where FC stands for flow chart and {N} is a positive integer
number.
,
  2 ∧ ( ∨ ( ∧  ))
          </p>
          <p>ℎ  3  
4  4:  ( )
  2 ∧ (¬ ∨ (¬ ∧  ))
 ℎ  4</p>
          <p>Conditions</p>
          <p>
            Table 3
(
            <xref ref-type="bibr" rid="ref1">1</xref>
            ) and
(4.a)
          </p>
          <p>Propositions</p>
          <p>Table 4
(a), (b), and</p>
          <p>(c)
(2)</p>
          <p>(d)
(3.a) and</p>
          <p>(4.a)
(3.a) and
(4.a)
(e) and (f)
(e) and (f)</p>
          <p>Comments
Root implication. MDs under the scope of the
AIA. If this condition is false, other conditions
are not relevant. In other words, whether AI
is embedded in MDs is not under the
definition of AI systems per the AIA. Hence it
is out of the scope of the proposal.</p>
          <p>Predominant implication. Other
classifications are irrelevant if an AI system
embedded in an MD fall into prohibited
practices. This should be taken as a
predominant classification.</p>
          <p>The MD is part of the list in Annex II from the
AIA, and the device is a product itself (SaMD).</p>
          <p>If this is false, we are dealing with SiMD, e.g.,
AI systems, as an accessory. If deceiving
practices are identified, additional
transparency obligations must be
considered.</p>
          <p>The MD is listed in Annex II but does not
perform medical purposes. Hence it is an
accessory. Other than machinery devices,
SiMD is categorized as a non-high-risk
system. If deceiving practices are identified,
transparency obligations must be
considered.</p>
        </sec>
      </sec>
    </sec>
    <sec id="sec-10">
      <title>Discussion</title>
      <p>This section discusses the flow chart designed in Section 3 (Analysis) around SaMD and SiMD,
excluding machinery devices and general-purpose AI Systems. Additional observations and
suggestions are discussed concerning terminology used in the AIA proposal.
4.1</p>
    </sec>
    <sec id="sec-11">
      <title>Classification of devices in the AIA</title>
      <p>In this subsection, some points will be discussed about the flow chart crafted (Figure 5) in terms of
SaMD and SiMD (excluding machinery devices):
• The initial graph presented (Figure 3) suggested that MDs fall into the high-risk classification
in the AIA. The flow chart delivered in our analysis showed that MDs might fall into other
classifications and not just into high-risk.
•
•
•
•
•
•</p>
      <p>The proper classification of the MDs depends on whether the device contains software and
whether such software has one or more specific AI methods and approaches. Hence, this could
be applicable for MDs that contain software: SaMD and SiMD.</p>
      <p>SaMD adopting specific AI techniques for medical purposes may fall into three categories: high
risk, high and deceiving risk, or unacceptable risk. SiMD with specific AI techniques may fall
into three categories: non-high risk, non-high and deceiving risk, or unacceptable risk. Notice
that in the flow chart, SaMD and SiMD classified as unacceptable risk are not directly
represented as it is irrelevant if the device is a SaMD or SiMD. The AI system will be banned
from the European market (see exception 2 in the flow chart). However, the following
statements are understood.</p>
      <p>On the one hand, when an AI system is classified as unacceptable-risk, and this is a device
itself, i.e., SaMD, the device could be classified as unacceptable, as the AI system is the device
itself. Conversely, MDs embedding an AI system to support the performance of the device, i.e.,
SiMD, the AI accessory, is classified as unacceptable, not the device. The classification of
SaMD and SiMD is illustrated in Figure 6.</p>
      <p>Note that SiMD may be classified as high-risk when the device is considered machinery, or the
AI system is used as a safety component. Machinery products fall under different legislation,
the MDI. However, further analysis is required (see exception 1 in the flow chart).
An MD will contemplate two classifications separately: one classification in the MDR and
another one for the AIA. This is also understood as the fact that the device does not inherit the
classification of the AI system. This statement is in according with Recital 31, which states,
“The classification of an AI system as high-risk pursuant to this Regulation should not
necessarily mean that the product [device]… is considered ‘high-risk’ under … the relevant …
legislation that applies to the product [device]”. This also means that it is irrelevant to the
position of the block of device classes in the flow chart (see FC8), as these two classifications
from the AIA and MDR are independent. Although, we suggest locating this block of device
classes after assessing unacceptable risks to avoid re-designing tasks.</p>
      <p>Obligations and requirements shall be considered alongside the MDR when an MD falls in the
scope of the AIA (see FC9). This depends on the classification assigned to the MD in the AIA.
For SaMD, obligations and requirements in Chapter 2 of Title III must be considered additional
to the MDR. For SiMD classified as non-high risk, the manufacturer determines whether to
apply codes of conduct (Article 69) based on the requirements set out in Chapter 2 of Title III
in the AIA.</p>
    </sec>
    <sec id="sec-12">
      <title>4.1.1 Example of Classification of SaMD in the AIA</title>
      <p>To illustrate the discussion in Section 4.1, we will introduce a simple example from a high-level
perspective based on a real-world mobile app that is considered an MD. Notice that for this scenario,
we will use the term provider to refer to a manufacturer that develops an AI system (or has an AI system
developed by a third party) for medical purposes and markets the device (Article 3.2 in the AIA and
Article 2.30 in the MDR). Let us assume this mobile app is intended for symptoms checker purposes
and is considered a Class I SaMD and CE marked accordingly. For this example, to identify the
classification of the device in the AIA proposal, the principal features to consider are the assessment
tool (AI Chatbot) and Machine Learning methods used to identify symptoms and possible conditions.
The following could be evaluated10 from a high-level perspective based on the flow chart and IDs
presented in Figure 5:
• FC3. The symptoms checker on the mobile app contains AI techniques and approaches. These
AI techniques and approaches are part of the branch of Machine Learning, which is listed in
the definition of AI system in the AIA. Based on this, the symptoms checker should be
considered an AI system under the AIA.
• FC4. The intended use of the device does not seem to fall into unacceptable practices. In general
terms, this app does not perform real-time biometric surveillance, does not use subliminal
manipulation of behavior beyond someone’s consciousness, does not exploit the vulnerability
of a specific group, or does not perform social scoring on natural people.
• FC5. As the symptoms checker is intended for the diagnosis/triage of symptoms based on the
inputs of a user, this symptoms checker tool is an MD. Hence, it is classified as a high-risk AI
system.
• FC6. Additionally, this app contains an AI-enabled chatbot that is used during the assessment
of symptoms. This is also classified as deceiving due to the chatbot as impersonation and
deceptive risks.
• Conclusion. The symptoms checker mobile app falls within the scope of the AIA, and it is
classified as high- and deceiving-risk. Hence obligations and regulatory requirements from the
AIA must be considered.</p>
      <p>
        This mobile app example is classified as a high- and deceiving-risk AI system, and this classification
is independent of the Class I assigned in the MDR. This means that the provider of this SaMD example
must comply with (
        <xref ref-type="bibr" rid="ref1">1</xref>
        ) obligations and requirements set out in the MDR for Class I devices and (2)
obligations and requirements in the AIA due to its condition of being a high-risk AI system, and on top
of that, additional transparency obligations due to the chatbot.
4.2
      </p>
    </sec>
    <sec id="sec-13">
      <title>The Use of the Term Non-High-Risk</title>
      <p>The term non-high risk was utilized on several occasions in the AIA proposal. Even though we used
this term during our analysis, we must bring up the following observation. It was also found that the
term non-high risk has related expressions used as synonyms, such as “not high-risk” and “other than
high-risk.” It is assumed that the AIA introduces the term non-high risk to refer to any AI system that
is less than high-risk. Although, by interpreting the term in a logical analysis, this term might bring
confusion. Let us represent the risk classification for AI systems ( ) in a Venn Diagram to illustrate
this misleading term. For this exercise, the ideal representation of high-risk (ℎ) and unacceptable-risk
( ) AI systems are by pairwise mutually exclusive sets. The rest of the universe of  will be represented
as  (see Figure 7, left side). Please, note that deceiving-risk AI systems are not represented in the
Venn Diagram, as this classification overlaps with high- or non-high-risk; hence, there is no case in
which an AI system is deceiving on its own (AIA, recital 70). When referring to the negation of ℎ, this
is referred to as ¬ℎ, translated as “not high-risk” or non-high-risk. Hence, when referring to
non-high10 FC1, FC2, and FC8 propositions were already covered with the pre-conditions of the example. Hence, it is not necessary to evaluate these
propositions for this scenario.</p>
      <p />
      <p>ℎ
 = 
∪ ℎ ∪</p>
      <p>where
 = ℎ ∪ ℎ̅
ℎ̅ =</p>
      <p>∪ 

ℎ
risk (ℎ̅) AI systems, this could be understood as the set ℎ̅: { ,  }, represented in a light gray color in
Figure 7 (see right side). This implies that ℎ̅ are any AI systems different than a high-risk that may
cover unacceptable risk AI systems different than high-risk. We suggest introducing a definition in
Article 3 to state the definition of non-high-risk AI systems or using a different term, such as minimal
risk.</p>
    </sec>
    <sec id="sec-14">
      <title>Inconsistency Use of Classification Terms</title>
      <p>It was observed that other sources report slightly different classifications besides unacceptable and high
risk. We will discuss two pieces of information: the Explanatory Memorandum attached to the AIA and
the Regulatory Framework Proposal on Artificial Intelligence. The AIA has a document attached called
Explanatory</p>
      <p>Memorandum (EM). This piece clearly explains EC proposed acts, and national
Parliaments use this document for examination [10]. The EM in the AIA introduces the background,
reasons, and context of the proposed Act, and within subsection 5.2.2, the AI systems levels of
unacceptable, high, and low or minimal risk. In another post [21], the legal framework was broadly
described and introduced the AI system classification levels unacceptable, high, limited, and minimal
or no risk. This post represents the classification as a risk-level pyramid, as shown in Figure 8. Based
on the previous two materials mentioned, the following observations are formulated:
•
•
•</p>
      <p>These sources frame the risk levels slightly differently, specifically for AI system
classifications other than unacceptable and high risk. The EM introduces low or minimal,
whereas [21] minimal to no risk. Additionally, [21] introduces another risk classification named
limited. Hence, it is necessary to harmonize the risk classification of AI systems and introduce
a proper definition.</p>
      <p>Representing the AI classifications in a pyramid approach might not be appropriate. According
to the short description in [21], limited-risk AI systems are subject to transparency obligations.
As previously mentioned in Section 3.1 (Understanding the Classification of AI Systems),
Recital 70 described the overlapping behavior of these with high-risk and minimal AI
systems11. In such cases, the representation of the classifications in a hierarchical graph is
limited to displaying overlapping of limited risk with the high- and minimal-risk classifications.
It is unclear whether the AIA will consider AI systems low-risk or associated with an absence
of risk. As previously mentioned, various sources frame the risk classification slightly
differently, especially those less than high-risk. The AIA does not clarify an absence of risk but
implicitly defines no obligations to systems other than high-risk AI systems, which may suggest
low-risk conditions for some AI systems.
11 Assuming minimal risk is “equivalent” to non-high-risk AI systems.</p>
      <p>Unnacceptable</p>
      <p>High
Limited</p>
      <p>Minimal</p>
      <p>The AIA established that some practices related to real-time biometric identification for law
enforcement could be allowed upon authorization. Article 5.2 states, “[…] real-time biometric
identification systems […] shall comply with necessary and proportionate safeguards and
conditions in relation to the use, in particular as regards the temporal, geographic and
personal limitations […]”, but it is not clarified whether these systems would be subject to
regulatory requirements such as those set out in Chapter 2 of Title III. This might represent a
regulatory gap in the proposed legal framework.</p>
      <p>The term product and final product has also been used in some sections of the AIA. It is not
clear if product and final product refers to the same artefact. For final product it is interpreted
that this term is used to describe the products from other NLF legislations; therefore, the word
manufacturer has been used alongside the term product. If these terms refer to the same artefact,
we suggest fixing a single term for harmonization.</p>
      <p>The terms stand-alone and component of a product have been used in the EM and in the AIA.
Although, these are not defined in the proposal. It is not clear if stand-alone is a synonym of a
product itself, and if the terms component and safety component refer to the same artefact. We
suggest using a single term to harmonize terminologies in the document.</p>
      <p>The classification of MDs which fall under the AIA is expected to adhere to the guidelines and
procedures mentioned in the proposal. However, the AIA is based on a risk-based approach,
and the AIA does not define the term risk explicitly. Therefore, it would be helpful to have the
provision of the term risk defined explicitly rather than referencing from other memorandums
and articles, as the term risk may have different intensities of use for each domain. This will
ensure that there are no loopholes in the proposal, and this will help the AI community to move
rapidly towards safe and trustworthy AI systems, as well as responsible AI, and this will serve
the MD domain immensely.</p>
      <p>Pronouns are used in Article 24.3, which impairs objectivity. This Article says: “… Where the
legal act listed […] enable the manufacturer of the product to opt out from a third-party
conformity assessment […] that manufacturer may make use of that option only if he has also
applied harmonized standards or […] common specifications […] covering the requirements
set out in Chapter 2 of this Title [III]”. From the previous sentences, the term manufacturer is
referred to as man, using the pronoun he. It is recommended to rephrase such sentences as the
regulation should sound more general.</p>
    </sec>
    <sec id="sec-15">
      <title>Conclusion</title>
      <p>This work discusses the classification of AI systems in the AIA proposal and its alignment with MDs.
The outcome of the analysis was a flow chart used to support the understanding of the classification
scope for MDs under the AIA. This work is limited to examining SaMD and SiMD, excluding
machinery products and general-purpose AI systems. Despite the initial examination suggesting that all
MDs would be classified as high-risk in the AIA, our analysis indicates otherwise. SaMD could fall
into high-risk, high- and deceiving-risk, and unacceptable-risk classifications in the AIA. Although,
there is no scenario in which SaMD is classified as non-high risk. SiMD could be classified as
nonhigh-risk, non-high- and deceiving-risk, and unacceptable risk in the AIA. However, SiMD might be
classified as high-risk if the device is considered a machinery product, but further analysis of the MDI
is required. Notably, an MD does not inherit the risk associated with the classification in the AIA, which
would result in the Class assigned in the MDR remaining unchanged. For instance, if a device Class I
(associated with low risk) is classified as high-risk in the AIA, the classification in the MDR remains
unchanged. Consequently, manufacturers should take both classifications separately, considering
applicable requirements and obligations in the AIA and the MDR. Additional terminology-related
concerns were also observed. First, the term non-high-risk could be misleading, as unacceptable AI
systems could also be interpreted as non-high-risk systems. This is important to consider for better
control of the term; hence we suggest defining it or using a different term, such as minimal risk. Second,
other sources report slightly different classification terms, which may lead to confusion regarding the
MDR and AIA. This issue may also lead to uncertainty about whether the AIA considers AI systems
entirely risk-free or that they pose minimal or low risks. Finally, terms such as stand-alone and risk are
not defined in the AIA, which may limit the interpretations of the proposed legislation. For future work,
exploring the requirements set out in Chapter 2 of Title III in the AIA and comparing them with the
safety and performance requirements in the MDR will be interesting. Additionally, a similar analysis
presented in this paper could be explored but in alignment with the U.S. Food and Drug Administration
initiatives for the adoption of AI in MDs.</p>
    </sec>
    <sec id="sec-16">
      <title>Acknowledgments References</title>
      <p>This work was financially supported by the HEA’s Technological University Transformation Fund
(TUTF), Biodesign Europe, and Dundalk Institute of Technology (DkIT). This work was also supported
by funding from Science Foundation Ireland under the grant for the Insight SFI Research Centre for
Data Analytics (SFI/12/RC/2289_P2).</p>
    </sec>
  </body>
  <back>
    <ref-list>
      <ref id="ref1">
        <mixed-citation>
          <source>[1] [2] [3] [4] [5] [6]</source>
          [7]
          <string-name>
            <given-names>European</given-names>
            <surname>Commission</surname>
          </string-name>
          , “
          <article-title>Questions and Answers: Commission proposes an extension of the transitional periods for the application of the Medical Devices Regulation,”</article-title>
          <source>Jan. 06</source>
          ,
          <year>2023</year>
          .
        </mixed-citation>
      </ref>
      <ref id="ref2">
        <mixed-citation>
          https://ec.europa.eu/commission/presscorner/detail/en/qanda_23_24 (accessed Apr.
          <volume>01</volume>
          ,
          <year>2023</year>
          ).
        </mixed-citation>
      </ref>
      <ref id="ref3">
        <mixed-citation>
          <string-name>
            <given-names>European</given-names>
            <surname>Commission</surname>
          </string-name>
          , “New EU Rules to Ensure Safety of Medical Devices,”
          <year>2018</year>
          . doi:
          <volume>10</volume>
          .2873/51617.
        </mixed-citation>
      </ref>
      <ref id="ref4">
        <mixed-citation>
          <string-name>
            <given-names>European</given-names>
            <surname>Union</surname>
          </string-name>
          , “
          <article-title>Factsheet for Manufacturers of medical devices</article-title>
          ,” Aug.
          <year>2020</year>
          . doi:
          <volume>10</volume>
          .2873/66341.
        </mixed-citation>
      </ref>
      <ref id="ref5">
        <mixed-citation>
          <string-name>
            <given-names>Medical</given-names>
            <surname>Device</surname>
          </string-name>
          Cooperative Group, “
          <article-title>Guidance on Qualification and Classification of Software in Regulation (EU)</article-title>
          <year>2017</year>
          /
          <fpage>745</fpage>
          - MDR and Regulation (EU)
          <year>2017</year>
          /
          <fpage>746</fpage>
          - IVDR,”
          <year>2019</year>
          .
        </mixed-citation>
      </ref>
      <ref id="ref6">
        <mixed-citation>
          <string-name>
            <given-names>S.</given-names>
            <surname>da Rocha</surname>
          </string-name>
          <string-name>
            <surname>Dias</surname>
          </string-name>
          , “
          <article-title>Coordinating expert panels on high-risk medical devices and in vitro diagnostics</article-title>
          ,” May
          <year>2022</year>
          .
        </mixed-citation>
      </ref>
      <ref id="ref7">
        <mixed-citation>
          <string-name>
            <given-names>European</given-names>
            <surname>Medicines</surname>
          </string-name>
          <string-name>
            <surname>Agency</surname>
          </string-name>
          , “Medical devices,”
          <year>2023</year>
          . https://www.ema.europa.eu/en/humanregulatory/overview/medical-devices
          <source>(accessed Mar</source>
          .
          <volume>20</volume>
          ,
          <year>2023</year>
          ).
        </mixed-citation>
      </ref>
    </ref-list>
  </back>
</article>