Acuity AI Advisory

Healthcare Sector

EU AI Act Compliance Review for Hospitals

Clinical AI carries the highest risk classification under the EU AI Act. Irish hospitals have specific obligations as deployers — and the HPRA will be the sectoral regulator enforcing them from August 2026.

Request the review

TL;DR

A EU AI Act compliance review for hospitals identifies every AI system in clinical and administrative use, classifies each under the Act's risk framework, and maps the HPRA's specific compliance requirements. For Irish hospitals, this intersects with existing medical device regulation — AI in medical devices is already subject to the MDR, and the EU AI Act adds additional requirements for clinical AI.

What the EU AI Act compliance review covers for hospitals

Healthcare is one of the sectors where the EU AI Act's high-risk classification applies most broadly. Diagnostic AI, clinical decision support tools, AI-assisted triage systems, predictive monitoring platforms, and AI embedded in medical devices are all within scope. For Irish hospitals, the review must cover both clinical AI and administrative AI — the latter may also attract high-risk classification where it influences decisions about individuals.

The review begins with a complete inventory of AI systems in use across clinical and administrative functions, including AI embedded in platforms procured by different departments. Many hospitals underestimate their AI footprint because procurement has been decentralised — imaging systems, electronic patient records, and scheduling tools all incorporate AI that may not be centrally catalogued.

Each system is then classified against the EU AI Act risk framework, the HPRA's specific oversight requirements are mapped, and the intersection with MDR obligations is identified. The output is a gap analysis with a prioritised remediation roadmap — actionable before the August 2026 enforcement deadline.

What the review produces

  • Clinical and administrative AI systems inventory — complete and categorised
  • EU AI Act risk tier classification for each system
  • MDR overlap identification — where MDR and EU AI Act obligations intersect
  • HPRA oversight obligations mapped per system
  • Deployer obligations gap analysis — conformity, oversight, logging, incident reporting
  • Human oversight assessment for clinical AI workflows
  • Prioritised remediation roadmap with accountability assigned

The HPRA, the MDR, and the EU AI Act

The Health Products Regulatory Authority is the designated sectoral regulator for AI in Irish healthcare under the EU AI Act. The HPRA already regulates medical devices — including AI-enabled medical devices — under the EU MDR. The EU AI Act extends the HPRA's oversight to cover clinical AI that does not meet the definition of a medical device.

For hospitals, this creates a complex regulatory picture. AI in medical devices faces both MDR and EU AI Act obligations. Clinical AI that is not a medical device faces EU AI Act obligations only. Administrative AI may or may not be high-risk depending on the decisions it influences. The compliance review maps this complexity explicitly — identifying which framework applies to which system and what the specific obligations are.

The human oversight requirement under the EU AI Act is particularly significant for hospitals. For high-risk clinical AI, the Act requires that a qualified human professional can understand, monitor, override, and if necessary discontinue the AI system. This is not just a technical capability — it is a clinical workflow requirement that must be designed in, not bolted on after deployment.

Why Acuity AI Advisory

Acuity AI Advisory approaches hospital EU AI Act reviews from an operational governance perspective — how AI is actually deployed across clinical and administrative workflows, not how it is described in procurement documentation. Ger Perdisatt, former COO of Microsoft Western Europe, has direct experience of AI deployment at institutional scale.

The review is vendor-neutral. Acuity AI has no relationship with medical AI vendors and no interest in the technology choices the hospital makes after the review. The output is shaped by what the regulatory framework requires and what good clinical AI governance looks like — not by commercial considerations.

The review fee is fixed and confirmed at scoping. The output is written documentation — designed to be acted on and to serve as evidence of due diligence if the HPRA requests it.

Questions

Common questions

What EU AI Act obligations apply to Irish hospitals?

Irish hospitals are deployers under the EU AI Act. For clinical AI systems classified as high-risk — which includes diagnostic AI, clinical decision support systems, and AI used in treatment planning — hospitals must ensure conformity assessments have been conducted before deployment; implement human oversight of AI outputs in clinical workflows; maintain logs of AI system use; report serious incidents involving AI to the HPRA; provide training for clinical staff using AI systems; and document the AI governance measures in place. The obligations apply regardless of whether the hospital develops the AI internally or procures it from a vendor.

Is diagnostic AI high-risk under the EU AI Act?

Yes. AI systems intended to be used for diagnostic purposes in healthcare — including medical imaging analysis, pathology AI, AI-assisted diagnosis tools, and AI used to recommend treatment pathways — are explicitly classified as high-risk under the EU AI Act. High-risk classification means the full set of deployer obligations apply: conformity assessments, human oversight requirements, logging, incident reporting, and transparency obligations. Where the diagnostic AI is also a medical device regulated under the EU Medical Devices Regulation, the AI Act adds requirements on top of existing MDR obligations — the two frameworks are cumulative, not alternative.

How does the EU AI Act relate to the Medical Devices Regulation for hospitals?

The EU Medical Devices Regulation (MDR) and the EU AI Act are separate legal frameworks that may both apply to the same AI system. AI embedded in a medical device — for example, AI in a medical imaging system or an AI-enabled patient monitoring device — is regulated as a medical device under the MDR. Where that device meets the EU AI Act's definition of an AI system, the Act's additional requirements also apply. Hospitals cannot satisfy their EU AI Act obligations by relying on MDR compliance. The HPRA, as both medical device regulator and AI Act sectoral regulator, is the relevant authority for both frameworks in the Irish healthcare context.

Related

EU AI Act Compliance

Request an EU AI Act Compliance Review for Your Hospital

Fixed-fee. Written findings. HPRA-aware.

Get in touch