How European regulation of medical AI externalizes its incoherence to manufacturers
The European medical AI dossier thickened between 19 November 2025 and 26 March 2026. The Commission presented the Digital Omnibus on AI, tabled proposal COM(2025) 1023 final — which amends the MDR and the IVDR and proposes moving medical AI devices from Annex I Chapter §A to Chapter §B of the AI Act —, the Council adopted a postponement of applicability to August 2028, the Parliament confirmed the §A → §B shift, and the FDA finalized its PCCP framework in January 2026. Final adoption envisaged for summer 2026 or 2027.
The decisive timing: the substantive proposals precede the calendar postponement. The Commission drafts before the Council defers. This ordering is the inverse of what one would observe if the movement proceeded from an industrial concession.
The European Union is not softening the regulation of medical AI. It is recording an incompatibility it cannot resolve.
MDR/IVDR regulates a validated state. The AI Act regulates a trajectory. The first certifies a device at a given instant, and any significant modification triggers requalification. The second qualifies an evolution envelope, within which updates are normal if bounded. These two regimes do not bear on the same object.
Consequence: their combination is unstable, their cumulation is non-commutative, their separation creates blind spots. The solution is neither stacking nor withdrawal — it is a change of regulated object. But the difficulty is not only technical: cumulation holds because its incoherence is externalized to manufacturers. As long as absorption remains possible, resolution has no institutional reason to occur.
Consider a radiology AI model updated monthly on new annotated corpora.
Sequence 1. MDR then AI Act → non-significant modification under MDCG → trajectory adjusted a posteriori → compliance maintained.
Sequence 2. AI Act then MDR → overrun of the qualified trajectory → requalification of the system → modification now significant in the MDR sense → possible recertification.
Same event. Different results. When two regimes bear on the same object, their combination is commutative, or can be rendered commutative by a priority rule. When they bear on different objects, their combination is not defined. We are in the second case. This is not a legal ambiguity, it is a logical indeterminacy. Guidance MDCG-AIB 2025-6 sketches a conciliation effort: it does not resolve non-commutativity at the categorial level, it organizes it.
If cumulation is non-commutative, if operators bear its cost, if regulators themselves are beginning to acknowledge it, why does the system hold?
Because it has found its equilibrium. Categorial incompatibility produces, mechanically, two correlated effects: local over-regulation where the AI Act’s generic instruments have operational grip, and blind spots where they have no instruments suited to clinical specificity. Operators react rationally through circumvention (product reclassification, displacement of declared use outside HRAIS, innovation accumulated in the blind spots). The regulator then re-extends its perimeter with the same generic instruments — the loop closes at a larger scale.
This loop is stable because it distributes costs in an institutionally bearable way. The regulator preserves a public posture of maximal coverage. Manufacturers absorb the incoherence internally. Patients do not see the structure but can reveal its failures through punctual events that move from the clinical register to the political register. The cost is not invisible: it is externalized. Cumulation holds because those who pay for it are not those who decide it.
Uncomfortable consequence for administrative rationality: what presents itself as arbitration is, in reality, an admission. The Commission did not get the object wrong. It simply ended up noticing.
The proposal is a categorial displacement: moving from {product} or {system} to {authorized state + qualified trajectory}. Five properties follow: the update is integrated from the outset; variability is bounded ex ante; compliance is dynamic; proof bears on behavior; documentation describes a trajectory.
For a CTO, the holding regime is not a novelty. It is what software engineering has been doing for ten years: feature flags, canary deployments, observability contracts. Compliance there is a property of a governed pipeline, not a state of a frozen version. The European problem is therefore not to imagine a trajectory logic ex nihilo, but to translate it into an opposable prudential regime.
But the parallel has an asymmetry that must be named. What distinguishes the medical context is not the technical management of the trajectory — software engineering has mastered that — but the nature of the proof required: clinical (on subjects, not on SLAs), populational (at the scale of a cohort, not of an A/B test), legally opposable (engaging product liabilities that survive the update). None of these three characters is required in an ordinary Kubernetes deployment. Translating the industrial paradigm therefore requires not the importation of tools, but their articulation with an evidentiary regime the software industry has never had to produce.
A holding authorization dossier integrates, from the initial submission, four sections: (A) authorized state — current MDR equivalent; (B) qualified evolution envelope — admissible bounds of variability, declared retraining cadence, qualified data sources, non-regression tests; (C) surveillance and controlled withdrawal mechanisms — continuously monitored metrics, rollback procedure, notification conditions; (D) requalification conditions — modification within the envelope = ordinary cycle, outside the envelope = requalification of the envelope itself. The trigger ceases to be the multi-year PSUR and becomes a surveillance event.
Institutional consequence: the notified body ceases to be a validator of state and becomes a qualifier of trajectory. The dominant mastery is no longer principally metrological and clinical, it becomes algorithmic and statistical. The shortage of notified bodies capable of operating in this regime is today the principal operational lock — more constraining than the legal text itself.
The Predetermined Change Control Plan framework finalized by the FDA in January 2026 articulates initial authorization with a declared modification protocol. It is the beginning of integration of {state + trajectory}. But incomplete: it does not cover structural representational biases, nor the relevance of training data on target populations.
The PCCP is not the European model to transpose. It is a proof of existence: a partial holding regime is technically constructible. That is enough to forbid treating the holding regime as doctrinal utopia.
First foreseeable objection: removing the AI Act creates a void. Response: cumulation was not additive, coverage was already incoherent, one does not lose a coverage that had never existed. The real question is not the HRAIS exit but the qualification of what an amended MDR can absorb, and of what remains structurally orphaned.
Two HRAIS requirements resist any plausible MDR absorption: traceability of training corpora derived from third-party foundation models (an amended MDR can demand documentation, it cannot produce the transparency of an upstream it does not control); and evaluation of structural representational biases when the device is deployed on populations whose distribution differs from the initial training corpus (the MDR knows how to certify clinical evaluation on an indication, it does not know how to certify robustness to a distribution shift). These two zones are not particular cases: they are the generic characteristics of a trained model.
Three coverage architectures are conceivable, with distinct institutional costs: a dedicated regulator (by analogy with the EDPS), a transverse normative layer (extension of EMA / ENISA / the future European AI Office), an insurance mechanism (mandatory product insurance indexed on trajectory qualification). None is neutral. The thesis defended here does not arbitrate between the three; it requires only that the arbitration be posed.
Within the 24 months following any adoption, three cases are observable. Convergence: single chain of compliance, falling marginal cost of algorithmic update, emerging holding regime. Divergence: persistent double chain, litigation on the order of application — the thesis fails. Pseudo holding regime: double chain maintained but articulation internalized, marginal cost stabilized, industrialization absorbs what the law does not. Case 3 is dangerous for the thesis because it makes the holding regime technically superior but operationally circumventable. This is the economic definition of a success. It is also that of an admission.
Absorption does not exhaust itself by moral wear of manufacturers — that has never determined a European policy. It yields by the crossing of a threshold, in one of four forms, which may cumulate: legal shock (Member State case law requalifying an externality as a product obligation, 12–36 months after a founding litigation); economic shock (insurance crisis rendering premiums incompatible with margins, 24–60 months depending on reinsurance cycles); clinical shock (cohort harm originating from the orphaned zone, transiting from the statistical register to the media register, structurally incompressible delay); political shock (legislative window opened by a change of majority or institutional crisis, on European electoral cycles).
The 2028 postponement is not a step toward resolution. It is the extension of the period during which one does not resolve. As long as there is someone to absorb the cost, there will be no institutional reason to stop. Which leaves the only question that remains, after this one: at what moment does absorption become impossible?
Until then, the collision remains an equilibrium.