Skip to main content
Book a Call
EU AI Act Annex III §5 — Healthcare is high-risk

AI Governance for Healthcare & HealthTech

The MHRA regulates AI as a medical device. The EU AI Act classifies healthcare AI as high-risk under Annex III, Section 5. NHS procurement increasingly requires AI governance evidence. Clinical AI governance isn't a compliance exercise — it's patient safety governance.

Book a Scoping Call View Healthcare Services

Three regulatory frameworks, one governance gap

Healthcare AI sits at the intersection of medical device regulation, AI-specific legislation, and NHS procurement requirements. Most healthtech companies are building to satisfy one — and missing the other two.

01

AI as a medical device

The MHRA classifies software that uses AI/ML for diagnosis, monitoring, or treatment decisions as a medical device under the Medical Devices Regulations 2002 (as amended). This triggers conformity assessment requirements, post-market surveillance obligations, and clinical evaluation evidence — regardless of whether the AI is the primary function or an embedded feature.

02

EU AI Act high-risk classification

The EU AI Act's Annex III, Section 5 explicitly classifies AI systems intended to be used as safety components of medical devices as high-risk. If your healthtech product serves EU patients — or EU-based NHS staff use it — you're in scope for conformity assessments, risk management systems, and human oversight under Articles 9–15, with obligations taking effect August 2026.

03

NHS procurement is raising the bar

The NHS AI Lab's governance framework and NHSX's guidelines for evidence-based AI set expectations that procurement teams increasingly enforce. Trusts are asking for algorithmic impact assessments, bias audits, and clinical safety documentation before they'll evaluate your product — let alone procure it.

Healthcare Services

Clinical AI governance that satisfies regulators and procurement

We build governance frameworks designed for healthtech companies — bridging the gap between MHRA requirements, EU AI Act obligations, and NHS procurement expectations in a single, coherent system.

Start here

Healthcare AI Governance Assessment

£3,000 + VAT

A focused assessment of your AI system's governance posture across all three regulatory dimensions: MHRA, EU AI Act, and NHS procurement readiness. You'll know exactly where the gaps are.

  • AI system classification (MHRA medical device + EU AI Act risk tier)
  • Gap analysis across MHRA, EU AI Act, and NHS requirements
  • Clinical safety and bias risk identification
  • Priority action plan with regulatory pathway mapping
1
Discovery call (60 min) — We review your AI system's clinical use case, data pipeline, intended users, and current regulatory posture.
2
Regulatory classification — We determine your MHRA medical device classification, EU AI Act risk tier under Annex III §5, and NHS procurement governance requirements.
3
Gap analysis report — RAG-rated findings across all three regulatory dimensions, with specific references to MHRA guidance, EU AI Act articles, and NHS frameworks.
4
Regulatory roadmap — Prioritised action plan mapping each remediation step to its regulatory driver, with effort estimates and dependencies.
Duration: 2–3 weeks · Delivered remotely
Get Started
Most comprehensive

Clinical AI Compliance Programme

£10,000–£15,000 + VAT

End-to-end governance implementation: we build your clinical AI governance framework, risk management system, and evidence packages — ready for MHRA review, EU AI Act conformity, and NHS procurement.

  • Everything in the Governance Assessment
  • Clinical AI risk management system (aligned to ISO 14971)
  • Algorithmic impact assessment and bias audit framework
  • Human oversight mechanism design for clinical workflows
  • NHS procurement evidence package
1
Assessment — Full governance assessment as per Tier 1, plus deeper review of your AI model architecture, training data, and clinical validation approach.
2
Risk management system — Clinical AI risk management aligned to ISO 14971 (medical device risk management) and EU AI Act Article 9 requirements. Covers hazard identification, risk estimation, and risk control measures.
3
Bias and fairness audit — Algorithmic impact assessment framework covering demographic bias, clinical subgroup performance, and health equity considerations. Designed to satisfy both regulatory requirements and NHS procurement expectations.
4
Clinical oversight design — Human oversight mechanisms designed using UCD methodology for clinical workflows — alert fatigue management, escalation paths, and clinician decision support that works in practice.
5
Evidence package — Comprehensive documentation for MHRA submission, EU AI Act conformity, and NHS procurement: technical documentation, clinical evaluation evidence, and post-market surveillance plan.
Duration: 8–12 weeks · Delivered remotely with on-site clinical workflow sessions
Get Started

Retained Clinical AI Advisory

£2,500/month + VAT

Ongoing governance support as healthcare AI regulation evolves. Monthly reviews, post-market surveillance support, and on-call expertise for your clinical and regulatory teams.

  • Monthly governance review and clinical risk assessment updates
  • MHRA, EU AI Act, and NHS policy change monitoring
  • Post-market surveillance and adverse event governance support
  • Priority access for urgent clinical AI governance queries
Monthly review — 60-minute call to review clinical AI governance posture, new feature deployments, adverse event reports, and regulatory changes.
Regulatory radar — Proactive alerts on MHRA AI/ML guidance updates, EU AI Act enforcement, NHS Digital standards changes, and relevant NICE guidance.
Post-market support — Governance framework for post-market clinical follow-up, adverse event classification, and model drift monitoring.
On-call access — Direct line for urgent governance queries, clinical safety incidents, regulatory correspondence, and NHS Trust procurement questions.
6-month minimum commitment · Cancel with 30 days notice after initial term
Get Started
Why Defensible AI for Healthcare

Governance designed for clinical reality

Healthcare AI governance fails when it's designed by compliance teams who've never watched a clinician use a decision-support tool at 3am. We bring UCD methodology to clinical AI governance — ensuring processes work under real operational conditions.

  • UCD methodology for clinical workflows

    20+ years of user-centred design experience applied to clinical settings. Human oversight mechanisms designed around how clinicians actually make decisions — not how governance committees imagine they do.

  • Cross-regulatory expertise

    We work across MHRA, EU AI Act, and NHS procurement frameworks — building unified governance that satisfies all three without triplicating your effort.

  • Patient safety as the north star

    Clinical AI governance is patient safety governance. Every framework we build is tested against the question: "Does this protect patients?" — not just "Does this satisfy the auditor?"

  • HealthTech-appropriate pricing

    Early-stage healthtech companies can't afford Big Four governance programmes. We deliver the same regulatory rigour at pricing that doesn't consume your Series A runway.

Clinical AI without governance is clinical risk without oversight.

Book a free 30-minute scoping call. We'll review your AI system's clinical use case, assess your regulatory exposure across MHRA, EU AI Act, and NHS requirements, and tell you exactly what needs to happen next.

Book a Free Scoping Call