Starting August 2, 2026, large parts of the AI regulation will apply in the European Union and thus also in Germany. The regulation, which came into force on August 1, 2024, introduces a risk-based system that imposes strict requirements on providers and operators of Artificial Intelligence. The healthcare sector is particularly affected, where many AI applications are classified as high-risk.
The regulation has already prohibited certain practices with unacceptable risk since February 2025, including manipulative systems or social scoring. From August 2026, the core provisions for high-risk AI systems will come into force. These include comprehensive transparency obligations, risk management, and support measures for innovation. Member states must, among other things, establish at least one regulatory sandbox by then. For certain high-risk systems embedded in products, such as medical devices, full application will be postponed to a later date.
The focus is on classification according to risk levels. High-risk systems are subject to comprehensive obligations: they must establish a risk management system, use high-quality and representative datasets, maintain technical documentation, ensure transparency towards users, and ensure human oversight. In addition, conformity assessments, registration in an EU database, and post-market surveillance are required. High fines are threatened for violations.
Special relevance for the healthcare sector
Many AI applications in the medical field fall under the high-risk category. This includes systems that are considered medical devices or safety components of such devices – for example, software for diagnostic support, image analysis, or patient prioritization. AI systems for assessing the utilization of health services or for triage in emergencies are also affected.
For providers of such systems, this means considerable additional effort in development and market launch. Existing systems that are on the market before August 2026 must be adapted in case of significant changes. Hospitals and other operators as deployers have obligations such as monitoring operation, ensuring human oversight, and reporting incidents.
The regulations supplement existing requirements such as the Medical Device Regulation (MDR) and the In Vitro Diagnostic Regulation (IVDR). This creates a double regulatory layer, which is intended to strengthen safety and patient protection, but can also lead to higher compliance costs. Small and medium-sized enterprises receive relief, for example, in the use of sandboxes for testing in a controlled environment.
Experts see opportunities in the creation of uniform standards that promote trust in AI-powered applications and enable innovations such as more precise diagnoses or more efficient resource planning. At the same time, they warn of bureaucratic hurdles that could delay the introduction of new technologies, especially in a sector with scarce resources. The regulation aims to protect fundamental rights and patient safety without excessively hindering technological progress.
In Germany, national authorities such as the Federal Network Agency coordinate implementation and market surveillance. Companies and healthcare facilities are called upon to check and adapt their systems early to be compliant in time. The coming months are considered a crucial phase for preparation for the new regulatory landscape.
Verified Sources:
- European Commission: Regulatory framework on AI (digital-strategy.ec.europa.eu)
- Artificial Intelligence Act – Implementation Timeline (artificialintelligenceact.eu)
- EU AI Act for Healthcare (tandemhealth.ai and health.ec.europa.eu)
- Official regulation texts and summaries at eur-lex.europa.eu
