Article

EU AI Act in healthcare: what already applies and what does your practice need to arrange?

An honest explanation for healthcare professionals: which AI Act obligations already apply, why diagnostic AI is automatically high-risk, and what your practice needs to arrange.

Written by Loek Delahaye, founder, Delahaye Solutions · ex-CTO with 10+ years in software and AIPublished:
Short answer
  • AI literacy (Article 4 of the EU AI Act) already applies to every healthcare practice using AI tools, from AI features in your EHR software to speech-to-text dictation tools. In force since 2 February 2025.
  • Diagnostic AI systems (radiology AI, clinical decision support, AI triage) are automatically classified as high-risk AI: they fall under Article 6(1) of the Act through the medical device pathways (MDR/IVDR).
  • As a deployer of high-risk AI, stricter obligations apply (Article 26): active human oversight, logging, and for certain applications a fundamental rights impact assessment.
  • Delahaye Solutions' AI Act Scan brings your practice into compliance in about a week for a fixed price of €750 (small practices) or €1,500 (10-50 employees).

Healthcare and AI: rapid adoption, high stakes

Modern healthcare practices are embracing AI rapidly: from AI assistance for radiologists and dermatologists to smart appointment scheduling, AI-driven triage systems, and speech-to-text dictation tools for EHR entries. Those tools make you more productive, but they also place you in the legal role of deployer under the EU AI Act. That means obligations, even when the software comes from an external supplier. And for clinical AI there is an added dimension: it is almost always high-risk AI, with corresponding requirements for human oversight.

What the Act requires from you

Three things every healthcare professional needs to know

The EU AI Act distinguishes between who builds AI (the provider) and who uses AI (the deployer). For healthcare practices, the latter category is most relevant.

You are a deployer, even for AI built into your own software

Do you or your team use AI features in your EHR system, practice management software, radiology package, or administrative tools? Then you are a deployer under the EU AI Act, even if those features were built in by an external supplier. The Act divides responsibility: the supplier is responsible for how the AI is built; your practice is responsible for how employees use the AI. Article 4 (AI literacy) already applies to everyone using AI tools.

Diagnostic AI is automatically high-risk

AI systems that support clinicians in diagnosis, treatment planning, or triage decisions are automatically classified as high-risk AI under the EU AI Act. The reason: those systems fall under Article 6(1) of the Act through European medical device legislation (MDR 2017/745 or IVDR 2017/746), which are listed in Annex I of the Act. This applies to radiology AI, dermatology AI, ophthalmological screening tools, AI-based triage systems, and clinical decision support. Administrative AI (scheduling, billing, dictation tools for administrative notes) is generally not high-risk AI.

Article 26 sets stricter requirements for high-risk AI

As a deployer of high-risk AI, the obligations of Article 26 of the EU AI Act apply to you. Concretely: (1) Ensure active human oversight: the AI assists, a healthcare professional decides. (2) Ensure employees understand how the AI works, including its limitations, and document this. (3) Keep logs of usage. (4) For applications involving fundamental rights risks, carry out a fundamental rights impact assessment (FRIA). In a healthcare practice, this is relevant when the AI influences patient access or treatment outcomes.

Three concrete steps

How your healthcare practice becomes compliant with the AI Act

Compliance does not need to be a large project. Three steps: (1) AI inventory. Map which AI tools your practice uses: features in your EHR or practice management system, diagnostic tools, dictation tools, AI in scheduling or administration. Determine per tool whether it constitutes high-risk AI. (2) Set up an AI register. Per tool: who uses it, for what purpose, which decisions does it support, and who is responsible? One clear document is sufficient. (3) AI literacy training per role. Not generic e-learning, but tailored to what doctors, assistants, and administrators encounter day to day: when is the AI output reliable, and when is it not? Document that you did this.

Frequently asked questions

Frequently asked questions about the EU AI Act in healthcare

Does the AI dictation tool in my EHR also fall under the Act?
Yes. If your employees use an AI dictation tool for clinical notes, you are a deployer. Article 4 requires you to document that employees understand how the tool works and what its limitations are. An AI dictation tool used solely for administrative notes is generally not high-risk AI. If the tool is involved in clinical decisions, the classification may differ.
Does the AI Act apply to small GP practices and self-employed healthcare professionals too?
Yes. The EU AI Act makes no exception based on practice size. Article 4 (AI literacy) applies to every organisation using AI tools, regardless of whether you run a solo practice or a larger institution. Size does affect how much documentation is needed in practice: a one-person practice with one AI tool needs a simpler register than a hospital with dozens of AI systems.
When does enforcement begin?
Article 4 (AI literacy) has already been in force since 2 February 2025. National supervisory authorities receive their enforcement powers on 2 August 2026. For high-risk AI already on the market before the Act entered into force, transitional provisions apply. Waiting carries the risk of already being in breach for well over a year by the time supervision starts, and documentation backlogs are harder to catch up on than to avoid.
Who is responsible: me or the supplier of my EHR software?
Both, but for different things. The supplier of your EHR software is responsible as provider for how the AI features are built, tested, and documented. You are responsible as deployer for how your employees actually use the tools: are they trained, is there human oversight, have the risks been mapped? Your supplier's compliance does not cover your deployer obligations.
How quickly can I make my practice compliant?
With Delahaye Solutions' AI Act Scan you can be in order in about a week: we inventory your AI usage, draw up an AI register and AI policy, and provide role-specific AI literacy training for your team. We deliver an audit-ready dossier. Fixed price: €750 for small practices and self-employed healthcare professionals; €1,500 for practices with 10-50 employees.
Read more

Make your practice compliant?

Book a free intake for the AI Act Scan. We look together at the AI tools in your practice, what your employees know, and what is needed. Free and without commitment.

Book a free AI Act intake →

Free and without obligation · Reply within one business day · Fixed price up front, no surprises