1. The ThrombUS+ system is a complex medical device consisting of several hardware and software components. At what point in the development process does regulatory thinking need to enter, and what happens to projects that leave it too late?
For a complex medical device such as the ThrombUS+ system, a compliance-by-design approach must be adopted from the outset of the evelopment process. Several activities must start from day one, such as:
- Defining the intended medical purpose, which influences directly several
regulatory activities. - Identifying applicable standards, guidelines as well as sectoral and horizontal EU legislation.
- Introducing the quality management system (QMS) early in the pre-market phase.
- Establishing technical documentation, risk management, usability engineering, clinical evaluation, and post-market surveillance alongside engineering-driven product development and production.
If regulatory integration is not addressed early on, medical device development projects will typically encounter the following issues:
- Costly redesign loops when early technical decisions do not meet regulatory expectations.
- Retesting and revalidation, which consume time and budget.
- Delays in conformity assessment, CE marking, and market entry.
Adopting an early compliance-by-design approach can help to avoid these pitfalls
ensuring that innovation proceeds smoothly, efficiently and safely.
2. The ThrombUS+ system uses AI for DVT monitoring, which is a new territory for regulators. What does good AI governance in a medical device look like in practice?
AI governance for medical devices is a key area of regulatory focus, and ThrombUS+ has been classified as a high-risk AI system under the EU AI Act. Effective governance requires the application of structured, transparent, and lifecycle-driven processes to guarantee the safe and reliable operation of AI systems and ensure they perform as intended. Robust AI governance shall include:
- Transparent and structured AI development: Clear planning and documentation of data sources, preprocessing steps, AI model development, and evaluation.
- High-quality data management: Training, validation, and test data must be relevant, representative, complete, and as error-free as possible. Identifying and mitigating bias is essential.
- Integrated risk management: AI-specific risks – such as bias, distribution shift, overfitting, robustness failures, and cybersecurity vulnerabilities – must be included in the device’s risk management process.
- Verification and validation: Technical performance tests must verify the correctness and reliability of AI model outputs, and clinical investigations must prove that the AI meaningfully contributes to patient benefit and fulfils the intended purpose.
- Human oversight and transparency: Users must understand what the AI does, its limitations, and how to act correctly based on its recommendations. Transparency measures must prevent overreliance and ensure safe decision-making in clinical practice.
- Post-market monitoring: Continuous quality monitoring, including the detection of performance drift, model failures, cybersecurity issues, and clinical performance anomalies.
Together, these elements form a governance framework that ensures AI is safe, trustworthy, explainable and aligned with medical and regulatory expectations.
3. What would a successful outcome look like for ThrombUS+ from a regulatory perspective – what does the project need to demonstrate?
A successful regulatory outcome would mean that ThrombUS+ could be placed on the EU market with CE marking. However, success from a regulatory point of view is much deeper. The project will result in safe, innovative and reliable medical technology that meets Europe’s stringent regulatory requirements for medical devices and AI.
About Thorsten Prinz, Ph.D.: Thorsten works at VDE on the regulatory requirements for AI systems and medical devices. He also acts as Speaker of the DGBMT Expert Committee ‘Regulatory Affairs’.
About VDE: VDE provides expertise, develops standards, offers testing and certification services, and consults on the approval and safe use of AI systems and medical devices. In the ThrombUS+ project, VDE is supporting the implementation of the compliance-by-design approach by providing technical and regulatory expertise.
