Compliance · Healthcare
EU AI Act compliance
for healthcare in Norway
Clinical AI, patient data, and the medical-device overlay. The high-risk obligations bind from 2 August 2026, transposed into Norwegian law through KI-loven. Below is the obligation map for your sector, drawn live from the Kernal compliance graph.
High-risk deadline 2 August 2026 · Andes Labs · Oslo, Norway
The medical-device overlay (MDR/IVDR)
If your AI is, or sits inside, a medical device — software as a medical device — the EU AI Act high-risk regime applies on top of the MDR/IVDR notified-body route. You meet both at once: the conformity assessment runs through your notified body, and the AI Act adds its documentation, oversight, and logging duties. Most clinical AI also providing a public health service triggers a Fundamental Rights Impact Assessment before first use.
Obligations that apply to healthcare
5 obligations from the EU AI Act apply to this sector. Each shows what the duty requires and the evidence you will need to demonstrate it.
Human oversight
Assign human oversight to a competent, resourced, named person with authority to monitor, intervene, and stop the system.
Evidence you will need
- signed oversight assignment naming the owner
- oversight monitoring log
Monitor and suspend on risk
Monitor operation; suspend use and inform the provider or authority if a risk to health, safety or fundamental rights emerges or a serious incident occurs.
Evidence you will need
- monitoring procedure
- incident-escalation runbook
Keep logs
Retain the automatically generated logs under the deployer’s control for the appropriate period.
Evidence you will need
- log-retention policy
- sample retained logs
Fundamental Rights Impact Assessment
Deployers providing a public service such as healthcare must perform a fundamental-rights impact assessment before putting a high-risk system into use.
Evidence you will need
- completed FRIA document
- FRIA review/sign-off
Medical-device AI overlay (MDR/IVDR)
If the AI is or is inside a medical device, the AI-Act high-risk overlay applies via the MDR/IVDR notified-body route.
Evidence you will need
- CE-mark under MDR/IVDR
- notified-body involvement record
Source: Regulation (EU) 2024/1689 (EU AI Act). This is general information, not legal advice; the high-risk classification of a specific system is fact-specific and should be confirmed with counsel.
How Kernal helps
Most of these duties are not about whether you comply — they are about whether you can demonstrate it. Human oversight, monitoring, logging, and impact assessments all produce evidence a regulator can ask for at any time. Kernal is the context layer that captures that evidence as the work happens: every interaction logged, the human decision recorded, an oversight chain you can show rather than assert.
The same obligation graph that renders this page is the one the product runs on. The Compliance Cartridge maps your AI systems to the obligations above and assembles the burden-of-proof record continuously, so the answer to "show us" is already structured.
See your healthcare obligations
Thirty minutes to map your AI usage against the EU AI Act (KI-loven) obligations for healthcare, and to see how the governance layer supports your programme before the 2 August 2026 deadline.
kernal.andes.no · Andes Labs · Oslo, Norway