At CLEIO, we develop medical products under an ISO 13485-certified quality management system (QMS), and for more than a year, AI has been part of the daily work of our software, engineering, and design teams.
Today, we know exactly where AI helps us work more efficiently, where it requires careful oversight to protect our QMS and our products, and where potential issues can surface long before an audit.
Where AI Stands in Medical Device Regulation
Before getting into how we use AI, let’s take a closer look at the current regulatory landscape. Medical device regulation is moving fast in 2026, with new alignments, new guidances, and a tightening boundary around AI use.
The 2026 Regulatory Landscape
AI is shaking up the MedTech industry, and the regulatory landscape has to keep up. Here are three major shifts to watch in 2026:
- The FDA’s QMSR is now aligned with ISO 13485, creating greater consistency between the U.S. and Canadian regulatory frameworks.
- The FDA has released new guidance on AI-enabled device software functions, with a clear focus on predetermined change control, transparency, and post-market algorithm monitoring.
- IEC 62304, the standard governing the life cycle of medical device software, is expected to be revised later this year. This major update will specifically address AI-enabled medical software.
A word of caution though. In April 2026, the FDA issued its first warning letter related to AI use, targeting a submission generated by AI without any human review. A clear sign that the regulatory gray area surrounding AI-assisted development may be starting to narrow.
What Does ISO 13485 Actually Require?
Here’s the thing about ISO 13485: it doesn’t tell you how to work. It defines what requirements your design process must meet. The process has to be consistent, manage risk, and stay traceable from the very first user need through verification and validation.
Then, there’s ISO 14971, which handles risk management for medical devices. The rule is simple: every identified risk must be assessed, mitigated, and documented across the entire product lifecycle.
The deliverable that ties all this together is the Design and Development File (DDF). It serves as proof the design and development of your product followed the established plan and the applicable regulatory requirements.
What About AI as a Medical Device Development Tool?
When AI is introduced into an ISO 13485 environment, the required deliverables don’t change. What changes is the tool used to produce them. And on that point, the standard is clear: any software application used in the QMS must be controlled and validated in proportion to the risks associated with its use.
Gabriel Gagnon
Director of Software Development at CLEIO
How CLEIO Uses AI in Medical Device Development
Frame, test, validate, deploy: that’s the process we follow to bring any new tool into our workflows, and AI was no exception. More than a year after our first internal rollouts, we have a clear picture of where AI adds value, where its limitations lie, and which safeguards are required to keep our processes and products compliant.
6 Areas Where AI Really Accelerates Medical Device Development
Here are six areas where AI buys us time back, without ever stepping outside our ISO 13485-certified quality management system.
01
Software Development
02
Design and Engineering
In mechanical and electronic engineering, AI showed up later, but it’s catching on fast. We use it as a second brain for debugging, exploring design alternatives, and helping with documentation.
03
Documentation
Here’s where most companies underestimate what AI can do. The documentation load on a medical device project is enormous: user needs, software requirements specifications (SRS), design specifications, risk analyses, verification protocols, and traceability matrices. All of it has to be produced and kept up to date throughout the product lifecycle.
04
Traceability
With an AI agent that knows our documentation process, the change propagates across every affected document in minutes. Then our team reviews it.
Gabriel Gagnon
Director of Software Development at CLEIO
05
Regulatory Research
AI dramatically cuts research time during the immersion phase. For example, we use it to speed up searches across FDA databases for product classification and predicate device identification. We also use it to search adverse events databases and synthesize what we find, which then feeds our risk analysis.
06
Project Management and Internal Operations
AI takes that off their plate. The outcome: time freed up for the work that actually demands real thinking.
How CLEIO Integrates AI into Its QMS
Seven rules shape how AI lives inside our ISO 13485-certified quality management system. They’re clearly defined, and every team applies them the same way.
The Human Stays in Charge of the Process
The qualified person owns the design deliverable. AI is a tool, not a process owner.
No Auto-Acceptance of AI-Generated Changes
We’ve disabled auto-accept on every AI tool we deploy for development. In other words: AI proposes, the human decides. That one setting is what separates AI-assisted development from AI running unsupervised.
Only Approved Tools Access Project Data
Every AI tool that could access confidential project data goes through a security review before we deploy it. To run that review, we apply principles aligned with the SOC 2 framework, which sets the bar for how companies store and handle client data securely.
Tools are Tools, Processes are Processes
The standard governs our processes, and our processes follow the standard, whether the engineer used an AI assistant or a whiteboard. At the end of the day, what an auditor wants to verify is that the required process was followed, that traceability was preserved, and that the tools were adequately controlled.
Custom Workflows Guarantee Traceability
The default way of using AI (“I open a chat, ask a question, and close the chat”) leaves zero traceability and has no place in regulated development. That’s why our software team built agentic workflows that generate structured artifacts at every step, based on the target deliverable: user needs, SRS entries, stories, or design specifications.
Our Internal SOPs Evolve with AI Tools
The goal isn’t to force AI on everyone. It’s to establish a consistent framework so every team member follows the same best practices, whatever tool they pick.
Teams Trained Based on Their Interest
AI adoption at CLEIO has been gradual. We activated licenses one at a time, starting with the people who showed real interest, each with their own onboarding. The rest of the team followed naturally, drawn in by curiosity and the value they saw.
What AI Can't Do at CLEIO
At CLEIO, any use of AI outside the framework we’ve set is off-limits.
- Complete a task without a human in the loop
- Auto-accept its own changes to code, documents, or designs
- Access confidential client data through any unapproved tools
- Replace the qualified human responsible for a regulated deliverable
How to Stay Ahead of AI Regulation in Medical Device Development
No standards or official guidelines govern AI use in medical device development yet. But as the saying goes, an ounce of prevention is worth a pound of cure. By building the right habits today, we’ll be ready when the regulation catches up.
Watch Where AI Regulation Is Heading
One standard already governs how organizations use AI: ISO/IEC 42001:2023, the international standard for AI management systems. It’s to AI what ISO 13485 is to medical devices, and it covers the full AI lifecycle: risk management, transparency, human oversight, and continuous improvement.
For a company like CLEIO that already runs an ISO 13485-certified QMS, ISO 42001 is a natural extension.
IEC 62304, the standard for medical device software lifecycle, is also getting an update soon, targeting devices that make decisions based on AI models.
So AI as a medical device development tool isn’t specifically regulated yet. But the boundary is going to tighten. For teams that have already built strong traceability and keep human oversight in their AI-assisted workflows, there’s nothing alarming here. They’ll know how to adapt quickly when the time comes.
Gabriel Gagnon
Director of Software Development at CLEIO
Choose a Development Partner With a Clear AI Framework
If you’re evaluating a development partner, the right questions come down to two things: the framework the organization has built around AI, and how those tools are integrated into its processes.
- How is AI integrated into the quality management system?
- What is AI allowed to do, what is it explicitly not allowed to do, and who approves?
- Is traceability maintained throughout the development process?
- Are the AI tools validated and approved, and on what basis?
At CLEIO, our integrated approach is what lets us move forward on AI adoption without compromising our quality management system or our ISO 13485 certification. We integrate AI into our teams’ workflows with the same rigor we apply to everything else.
Frequently Asked Questions about AI, ISO 13485, and Medical Device Compliance
Is using AI allowed under ISO 13485?
Yes. ISO 13485 governs the process and the documentation, not the choice of specific development tools. AI can be used anywhere it improves efficiency without breaking traceability, as long as a qualified person reviews and approves the deliverable.
How do you protect a project's confidential data when using AI tools?
Does AI count as software to validate under IEC 62304?
More broadly, under ISO 13485 and in line with the FDA’s General Principles of Software Validation, any software used within the QMS, production processes, or monitoring and measurement activities must be validated with a level of effort proportional to the risk it poses to the safety and effectiveness of the device. We validate its intended use and implement appropriate controls. The same goes for AI tools.
What is ISO 42001 and do I need it?
Will AI replace medical device engineers?
Our experts always got your back
With extensive cross-industry experience, we’re always ready to tackle medical device development complexities and propel your success.
Main Author
Caroline Graver
Writer & Content Specialist
Caroline is a content specialist with deep expertise in medtech and product development, translating complex technical concepts into clear, compelling narratives for healthcare and innovation audiences.
Collaborators &
Reviewers
Jean-Yves Pairet
Director of Quality
Jean-Yves leads the Quality Team, overseeing the QMS and maintaining our ISO 13485 certification.
Gabriel Gagnon
Director of Software Development
Gabriel Leads Software, Firmware and AI Implementation at CLEIO