Compliance Status
Plain-English statement of where AiLabrix stands today on certifications, regulatory standards, and the path to formal conformity assessment.
Last updated: 2026-05-16 · v1.0
⚠ AiLabrix is NOT certified
AiLabrix has not undergone notified-body conformity assessment under EU IVDR, FDA 510(k)/PMA, ISO 13485, ISO 15189, or any other certification scheme. The software is currently designated Research Use Only (RUO) and must not be used as the sole basis for clinical decision-making.
✓ Architecture designed in alignment with recognised standards
The platform's design — audit trail, risk management, software lifecycle, validation gates, data integrity — follows the principles of the standards listed below, so that a future certification process can build on existing evidence rather than rewriting the platform.
→ Certification roadmap in progress
Notified-body engagement, ISO 13485 quality management system implementation, and IVDR Annex IX conformity assessment are planned but not yet initiated. They will be funded as part of a dedicated certification programme once a launching scope and design-partner customers are confirmed.
Standards and frameworks
| Standard / framework | What it covers | Status |
|---|---|---|
| EU IVDR 2017/746 (Annex IX) | Conformity assessment for in vitro diagnostic medical devices | Designed for |
| ISO 13485:2016 | Quality management system for medical devices | Designed for |
| ISO 14971:2019 | Risk management for medical devices | Aligned |
| IEC 62304:2006/A1:2015 | Medical device software lifecycle processes | Aligned |
| ISO 15189:2022 | Quality and competence requirements for medical labs | Aligned |
| 21 CFR Part 11 (US FDA) | Electronic records and electronic signatures | Designed for |
| 21 CFR Part 820 (US FDA QSR) | Quality system regulation for medical devices | Designed for |
| GAMP 5 | Risk-based approach to GxP computerised systems | Aligned |
| ALCOA+ | Data integrity principles | Aligned |
| EU GDPR | Personal data protection | Compliant |
| EU MDR 2017/745 | Medical devices regulation (non-IVD) | Out of scope |
| HIPAA (US) | Health information privacy | N/A (EU operator) |
How to read the status column
- Compliant — we have evidence of compliance and self-assess accordingly. No third-party certificate is implied.
- Aligned / Designed for — the architecture follows the standard's principles. We have NOT undergone audit or certification against the standard. Future certification work will build on this foundation.
- Out of scope / N/A — the standard does not apply to AiLabrix's intended use today.
What "compliance-ready" means in practice
Today, AiLabrix already implements:
- End-to-end audit trail — every upload, every parser invocation, every figure generation, every report download is logged with timestamp, user, action, and SHA-256 hash chain.
- Append-only data model — historical records cannot be modified; corrections are layered as new records pointing to the original.
- Digital signing of reports — every PDF report is hash-sealed and (optionally) e-signed by the reviewing user.
- Data and pipeline versioning — every analysis run is reproducible from its captured snapshot of source data, pipeline code version, and LLM model identifier.
- Configurable validation gates — human review checkpoints can be inserted between any pipeline stages per tenant policy.
- Risk register per playbook — each analytical workflow ships with a documented hazard analysis (ISO 14971-style) covering known limitations.
- Software lifecycle documentation — design history files per playbook, traceability between requirements, implementation, and tests.
What "not certified" means in practice
- Do not use AiLabrix as the sole basis for diagnosis or treatment decisions. Output must be reviewed by a qualified clinician using clinically-validated tools.
- Do not submit AiLabrix-generated reports as evidence in regulatory dossiers where certification is required.
- Marketing materials, sales conversations, and customer documentation must never describe AiLabrix as "FDA cleared", "CE marked", "ISO 13485 certified", "21 CFR Part 11 compliant" (without "designed for"), "IVDR compliant", or "validated for clinical use".
- Permitted phrasing: "designed in alignment with", "compliance-ready", "supports", "aligned with principles of", "architecture suitable for future certification".
Certification roadmap
- Phase 1 — current state (RUO) — platform operational, compliance-ready architecture in place, internal documentation drafted by AI agents (regulatory drafter, QMS drafter) pending human consultant review.
- Phase 2 — pilot customers + design partners — pilot customers validate the platform under research-use conditions. Real-world evidence collected for future performance evaluation.
- Phase 3 — funded certification track — when launching scope and customers are confirmed, the company will engage a notified body (e.g. BSI, TÜV SÜD, IMQ), an ISO 13485 lead auditor, a regulatory consultant, and a certified medical translator. Estimated duration 12–18 months calendar; estimated cost €230k–€530k.
- Phase 4 — clinical-market launch — once CE marking is obtained for a specific Class C IVD scope (recommended launching playbook: cutoff/ROC diagnostic), clinical customers may use AiLabrix within the certified scope. Remainder of the platform stays RUO.
Estimated calendar to first CE mark: 24–36 months from start of Phase 3.
Contact
For questions about regulatory posture, certification status, or to discuss a design-partner engagement, contact [email protected].