← All modules
Module 8

AAMI TIR34971 — Risk Management for AI and ML in Medical Devices

Advanced90 to 120 min

An ML-aware companion to the ISO 14971 module: training-data documentation, subgroup validation, drift monitoring, explainability, predetermined change control and human oversight — illustrated through Kova, a conversational AI on the NHS IAPT waiting list.

Common issues: Extending an ISO 14971 risk file cleanly to AI/ML — bias, subgroup performance, drift, opacity, change control and human oversight — without hand-waving.

Progress: 0 of 8 sections complete0%
Framing note

Prerequisites and worked example

This module assumes familiarity with the ISO 14971 risk management process. If you have not completed Module 7 (ISO 14971), start there first.

Worked examples in this module use Kova: a conversational AI companion for young people aged 16 to 25 on an NHS IAPT waiting list. Parents and carers can access a separate dashboard showing weekly mood check-in scores.

The AI adapts its responses based on conversation history and check-in data. No diagnosis.

No treatment decisions.

Why ISO 14971 alone is insufficient for AI/ML products

ISO 14971 was designed for medical devices with deterministic, predictable behaviour. An ML model does not behave that way: outputs are shaped by training-data patterns, behaviour may change over time, performance may differ across subpopulations, and full explanation may be impossible.

These characteristics create risk pathways ISO 14971 was not designed to capture. AAMI TIR34971 extends it to address them, and is increasingly expected by Approved Bodies at Class IIa+ for AI/ML products.

The six additional risk considerations
  • Training data specification and bias. ISO 14971 assumes the hazard identification process can enumerate foreseeable failure modes, but a model's behaviour is shaped by training data distributions that are not visible to the hazard identification process and cannot be captured by standard fault-tree or HAZOP approaches.
  • Model performance validation across subpopulations. ISO 14971 risk estimation assumes a single likelihood and severity estimate per hazard, but an ML model may have materially different performance characteristics across demographic or clinical subgroups, producing different effective risk levels for different user populations that a single estimate cannot represent.
  • Data drift and model degradation. ISO 14971 treats the product as a fixed artefact whose risk profile is established at the point of release, but an ML model's risk profile can change over time as real-world input distributions diverge from the training distribution without any change to the product's code or configuration.
  • Opacity and explainability. ISO 14971 assumes that when a hazard occurs, root-cause analysis can identify the failure mechanism and inform a corrective control, but a substantially opaque model may produce harmful outputs whose causes cannot be identified from internal processing, making targeted correction impossible.
  • Predetermined change control. ISO 14971 change control requires re-evaluation of the risk file when the product changes, but without a PCCP every model update triggers this requirement in full, which is operationally untenable for products that retrain or fine-tune on a monthly or quarterly cadence.
  • Human oversight and override mechanisms. ISO 14971 addresses protective measures and information for safety as control tiers, but for AI outputs that are probabilistic and context-dependent, the design of human oversight mechanisms requires specific consideration of automation bias, override pathway adequacy, and the transfer of oversight responsibility to users in DTC deployments that ISO 14971 does not address.

Training data specification and bias assessment

An ML model's outputs are shaped by its training data. If the training data does not represent the intended population, or contains systematic biases, the model will perform differently across subgroups in ways aggregate metrics may not reveal.

For DMHT this is clinically significant: a model trained predominantly on data from one demographic may provide systematically worse — or potentially harmful — outputs to users from underrepresented groups. AAMI TIR34971 requires documentation of data sources, inclusion/exclusion criteria, demographic and clinical characteristics, gaps relative to the intended-use population, bias assessment methodology, and mitigations.

Foundation models without training-data access

If the product builds on a third-party foundation model, training data is often unknown or inaccessible. This does not remove the documentation requirement.

The manufacturer must document what is known, infer likely characteristics, identify subpopulations that may be under-represented, and design post-market surveillance to detect differential performance. Silence on this question will not pass review.

Worked Kova example — training data specification

Kova's AI is a foundation model fine-tuned on 50,000 conversations between young people and mental-health support workers, collected from three London NHS trusts (2022–2024). 78% female-identified; 22% male or non-binary identified.

85% White British. Mean age 19.2.

62% mild–moderate depression, 31% anxiety, 7% comorbid. All conversations in English.

Worked Kova example — gaps and bias

Known gaps: under-representation of male and non-binary young people, ethnic minority populations, severe depression / active suicidal ideation, non-English speakers. Bias assessment: model tested on held-out data stratified by gender, ethnicity, severity.

Significant performance differences identified — male-identified users rated AI responses as less relevant (42% vs 71% for female-identified); ethnic-minority users reported more frequent culturally incongruent responses. Mitigations: intended use restricted to English-speaking users; male-identified and ethnic-minority subgroups flagged as priority for expanded training data in v2.0; subgroup performance monitored in PMS from launch; clinical advisory review of responses in underperforming subgroups before release.

Model performance validation across subpopulations

Aggregate model performance can mask significant subgroup differences. A model that performs well on average may perform poorly — or harmfully — for specific subpopulations.

For DMHT, clinically relevant subpopulations are defined by the intended-use population: condition severity, comorbidity, age, gender, ethnicity, and any other characteristic that could plausibly affect outputs. Performance differences must be clinically interpreted, not just statistically reported.

Worked Kova example — subgroup validation (N=240)
  • Overall: 74% of responses rated helpful or very helpful.
  • Female-identified 16–18: 79%.
  • Female-identified 19–25: 76%.
  • Male-identified 16–18: 44% (significant underperformance).
  • Male-identified 19–25: 51% (significant underperformance).
  • Ethnic-minority users: 58% (moderate underperformance).
  • Severe depression subgroup: 38% (significant underperformance).
Worked Kova example — clinical interpretation and response

Underperformance in male-identified users is clinically significant: young men with low mood are a high-risk group with documented help-seeking barriers; a product that performs poorly here may reinforce those barriers. Severe-depression underperformance is critical — highest clinical risk, lowest performance.

Response: severe depression added to contraindications; male-identified and ethnic-minority subgroups flagged for priority training-data expansion in v2.0; PMS includes mandatory subgroup performance monitoring from launch with a threshold that triggers immediate review if any subgroup drops below 50% helpful.

Three legitimate responses to a subgroup gap
  • Restrict intended use to the subpopulation where performance is adequate; contraindicate the affected subgroup.
  • Improve performance in the affected subgroup before release (more data, model adjustment).
  • Implement a clinical safeguard (e.g. severity screening at onboarding routes severe cases to a different pathway), document the limitation, and commit to a specific timeline. A warning alone is not a clinical safeguard.

Data drift and model degradation monitoring

Training data reflects the world at a particular point in time. As language, user behaviour, clinical practice and population characteristics change, the training data becomes less representative of current reality — this is data drift.

It can degrade performance gradually in ways aggregate metrics do not detect. For DMHT this is a specific clinical safety risk: a conversational AI trained on pre-pandemic mental-health language may respond less safely to post-pandemic presentations.

AAMI TIR34971 requires a documented plan for monitoring drift and degradation with defined thresholds for re-evaluation or retraining.

Worked Kova example — drift monitoring plan
  • Metrics: input distribution (topic frequency, language complexity, emotional valence); output distribution (response length, sentiment, topic coverage); user-rated helpfulness (monthly rolling average per subgroup); engagement (completion rate, return rate).
  • Cadence: monthly automated statistical report; quarterly clinical review by the CSO.
  • Thresholds: automated alert if monthly helpfulness drops >5pp below baseline for any subgroup; immediate clinical review on alert; formal model re-evaluation if helpfulness stays below threshold for two consecutive months or drops >10pp from baseline.
  • Retraining: any model update must go through the PCCP (Section 6) before deployment.
Output-format consistency is not drift monitoring

A model can produce consistently formatted outputs while clinical appropriateness, safety and helpfulness degrade. Adequate drift monitoring requires clinically meaningful metrics — user-rated helpfulness disaggregated by subgroup, engagement metrics, and comparison of input distributions over time.

Format consistency tells you nothing about whether the model is performing safely.

Opacity and explainability

Many ML models — particularly large language models — are not fully explainable: a specific output cannot be traced to a specific input. This opacity creates a clinical risk pathway: if the model produces a harmful output, neither the clinician, the CSO nor the developer can fully explain why, making root-cause analysis and prevention of recurrence difficult.

AAMI TIR34971 requires the manufacturer to document the degree of opacity, its clinical implications for the use case, and the controls — human oversight, override mechanisms, transparency to users, and limits on the clinical scope of outputs.

Worked Kova example — explainability statement

Architecture: large language model fine-tuned on mental-health support conversations. Outputs are not rule-based and cannot be fully traced to specific training inputs — the model is substantially opaque.

Clinical implications: if Kova produces a response that escalates distress or provides clinically inappropriate advice, the specific cause cannot be identified by reviewing internal processing, limiting targeted correction. Controls: outputs labelled "Kova AI response"; one-tap feedback to flag responses as unhelpful or distressing; flagged responses reviewed by the CSO within five working days; a pattern triggers immediate model review.

Scope: Kova does not assess clinical risk, diagnose, or recommend treatment — any output that appears to do so is a model failure to be flagged.

"Suggestions, not decisions" is not a defence

Users act on suggestions. The explainability requirement is a risk management document, not a user communication.

User awareness of AI does not remove the obligation to manage opacity risk.

Predetermined Change Control Plan (PCCP)

A PCCP specifies in advance which model changes are pre-approved, which require internal review, which require formal change-control assessment, and which would require a fresh conformity assessment. Originated by the FDA and referenced by IMDRF; as of May 2026, the MHRA does not yet have a formal equivalent requirement, but Approved Bodies are increasingly expecting some form of PCCP for adaptive AI/ML products at Class IIa+.

Without a PCCP every update could theoretically require a new conformity assessment, which is impractical.

Worked Kova PCCP — pre-approved
  • Minor prompt adjustments that do not change clinical scope or output format.
  • Spelling and grammar corrections to fixed interface text.
Worked Kova PCCP — internal review (CSO sign-off within 5 working days)
  • Retraining on new user data from the same demographic range as the original training data, no output-format change.
  • Adding new topics to the psychoeducation library.
  • Updating crisis-resource links.
Worked Kova PCCP — formal change-control assessment
  • Any change to the model architecture.
  • Any change to output format or structure.
  • Adding a new language to the supported list.
  • Retraining on data from a different demographic range than the original training population.
  • Any change to session boundary or time-limit features.
Worked Kova PCCP — new conformity assessment
  • Adding a new clinical condition to the intended use.
  • Changing from a supportive conversation model to a clinical recommendation model.
  • Adding a clinician-facing diagnostic output.
  • Any change that expands the intended-use population beyond the current scope.

Human oversight and override mechanisms

AAMI TIR34971 requires manufacturers to specify human oversight and to implement override mechanisms allowing users or clinicians to reject or modify model outputs. The appropriate level depends on clinical significance and population vulnerability.

For DMHT products deployed direct-to-consumer without clinical supervision, oversight cannot be a clinician in the loop — the product must be designed to support informed user oversight: clear AI labelling, simple flagging, escalation to human support, and contraindications that remove the AI from the pathway in acute crisis.

Worked Kova example — oversight and override
  • Primary oversight: the young person, supported by the design.
  • Oversight mechanisms: every response labelled "Kova AI response"; one-tap feedback button; weekly check-in includes a question about whether Kova has been useful and safe.
  • Override: end any conversation at any time; switch to a fixed resource library mode that uses no AI; any response flagged as distressing triggers an automatic display of crisis resources and a prompt to contact the IAPT team.
  • Crisis escalation: Kova monitors for language patterns associated with acute suicidal ideation. On detection, AI conversational mode is suspended and replaced by a fixed crisis response with emergency contact numbers and encouragement to contact emergency services or the crisis line.
  • CSO oversight: all flagged responses reviewed within 5 working days; monthly CSO review of aggregated oversight and override data; any pattern of systematic harmful outputs triggers immediate model review.
  • Recording: override events and crisis escalations logged with timestamp, anonymised user ID, and response content; logs retained for 5 years; reviewed monthly by the CSO.
DTC does not exempt the requirement

The absence of a clinician transfers oversight responsibility to the manufacturer's design. AI outputs must be clearly labelled; there must be simple flagging, a documented escalation pathway, and a way to disengage safely from the AI interaction.

AAMI TIR34971 and the EU AI Act: overlap and gaps

For DMHT products placing on the EU market or in Northern Ireland, the EU AI Act classifies health AI as high-risk under Annex III, triggering obligations including data governance, transparency, human oversight, accuracy and robustness, and post-market monitoring. These obligations overlap significantly with AAMI TIR34971 requirements: a manufacturer who has implemented TIR34971 rigorously will have addressed the substantive technical requirements behind most EU AI Act obligations.

The gaps are primarily procedural rather than technical: EU AI Act conformity assessment for high-risk AI systems requires registration in the EU AI database, a declaration of conformity, and interaction with a notified body that goes beyond what TIR34971 compliance alone produces. For dual-market products, the practical approach is to implement TIR34971 as the technical spine and then map the resulting documentation against EU AI Act Article 9 (risk management), Article 10 (data governance), Article 13 (transparency), Article 14 (human oversight), and Article 17 (quality management system) to identify procedural gaps.

EU AI Act implementation timelines and notified body designation for AI are evolving as of May 2026, and readers should verify current requirements before relying on this section for compliance purposes.

Exercises

Form your own view first. Reveal the reference answer to compare reasoning.

Exercise 1 — Suggestions vs decisions

A developer says their AI only needs standard ISO 14971 documentation because it makes suggestions, not clinical decisions. Is AAMI TIR34971 relevant?

Verdict?
Pick an option for each question to compare against the reference answer.

Exercise 2 — Foundation model with no training-data access

A developer says they cannot document training-data bias because they used a third-party foundation model. How should this be handled?

Correct approach?
Pick an option for each question to compare against the reference answer.

Exercise 3 — Severe depression subgroup underperforms

A DMHT product performs significantly worse for severe-depression users than for mild–moderate. The developer keeps severe depression in the intended use and adds an onboarding warning. Acceptable?

Acceptable?
Pick an option for each question to compare against the reference answer.

Exercise 4 — Retraining on a different demographic profile

A developer retrains Kova on six months of new user data with a higher proportion of severe-depression users than the original training population. They classify this as pre-approved (it's just retraining). Correct under the Kova PCCP?

Verdict?
Pick an option for each question to compare against the reference answer.

Exercise 5 — DTC means no oversight requirement

A DTC conversational AI has no clinician in the loop. The developer concludes human oversight is not applicable. Correct?

Correct?
Pick an option for each question to compare against the reference answer.

Educational resource. Not formal regulatory or legal advice.