June 15, 2026
Large MedTech companies have legal teams, dedicated regulatory affairs departments, and the budget to hire specialists for AI governance. Mid-tier manufacturers don't. And yet they face exactly the same compliance obligations — on both sides of the Atlantic — with a fraction of the resources, and in one of the tightest specialist hiring markets the medical device industry has ever seen.
The medical device industry is in the middle of one of the most consequential regulatory transitions in its history. Two major frameworks — the EU AI Act and an increasingly detailed FDA regulatory architecture for AI-enabled devices — are reshaping what it means to develop, validate, and commercialise a device that incorporates artificial intelligence.
For large organisations, this is a significant compliance exercise. For mid-tier companies — typically those with 50 to 500 employees, or PE-backed businesses scaling toward commercial launch — it is something closer to a crisis. The obligations are real. The penalties for non-compliance are significant. And the professionals who can help navigate both frameworks simultaneously are extraordinarily scarce.
That scarcity is now showing up directly in hiring. Across the US and EU, roles that sit at the intersection of AI governance and medical device regulation are among the hardest to fill in the entire life sciences sector. For a mid-tier company trying to move a product through regulatory review, an open position in this space isn't just an HR problem. It is a commercial bottleneck.
The hiring challenge in MedTech AI compliance is not just about volume — it is about depth and breadth simultaneously. What companies need are professionals who understand regulated AI development on two distinct axes:
For most of the last decade, these were separate disciplines. Regulatory affairs professionals built careers in device compliance. Software engineers and data scientists worked on AI development. The two groups operated in different departments, spoke different languages, and rarely needed to fluently occupy each other's territory.
That separation no longer works. In 2026, a device company bringing an AI-enabled product to market — or maintaining an existing one — needs people who can hold both frameworks in mind simultaneously, communicate across clinical, technical, and regulatory teams, and make defensible decisions when the two frameworks pull in different directions.
Those professionals exist. But there are not nearly enough of them, and the companies competing for them range from large global medtech organisations to well-funded startups, all with hiring urgency and often with compensation to match.
The EU AI Act (Regulation (EU) 2024/1689) is the world's first comprehensive legal framework for artificial intelligence. For MedTech companies, it introduces a meaningful new compliance layer on top of the already substantial requirements of the Medical Device Regulation (MDR) and In Vitro Diagnostic Regulation (IVDR).
AI-enabled medical devices — including Software as a Medical Device (SaMD) that incorporates AI or machine learning — are classified as high-risk AI systems under the AI Act, provided they meet two conditions: the AI system is itself a medical device or a safety component of a product covered by MDR or IVDR, and the device requires third-party conformity assessment by a Notified Body. This classification triggers extensive requirements around data governance, transparency, human oversight, AI-specific risk management, and post-market monitoring.
Critically, these obligations sit alongside MDR and IVDR requirements — they do not replace them. Notified Bodies are expected to assess against both frameworks, which increases the documentation burden and the compliance complexity for any organisation seeking CE marking for an AI-enabled device.
On the US side, the FDA has been actively developing its regulatory approach to AI-enabled medical devices, and 2025–2026 has brought a significant maturation of that framework.
Predetermined Change Control Plans (PCCPs) — August 2025: The FDA finalised guidance on PCCPs in August 2025, providing a formal mechanism for iterative improvement of AI software without requiring new submissions for each update. A PCCP allows manufacturers to predefine planned algorithm changes, validation procedures, and monitoring plans — enabling post-market learning while maintaining regulatory oversight. As of 2025, however, only around 8% of newly cleared AI/ML devices included an authorised PCCP, indicating that most manufacturers have yet to fully adopt this pathway.
Total Product Lifecycle (TPLC) Management — January 2025: The FDA's draft guidance on TPLC management for AI/ML SaMD, released in January 2025, outlines expectations for postmarket performance monitoring, algorithmic bias disclosure, and continuous lifecycle oversight. It reflects the FDA's expectation that AI device compliance is an ongoing programme — not a one-time submission exercise.
Cybersecurity guidance — February 2026: The FDA issued final guidance in February 2026 on cybersecurity in medical devices, updated from the June 2025 version. For AI-enabled SaMD specifically, the guidance requires that cybersecurity risk management and testing be integrated as a gating step in PCCP change management. For mid-tier companies, this means that cybersecurity expertise must be incorporated into the same regulatory and quality functions already under pressure.
Quality Management System Regulation (QMSR) update: In 2026, the FDA is aligning its QMS requirements with ISO 13485:2016 under the new QMSR, replacing the existing Quality System Regulation. This update affects how AI systems are developed, documented, and controlled within a device manufacturer's QMS — adding another layer of process change that requires specialist attention.
Given the complexity of what is now required, it is unsurprising that the specialist roles needed to manage it are among the most contested in the life sciences hiring market. According to research by Panda International published in May 2026, six role categories account for most AI-related hiring pressure in MedTech right now — and two of them stand out as "arguably the hardest profiles to source in 2026 European MedTech."
Every MedTech company — large or small — faces the same regulatory obligations when it brings an AI-enabled device to market. But the resourcing reality is vastly different.
Large organisations with 5,000+ employees typically have regulatory affairs departments with the depth to absorb new compliance frameworks, legal counsel to interpret evolving guidance, and the brand recognition to attract specialist talent in a competitive market. They can afford to hire a dedicated AI regulatory lead alongside their existing RA team, and they can offer compensation packages that competing organisations struggle to match.
Mid-tier companies do not have that infrastructure. A company with 100 to 300 employees is often asking the same two or three regulatory professionals to simultaneously manage MDR submissions, FDA 510(k) clearance activity, post-market surveillance, QMS maintenance, and — now — EU AI Act documentation and FDA SaMD lifecycle compliance. That is not a sustainable workload, and it is not a problem that can be solved by working harder.
The situation is compounded by several structural dynamics that are particularly acute for mid-tier businesses:
There is no simple fix to a structural talent shortage. But there are decisions mid-tier MedTech organisations can make now that will meaningfully improve their position.
Specialist regulatory and AI compliance profiles take significantly longer to find and close than generalist roles. If you are planning for an August 2027 compliance milestone, the search for the right people should already be underway. Waiting until six months before a deadline to begin recruiting is a plan that almost always fails in this talent environment.
The term "regulatory affairs" covers a wide spectrum of experience. A candidate with ten years of MDR submission experience is not automatically qualified to build an AI governance framework under the AI Act — and vice versa. Clarity about the exact intersection of skills required will narrow your search appropriately and prevent wasted time interviewing candidates who are strong in one dimension but not the other.
In a supply-constrained market, compensation expectations for AI regulatory specialists are rising. Benchmarking your salary bands against current market data — not last year's — is essential before going to market. A role that is positioned 20% below market will attract fewer candidates and lose more offers.
Contract regulatory professionals with AI Act and FDA SaMD experience can provide interim support while a permanent hire is being sourced. This is not a substitute for a permanent appointment, but it prevents compliance work from stalling during a hiring process that may take longer than anticipated.
AI regulatory specialists are not actively job searching on generic platforms. The candidates who match this profile are typically employed, well-networked within their specific niche, and unlikely to be reached through job board advertising alone. Access to this talent pool requires proactive sourcing through sector-specific networks and direct outreach — something that requires a recruiter with genuine depth in medical device and life sciences regulatory hiring.
© All rights reserved