AI in your radiology department has been cleared and deployed. Is anyone watching what it does next?

That is the question at the heart of a new consensus paper from the European Society of Radiology, published in Insights into Imaging. Using a modified Delphi procedure involving 16 domain experts, the ESR has produced a set of recommendations on post-market surveillance (PMS) and post-market clinical follow-up (PMCF) for AI medical devices in imaging - and the picture it paints of where the field currently stands is not reassuring.

The starting point is a finding from the ESR's own survey data. Only 29% of radiologists who are actively using AI medical devices consider themselves familiar with the EU Medical Device Regulation and its surveillance requirements. Among those not yet using these tools, the figure drops to 10%. The regulations exist. The obligations are real. But the people on the front line of deployment largely do not know what those obligations are or that they apply to them at all.

This matters because post-market surveillance under the EU regulatory framework is not a passive or optional activity. Under the MDR and the AI Act - which entered into force in August 2024 and now introduces horizontal obligations across all AI systems used in healthcare - both providers (vendors) and deployers (the hospitals and clinicians using these tools) carry defined responsibilities. Vendors hold primary legal accountability, but clinicians are expected to monitor performance, log outputs, report incidents, and ensure appropriate human oversight. Article 26 of the AI Act requires deployers to retain system logs for at least six months and to report unexpected behaviors to providers. Most radiologists working with these tools today are unaware this obligation exists.

The technical reason this matters is specific to how AI medical devices behave over time. Unlike traditional medical devices, which tend to perform consistently if maintained correctly, machine learning systems can exhibit what the paper calls data drift and performance degradation. A tool validated on one patient population may quietly become less accurate as the population shifts, as imaging protocols change, or as clinical workflows evolve. There is no alert, no warning light, no automatic flagging. Without active monitoring, degradation simply accumulates undetected - and in a diagnostic imaging context, that means missed lesions, inaccurate triage, or misplaced clinical confidence in a system whose performance no longer matches its certification data.

The ESR's recommendations address this gap systematically. PMS infrastructure should be deployed at the same time as the AI tool itself - not retrofitted later. Performance data, including baseline accuracy metrics and uncertainty measures such as confidence intervals, should be made continuously accessible to deployers through a dedicated platform, not buried in vendor documentation. Periodic formal reviews of PMS data - every six to twelve months - should be presented by providers to deployers to enable genuinely informed ongoing use. Data collection should be institutionalized through semi-automated systems managed by dedicated personnel, rather than left to voluntary individual reporting by individual clinicians, which the evidence shows is unreliable.

Two structural recommendations stand out from a governance perspective. The first is the call for interoperable PMS standards. As the number of AI medical devices in clinical use grows, the current situation - where each tool has its own siloed monitoring interface - becomes unworkable. Deployers managing multiple AI tools across a radiology department cannot realistically maintain meaningful surveillance across a fragmented landscape of incompatible systems. Shared, standardized platforms are not a convenience; they are a precondition for surveillance that actually functions at scale.

The second is the recommendation that when a significant AI-related incident occurs, deployers should consider informing the referring clinician and, where warranted by clinical gravity, the patient. This connects directly to the broader conversation about patient transparency and the right to know when AI has played a material role in one's care - a conversation that the Stanford JAMA Perspective on informed consent has brought into sharper focus in the US context.

What the ESR paper ultimately describes is a regulatory framework that is architecturally sound but functionally incomplete. The obligations are there. The legal structure is in place. What is missing is the awareness, the infrastructure, and the standardization needed to make post-market surveillance a real clinical practice rather than a compliance checkbox that nobody is meaningfully meeting.

AI tools in medical imaging are not going away. They will multiply. The question regulators, health systems, and professional societies need to answer is whether the monitoring frameworks that govern these tools will ever catch up to the pace of their deployment - or whether post-market surveillance will remain, for most clinicians, something that exists on paper and nowhere else.

Full paper: https://pmc.ncbi.nlm.nih.gov/articles/PMC12701188/