Zum Inhalt springen
Technische Universität München

EU AI Act, MDR, and Related Regulations: Design of an LLM-based RAG System for Identifying Information, Similarities, and Regulatory Differences to Support AI Compliance

Provided and advised by: Henryk Mustroph

The regulatory landscape for AI-driven systems is becoming increasingly complex, shaped by legal acts such as the EU Artificial Intelligence Act (EU AIA) [1], the Medical Device Regulation (MDR) [2], the GDPR [3], other regulations and sector-specific standards. These regulations overlap in scope but can differ in terminology, structure, risk definitions, documentation duties, and lifecycle requirements. For organizations developing or deploying AI systems, especially high-risk systems, this creates a significant compliance challenge: relevant obligations are scattered across heterogeneous legal texts, guidance documents, harmonized standards, and case- specific interpretations. Large Language Model (LLM)–based Retrieval-Augmented Generation (RAG) [2] systems offer a promising solution to this problem. By combining semantic retrieval over curated regulatory corpora with reasoning and natural-language interaction, a RAG system can help users efficiently find relevant provisions, compare requirements across legal acts, and identify similarities, gaps, or conflicts (e.g., between EU AIA risk management and MDR clinical evaluation duties). Such systems go beyond keyword search by enabling contextual, cross-regulation queries like: “Which AI Act obligations correspond to MDR post-market surveillance?” or “What additional documentation is required if an AI medical device is classified as high-risk?”

 

Recommended Readings:
[1] European Union: Regulation (EU) 2024/1689 of the European parliament and of the council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending regulations (Artificial Intelligence Act). Official Journal of the European Union (2024), data.europa.eu/eli/reg/2024/1689/oj 

[2] Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April 2017 on medical devices, amending Directive 2001/83/EC, Regulation (EC) No 178/2002 and Regulation (EC) No 1223/2009 and repealing Council Directives 90/385/EEC and 93/42/EEC eur-lex.europa.eu/eli/reg/2017/745/oj/eng 

[3] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) eur- lex.europa.eu/eli/reg/2016/679/oj/eng 

[4] Lewis, P., Perez, E., Piktus, A., Petroni, F., Karpukhin, V., Goyal, N., ... & Kiela, D. (2020). Retrieval-augmented generation for knowledge-intensive nlp tasks. Advances in neural information processing systems, 33, 9459-9474.


The application must contain:
- Thesis topic you are interested in.
- Current Transcript of Records.
- Application form
- CV
Please send the application to bachelor.i17(at)in.tum.de AND (in cc) henryk.mustroph(at)tum.de.

To top