Innovation in medical AI is often associated with algorithmic precision, accuracy metrics, or technological breakthroughs. Yet in real clinical practice, innovation only matters when it delivers impact - improving patient outcomes, ensuring safety, and supporting clinicians in everyday decisions. For an AI-enabled medical device, being “clinically ready” means much more than achieving high performance. It means being developed, validated, and maintained in line with the highest ethical and regulatory standards.

I often say that compliance is not a constraint to innovation; it’s the foundation of clinical impact. Without rigorous validation, data integrity, and regulatory accountability, even the most powerful algorithm remains just a prototype, not a trusted clinical tool.

The world of medical software is changing fast. Regulations that once applied mainly to hardware are now catching up with AI-based solutions. The EU Medical Device Regulation (MDR) brought a stronger focus on clinical evidence, post-market surveillance, and traceability. These updates raised the bar, ensuring that what we develop is not only intelligent but clinically relevant and safe in real-life settings.

While ISO 13485 remains the backbone of quality systems in the medical device industry, it also provides essential support for meeting MDR expectations. It defines how companies design, develop, and manufacture medical devices under controlled and documented conditions. The standard sets expectations for every stage, from risk management and design controls to corrective actions and continuous improvement. What I value most about ISO 13485 is that it turns quality into a living process, one that connects engineering, clinical, and operational perspectives into a single framework of accountability.

The Medical Device Single Audit Program (MDSAP) also reflects how global our industry has become. Each country once had its own audits and documentation requirements, which often overlapped but rarely aligned completely. MDSAP solves this by creating one standardized audit recognized by major authorities, including those in the U.S., Canada, Japan, Australia, and Brazil.

I believe compliance is not about collecting certificates; it’s about proving that our models truly work for the patient populations they’re designed for. These frameworks give us the structure to demonstrate that, consistently, transparently, and with confidence. Still, turning that structure into daily practice is where the real challenge begins. It’s not just about systems or audits, but about people, and how we build a culture that makes compliance part of how we think and work.

This is how we’ve been shaping it at Thirona. Over the past years, several milestones have strengthened this culture. We introduced a new electronic Quality Management System, ensuring full traceability and transparency. We aligned our workflows with MDR, ISO 13485, and MDSAP requirements, significantly reducing open CAPAs (Corrective and Preventive Actions). And perhaps most importantly, we began defining quality KPIs within each department, giving teams real ownership over their part of compliance.

To make it work, we follow a steady rhythm. Every week we hold CAPAs standups and analyse incoming feedback. Training compliance is checked stringently, and our quality objectives and KPI’s are reviewed on a regular basis to ensure we are moving in the right direction. Three times a year, we conduct management reviews to reflect on the effectiveness of our QMS. When her input is required, our CEO is at the table, maintaining full training compliance herself. It sends a strong signal that quality is not just operational, it’s embedded in leadership.

Formal training has its place, but awareness doesn’t grow from checkboxes. It grows through conversation, transparency, and understanding the why behind every requirement. That’s why regular company-wide updates, Q&A sessions, and visible progress reports have been so powerful. It helps everyone see that compliance isn’t abstract but part of how we work every day.

If I had to sum it up, I’d say there are three things that really make it work:

1. Keep it clear and steady. People need to know what’s expected and see that we stick to it. A consistent rhythm - weekly, monthly, quarterly - turns rules into habits.
2. Do it together. Compliance only sticks when we help each other. Ask questions, remind one another, share what works, it’s everyone’s job to keep quality alive.
3. Keep improving. Nothing stands still: products change, regulations change, people learn. The moment we stop adjusting, we stop growing.

What I’ve learned over time is that people don’t resist compliance - They resist not understanding it. Once they see that it’s not abstract but connected to their daily work and to the impact our products have on patients and clinicians, they become its strongest advocates.

Compliance allows us to bring our solutions to the market, yes, but more importantly, it allows us to be trusted. Certifications make us stronger and give our partners the confidence to build, scale, and innovate with us. That confidence helps our customers move forward, whether developing new therapies, improving diagnostic precision, or making lung interventions safer and more effective for patients worldwide.

I believe the real purpose of compliance is to connect our daily work with clinical impact. And when you see that connection between the process, the team behind it, and the patients it should serve, you realize that certification isn’t the finish line. It’s how we keep moving forward together. Regulations will continue to evolve, from the MDR to the recently introduced EU AI Act and other global frameworks shaping the future of AI that people can trust. For us, the efforts never really stop. Staying compliant is not just about keeping pace with change, it’s about leading responsibly as healthcare itself transforms.