Regulatory compliance
Autoderm's regulatory status, integration requirements, and compliance documentation.
Autoderm is a CE-marked AI dermatology API. This page answers the questions platforms ask before integration: what regulatory obligations does Autoderm carry, what does it require of you, and what documentation is available for your compliance and legal teams.
Can we integrate Autoderm without triggering a new regulatory process?
For most platforms, yes. Autoderm operates as API infrastructure. It is not a standalone patient-facing application and does not require partners to obtain separate CE marking or device registration for the AI feature itself, provided the integration falls within Autoderm’s intended use. Autoderm’s intended use covers two scenarios:
- A decision support tool for healthcare professionals to support clinical workflows.
- A skin analytics tool for laypersons, functioning as a search engine, symptom checker, or educational tool to help users find appropriate information about possible skin conditions.
Autoderm provides informational condition suggestions with confidence levels. It does not provide diagnoses, prescriptions, treatment recommendations, or medical advice. All outputs require professional review before any clinical decision is made.
Platforms can integrate Autoderm under their existing regulatory framework. This requires compliance with Autoderm’s integration requirements and UI approval before deployment.
What regulatory status does Autoderm hold?
CE marking
Autoderm is CE-marked under EU MDD 93/42/EEC as a legacy Class I Medical Device. It is currently transitioning to MDR Class IIa under EU MDR 2017/745, with the technical file submission planned for 2026. Until that transition is complete, Autoderm operates under Article 120 legacy provisions, which permit continued commercial deployment across the EU and EEA.
FDA Breakthrough Device Designation
Autoderm holds FDA Breakthrough Device Designation for AI-powered dermatology screening. This designation is relevant for enterprise due diligence as an indicator of international regulatory credibility and signals FDA recognition of clinical unmet need.
Post-market surveillance
Autoderm has operated continuously since 2018. Post-market surveillance data covers over two million API calls with zero adverse events reported across MHRA, BfArM, and FDA MAUDE database reviews. PMCF studies have been performed under MDR Annex XIV requirements, with further studies ongoing and planned.
How does Autoderm handle data, and what does that mean for GDPR?
What Autoderm processes
The Autoderm API receives and analyses skin images. Images are processed anonymously within EU infrastructure. No personal data linkage occurs within the API. Autoderm stores images that have gone through the full anonymisation process.
Why GDPR requires particular attention for this use case
Skin images submitted for health analysis may constitute special category health data under GDPR Article 9. This carries stricter processing requirements than standard personal data, including the need for explicit consent and, in most deployment scenarios, a Data Protection Impact Assessment (DPIA).
Partner responsibilities
Platforms are responsible for their own GDPR compliance in relation to end-user consent, data collection, and storage. This includes determining whether a DPIA is required under Article 35 for photo-based health data processing. For consumer-facing deployments, legal review of the consent model before launch is strongly recommended. Autoderm provides a Data Processing Agreement (DPA) that defines the processing relationship between Autoderm as data processor and the platform as data controller. This is required documentation for GDPR-compliant integration.
What Autoderm’s architecture does not do
The API does not link image data to named individuals, does not retain images for training without explicit consent and separate data agreements, and does not transmit data outside EU infrastructure.
GDPR note: Health images may be special category data under Article 9. Platforms must obtain explicit user consent before API calls are made. A DPIA is likely required for consumer-facing deployments. Autoderm provides a DPA as standard documentation.
How does the deployment model work, and what does it mean for clinical governance?
Gate-After deployment
Autoderm operates in a Gate-After deployment model: the AI output is returned directly to the user or clinical interface before any professional review gate. This means the informational condition suggestion is visible at the point of submission, not held pending clinician review. This model is intentional. It enables immediate orientation for the user, which is the primary value proposition. It also defines the clinical governance requirements for platform partners.
What this requires of platform partners
Because the AI output is seen by the user directly, platforms must ensure their product design, user interface copy, and terms of use clearly communicate the informational and non-diagnostic nature of the output. Clinical pathways must route users with flagged conditions toward professional review. The platform, not Autoderm, defines and owns these care pathways. Autoderm’s output is a ranked list of possible conditions with confidence levels. It is not a single diagnosis and not a clinical recommendation. Platform design should reinforce this framing at every point of user contact.
What clinical evidence supports the integration?
Autoderm’s evidence portfolio includes five peer-reviewed publications across six countries, five white papers, and real-world deployment data from multiple platforms.
| Metric | Value | Source |
| Top-5 suggestion accuracy | 93% | Coachella Study 2025 white paper |
| Treatment pathway accuracy | 95% | Coachella Study 2025 white paper |
| GP satisfaction (decision support) | 92% | Escalé-Besa et al., 2023 |
| Referral reduction potential | 34% | Escalé-Besa et al., 2023 |
| Malignancy identification accuracy | 92.5% | PR1-2.3.X Skin Cancer Test Protocol and Report |
| Adverse events (2M+ API calls) | Zero | Post-market surveillance, 2018 to present |
Peer-reviewed publications span China (Zhu et al. 2023; Lu Feng et al. 2022), Spain (Escalé-Besa et al. 2023, Nature Scientific Reports), Sweden (Zaar et al. 2020, Acta Dermato-Venereologica), and Uganda (Kamulegeya et al. 2023, African Health Sciences). Real-world deployment data includes Visiba Care (Sweden, Norway, Finland, UK, 1,092 clinical observations) and myGP UK (370,000+ cumulative image analyses).
What documentation is available for due diligence?
The following documents are available to platform partners on request:
| Document | Purpose |
| Clinical Evidence Report (CER) | Full regulatory evidence summary including peer-reviewed studies and PMCF data |
| Data Processing Agreement (DPA) | GDPR-required contractual framework for the data controller/processor relationship |
| Instructions for Use (PR1-2.3.X-eIFU & Label) | Intended use, contraindications, and deployment requirements |
| API Technical Documentation | Integration guide, endpoint specifications, SDK references |
| Declaration of Conformity | CE marking declaration for platform regulatory submissions |
To request documentation or speak with the regulatory team: oisin@web.autoderm.ai
Mandatory disclaimers
A Pre-deployment Approval of the deployer’s UI is required before deployment. This process ensures that mandatory risk controls, disclaimers, and consent triggers are in place across the partner’s product design, documentation, and user interfaces.