Recently, the European Commission published a proposal for regulation of the European Parliament and of the Council on Artificial Intelligence (the "EU AI proposal"). The EU AI proposal aims to promote AI and innovation while protecting health, safety, and human rights. This brief surveys the main implications of the EU AI proposal on EU medical device regulation (which, itself, is currently undergoing a regulatory change).
The EU AI proposal would have an extraterritorial application, obligating providers who develop or offer products in the EU, users of AI systems located in the EU, and providers and users of AI systems that are located in a third country, where the output produced by the system is used in the EU. Certain obligations apply to other operators, such as authorized representatives, importers, and distributors.
The EU AI proposal classifies AI systems according to the level of risk involved and in most cases classifies AI-based medical devices as high-risk AI systems. The risk categorization under the EU AI proposal does not necessarily align with or impact the risk classifications under existing medical device regulation. For example, a particular AI-based software used for the purpose of medical diagnosis may be classified as a “high risk AI system” under the EU AI proposal and still be classified as a medium risk medical device (class IIa, class IIb) according to existing EU medical device regulation.
In addition, certain AI-based software which falls within the Class I medical device classification, or which does not fall within the medical device regulatory definition, might not be classified as a high-risk AI system but may still have a different classification under the EU AI proposal.
The EU AI proposal explains that the high-risk AI system’s compliance with the proposal's regulatory requirements will also be reviewed as part of the conformity assessment under the existing medical device regulation, and will be CE marked before being placed on the market. Therefore, the CE marking will be an indication of the product’s compliance with medical device regulations as well as with the EU AI proposal’s principles. However, the EU AI proposal does not fully discuss the interplay between the proposal’s requirements and the regulatory obligations deriving from the EU medical device regulation.
The EU medical device regulation imposes detailed requirements regarding the development and marketing of medical devices in each stage – design and development, risk management, quality management, post marketing activities and so on. The EU AI proposal specifies the provider’s and user’s obligations in these stages as well. Practically, however, it is unclear how these two sets of regulatory requirements will combine into one regulatory process without overlapping or creating interpretation issues. It seems that further examination and tailoring of regulations are needed in order to implement the proposed AI regulatory requirements properly in the medical field.
The EU AI proposal specifies the following main regulatory requirements for high-risk AI systems:
As mentioned, since existing EU medical regulation includes similar regulatory standards in some of these areas, the implementation of these AI requirements in the medical field might require certain adjustments.
Finally, the EU AI proposal imposes fines of up to the higher of 30€ million or 6% of a comany's global annual turnover for certain infringements.
To summarize, the EU AI proposal is an important step in the regulation of AI in the medical field from a global, harmonized perspective. Nonetheless, further examination and regulatory attention are required regarding the interplay between current medical device regulations and proposed AI regulatory requirements.
This client update provides general information only, does not constitute a legal opinion and may not be relied upon
 Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April 2017 on medical devices, amending Directive 2001/83/EC, Regulation (EC) No 178/2002 and Regulation (EC) No 1223/2009 and repealing Council Directives 90/385/EEC and 93/42/EEC (OJ L 117, 5.5.2017, p. 1; Regulation (EU) 2017/746 of the European Parliament and of the Council of 5 April 2017 on in vitro diagnostic medical devices and repealing Directive 98/79/EC and Commission Decision 2010/227/EU (OJ L 117, 5.5.2017, p. 176).
 According to the EU AI proposal, reference is to software that is developed with machine learning approaches, logic and knowledge-based approaches and/or statistical approaches, Bayesian estimation, search and optimization methods, and can for a given set of human-defined objectives, generate outputs, such as content, predictions, recommendations, or decisions influencing the environment they interact with.
 The AI risk management classification is as follows:
 Article 6 of the EU AI proposal determines that an AI system is “high-risk” where it is intended to be used as a safety component for a product, or is itself a product covered by the Union harmonization legislation in Annex II and would be required to undergo a third-party conformity assessment pursuant to that legislation. Annex II includes the EU Regulations on Medical Devices and In Vitro Diagnostic Medical Devices. Accordingly, most software as medical device will undergo a third - party assessment and will fall in the definition of “AI high risk system.”