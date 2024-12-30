Know the latest laws on the use of artificial intelligence when it comes to medical devices

The EU AI Act came into force on 1 August 2024 and is set to reshape the MedTech sector, with a significant impact on Scotland’s use of medical devices. With almost two-thirds of UK healthcare organisations already leveraging AI in their operations, this legislation presents a fundamental shift in how medical technologies will be regulated and monitored.

Despite this being European legislation, this is not just a European issue. If a business’s medical device utilises AI and is “used or marketed in the EU”, it must comply with the Act’s requirements, regardless of where the company is based.

With the AI Act becoming enforceable by 2026, and some critical provisions kicking in as early as February 2025, organisations must start preparing now. Scottish healthcare businesses and organisations using AI will need to stay informed about these regulations if they deal with EU partners or customers, to ensure compliance.

Companies must start preparing for stringent rules on AI now, says Valerie Armstrong-Surgenor

Healthcare organisations will particularly need to watch out for “high-risk systems”. Medical devices which incorporate AI as a component, or which operate as an AI system, will be categorised as a high-risk system due to their potential impact on patient health and safety. This classification triggers a host of stringent technical compliance measures that healthcare organisations need to meet.

To help businesses navigate this classification, we have outlined the technical compliance requirements for these high-risk AI systems:

Adopt comprehensive risk management systems. AI systems in medical devices require comprehensive, ongoing risk management- including monitoring not just during the design and development phases, but throughout the product's entire lifecycle.

Ensure AI-driven medical devices meet regulatory quality standards. High-quality, compliant data sets are critical for the safety and performance of these devices, which often process sensitive health data. Poor data quality can compromise diagnostic or therapeutic decisions, endangering patients and risking non-compliance with the EU AI Act and GDPR.

Produce technical documentation to demonstrate compliance and ensure it has human oversight. This is crucial for high-risk AI systems to ensure that they are complying with the legislation and that they do not replace human judgment – particularly those medical devices which make diagnostic and or therapeutic decisions.

Perform with appropriate accuracy, robustness and cyber security. AI-powered devices must be designed to operate with cybersecurity safeguards, as outlined by the Act. Companies should provide deployers with their instructions for use to ensure safe use of medical devices.

Penalties for non-compliance in the most serious breaches of the Act include fines up to 6 per cent of global annual turnover. Poor data management, inadequate oversight and weak risk management frameworks could also see companies pushed out of the market, so there is no time to delay preparation.

As AI innovation accelerates, regulators are working to keep pace, and Scottish healthcare organisations, as well as the broader MedTech sector, must do the same. While compliance may seem challenging, it offers an opportunity for companies to enhance their systems and build trust in their products.

As countries scramble to develop regulations robust enough for the rapid development of AI, Scottish companies should monitor regulatory changes to gain insights into potential laws that could be implemented in their own country. By staying ahead of the regulatory curve, both Scottish Medical Device manufacturers and the wider MedTech industry can continue to innovate while ensuring they meet the necessary standards for safety and effectiveness.