Clifford Chance

The  EU AI Act will enter into force in May or June this year. It includes various provisions and requirements that all relevant stakeholders concerned should familiarise themselves with.

This is particularly important to avoid the severe sanctions outlined in the AI Act, which include significant fines ranging from EUR 7.5 million to EUR 35 million, or between 1.5 % and 7 % of the previous year's global annual turnover.

The AI Act imposes a tight deadline for implementation of 24 months, with some regulations coming into force after just six or 12 months and some others after 36 months.

The introduction of the European AI Act marks the beginning, rather than the end of the AI regulation process and will have a significant impact on the healthcare sector. In this article we examine the practical steps that businesses should take.

AI Act and Healthcare

AI is already being used in every aspect of healthcare and its further potential is enormous. AI is used in medical devices, particularly in the fields of neurology, radiology, cardiology, general and plastic surgery, and anesthesiology, where it offers numerous benefits including the ability to derive new and important insights from the data generated in healthcare. As a result, patient care is becoming more personalised, accurate and effective which saves costs and reduces the burden on medical staff. The use of AI in the healthcare sector also enables simplified and accelerated diagnoses of diseases by accurately analysing medical images and processing laboratory test results and patient records. In addition, robotics and telemedicine will improve existing treatments and create new ones.

To capitalise on the potential of AI, stakeholders need to act now to ensure compliance and legal certainty in their strategic and operational planning. These five steps provide some initial guidance on preparing for the new regulation:

AI Maping

• Stakeholders need to assess whether there are currently systems in use or being developed that fall under the definition of AI as set out in the AI Act. Answering this question can be challenging due to the regulation's complex definition of AI. This will certainly be shaped by future legal practice, particularly in borderline cases.
• It is important to consider relationships with current and potential business partners (for example, as part of the production chain and due diligence processes). The focus is not only on the use of AI components in an affected product, but on analysis of a company's entire business activities from development to communication and marketing.

Categorisation of risks

• The AI system already in use, or to be used in the future, should undergo an initial categorisation into one of the four risk levels of the AI Act. Based on this, it is crucial for a company to familiarise itself with the resulting obligations and requirements according to the respective risk level.
• It may be advisable to obtain legal and/or technological advice to avoid losing valuable time. This may be particularly important where an external conformity assessment is required, such as for certain AI-based medical devices.

AI governance

• It is essential to establish internal guidelines for the development, handling, and use of AI systems within the company. These guidelines must adhere to the requirements and obligations set out in the AI regulation for the respective risk-classified AI systems.
• It is important that all employees involved receive adequate and regular training on compliant AI handling.
• Building on this, a governance system for AI should be developed after the AI Act has come into force.

Internal governance environment

• To ensure coherent and efficient internal governance, it is advisable to integrate the AI governance into the existing internal compliance and governance codes. 

Keep up to date

• The AI Act is designed to accommodate the dynamic and rapidly evolving nature of AI by allowing for interpretation, adjustments, extensions, and readjustments. This flexibility is crucial in regulating such a fast-moving field. Stakeholders should therefore closely monitor technical and legal developments.
• In addition, joining the EU's AI Pact provides an opportunity to become acquainted with the new requirements at an early stage.

The AI Act will continue to take shape through implementing regulations and guidelines and its further evolution. The newly established European AI Office will provide substantial support in this regard. It remains to be seen whether the EU AI Act will serve as a benchmark for other jurisdictions, but regulation will continue to develop at pace. Alongside the AI Act, the EU has published a proposed AI Liability Directive. In one of our next blog posts we will provide more detailed explanations of the resulting regulations and requirements of this directive.