EU AI act impact on lifescience industry

Published on 21 March 2024 at 13:17

The EU AI Act is a comprehensive regulation aimed at ensuring AI systems used within the European Union adhere to EU values and standards. It introduces mandatory requirements for AI systems, categorizing them by risk levels, and outlines acceptable uses across the EU to maintain a 'single market'. The Act has global implications, affecting providers, importers, distributors, and deployers of AI worldwide if their systems are developed or deployed in the EU.

Key Points of the EU AI Act:

  • Universal Application: Applies to all sectors, focusing on risk levels rather than individual sectors.
  • Risk Stratification: Classifies AI into categories based on risk, with stringent requirements for 'High-Risk' and 'General Purpose AI' systems.
  • Global Reach: Affects all entities involved with AI in the EU, regardless of their geographical location.
  • Healthcare Impact: Significantly influences healthcare, especially in life sciences, where AI investment is booming. High-risk AI in healthcare includes systems used for diagnosis, treatment decision-making, and monitoring physiological processes, which are subject to rigorous requirements.

High-Risk AI in Healthcare:

  • Defined as AI used in or as a safety component of medical devices requiring third-party conformity assessment.
  • Includes AI for diagnosis, treatment, monitoring of physiological processes, and specific use cases listed in Annex III of the Act.
  • Subject to multiple regulatory requirements, including data governance, technical documentation, risk management, and post-marketing surveillance.

Regulatory Requirements:

  • Comprehensive requirements for data governance, accuracy, cybersecurity, documentation, and continual compliance.
  • Additional obligations for 'General Purpose AI', focusing on compliance codes of practice and documentation for downstream users.
  • Specific provisions for providers, importers, distributors, and deployers, including human oversight, appropriate use, and cooperation with authorities.

Compliance and Penalties:

  • Penalties for non-compliance can reach up to 7% of global turnover.
  • Organizations are advised to develop an AI governance and compliance strategy, incorporating principles of responsible and ethical AI use.
  • The Act encourages the establishment of AI regulatory affairs roles to manage regulatory risks.

Implementation Timeline:

  • Prohibited AI obligations apply 6 months after the Act's entry into force.
  • General purpose AI obligations apply after 12 months.
  • High-risk AI obligations apply after 3 years, with specific provisions for existing systems used by public authorities or within large-scale IT systems by the end of 2030.

Conclusion:

The EU AI Act represents a significant step towards regulating AI technologies, ensuring they align with EU values and standards. It imposes comprehensive requirements on entities involved with AI, particularly in high-risk applications like healthcare. Organizations must adapt to these regulations, integrating them into their risk management and compliance strategies to avoid severe penalties.

Top 10 insights from Health AI strategist

https://chat.openai.com/g/g-vipCZm5oG-healthai-strategist

 

The EU AI Act, with its comprehensive framework for the regulation of Artificial Intelligence within the European Union, presents several strategic considerations for pharmaceutical companies. Here are the top 10 insights and strategy suggestions:

  1. Understand the Risk Classification: The EU AI Act classifies AI systems by their level of risk, with significant focus on 'High-Risk' AI and 'General Purpose AI'. Pharma companies must identify which of their AI applications fall into these categories, particularly those used in diagnosis, treatment decision-making, and monitoring physiological processes, as these are likely to be considered high-risk.

  2. Ensure Compliance for High-Risk AI: High-risk AI applications in healthcare, such as those used for diagnostic or therapeutic purposes, require a third-party conformity assessment under the Union harmonisation legislation. Companies must prepare for these assessments by ensuring their AI systems meet the EU's standards for safety, accuracy, and cybersecurity.

  3. Leverage Existing Medical Device Regulation (MDR): The AI Act uses the classification of software as a Medical Device under the MDR. This means any AI used within devices that require conformity assessment will be classified as high-risk. Companies should leverage their experience with the MDR to navigate the AI Act's requirements.

  4. Adapt to New Regulatory Requirements: Providers of high-risk AI must adhere to extensive regulatory requirements related to data governance, technical documentation, risk management, and post-marketing surveillance. Developing robust systems to manage these requirements will be critical.

  5. Integrate AI Governance and Compliance: Developing an AI governance and compliance strategy is essential. This should include establishing AI regulatory affairs roles to manage regulatory risks and ensuring AI applications are used responsibly and ethically.

  6. Focus on Human Oversight: The Act emphasizes the importance of human oversight for AI systems, especially for high-risk applications. Pharma companies should ensure that their AI deployments are complemented by appropriate human expertise to oversee AI decisions and interventions.

  7. Prepare for General Purpose AI Requirements: Companies using General Purpose AI for tasks like predicting disease progression must meet additional requirements and ensure downstream users understand how to integrate these models into systems in compliance with the Act and other regulations.

  8. Address Privacy and Data Governance: Compliance with the EU's strict privacy and data protection standards is a key part of the AI Act. Companies must ensure their AI systems use data in a manner that is compliant with these standards, including GDPR.

  9. Plan for Continuous Compliance: Given that AI systems evolve over time, companies must plan for continuous compliance, including the possibility of re-assessment if significant changes are made to high-risk AI systems.

  10. Monitor Developments and Engage with Regulators: The AI Act and its implications will continue to evolve. Pharma companies should stay informed about developments, participate in industry discussions, and engage with regulators to clarify uncertainties and influence the development of standards and guidance.

In summary, the EU AI Act represents a significant shift in the regulatory landscape for AI in healthcare. By understanding the Act's requirements, leveraging existing regulatory experience, and establishing robust compliance and governance frameworks, pharmaceutical companies can navigate these changes and continue to innovate responsibly within the EU market.

Add comment

Comments

There are no comments yet.