In this final instalment of our series of blogs on the European Commission’s plans for AI and data, announced on 19 February 2020, we discuss some potential effects on companies in the digital health sector. As discussed in our previous blog posts (here, here and here), the papers published by the European Commission cover broad concepts and apply generally — but, in places, they specifically mention healthcare and medical devices.

The Commission recognizes the important role that AI and big data analysis can play in improving healthcare, but also notes the specific risks that could arise given the effects that such new technologies may have on individuals’ health, safety, and fundamental rights. The Commission also notes that existing EU legislation already affords a high level of protection for individuals, including through medical devices laws and data protection laws. The Commission’s proposals therefore focus on addressing the gap between these existing rules and the residual risks that remain in respect of new technologies. Note that the Commission’s proposals in the White Paper on AI are open for public consultation until 19 May 2020.

Each of the Commission’s White Paper on AI, the Report on safety and liability implications of AI, IoT and Robotics, and the Communication on a European strategy for data contain proposals that are relevant to digital health, including in particular:

  1. potential conformity assessment requirements on digital health products that incorporate AI; and
  2. support for a “Common European Health Data Space”.

Conformity assessment for “high-risk” AI applications

One of the principal elements of the Commission’s White Paper on AI (“White Paper”) is the proposal to introduce conformity assessment requirements for certain “high-risk” AI applications. The two cumulative conditions for determining whether an AI application is “high-risk” is the sector in which it is deployed and the manner in which it is deployed. A digital health application including an AI component operate in the healthcare sector (specifically identified as a sector that is likely to be considered high-risk), and if it is capable of affecting the physical health of an individual, it likely would be considered high-risk. The Commission proposes that such high-risk AI applications should be subject to pre-marketing conformity assessment requirements and also potentially on-going monitoring and ex-post controls.

The Commission acknowledges that in respect of medical devices, legislation in the form of the Medical Devices Regulation already contains specific provisions governing the safety of medical devices — including software as a medical device. The Regulation does not expressly mention AI components but does address certain aspects of digital technologies, such as interoperability and compatibility, and the standards that must be achieved as part of the conformity assessment procedure for such technologies. Further, medical device-specific cybersecurity guidance exists at the EU-level, and addresses additional topics such as automated decisions and cyber threats. However, the legal requirements that the Commission suggests should be included in an AI conformity assessment go beyond these requirements. These requirements include:

  • Requirements on training data. Requirement to train AI on datasets that are sufficiently broad and representative to cover all relevant scenarios to avoid dangerous situations.
  • Requirements on record-keeping and data sets. Requirement to keep accurate records regarding the dataset used to train and test AI systems; documentation on the programming and training techniques used to build, test and validate the AI systems; and, in some cases, the training datasets themselves.
  • Requirements on transparency. Requirement to provide clear information on the AI system’s capabilities, limitations, the purposes for which it is intended, the conditions under which it should function, and the expected level of accuracy.
  • Robustness and accuracy. Requirements to ensure that AI systems are robust, accurate and can deal with errors or inconsistences during all phases of its life cycle — a particular challenge for evolving or self-learning AI systems.
  • Human oversight. Requirements to ensure that there is an appropriate level of human oversight over the AI system, though the Commission does not provide clear views on what would constitute an “appropriate” level of human oversight for digital health applications.

For products like medical devices that are already subject to pre-marketing conformity assessment requirements, the Commission states that the AI conformity assessment should form part of the existing mechanism. But as the Commission acknowledges, not all of the requirements above may be suitable for verification in a conformity assessment. Medical device manufacturers may also not be best placed to comply with some of the requirements, particularly if they are deploying AI technologies developed by third parties. It is therefore not clear whether or how the Commission will update the existing medical devices rules to take AI into account. The Commission is now seeking industry input on proposals in the White Paper, through a public consultation that is open until 19 May 2020. Please contact the Covington team for a more detailed analysis of these proposals or to input into the consultation on the White Paper.

Common European Health Data Space

In its Communication on a European strategy for data, the Commission emphasizes the importance of data to realize the EU’s potential in the digital economy. In particular, the Commission recognizes the challenges that exist for organizations to effectively share health data for research, innovation and to improve patient care — including both regulatory and technical challenges. To tackle these challenges, the Commission proposes the creation of a “common European health data space”.

The Commission proposes to take the following actions (among others):

  • facilitate the establishment of a Code of Conduct for processing personal data in the health sector (in accordance with GDPR Article 40);
  • scale up cross-border exchange of health data such as electronic health records, genomic information (for at least 10 million people by 2025), and digital health images through secure federated repositories in compliance with the GDPR;
  • support the development of national electronic health records and interoperability of health data through the application of the Electronic Health Record Exchange Format;
  • start cross-border exchanges of data through the eHealth Digital Service Infrastructure (eHDSI) of electronic patient summaries, ePrescriptions, medical images, laboratory results and discharge reports; and
  • support big data projects promoted by a network of regulators.

Through these actions, the Commission hopes to support the prevention, diagnosis, and treatment of diseases (particularly cancer, rare diseases and common and complex diseases) through these initiatives, as well as foster research and innovation in this field.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lisa Peets Lisa Peets

Lisa Peets is co-chair of the firm’s Technology and Communications Regulation Practice Group and a member of the firm’s global Management Committee. Lisa divides her time between London and Brussels, and her practice embraces regulatory compliance and investigations alongside legislative advocacy. In this…

Lisa Peets is co-chair of the firm’s Technology and Communications Regulation Practice Group and a member of the firm’s global Management Committee. Lisa divides her time between London and Brussels, and her practice embraces regulatory compliance and investigations alongside legislative advocacy. In this context, she has worked closely with many of the world’s best-known technology companies.

Lisa counsels clients on a range of EU and UK legal frameworks affecting technology providers, including data protection, content moderation, platform regulation, copyright, e-commerce and consumer protection, and the rapidly expanding universe of additional rules applicable to technology, data and online services. Lisa also routinely advises clients in and outside of the technology sector on trade related matters, including EU trade controls rules.

According to Chambers UK (2024 edition), “Lisa provides an excellent service and familiarity with client needs.”

Photo of Marty Hansen Marty Hansen

Martin Hansen has over two decades of experience representing some of the world’s leading innovative companies in the internet, IT, e-commerce, and life sciences sectors on a broad range of regulatory, intellectual property, and competition issues. Martin has extensive experience in advising clients…

Martin Hansen has over two decades of experience representing some of the world’s leading innovative companies in the internet, IT, e-commerce, and life sciences sectors on a broad range of regulatory, intellectual property, and competition issues. Martin has extensive experience in advising clients on matters arising under EU and U.S. law, UK law, the World Trade Organization agreements, and other trade agreements.

Photo of Daniel Pavin Daniel Pavin

Daniel Pavin advises clients on a wide range of transactions involving intellectual property, technology and data.

He has extensive experience advising pharmaceutical, biotechnology, medical device and technology companies in connection with licensing, collaborations and other strategic agreements. He also advises clients in connection…

Daniel Pavin advises clients on a wide range of transactions involving intellectual property, technology and data.

He has extensive experience advising pharmaceutical, biotechnology, medical device and technology companies in connection with licensing, collaborations and other strategic agreements. He also advises clients in connection with investments, fundraisings and M&A.

Daniel has a particular focus on digital transformation in the life sciences and healthcare sectors, including digital health transactions, and data-driven and AI drug discovery and development projects.

Daniel is one of the leaders of Covington’s global, multidisciplinary Digital Health Initiative, which brings together the firm’s considerable resources across the broad array of legal, regulatory, commercial, and policy issues relating to the development and exploitation of digital health products and services.

Chambers UK notes, “Daniel Pavin has very strong legal and commercial acumen.” “Daniel Pavin is very knowledgeable about life sciences and the data and digital areas. He sits where tech and life sciences come together.” “He is incredibly knowledgeable. He is very inclusive and happy to draw colleagues into conversations.”

Prior to his legal career, Daniel worked as a computer programmer, developing microscope image processing software. He is the co-inventor of a patented invention in the field of social network analytics.

Photo of Sarah Cowlishaw Sarah Cowlishaw

Advising clients on a broad range of life sciences matters, Sarah Cowlishaw supports innovative pharmaceutical, biotech, medical device, diagnostic and technology companies on regulatory, compliance, transactional, and legislative matters.

Sarah is a partner in London and Dublin practicing in the areas of EU…

Advising clients on a broad range of life sciences matters, Sarah Cowlishaw supports innovative pharmaceutical, biotech, medical device, diagnostic and technology companies on regulatory, compliance, transactional, and legislative matters.

Sarah is a partner in London and Dublin practicing in the areas of EU, UK and Irish life sciences law. She has particular expertise in medical devices and diagnostics, and on advising on legal issues presented by digital health technologies, helping companies navigate regulatory frameworks while balancing challenges presented by the pace of technological change over legislative developments.

Sarah is a co-chair of Covington’s multidisciplinary Digital Health Initiative, which brings together the firm’s considerable resources across the broad array of legal, regulatory, commercial, and policy issues relating to the development and exploitation of digital health products and services.

Sarah regularly advises on:

  • obligations under the EU Medical Devices Regulation and In Vitro Diagnostics Medical Devices Regulation, including associated transition issues, and UK-specific considerations caused by Brexit;
  • medical device CE and UKCA marking, quality systems, device vigilance and rules governing clinical investigations and performance evaluations of medical devices and in vitro diagnostics;
  • borderline classification determinations for software medical devices;
  • legal issues presented by digital health technologies including artificial intelligence;
  • general regulatory matters for the pharma and device industry, including borderline determinations, adverse event and other reporting obligations, manufacturing controls, and labeling and promotion;
  • the full range of agreements that span the product life-cycle in the life sciences sector, including collaborations and other strategic agreements, clinical trial agreements, and manufacturing and supply agreements; and
  • regulatory and commercial due diligence for life sciences transactions.

Sarah has been recognized as one of the UK’s Rising Stars by Law.com (2021), which lists 25 up and coming female lawyers in the UK. She was named among the Hot 100 by The Lawyer (2020) and was included in the 50 Movers & Shakers in BioBusiness 2019 for advancing legal thinking for digital health.

Sarah is also Graduate Recruitment Partner for Covington’s London office.

Photo of Sam Jungyun Choi Sam Jungyun Choi

Recognized by Law.com International as a Rising Star (2023), Sam Jungyun Choi is an associate in the technology regulatory group in Brussels. She advises leading multinationals on European and UK data protection law and new regulations and policy relating to innovative technologies, such…

Recognized by Law.com International as a Rising Star (2023), Sam Jungyun Choi is an associate in the technology regulatory group in Brussels. She advises leading multinationals on European and UK data protection law and new regulations and policy relating to innovative technologies, such as AI, digital health, and autonomous vehicles.

Sam is an expert on the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act, having advised on these laws since they started to apply. In recent years, her work has evolved to include advising companies on new data and digital laws in the EU, including the AI Act, Data Act and the Digital Services Act.

Sam’s practice includes advising on regulatory, compliance and policy issues that affect leading companies in the technology, life sciences and gaming companies on laws relating to privacy and data protection, digital services and AI. She advises clients on designing of new products and services, preparing privacy documentation, and developing data and AI governance programs. She also advises clients on matters relating to children’s privacy and policy initiatives relating to online safety.