Legal issues that play a role in the marketing of an AI system

Could you please tell us who you are and what your company does?

STEFAN PHILLIPS: Well, my name is Stefan Phillips. I’m the CEO of OneVision Healthcare. At OneVision Healthcare, we assist other organisations and vendors that develop artificial intelligence, or AI, in the healthcare space.

JOACHIM ZAERS: : Hi. My name is Joachim Zaers. I’m a principal consultant with OneVision Healthcare. And I’m especially involved in preparing a customer to implement AI software, and also help the vendor to stick to the regulations, and improve and also facilitate the implementation of AI technology within the clinical processes. Can you give an example of an AI-based product you have marketed within your company?

STEFAN PHILLIPS: Well, we’ve actually worked with a number of AI vendors and creators of AI technology within healthcare specifically. And the software we want to mention uses artificial intelligence to clean radiology medical images. But also, we work with organisations that do computer-assisted diagnosis with artificial intelligence. These products have been developed for medical purposes. What kind of legal implications does this have for the marketing of the product?

JOACHIM ZAERS: So the legal implications for medical products in the European Union are really strict. They have to comply with the so-called Medical Device Regulation. The Medical Device Regulation is a guideline that is classifying medical products, depending on their impact on the security of the patient. So we have to find different risk classes. And with the novelisation of the MDR in the last years, software, as we find it for artificial intelligence, has been classified as class II products. And that means that they have to go or undergo a certification of a so-called classified body– of a specifically certified body that has been approved to test and validate software for being used in medicine, for example. How are these products classified?

So we are at the advent of a new MDR. And following the old MDR, software usually could be classified as class III, which allowed that a vendor is self-certifying his product and it doesn’t need to do any special things. He’s just usually certifying that he has set up a certain type of quality management to assure that this product is fit for use in medical environments. With the advent of the new MDR, software usually is classified as a class II product. And this is raising the bar for getting a certification as a medical product in the European Union.

Now you have to do the certification with a so-called certified body, which is a third-party company which by itself underwent a certification as a medical product tester. So this will raise the bar for the quality of AI procedures and algorithms, which will in the end also help the user by implementing well-regulated quality assurance guidelines. To which general safety and performance requirement do the products need to adhere?

STEFAN PHILLIPS: Well, there are a number of regulatory requirements that we have for medical devices, obviously. The main ones that pertain to these types of devices are usually ISO 13485, which is the industry standard for medical device quality management systems. And we also adhere to 27001, which is the International standard for information security. So these two are obviously very important not only for artificial intelligence, but for many or all medical devices, especially obviously for artificial intelligence. Obviously, in Europe we have the GDPR, which many, many people talk about, which pertains to data protection, patient information protection, and things like that. We often hear that developers underestimate what it takes to get a medical device CE-certified, especially when it employs AI.

What is your view on that?

JOACHIM ZAERS: I think this question can be answered clearly with yes. Everybody who has been involved in the certification process knows that this is a tedious process that needs a lot of effort to finally get the certification, which is OK, because we want to ensure a certain amount of quality. Another problem is that, depending on the problem or the benefit the AI algorithm wants to deliver, we need to solve different problems in the certification process where we are currently lacking standard testing tools or checklists.

One problem, for example, is to make sure that the trained algorithm can be applied to patient data that has not been used during the training, and make sure that the decisions provided by the AI algorithm really can be transformed or can be transferred to this new patient cohort.