AI Summit panelists mull complexities of EU’s AI Act, global compliance considerations

Kicking off the global regulatory panel’s conversation with enthusiasm over the future of AI in health care, Chantal Vets, Sr Legal Program Director, Digital Regulations at Medtronic, provided examples of her firm’s AI-enabled medical devices that have been dual-tracked to receive regulatory approval in both the U.S. and EU, pointing out that such devices have been brought to market safely under the current regulatory regimes. International companies may have to expand their existing processes to take in and implement new regulatory requirements to deal with the emerging AI regulatory hurdles.

Arne Thiermann, partner in the Hogan Lovells global regulatory practice, similarly described his experience in dealing with global regulatory uncertainty, outlining how it presents novel challenges for medical product manufacturers doing business in the EU.

Kai Zenner, digital policy adviser in the European Parliament, expressed optimism that the life sciences & health care sector may be well prepared to quickly adapt to new AI regulations, citing how the sector is already highly-regulated in the EU. He described how regulatory sandboxes are being utilized to enhance learning and cooperation between the public and private sector. Thiermann agreed that the medtech sector may be especially prepared to comply with the EU’s AI Act.

On the other hand, Zenner acknowledged, the AI Act is complex, and it overlaps with other laws that regulate AI (or are interpreted to do so). Because some companies may wish to comply with the Act but lack the requisite knowledge to ensure compliance, Zenner promoted networking and sharing of best practices.

Providing practical governance advice, Franziska Janorschke, global head of data privacy and digital & AI compliance for Novartis, promoted a risk-based approach and gap analyses to ensure compliance. Cornelia Keller, General Counsel at Merz Therapeutics, agreed with Janorschke that a centralized governance approach is useful in meeting both regulatory and ethical obligations.

Along these lines, Vets explained how Medtronic is proactively engaging with regulatory bodies in the EU to learn whether they may be considered “notified bodies” under the AI Act, and to gauge compliance expectations for when the AI Act takes full force. She observed uncertainty over how “fundamental rights” will be interpreted under the Act, among other questions surrounding the assessments. “From a regulatory perspective the regulatory requirements around data governance are also newer,” Vets explained, emphasizing the importance of building a robust AI compliance program. 

Echoing the critical nature of corporate governance programs for AI-enabled medical devices, Keller discussed her company’s work to set up an AI committee, citing the need for a manufacturer to understand each potential AI application for their medical products.

Janorschke called the AI Act the “North Star” for her company’s work in developing a global AI risk and compliance framework. Yet, she pointed out, the Act is still evolving, and thus Novartis is constantly reviewing and updating its policies. Indeed, “new risks are coming,” even as the AI Act is in its first cycle, Janorschke noted.

Thiermann remarked that although the “ethical” side of compliance may be “less tangible” at times, the need for safeguards remains paramount. Toward this end, Janorschke described how Novartis published in 2021 their first policy on the ethical and responsible use of AI. Beyond what is written in the policy, however, Janorschke emphasized the importance of effective implementation of those ethical guardrails. To achieve successful adoption of policies, Keller promoted disseminating information to employees in a way that is “digestible”; for example, she cited how Merz incorporates AI policies into puzzles as part of their training procedures.

In concluding remarks, Zenner discussed how AI brings greats potential to provide the EU with a competitive edge globally, while noting that achieving this outcome will require cooperation to ensure AI is being used properly. Thiermann agreed: “This is a joint effort.”