Start preparing your business for the EU Framework on artificial intelligence

The EU Framework on artificial intelligence (AI), consisting of a regulation establishing harmonised rules on AI (the AI act), and a directive adopting non-contractual civil liability rules to AI (the AI Liability Directive) is expected to be adopted in 2024 or 2025. It is likely to have a considerable impact on the life sciences industry globally. The AI Act will introduce new regulatory requirements applicable throughout the supply chain of life sciences products and digital services, and will affect businesses that provide or use AI within the EU, or whose outputs from AI affect people in the EU. Thus, the AI Act show several similarities with the General Data Protection Regulation (GDPR).  

The AI Act’s definition of AI

The current version of the EU’s proposed AI Regulation defines an AI system in Article 3 (1) of the regulation as software that is developed with 1) machine learning approaches, 2) logic and knowledge based approaches, and 3) statistic approaches, that can, for a given set of human-defined objectives, generate outputs such as content, predictions, recommendations, or decisions influencing the environments they interact with. 

This broad definition would include a wide spectrum of technologies and products, such as medical devices incorporating software. It is likely that much of the software being used today within life sciences, like systems for health records, health trackers and systems integrated into other software products or components, would be affected by the regulation.  

How are the AI systems regulated?

The draft AI Act adopts a risk-based approach, containing a classification system for determining what requirements will apply. Stricter rules will apply as risk increases. Applications with an unacceptable risk are prohibited. Systems that are defined as “high-risk” are subject to rigorous requirements and can be subject to certification procedures and CE markings which indicate that a product has been assessed to meeting EU protection requirements.  

The proposed sanctions for non-compliance are strong, and even stricter than the sanctions under the GDPR. According to the proposal the sanctions could be as high as up to 30 million Euros or 6 % of a company’s annual global turnover.  

How can HM help?

If you are interested in how this coming EU regulation will affect your business, or to get guidance on how to ensure that you have processes in place to cater for the requirements of the regulation, HewardMills will be at your disposal to help you to prepare for the new regulatory landscape in the life sciences sector.  

If you would like to discuss this topic or anything else data protection and privacy-related, please contact us at