AR2-C2

AI Act-MDR Merge

The AI Act is officially translated into all EU languages and published. From that moment, the clock is started ticking for all AI-based software manufacturers. But what about medical devices that utilize AI-based software? In the following weeks, we will continue to explore the main topics related to these upcoming changes. Much like the traditional wedding adage of „something old, something new, something borrowed, something blue,“ the merging of the AI Act with the MDR holds similar symbolism. This week, we will look into „something new.“ Check out our „something old“ publication.

The European AI Act’s intersection with the already intricate software as medical devices (SaMD) landscape is akin to one of those legendary weddings. Some might call it a match made in heaven by the EU Commission; others see it as an arranged marriage. But what about the extended family—the manufacturers, notified bodies, consultants, suppliers, users, and customers—who must now adapt to these new arrangements?

 

Something old, something new

This week something new: Data governance

Data governance is a part of the act that is completely new. As a manufacturer you are expected to create processes on how:

  • Data  is managed and documented:
  • Data is collected and processed’
  • The security and privacy of data is ensure;
  • The any learning bias is being addressed;
  • Data is being used via complete product lifecycle, transparency.

These procedures should be added to the QMS.

The concept of Data Governance

Data governance refers to the management of data availability, usability, integrity, and security within an organization. It encompasses the policies, procedures, and standards that dictate how data is collected, stored, and utilized. Effective data governance is critical in AI, where data quality and integrity directly impact the outcomes of AI models.

New Aspects of Data Governance in the AI Act

  • Enhanced Data Quality Requirements: The AI Act introduces stringent requirements for data quality. AI systems must be trained on datasets that are accurate, complete, and representative. This ensures that AI models do not perpetuate biases or inaccuracies.
  • Mandatory Data Documentation: Organizations deploying AI systems must maintain comprehensive documentation of the datasets used. This includes the origin of the data, the methodologies for data collection, and any preprocessing techniques applied. This transparency is crucial for accountability and traceability.
  • Data Governance Frameworks: The AI Act mandates the establishment of robust data governance frameworks. These frameworks should outline clear roles and responsibilities for data management, ensuring that data governance is integrated into the organizational structure.
  • Continuous Monitoring and Evaluation: The AI Act requires continuous monitoring of AI systems to identify and mitigate any risks associated with data quality. Regular audits and evaluations are necessary to ensure compliance with the data governance standards set forth in the Act. Meaning Data quality- related hazard should introduced into the Risk management system and Continuous Improvement part of the QMS:
  • User Data Protection: The AI Act emphasizes the protection of user data. Organizations must implement measures to safeguard personal data and ensure that AI systems do not infringe on individuals‘ privacy rights. This aligns with the principles of the General Data Protection Regulation (GDPR), so not really a new requirement, but will be for sure part of the compliance evaluation.
  • Transparency and Explainability: Data governance in the AI Act also focuses on transparency and explainability. AI systems should be designed to provide clear explanations for their decisions and actions. This fosters trust and allows stakeholders to understand how data is being used.

SO updating of the existing relevant processes in the QMS (like Risk Management, Improvement etc) and creating new (Data governance) will be a first step on your way to compliance.

In other words it is a completely new concept: your training data is in fact part of your software now, as it has a huge impact on the algorithm, and therefore has to undergo the same level of control.

How We Can Help

  • Preparing for the AI Act: If you have questions on how to prepare your Quality Management System (QMS) or Technical Documentation (TD) for the AI Act implementation, our experts are here to assist.
  • Support for Non-EU Manufacturers: For medical device manufacturers outside the EU, ask us about our Authorized Representative (AR) services to ensure compliance.