Will this new merge benefit society by fostering safer and more innovative technologies? Or will it impose an unbearable bureaucratic burden, potentially stifling innovation that, in healthcare, can mean billions of dollars and, more crucially, precious lives or the quality of life for patients?

Many players are wondering how the AI Act will impact their daily work and their business. Therefore, AR2-C2 will publish weekly insights into various facets of this ‚marriage‘

In response, we will be publishing weekly insights into various facets of this “marriage.” We are eager to hear your thoughts on this topic, as well as your suggestions and questions for future discussions.

So this week something old: a promise of protection and innovation coupled with a lot of optimism about how such changes work in practice

As with any EU legislation, the AI Act started with ambition. Artificial Intelligence (AI) is seen as an opportunity to innovate, but there are also risks involved. Therefore, the European ambition was to provide industry with a clear framework for developing and exploiting AI, while keeping users and other stakeholders safe. For those who were there when the Medical Devices Regulation (EU) 2017/745 (MDR) and the In Vitro Diagnostic Medical Devices Regulation (EU) 2017/746 (IVDR) were presented this will bring back memories to the promise of a ‘high level of safety and health whilst supporting innovation’ (Recital 1). This is repeated in Recital 1 of the AI Act: ‘a high level of protection of health, safety and fundamental rights, and it ensures the free movement of AI-based goods and services cross-border’. Currently, medical device manufacturers face a range of challenges if they want to certify their devices, which does not appear to support innovation, while a discussion on product safety is not relevant in a situation where devices cannot reach the market. Will we see something similar, where EU citizens do not have the same level of access to AI as the rest of the world?

The reason for this potential issue lies in the typical structure of EU rules. First, the recitals promise a set of rules resulting in certification that ensures trust in the CE-marking. There are requirements, risk classes, conformity assessment procedures, notified bodies, implementing laws, etc. And there is a date of application: 24 months after the regulation entering into force. Anybody familiar with the problems encountered when the MDR and IVDR were introduced will see the wishful thinking that will result in insufficient notified body capacity at the moment this is needed.

The reason for this upcoming shortage is in the complexity of how notified bodies are designated. A notified body can only be designated if they are ready for it. That means they need to show to teams of competent authority audit teams that they have sufficiently trained staff available and there are adequate procedures in place to allow them to do their job properly. They can only start preparing if all requirements are fully clear and this means that the abstract Regulation language must be translated into expectations by the authorities of what they want to see and how they want to audit. There must be trained audit teams to do these audits and this requires a specific infrastructure at EU level. Only then, the notified bodies can start certifying. The question is, will two years be enough to ensure sufficient suppliers of AI had an opportunity to get their product certified. With medical devices and IVDs this went wrong, it appears this issue will repeat itself for AI.

And by the way, there are also harmonized standards that must be developed. Industry also needs time to prepare. It will not come as a surprise that most companies will start applying in the latter part of this two-year time period.

Add to this, that not all AI are medical devices and not all medical devices contain AI. This will be reflected in the notified body population. The group of notified bodies designated for medical devices or IVDs will only partly overlap with the population of notified bodies designated for AIl. It will therefore be possible that companies will have an application filed for a device with a notified body that will not become designated for AI. And here is it where the plot thickens: a notified body cannot communicate externally about ongoing applications for designation; they cannot advertise that they expect to become designated. As a consequence, most notified bodies also do not communicate with their clients that they do not apply. If you are a medical device manufacturer who also needs AI certification, you can at best learn that your notified body says they are not applying for designation. In all other cases, you have to wait and see. And if you learn your notified body will not certify AI, there is a problem if you want to switch. You basically can’t, because you can only have one application ongoing at the same time and if you stop an application and switch, this will be listed in EUDAMED as a refused certificate.

So here is the ‘old’ situation that is all too familiar: an ambitious timeline assumes notified body capacity available for all those manufacturers that will immediately start certifying their products. By the time this is found too ambitious, there is no room for a Plan B, other than by a change in the Regulation that allows for longer timelines. We may see that the European Commission has learned from the issues with medical devices and come up with measures that reward ‘early’ companies, and discourages the art of kicking a can down a road.

Now here are our tips on how to ensure you stay on top of these challenges. There are some general concepts that companies need to observe:

• The first principle to understand is that the laws of Darwin also apply for companies. As a rule of thumb, companies that are at the back end of the pack are eaten first. So, you need to stay on top of developments by surrounding yourself with useful opinion leaders, go to conferences and make sure your regulatory team is up to its tasks (see the next point).
• Next, learn from Darwin about how best to organize your regulatory affairs department. There is a general agreement among medical device consultants that RA departments that are on the same floor in the building as upper management, have more future oriented questions (e.g. about AI) than RA departments that have been buried in a basement and that are understaffed and overworked. Regulatory work is about access to global markets, without that, sales will drop to 0%. Make sure your regulatory department is present when the major decisions are made and keep them informed of policy changes. And of course, if they tell you there is a potential risk, you better listen carefully.
• When it comes to ensuring that your certification processes become more predictable, try as a standard to separate hardware and software. The hardware can be certified in the traditional way, the software may require additional certification. By separating these concepts, each certification process becomes easier to manage.
• Start reading the current version of the AI Act, and once it is published, bookmark that version. Make sure you fully understand the consequences of these requirements and start implementing these requirements as soon as possible.

Remember, you want to stay at the front of the pack.

It is indeed exciting to learn about the potential of the new “marriage” between the AI Act and the existing software as medical devices (SaMD) framework, despite the criticism we hear in the industry ( well who would we be, if we would not complain about it). This development could significantly advance our lives, much like past industrial revolutions—or it might introduce substantial challenges. With all the current global dynamics, it’s hard to predict the outcome. But one thing is certain: we’re in for an interesting journey.

The AI industrial revolution train has departed. The question is: will you jump on board and join, or stay on the platform and watch it pass by?

How We Can Help

• Preparing for the AI Act: If you have questions on how to prepare your Quality Management System (QMS) or Technical Documentation (TD) for the AI Act implementation, our experts are here to assist.
• Support for Non-EU Manufacturers: For medical device manufacturers outside the EU, ask us about our Authorized Representative (AR) services to ensure compliance.