European Artificial Intelligence (AI) in Medical Devices Act and Cybersecurity Requirements

Have you already read the European Regulator AI Act of 13 June 2024 for Artificial Intelligence in Medical Devices? Here is a few things you need to know about cybersecurity.

The document outlines several cybersecurity requirements for medical device manufacturers using AI in their products, particularly for those classified as "high-risk AI systems." Key points include:

1. Technical Robustness: High-risk AI systems must be resilient to harmful behaviour that could arise from system limitations or environmental factors. This includes implementing fail-safe mechanisms and other technical solutions to prevent or minimize undesirable behaviour​​.
2. Cybersecurity Measures: There is a strong emphasis on protecting AI systems from cybersecurity threats. This includes safeguarding against attacks targeting AI-specific assets like training data and models, and vulnerabilities in the system's digital assets or underlying ICT infrastructure. Providers must implement security controls that are appropriate to the risk level​.
3. Compliance with Existing Regulations: High-risk AI systems must meet essential cybersecurity requirements set out in other relevant regulations. Compliance with these requirements may be demonstrated through the EU declaration of conformity. This ensures that systems are resilient against unauthorized alterations to their use, behaviour, or performance, and protects against AI-specific vulnerabilities like data poisoning and adversarial attacks​.

These requirements aim to ensure the safety, security, and reliability of AI systems used in medical devices, protecting both the systems and their users.