Intelligent Engineering
Our Intelligent Engineering solutions across products, plant and networks, combine our engineering expertise with advanced technologies to enable digital engineering & operations, develop autonomous products & platforms, and build sustainable energy and infrastructure
.png?width=774&height=812&name=Master%20final%201%20(1).png)
Introduction to the EU AI Act
Artificial intelligence (AI) presents immense opportunities across healthcare—from accelerating diagnostics to enhancing treatment accuracy. Yet, its complexity introduces risks to safety, privacy, and fundamental rights. The EU AI Act provides a structured framework to harness AI’s benefits while mitigating its risks through a risk-based regulatory approach. Key objectives include:
- Building Trustworthy AI: Embedding requirements that ensure AI systems respect fundamental rights and are safe, transparent, and explainable.
- Risk-Based Regulation: Implementing a tiered framework that imposes stricter obligations on high-risk AI systems—especially those that impact health, safety, or fundamental freedoms.
- Mandatory Compliance Measures: Introducing conformity assessment procedures, post-market monitoring, and human oversight requirements for high-risk applications.
- Enhancing Transparency: Requiring clear disclosures for AI systems like chatbots and synthetic content (e.g., deepfakes), to inform users when they’re interacting with AI.
- Strengthening Governance: Enforcing rules through national competent authorities supported by a coordinated governance mechanism at the EU level.
- Fostering Responsible Innovation: Promoting AI innovation through mechanisms like regulatory sandboxes and targeted support for startups and SMEs.
Artificial Intelligence – Global Market Share
Artificial Intelligence Market Size & Trends, Growth Analysis, Forecast [2032]
Purpose of EU AI Act – 2024/1689
The Act aims to regulate AI in a manner consistent with European Union values, with the following core objectives:
| Scope: The Regulation Applies To | Out of Scope: The Regulation Does Not Apply To |
|---|---|
| Providers placing AI systems or general-purpose AI models on the EU market—regardless of where they are established | Areas outside the scope of Union law, including matters of national security |
| Deployers of AI systems established or operating within the EU | AI systems used exclusively for military, defense, or national security purposes |
| Non-EU providers and deployers where AI output is used within the EU | AI systems not placed on the market, but whose output is used in the EU for military/national security |
| Importers and distributors of AI systems | Public authorities in third countries or international organizations involved in law enforcement cooperation, where adequate safeguards exist |
| Manufacturers placing AI systems integrated within their products on the market under their name | Provisions under Regulation (EU) 2022/2065 concerning intermediary service liability |
| Authorized representatives of non-EU providers | AI systems or models developed and used solely for scientific R&D |
| Affected persons located within the EU | GDPR, ePrivacy Directive, and criminal justice data protection regulations still apply (Regulations (EU) 2016/679, 2018/1725, 2002/58/EC, 2016/680) |
| High-risk AI systems as per Article 6(1), limited to Articles 102–109 and 112, plus Article 57 only when harmonized rules apply | Pre-market research, testing, or development of AI systems before placement on the market (unless conducted in real-world conditions) |
| Data protection, privacy, and confidentiality obligations under EU law remain applicable | |
| Consumer protection and product safety rules under other EU legislation remain unaffected | |
| Natural persons using AI systems for purely personal, non-professional purposes | |
| Laws or agreements offering greater protection for workers' rights than the EU AI Act provisions | |
| AI systems under open-source licenses, unless they fall under high-risk or prohibited categories (Article 5 or 50) |
Prohibited AI Practices & AI Literacy Requirements
The EU AI Act explicitly bans certain AI applications deemed to pose unacceptable risks:
Prohibited AI Practices
Manipulative AI: Use of subliminal or deceptive techniques that distort user behavior and cause harm is prohibited.
Exploitation of Vulnerabilities: AI systems must not exploit individuals based on age, disability, or socioeconomic status.
Social Scoring: Systems that generate social scores leading to unfair or discriminatory treatment are banned.
Predictive Policing: AI cannot be used to predict criminal behavior based solely based on profiling or personality traits.
Facial Recognition Databases: Creating facial recognition databases by scraping images from the internet without consent is forbidden.
Emotion Recognition in Work/Education: Emotion recognition systems are not allowed in workplaces or educational institutions, except in cases related to medical or safety reasons.
AI literacy requirements
Providers and deployers of AI systems are required to:
- Take all reasonable measures to ensure sufficient AI literacy among staff and individuals involved in operating or using the AI systems.
- Consider the users’ technical knowledge, experience, education, and training.
- Account for the specific context and the individuals or groups the AI system will impact.
Biometric Categorization: AI systems must not categorize individuals based on race, political opinion, religion, sexual orientation, etc., using biometric data.
"Real-Time" Remote Biometric Identification: Use in public spaces for law enforcement is permitted only under specific conditions, such as for serious threats (e.g., terrorism or abduction), and requires judicial authorization.
Safeguards and Conditions: The deployment of real-time biometric identification must be necessary, proportionate, and subject to strict safeguards. These include conducting impact assessments and maintaining formal registration processes.
National Laws: EU Member States may implement stricter national laws regulating biometric identification.
Reporting and Oversight: Member States must report on the usage of real-time biometric identification. The European Commission will publish annual reports, excluding sensitive data.
Content of Technical Documentation as per EU AI Act
The technical documentation for an AI system must include, at a minimum, the following details, tailored to the system’s characteristics and intended purpose.:
Section 1 - General description of AI system
- Intended purpose and provider name
- Interaction with other AI systems
- Versions of relevant software or firmware
- All forms in which the AI system is placed on the market or put into service
- Description of the hardware on which the AI system is intended to run
- If part of a product: visuals showing external features, markings, and internal layout Basic description of the user-interface provided to the deployer
- Instructions for use, wherever applicable
Section 2 - System Development and Architecture Methods and steps followed during development
- Design specifications, including overall logic and algorithms structures
- Description of system architecture, detailing software components interactions
- Data requirements, including datasheets and descriptions of training methodologies and data sets
- Human oversight measures and technical tools for output interpretability
- Pre-determined changes to system performance and technical solutions for ongoing compliance
- Validation, testing procedures, and cybersecurity measures implemented
Section 3 - Monitoring, Functioning and Control
- System performance capabilities and limitations
- Foreseeable unintended outcomes and risks to health, safety, fundamental rights or potential for discrimination
- Human oversight needs and corresponding technical measures
- Specifications on input data (as appropriate)
Section 4 - Performance Metrics
- Evaluation of the appropriateness and relevance of selected performance metrics
Section 5 - Risk Management System
- Detailed description of the system for identifying, assessing, and mitigating risks
Section 6 - Lifecycle Changes
- Documentation of relevant system updates or modifications made post-deployment
Section 7 - Standards and Compliance Solutions
- List of the harmonised standards applied and /or detailed descriptions of alternative compliance solutions
Section 8 - EU declaration of conformity
- Copy of the declaration
Section 9 - Post-Market Performance Monitoring
- Description of systems for ongoing evaluation
- Post-market monitoring plan
Risk-Based Classification Approach as per EU AI Act – 2024/1689
The EU AI Act classifies AI systems into four primary risk categories, with corresponding regulatory obligations:
Recognized Standards for AI–Enabled Medical Devices
The EU AI Act references several international and emerging standards to ensure safety, transparency, and robustness in AI-enabled systems—especially in regulated sectors like healthcare. These standards support compliance efforts for manufacturers, deployers, and providers of AI-enabled medical devices (AIMDs).
Selected Released Standards
| Standard | Description | Status |
|---|---|---|
| ISO/IEC 24029-2:2023 | Assessment of neural network robustness – Part 2: Methodology using formal methods | Released |
| ISO/IEC 8183:2023 | AI – Data life cycle framework | Released |
| ISO/IEC 25059:2023 | SQuaRE – Quality model for AI systems | Released |
| ISO/IEC TR 24368:2022 | Overview of ethical and societal concerns | Released |
| ISO/IEC TR 24029-1:2021 | Assessment of neural network robustness – Part 1: Overview | Released |
| ISO/IEC TS 4213:2022 | Assessment of machine learning classification performance | Released |
| ISO/IEC 23894:2023 | AI – Guidance on risk management | Released |
Standards Under Development
| Standard | Description | Stage |
|---|---|---|
| ISO/IEC CD 42005 | AI system impact assessment | Committee |
| ISO/IEC CD 5259-5 | Data quality governance for analytics and ML | Committee |
| ISO/IEC CD TS 8200 | Controllability of automated AI systems | Committee |
| ISO/IEC CD TR 17903 | Overview of machine learning computing devices | Committee |
| ISO/IEC CD TS 6254 | Explainability of ML models and AI systems | Committee |
Additional Relevant Standards
- IEEE 7001-2021 – Transparency of autonomous systems
- IEEE 7003-2022 – Algorithmic bias considerations
- ISO/IEC TR 24027 – Bias in AI systems and mitigation strategies
- ISO/IEC 29100 – Privacy framework
- IEC 81001-5-1 – Cybersecurity in health software lifecycle
- ISO/IEC 27001 / 27017 – Information and cloud security
- ISO/TS 82304-2 – Health apps – quality and reliability
- ISO/IEC 22989 / 23053 – Concepts, terminology, and AI system lifecycle
- ISO/IEC 23894 (Draft) – Risk management for AI
- ISO/IEC 42001 – AI Management System (AIMS)
- ISO/IEC TR 24028 – Trustworthiness in AI
- ISO/IEC 20546 – Big data overview
Medical Device-Specific Standards
- ISO 13485 – Quality management for medical devices
- ISO 14971 – Risk management for medical devices
- IEC 62304 – Software lifecycle processes
- IEC 60601-1 – Safety of electrical medical equipment
These standards play a key role in aligning AIMDs with both EU MDR/IVDR and the AI Act.
https://www.bartolozzi.it/medical-device-ai/
https://eprints.dkit.ie/id/eprint/892/1/My1stPaper.pdf
EU AI Act Implementation Timeline
The implementation of the EU AI Act follows a phased timeline to ensure stakeholders have sufficient time to adapt and comply. Below is a general overview based on the regulation’s staged rollout:
Use of AI in Healthcare
AI is rapidly transforming the healthcare industry by enhancing diagnostic accuracy, optimizing treatment plans, streamlining workflows, and improving patient outcomes. Here are some of the major use cases of AI in healthcare, categorized by domain:
Conformity Assessment Strategy for AI-enabled Medical Device (AIMD)
When an AI system is integrated into a medical device or constitutes a standalone AI-enabled medical device, the conformity assessment process is not handled separately under the EU AI Act. Instead, it is embedded within the existing regulatory pathway defined by the EU Medical Device Regulation (MDR 2017/745) or In Vitro Diagnostic Regulation (IVDR 2017/746).
Compliance Checklist for Deployers, Manufacturers, and Providers of General-Purpose, and High-Risk AI systems
.png?width=702&height=860&name=Compliance%20Checklist%20for%20Deployers%2c%20Manufacturers%2c%20and%20Providers%20(1).png)
About the Authors
Sathish Kumar Thiagarajan is a seasoned Controls & Automation Engineer with over 18 years of global experience in managing large-scale industrial automation projects involving PLCs, SCADA, and Drives. He specializes in optimizing technical workflows, ensuring regulatory compliance, and leading cross-functional teams to deliver seamless IT/OT integration solutions. Known for enhancing operational efficiency and driving cost-effective innovations, his expertise helps shape transformative strategies in industrial automation.
Srinivasu Parupalli is an experienced Systems Engineer with expertise in program management and delivery across multiple domains, including Industry 4.0, Manufacturing, Embedded Systems, IoT, Software Applications Development, and Cloud Integrations. He has extensive experience in end-to-end product development and has been instrumental in building and training teams on emerging technologies such as Ignition, Solumina, Aveva, and SCADA systems for deployment in diverse customer projects. With a strong background in industrial automation, he has worked across various industries, including Manufacturing, Energy, Utilities, Healthcare, and Process Automation, developing MES, SCADA, and HMI solutions integrated with other applications. His expertise lies in customer engagement, requirements analysis, and risk management, ensuring the successful execution of complex automation projects.
About the Author
Abhishek Kumar
Subject Matter Expert in Medical Device Regulatory and Quality Assurance
Abhishek Kumar is a Subject Matter Expert in Medical Device Regulatory and Quality Assurance with over 14 years of experience. He has led the EU MDR 2017/745 sustenance program, managed multiple global engagements for top medical device companies, and supported the gap assessment, remediation, and submission of 70+ technical documents across EU MDR, ASEAN MDD, NMPA (China), Taiwan, and 10+ 510(k) submissions. He has authored 40+ Clinical Evaluation Reports (CERs) for Class I–III devices in line with MEDDEV 2.7.1 Rev-4 and developed proposals for market access in the U.S., Europe, and APAC (including ASEAN, China, Taiwan, and Japan). He also prepared and implemented regulatory plans for new product development across 90+ countries through feasibility analysis and cross-functional coordination.