The future regulation of artificial intelligence systems in healthcare services and medical research in the European Union

Despite its promising future, the application of artificial intelligence (AI) and automated decision-making in healthcare services and medical research faces several legal and ethical hurdles. The European Union (EU) is tackling these issues with the existing legal framework and drafting new regulations, such as the proposed AI Act. The EU General Data Protection Regulation (GDPR) partly regulates AI systems, with rules on processing personal data and protecting data subjects against solely automated decision-making. In healthcare services, (automated) decisions are made more frequently and rapidly. However, medical research focuses on innovation and efficacy, with less direct decisions on individuals. Therefore, the GDPR's restrictions on solely automated decision-making apply mainly to healthcare services, and the rights of patients and research participants may significantly differ. The proposed AI Act introduced a risk-based approach to AI systems based on the principles of ethical AI. We analysed the complex connection between the GDPR and AI Act, highlighting the main issues and finding ways to harmonise the principles of data protection and ethical AI. The proposed AI Act may complement the GDPR in healthcare services and medical research. Although several years may pass before the AI Act comes into force, many of its goals will be realised before that.

Automated summary

Despite the promising future of artificial intelligence (AI) in healthcare services and medical research, there are legal and ethical challenges to its application. The European Union (EU) is addressing these issues by utilizing existing legal frameworks and proposing new regulations, such as the AI Act. Currently, the EU General Data Protection Regulation (GDPR) partially regulates AI systems, particularly with regards to processing personal data and protecting individuals from solely automated decision-making. However, there are differences in the impact of GDPR on healthcare services and medical research due to the nature of decision-making involved. The proposed AI Act introduces a risk-based approach and ethical AI principles to complement GDPR in these domains. While it may take some time for the AI Act to come into force, its goals are expected to be realized beforehand.