Regulators will regulate, and AI is on top of their list.

The EU AI Act will become the world’s first broad legal framework for artificial intelligence and could hopefully become a global standard. It will apply to any business operating within the EU or offering AI systems or services to EU residents.

The use of artificial intelligence in the EU will be regulated by the AI Act, the world’s first comprehensive AI law. Currently the European Parliament is actively working on finalizing the regulation to ensure safe and ethical use of AI within its member states. Intention is to cover all sectors and all types of artificial intelligence except for military use. The European Commission proposed the AI Act in April 2021, and the commission has in December 2023 reached a provisional agreement. The agreed text will now have to be formally adopted by both Parliament and Council to become EU law. The Act is intended to be adopted during 2024 and enter into force after a transitional period of 2-4 years.

Title I in the proposal defines the subject matter of the regulation and the scope of application of the new rules that cover the placing on the market, putting into service and use of AI systems. The definition of AI system in the legal framework aims to be as technology neutral and future proof as possible, taking into account the fast technological and market developments related to AI. The Act uses a risk-based approach in four classes to set up different requirements depending on the level of risk an AI system poses to human health, safety, or rights.

  1. Prohibited artificial intelligence practices (title II)
    Some AI uses are banned, such as subliminal manipulation, social credit scoring, or real-time biometric identification.
  2. High-risk AI systems (title III)
    Permitted but subject to compliance with AI requirements and conformity assessments. This would include biometric identification, medical devices, law enforcement, critical infrastructure, and many others.
  3. Transparency obligations for certain AI systems (title IV)
    Permitted but subject to information/transparency obligations. This basically means that humans must be notified that they are interacting with an AI and what it does.
    It applies to systems that:
    – interact with humans,
    – are used to detect emotions or determine association with (social) categories based on biometric data, or
    – generate or manipulate content (‘deep fakes’).
  4. Minimal or no risk
    Permitted with no restrictions. No mandatory requirements but the commission proposes voluntary requirements to be developed. This would for example include ChatGPT.

Europe has with the AI act taken a big step in creating a general law on AI while regulation in the US is still evolving. The FDA has been developing a new regulatory approach for AI/ML-enabled medical devices that is based on the principle of “total product lifecycle” (TPLC). This means that the FDA would monitor and evaluate the performance of AI/ML-enabled medical devices throughout their lifecycle, not just at the point of premarket approval. The FDA also plans to establish a Medical AI Evaluation Database (MAIED) to collect real-world data on AI/ML-enabled medical devices.

The lack of common requirements in the EU and US could result in one of two situations. The first, and obviously the preferred one is that US regulators take a good look at the AI Act and align the requirements accordingly. The other scenario with a set of different rules would be both cumbersome and costly for industry and healthcare alike.

The future will tell how this will evolve but we can be certain that the use of AI will significantly affect every aspect of our society in the same way, and beyond, what the development of computers once did. And much like with computers, if you miss the queue to step onboard, you might miss the train entirely.

In the final episode of this article series, we will try to extrapolate where the AI journey might take us and glance into the future.

If you have any question, contact us at

It will happen to you too.

Maybe not today or tomorrow, but it will happen, an unannounced audit from your Notified Body.

Unannounced audits by the Notified Body (NB) are performed without any prior notice or schedule. The auditor can show up at any time and expect to have access to your premises and documentation related to your medical devices, including IVD devices. A Notified Body also has the right to visit your suppliers or subcontractors to check their compliance with applicable requirements and the status of the Quality Management System (QMS). In some cases, the auditor can also take product samples for further examination and analysis.

Unannounced audits can be very stressful and disruptive for your company, but there are ways to make them less stressful and chaotic.

  1. First and foremost, keep your compliance high at all times.
    The best way to avoid any problems during an unannounced audit is to always maintain a high level of compliance with your quality management system and relevant regulations and standards.
  1. Organize your documentation.
    This is of course a part of the above, but your documentation and records are essential for proving your compliance. You should therefore keep them continuously organized and accessible since you won’t have any time for “housekeeping” before the audit.
  1. Have a plan or even better a SOP or instruction for unannounced audits.
    Before the audit happens, you should have a clear plan on how to handle an unannounced audit. The SOP should include how to greet the auditor and confirm their identity. Confirming that the unknown person at your door is who they claim they are is extremely important. So, make sure you outline who is responsible for what, how to communicate with the auditor, and how to escalate any issues if they occur. And don´t forget to assign back-ups for people who might not be available on that particular day.
  1. Train your staff.
    Your staff should be aware of the possibility and the purpose of unannounced audits, and they should know how to act professionally and cooperatively with the auditor. This does of course not differ from any other audit, but the lack of preparation time can cause high stress among staff.
  1. Monitor your critical suppliers and include unannounced audits by NB in your contracts.
    Your suppliers and subcontractors are also part of your quality management system, and they may be subject to unannounced audits by the notified body as well. You must therefore be able to show that you monitor their performance and compliance regularly. You also need to inform your critical suppliers about the potential of unannounced audits by the notified body and agree on how to handle them.

The above tips will help you to demonstrate your commitment to quality and safety in case of an unannounced audit. But it will also increase your confidence and reduce the stress that always comes with an audit, but even more when it comes unannounced.

If you have any question, contact us at

Does quality and regulatory pose a challenge to Innovation?

Quality and Regulatory Affairs is often regarded as being a hindrance to innovation. We think this is a very counterproductive way of looking at it. We see the QMS more like the barrier between the opposite lanes of the motorway preventing you from a head on collision in case of an innocent mistake.

Sweden is a home to over 600 medical technology companies, employing five people or more, and collectively providing employment to over 50,000 individuals. A nation of just 10 million people, has been the birthplace of a remarkable number of inventions that have left an indelible mark on the world. It may seem that all it takes is a brilliant idea to make a significant impact, but the reality of medical device development is more complex. Regulatory compliance is a critical aspect of this process, that ensures user safety, maintains quality, and secures market approval. However, far from being a hindrance, regulatory compliance can enhance innovation efficiency and open up new opportunities for innovation. It’s all about finding the right balance between regulation and innovation. Thepurpose of regulatory affairs is to secure market access for a safe and effective product as quickly and painlessly as possible – not to hinder innovation. And that is exactly our cup of tea, Regulatory compliance with the least burdensome approach. The number of companies that we have helped and continue to help is our legacy of success. We are proud that we have the opportunity to support several top-rated medical device companies in Sweden.

The list of Swedish contributions to the world includes significant inventions such as the ball bearing, refrigerator, adjustable spanner, and the three-point seatbelt, just to mention a few.

The country has also made significant strides in the software realm, with globally recognized contributions like the game Minecraft, Bluetooth technology, Skype, and Spotify.

In the healthcare sector, Sweden’s contributions to the 20th century have been nothing short of transformative. The world’s first clinically usable artificial kidney was developed in 1946, followed by the Servo ventilator in 1950, medical ultrasound in 1953, the implantable pacemaker in 1958, and the Gamma knife in the late 60s.

More recent innovations include the Bone Anchored Hearing Aid (BAHA) in 1977, the Turbuhaler® Inhalator in 1987, and the Lucas Chest Compression System® that provides mechanical chest compressions to patients in cardiac arrest, introduced in Swedish ambulances in 2003. Medical devices have a huge impact on the lives of patients everywhere. It is therefore important that innovation, quality and regulatory affairs co-work and not counteract each other.

If you have any question, please contact us at