UK Law and Practice Contributed by: Amélie Chollet, Hannah Curtis and David Dennis, CMS
tor authentication). Organisations should be pro- active in ensuring that they are compliant with the UK GDPR and the DPA 2018. They should regularly scan their systems for vulnerabilities and keep them up to date. Insurance Carrying professional indemnity and cyber liabil- ity insurance can mitigate the effects of a poten- tial sanction or fine. Aligning With Professional and Technical Standards Providers often follow voluntary or industry best- practice standards (eg, NICE evidence stand- ards for digital tools, NHS England’s digital frameworks). 5. Emerging Legal Issues and Reform 5.1 Emerging Legal Issues in Digital Healthcare There have been several recent developments in digital healthcare regulation, particularly in rela- tion to AI. Some recent developments/trends include the following. There has been increasing focus on the regu- lation of software as a medical device (SaMD), including clarification of definitions, risk classifi- cation and post-market obligations. The MHRA is updating medical device regulation, particu- larly around software and AI, aiming for a clearer, more agile system. There is increased focus on AI risk management, especially for adaptive or autonomous AI used in diagnostics and treat- ment. In March 2025, the UK government published its response to the Regulatory Horizons Council’s
report on AI as a medical device. It accepted all of the Council’s recommendations, which include: • boosting regulators’ capacity; • overseeing AI throughout its life cycle; • increasing transparency and patient involve- ment; and • supporting UK leadership and international alignment in AI safety. Enhanced data protection requirements have also emerged, particularly regarding the pro- cessing of special category data and the use of automated decision-making and profiling in digi- tal health apps. The Data (Use and Access) Bill, introduced in 2024, will modernise and update data laws in the UK, and proposals include reducing compliance burdens for low-risk data processing and establishing a government- backed digital identity trust framework. Cybersecurity requirements for digital health products are becoming more prominent, with proposed minimum standards for SaMD. 5.2 Recent or Imminent Reform Significant reforms are underway, as follows. New GB Medical Devices Regulations As mentioned previously, core aspects of the new GB Medical Devices Regulations are expected to apply from 1 July 2025. These reforms will: • address the regulation of software as a medi- cal device (SaMD); • clarify the definition of “placing on the mar- ket” for online software; • introduce an “airlock classification rule” for uncertain risk profiles; • enhance post-market requirements (including incident reporting); and
136 CHAMBERS.COM
Powered by FlippingBook