Book an appointment with us, or search the directory to find the right lawyer for you directly through the app.Find out more
Welcome to the latest edition of Law Update titled “Rise of Generative AI.”
In this edition, we dive into the dynamic world of Technology, Media, and Telecommunications (TMT) across the Middle East and North Africa (MENA) region. TMT continues to play a vital role in positioning the region as an international business and social hub, driving significant growth and innovation.
Our focus in this Law Update is on the sector’s ongoing potential to advance and propel the region toward a more digital economy. We explore the benefits of embracing a digital transformation and how local authorities have responded by enhancing regulations to accommodate the evolving TMT landscape.
This edition covers a range of topics, including – the new Telecommunications & Information Technology Law in Saudi Arabia, the intricacies of trademarks in the Metaverse, and the legal challenges faced by the video game industry. Additionally, we take a regional perspective, discussing jurisdictions such as Kuwait, Saudi Arabia, UAE, Oman, and Bahrain to provide a comprehensive understanding of the TMT landscape.
We hope you thoroughly enjoy this packed issue of Law Update, filled with captivating articles that address key legal issues within a vital sector for the region.Read the full edition
Christina Sochacki - Senior Counsel - Corporate / Mergers and Acquisitions
Nick O’Connell - Partner, Head of Digital & Data - Saudi Arabia - Digital & Data
This illustration is inspired by the original painting of Girl with a Pearl Earring by Johannes Vermeer.
The Saudi Food & Drug Authority (“SFDA”) recently published guidance on artificial intelligence and ‘Big Data’ in the context of medical devices: Guidance on the Review and Approval of Artificial Intelligence and Big Data based Medical Devices (“AI Guidelines”). The AI Guidelines are to be read in conjunction with the SFDA’s Guidance on Software as a Medical Device.
The AI Guidelines apply to standalone software type medical devices, to which machine-learning-based AI technology is applied in order to diagnose, manage, or predict diseases by analysing medical data. It also applies to AI software that is configured with hardware, such as clinical decision support (“CDS”) software or computer-aided detection/diagnosis (“CAD”) software.
The medical device marketing authorisation requirements relevant to AI-based medical devices, as set out in the AI Guidelines, include demonstrating the accuracy of AI technology, to diagnose or predict diseases or provide customised treatment to patients, by analysing ‘Big Data’ and recognising certain patters based on machine learning.
The SFDA describes medical ‘Big Data’ as “various kinds of medical information used to diagnose, manage or predict diseases – such as medical records, biometric information measured by medical devices, medical images, and genetic information”.
Whether Big Data and AI-based medical software is a medical device is determined based on the intended use. In general, software intended for exercise, leisure activities, and general health care are not considered medical devices; software that helps a medical professional easily find medical information is also generally not considered a medical device. Each case will be judged based on it characteristics, situation, and scientific evidence of each product.
When examining applications for medical device marketing authorisations, performance and clinical efficacy will be reviewed. In addition, in cases where medical information is saved and transmitted through a network by applying cloud computing technology, the medical information security and cloud transmission process will be evaluated to examine the possibility of modification of medical information and the occurrence of damage. Security requirements for the use of a network include, server access control, user authentication, use of encryption, and de-identification, which will need to conform to SFDA guidance on pre- and post-market cybersecurity of medical devices.
Big Data and AI-based medical devices submitted for medical device marketing authorisation will be compared with previously approved medical devices. If the intended use and operating principles are different to ones already approved, documents from a clinical trial should be submitted. An equivalence comparison of machine-learning-based medical devices will be conducted to compare the intended use, model used for machine learning, and characteristics of training data in the two products. If the two products are equivalent, submissions of clinical trials may be waived by the SFDA.
The AI Guidelines discuss version control methods and requirements based on the type of version control: major function change; simple change; minor change; and training data change. Also addressed is the requirement for a manufacturer to establish a policy on data management when it comes to the various training/learning data integrated into the software, such as electronic medical records, medical images, and medical literature.
Finally, the AI Guidelines address cloud configuration, including; 1) private cloud, which can be used by a medical institution as the institution installs data centres internally; 2) public cloud, where cloud services are provided by an external provider is used; and 3) hybrid cloud, where public cloud and private cloud are used in combination.
Our Healthcare & Life Sciences as well as the Digital & Data sector groups regularly advise on these types of matters. For further information, please contact email@example.com.
To learn more about our services and get the latest legal insights from across the Middle East and North Africa region, click on the link below.