Book an appointment with us, or search the directory to find the right lawyer for you directly through the app.
Find out moreWelcome to the Saudi Arabia focus edition of Law Update.
One of the key markets in the Middle East and North Africa (MENA) that continues to lead from the front is the Kingdom of Saudi Arabia (KSA). As the largest country in the Middle East and the 18th largest economy in the world, the progress KSA continues to make is underpinned by its Vision 2030 that envisions developing the country as an investment powerhouse and hub that ultimately connects Asia, Europe, and Africa. Given Saudi Arabia’s significance to the regional economy, our team of experts have prepared a range of pertinent articles that provide insights into new laws, regulations, and the legal landscape in the Kingdom.
This edition will provide you with an up-to-date guide on matters such as; the framework issued by the Saudi Central Bank on IT governance, the anti-corruption landscape under Vision 2030; we also provide practical tips for dispute avoidance. This is only a snapshot; there are many more articles within the KSA focus section for you to read, which we hope you will find valuable and enjoyable.
Read the editionChristina Sochacki - Senior Associate - Corporate / Mergers and Acquisitions
Nick O’Connell - Partner, Head of Digital & Data - Saudi Arabia - Digital and Data / Intellectual Property
This illustration is inspired by the original painting of Girl with a Pearl Earring by Johannes Vermeer.
The Saudi Food & Drug Authority (“SFDA”) recently published guidance on artificial intelligence and ‘Big Data’ in the context of medical devices: Guidance on the Review and Approval of Artificial Intelligence and Big Data based Medical Devices (“AI Guidelines”). The AI Guidelines are to be read in conjunction with the SFDA’s Guidance on Software as a Medical Device.
The AI Guidelines apply to standalone software type medical devices, to which machine-learning-based AI technology is applied in order to diagnose, manage, or predict diseases by analysing medical data. It also applies to AI software that is configured with hardware, such as clinical decision support (“CDS”) software or computer-aided detection/diagnosis (“CAD”) software.
The medical device marketing authorisation requirements relevant to AI-based medical devices, as set out in the AI Guidelines, include demonstrating the accuracy of AI technology, to diagnose or predict diseases or provide customised treatment to patients, by analysing ‘Big Data’ and recognising certain patters based on machine learning.
The SFDA describes medical ‘Big Data’ as “various kinds of medical information used to diagnose, manage or predict diseases – such as medical records, biometric information measured by medical devices, medical images, and genetic information”.
Whether Big Data and AI-based medical software is a medical device is determined based on the intended use. In general, software intended for exercise, leisure activities, and general health care are not considered medical devices; software that helps a medical professional easily find medical information is also generally not considered a medical device. Each case will be judged based on it characteristics, situation, and scientific evidence of each product.
When examining applications for medical device marketing authorisations, performance and clinical efficacy will be reviewed. In addition, in cases where medical information is saved and transmitted through a network by applying cloud computing technology, the medical information security and cloud transmission process will be evaluated to examine the possibility of modification of medical information and the occurrence of damage. Security requirements for the use of a network include, server access control, user authentication, use of encryption, and de-identification, which will need to conform to SFDA guidance on pre- and post-market cybersecurity of medical devices.
Big Data and AI-based medical devices submitted for medical device marketing authorisation will be compared with previously approved medical devices. If the intended use and operating principles are different to ones already approved, documents from a clinical trial should be submitted. An equivalence comparison of machine-learning-based medical devices will be conducted to compare the intended use, model used for machine learning, and characteristics of training data in the two products. If the two products are equivalent, submissions of clinical trials may be waived by the SFDA.
The AI Guidelines discuss version control methods and requirements based on the type of version control: major function change; simple change; minor change; and training data change. Also addressed is the requirement for a manufacturer to establish a policy on data management when it comes to the various training/learning data integrated into the software, such as electronic medical records, medical images, and medical literature.
Finally, the AI Guidelines address cloud configuration, including; 1) private cloud, which can be used by a medical institution as the institution installs data centres internally; 2) public cloud, where cloud services are provided by an external provider is used; and 3) hybrid cloud, where public cloud and private cloud are used in combination.
Our Healthcare & Life Sciences as well as the Digital & Data sector groups regularly advise on these types of matters. For further information, please contact healthcare@tamimi.com.
To learn more about our services and get the latest legal insights from across the Middle East and North Africa region, click on the link below.