This month we bring you a special focus on a continent that boasts the world’s largest free trade area, a diverse economic make-up and increasing political stability. The latest edition of Law Update focuses on Africa, a territory that continues to be an attractive business and investment destination.
Like the rest of the world, Africa is still re-building from the impact of COVID-19, however, there continues to be an optimistic view of the opportunities the continent presents. An example of the appetite for investment into Africa was captured in a report we commissioned, titled Legal Leaders in MENA. Our survey of legal leaders revealed a resounding desire to expand into new territories, with 81% naming Africa as their investment destination of choice.Read the full edition
This illustration is inspired by the original painting of Girl with a Pearl Earring by Johannes Vermeer.
The Saudi Food & Drug Authority (“SFDA”) recently published guidance on artificial intelligence and ‘Big Data’ in the context of medical devices: Guidance on the Review and Approval of Artificial Intelligence and Big Data based Medical Devices (“AI Guidelines”). The AI Guidelines are to be read in conjunction with the SFDA’s Guidance on Software as a Medical Device.
The AI Guidelines apply to standalone software type medical devices, to which machine-learning-based AI technology is applied in order to diagnose, manage, or predict diseases by analysing medical data. It also applies to AI software that is configured with hardware, such as clinical decision support (“CDS”) software or computer-aided detection/diagnosis (“CAD”) software.
The medical device marketing authorisation requirements relevant to AI-based medical devices, as set out in the AI Guidelines, include demonstrating the accuracy of AI technology, to diagnose or predict diseases or provide customised treatment to patients, by analysing ‘Big Data’ and recognising certain patters based on machine learning.
The SFDA describes medical ‘Big Data’ as “various kinds of medical information used to diagnose, manage or predict diseases – such as medical records, biometric information measured by medical devices, medical images, and genetic information”.
Whether Big Data and AI-based medical software is a medical device is determined based on the intended use. In general, software intended for exercise, leisure activities, and general health care are not considered medical devices; software that helps a medical professional easily find medical information is also generally not considered a medical device. Each case will be judged based on it characteristics, situation, and scientific evidence of each product.
When examining applications for medical device marketing authorisations, performance and clinical efficacy will be reviewed. In addition, in cases where medical information is saved and transmitted through a network by applying cloud computing technology, the medical information security and cloud transmission process will be evaluated to examine the possibility of modification of medical information and the occurrence of damage. Security requirements for the use of a network include, server access control, user authentication, use of encryption, and de-identification, which will need to conform to SFDA guidance on pre- and post-market cybersecurity of medical devices.
Big Data and AI-based medical devices submitted for medical device marketing authorisation will be compared with previously approved medical devices. If the intended use and operating principles are different to ones already approved, documents from a clinical trial should be submitted. An equivalence comparison of machine-learning-based medical devices will be conducted to compare the intended use, model used for machine learning, and characteristics of training data in the two products. If the two products are equivalent, submissions of clinical trials may be waived by the SFDA.
The AI Guidelines discuss version control methods and requirements based on the type of version control: major function change; simple change; minor change; and training data change. Also addressed is the requirement for a manufacturer to establish a policy on data management when it comes to the various training/learning data integrated into the software, such as electronic medical records, medical images, and medical literature.
Finally, the AI Guidelines address cloud configuration, including; 1) private cloud, which can be used by a medical institution as the institution installs data centres internally; 2) public cloud, where cloud services are provided by an external provider is used; and 3) hybrid cloud, where public cloud and private cloud are used in combination.