Skip to main content

The European Legal Framework for Medical AI

Part of the Lecture Notes in Computer Science book series (LNISA,volume 12279)


In late February 2020, the European Commission published a White Paper on Artificial Intelligence (AI) and an accompanying report on the safety and liability implications of AI, the Internet of Things (IoT) and robotics. In its White Paper, the Commission highlighted the “European Approach” to AI, stressing that “it is vital that European AI is grounded in our values and fundamental rights such as human dignity and privacy protection”. It also announced its intention to propose EU legislation for “high risk” AI applications in the nearer future which will include the majority of medical AI applications.

Based on this “European Approach” to AI, this paper analyses the current European framework regulating medical AI. Starting with the fundamental rights framework as clear guidelines, subsequently a more in-depth look will be taken at specific areas of law, focusing on data protection, product approval procedures and liability law. This analysis of the current state of law, including its problems and ambiguities regarding AI, is complemented by an outlook at the proposed amendments to product approval procedures and liability law, which, by endorsing a human-centric approach, will fundamentally influence how medical AI and AI in general will be used in Europe in the future.


  • Anti-discrimination
  • EU legal framework
  • Explainability
  • Fundamental rights
  • GDPR
  • Human dignity
  • Human in the loop
  • Informed consent
  • Liability
  • Medical AI
  • Product approval
  • Right to explanation

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-57321-8_12
  • Chapter length: 18 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
USD   109.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-57321-8
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   149.99
Price excludes VAT (USA)


  1. Article 29 Data Protection Working Group: Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679, WP248rev.01 (2017).

  2. Article 29 Data Protection Working Group: Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679, WP251rev.01 (2018).

  3. Article 29 Data Protection Working Group: Guidelines on transparency under Regulation 2016/679, WP260.rev.01 (2018).

  4. Bambauer, J.R.: Dr. Robot. UC Davis Law Rev. 51, 383–398 (2017)

    Google Scholar 

  5. Bathaee, Y.: The artificial intelligence black box and the failure of intent and causation. Harv. J. Law Technol. 31, 889–938 (2018)

    Google Scholar 

  6. Brkan, M.: Do algorithms rule the world? Algorithmic decision-making and data protection in the framework of the GDPR and beyond. Int. J. Law Inf. Technol. 27, 91–121 (2019).

    CrossRef  Google Scholar 

  7. Brkan, M., Bonnet, G.: Legal and technical feasibility of the GDPR’s quest for explanation of algorithmic decisions: of black boxes, white boxes and Fata Morganas. Eur. J. Risk Regul. 11, 18–50 (2020).

    CrossRef  Google Scholar 

  8. Bygrave, L.: Data protection by design and by default: deciphering the EU’s legislative requirements. Oslo Law Rev. 4, 105–120 (2017).

    CrossRef  Google Scholar 

  9. Bygrave, L.: Minding the machine v2.0. The EU general data protection regulation and automated decision-making. In: Yeung, K., Lodge, M. (eds.) Algorithmic Regulation, pp. 248–262. Oxford University Press, Oxford (2019).

  10. Bygrave, L.: Article 22. In: Kuner, C., Bygrave, L., Docksey, C., Drechsler, L. (eds.) The EU General Data Protection Regulation (GDPR). A Commentary. Oxford University Press, Oxford (2020)

    Google Scholar 

  11. Casey, B., Farhangi, A., Vogl, R.: Rethinking explainable machines: the GDPR’s ‘right to explanation’ debate and the rise of algorithmic audits in enterprise. Berkeley Technol. Law J. 34, 143–188 (2019)

    Google Scholar 

  12. Cohen, I.G.: Informed consent and medical artificial intelligence: what to tell the patient? Georgetown Law J. (2020).

  13. Datenethikkommission: Gutachten der Datenethikkommission (2019).

  14. Denga, M.: Deliktische Haftung für künstliche Intelligenz. Computer und Recht 34, 69–78 (2018).

    CrossRef  Google Scholar 

  15. Dupré, C.: Article 1. In: Peers, S., Hervey, T., Kenner, J., Ward, A. (eds.) The EU Charter of Fundamental Rights. A Commentary. C.H. Beck - Hart - Nomos, Baden-Baden - München - Oxford (2014).

  16. Eberbach, W.: Wird die ärztliche Aufklärung zur Fiktion? (Teil 1). Medizinrecht 37, 1–10 (2019).

    CrossRef  Google Scholar 

  17. Eberbach, W.: Wird die ärztliche Aufklärung zur Fiktion? (Teil 2). Medizinrecht 37, 111–117 (2019).

    CrossRef  Google Scholar 

  18. Edwards, L., Veale, M.: Slave to the algorithm? Why a ‘right to explanation’ is probably not the remedy you are looking for. Duke Law Technol. Rev. 16, 18–84 (2017)

    Google Scholar 

  19. Edwards, L., Veale, M.: Enslaving the algorithm: from a “right to an explanation” to a “right to better decisions”? IEEE Secur. Priv. 16, 46–54 (2018).

    CrossRef  Google Scholar 

  20. Etzioni, A., Etzioni, O.: Designing AI systems that obey our laws and values. Commun. ACM 59, 29–31 (2016).

    CrossRef  Google Scholar 

  21. European Commission: Report on the safety and liability implications of Artificial Intelligence, the Internet of Things and robotics (2020).

  22. European Commission: White Paper On Artificial Intelligence - A European approach to excellence and trust (2020).

  23. European Data Protection Board: Guidelines 05/2020 on consent under Regulation 2016/679, Version 1.1 (2020).

  24. Expert Group on Liability and New Technologies - New Technologies Formation: Liability for artificial intelligence and other emerging digital technologies (2019).

  25. FDA: Proposed Regulatory Framework for Modifications to Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device (SaMD) - Discussion Paper and Request for Feedback (2019).

  26. Fosch Villaronga, E., Kieseberg, P., Li, T.: Humans forget, machines remember: artificial intelligence and the right to be forgotten. Comput. Law Secur. Rev. 34, 304–313 (2018).

    CrossRef  Google Scholar 

  27. FRA: Data quality and artificial intelligence - mitigating bias and error to protect fundamental rights (2019).

  28. Goodman, P., Flaxman, S.: European Union regulations on algorithmic decision-making and a “right to explanation”. AI Mag. 38, 50–57 (2017).

    CrossRef  Google Scholar 

  29. Hacker, P.: Teaching fairness to artificial intelligence: existing and novel strategies against algorithmic discrimination under EU law. Common Market Law Rev. 55, 1143–1186 (2018).

  30. Hacker, P., Krestel, R., Grundmann, S., Naumann, F.: Explainable AI under contract and tort law: legal incentives and technical challenges. Artif. Intell. Law 16 (2020).

  31. Haidinger, V.: Art 22 DSGVO. In: Knyrim, R. (ed.) Der DatKomm Praxiskommentar zum Datenschutzrecht - DSGVO und DSG. Manz, Wien, (2018)

    Google Scholar 

  32. Harned, Z., Lungren, M.P., Rajpurkar, P.: Machine vision, medical AI, and malpractice. Harv. J. Law Technol. Digest (2019).

  33. Harris, D., O’Boyle, M., Bates, E., Buckley, C.: Law of the European Convention on Human Rights, 4th edn. Oxford University Press, Oxford (2018)

    Google Scholar 

  34. High-Level Expert Group on Artificial Intelligence: Ethics Guidelines for trustworthy AI (2019).

  35. Holzinger, A.: Interactive machine learning for health informatics: when do we need the human-in-the-loop? Brain Inform. 3, 119–131 (2016).

    CrossRef  Google Scholar 

  36. Holzinger, A., Langs, G., Denk, H., Zatloukal, K., Müller, H.: Causability and explainability of artificial intelligence in medicine. Wiley Interdiscip. Rev. Data Min. Knowl. Discov. 59, 29–31 (2019).

    CrossRef  Google Scholar 

  37. Jabri, S.: Artificial intelligence and healthcare: products and procedures. In: Wischmeyer, T., Rademacher, T. (eds.) Regulating Artificial Intelligence, pp. 307–335. Springer, Cham (2020).

    CrossRef  Google Scholar 

  38. Kaminski, M.E.: The right to explanation, explained. Berkeley Technol. Law J. 34, 189–218 (2019).

    CrossRef  Google Scholar 

  39. Koziol, H.: Comparative conclusions. In: Koziol, H. (ed.) Basic Questions of Tort Law from a Comparative Perspective, pp. 685–838. Jan Sramek Verlag, Vienna (2015)

    Google Scholar 

  40. Lapuschkin, S., Wäldchen, S., Binder, A., Montavon, G., Samek, W., Müller, K.R.: Unmasking Clever Hans predictors and assessing what machines really learn. Nat. Commun. 10(1) (2019).

  41. Lipton, Z.C.: The mythos of model interpretability. ACM Queue 16, 1–27 (2018).

    CrossRef  Google Scholar 

  42. Malgieri, G., Comandé, G.: Why a right to legibility of automated decision-making exists in the general data protection regulation. Int. Data Priv. Law 7, 243–265 (2017).

    CrossRef  Google Scholar 

  43. Mendoza, I., Bygrave, L.: The right not to be subject to automated decisions based on profiling. In: Synodinou, T.E., Jougleux, P., Markou, C., Prastitou, T. (eds.) EU Internet Law. Regulation and Enforcement, pp. 77–98. Springer, Cham (2017).

    CrossRef  Google Scholar 

  44. Miller, T.: Explanation in artificial intelligence: insights from the social sciences. Artif. Intell. 267, 1–38 (2019).

    MathSciNet  CrossRef  MATH  Google Scholar 

  45. Minssen, T., Gerke, S., Aboy, M., Price, N., Cohen, G.: Regulatory responses to medical machine learning. J. Law Biosci. 1–18 (2020).

  46. Mittelstadt, B., Russell, C., Wachter, S.: Explaining explanations in AI. In: FAT* 2019: Proceedings of the Conference on Fairness, Accountability, and Transparency, January 2019. pp. 279–288. ACM (2019).

  47. Molnár-Gábor, F.: Artificial intelligence in healthcare: doctors, patients and liabilities. In: Wischmeyer, T., Rademacher, T. (eds.) Regulating Artificial Intelligence, pp. 337–360. Springer, Cham (2020).

    CrossRef  Google Scholar 

  48. O’Sullivan, S., et al.: Legal, regulatory, and ethical frameworks for development of standards in artificial intelligence (AI) and autonomous robotic surgery. Int. J. Med. Robot. Comput. Assist. Surg. 15, 1–12 (2019).

    CrossRef  Google Scholar 

  49. PHG Foundation: Legal liability for machine learning in healthcare (2018).

  50. PHG Foundation: Algorithms as medical devices (2019).

  51. Price, N.W.: Medical malpractice and black box medicine. In: Cohen, G., Fernandez Lynch, H., Vayena, E., Gasser, U. (eds.) Big Data, Health Law and Bioethics, pp. 295–306. Cambridge University Press, Cambridge (2018).

    CrossRef  Google Scholar 

  52. Reinisch, F.: Künstliche Intelligenz - Haftungsfragen 4.0. Österreichische Juristen-Zeitung, pp. 298–305 (2019)

    Google Scholar 

  53. Schönberger, D.: Artificial intelligence in healthcare: a critical analysis of the legal and ethical implications. Int. J. Law Inf. Technol. 27, 171–203 (2019).

    CrossRef  Google Scholar 

  54. Seehafer, A., Kohler, J.: Künstliche Intelligenz: Updates für das Produkthaftungsrecht? Europäische Zeitschrift für Wirtschaftsrecht 31, 213–218 (2020)

    Google Scholar 

  55. Selbst, A.D., Powles, J.: Meaningful information and the right to explanation. Int. Data Priv. Law 7, 233–242 (2017).

    CrossRef  Google Scholar 

  56. Spindler, G.: Roboter, Automation, künstliche Intelligenz, selbst-steuernde Kfz - Braucht das Recht neue Haftungskategorien? Computer und Recht 31, 766–776 (2015).

    CrossRef  Google Scholar 

  57. Topol, E.: Deep Medicine. Basic Books, New York (2019)

    Google Scholar 

  58. Wachter, S., Mittelstadt, B., Floridi, L.: Why a right to explanation of automated decision-making does not exist in the general data protection regulation. Int. Data Priv. Law 7, 76–99 (2017).

    CrossRef  Google Scholar 

  59. Wachter, S., Mittelstadt, B., Russell, C.: Counterfactual explanations without opening the black box: automated decisions and the GDPR. Harv. J. Law Technol. 31, 841–887 (2018)

    Google Scholar 

  60. Zech, H.: Künstliche Intelligenz und Haftungsfragen. Zeitschrift für die gesamte Privatrechtswissenschaft 5, 198–219 (2019)

    Google Scholar 

  61. Zweig, K.A.: Wo Maschinen irren können (2018).

Download references


The authors declare that there are no conflicts of interests and the work does not raise any ethical issues. Parts of this work have been funded by the Austrian Science Fund (FWF), Project: P-32554 “A reference model of explainable Artificial Intelligence for the Medical Domain”.

Author information

Authors and Affiliations


Corresponding author

Correspondence to David Schneeberger .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2020 IFIP International Federation for Information Processing

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Schneeberger, D., Stöger, K., Holzinger, A. (2020). The European Legal Framework for Medical AI. In: Holzinger, A., Kieseberg, P., Tjoa, A., Weippl, E. (eds) Machine Learning and Knowledge Extraction. CD-MAKE 2020. Lecture Notes in Computer Science(), vol 12279. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-57320-1

  • Online ISBN: 978-3-030-57321-8

  • eBook Packages: Computer ScienceComputer Science (R0)