SeltaSquare

1. 
2. 

2025 KFDC Spring Conference Review 1 : AI Part

Two Emerging Regulatory Frameworks in the Age of AI

Artificial intelligence (AI) is no longer a technology confined to specific industries. It has become a foundational driver shaping not only healthcare and other sectors, but also national competitiveness itself.

Against this backdrop of rapid transformation, a critical global challenge has emerged: how to regulate AI effectively while still enabling innovation and advancement. In Korea, two legislative frameworks are now at the center of this discussion — the Framework Act on Artificial Intelligence and the Digital Medical Products Act.

Figure 2. Two regulatory frameworks emerging in the AI era (https://quickbirdmedical.com/en/ai-act-medizinprodukt-mdr/)

With both laws being developed and applied in parallel, there is growing potential for ambiguity in the regulatory oversight of AI-enabled medical products.

On one hand, the Framework Act on AI focuses on AI systems broadly, emphasizing societal impact and risk, and introduces the concept of categorizing and managing “high-impact AI” separately. On the other hand, the Digital Medical Products Act is sector-specific, concentrating on ensuring the safety and clinical effectiveness of medical products.

As a result, for AI-based medical devices or software, uncertainty may arise regarding which regulatory framework should take precedence, and how risk or impact should be assessed under each system. This creates the possibility of interpretational discrepancies and regulatory overlap in practice.

The First Step: Clearly Defining Requirements

Figure 3. EU AIA (Busch, F., Kather, J.N., Johner, C. et al. Navigating the European Union Artificial Intelligence Act for Healthcare. 

npj Digit. Med. 7, 210 (2024). https://doi.org/10.1038/s41746-024-01213-6)

To proactively address these challenges, it is essential to define clear regulatory and functional requirements from the earliest stages of product development, and to systematically assess how each requirement maps to the respective legal frameworks. A particularly important consideration is that when overlapping requirements arise across the two regulations, organizations should go beyond simply avoiding duplication. Instead, they must establish clear prioritization principles and ensure that product development and governance decisions are consistently aligned with those principles. This approach enables companies to anticipate potential dual-regulation scenarios or classification conflicts, establish a robust compliance roadmap, and ultimately strengthen both product safety and trustworthiness.

Systematic Management Through AI Governance

To support the responsible development of AI-driven digital medical products, a structured AI governance framework must be established to manage each stage of the product lifecycle and proactively address risks.

Key governance domains include:

1. Data Management

Data is the foundation of any AI model. Establishing clear data specifications, maintaining detailed documentation, providing labeling guidelines, and generating data quality reports are essential to ensure transparency and accuracy. These practices form the backbone of reliable model training.

 

2. Data Privacy and Ethical Use

Compliance with data protection regulations must be strictly ensured. In addition, patient and user data should be collected and managed ethically throughout the AI development lifecycle. This is not only a regulatory requirement but also a global baseline expectation.

 

3. AI Risk Assessment

Potential risks should be identified and managed from the earliest stages of development. A structured risk assessment protocol based on data protection compliance checklists should be implemented, with findings formally documented in AI model risk assessment reports to minimize residual risk.

 

4. AI Model Management

Once developed, AI models must be systematically controlled. Standardized usage procedures, AI model cards containing key model information, and training logs should be maintained to ensure full transparency across the model lifecycle.

 

5. AI Model Validation

Robust validation of model performance and reliability is essential. This includes establishing formal model quality assessment procedures and protocols, as well as conducting explainable AI (XAI) evaluations to ensure that model decision-making processes are interpretable and justifiable.

 

6. Model Maintenance

After deployment, continuous monitoring and updates are required to sustain model performance. A structured monitoring plan should track model behavior and performance over time, while all updates and adjustments should be recorded in maintenance logs to ensure full traceability.

 

7. Preparedness for Dual Regulation and Classification Conflicts

Organizations must proactively account for potential overlaps between the Framework Act on AI and the Digital Medical Products Act, including conflicts in high-impact AI classification systems. Legal consultation and internal governance guidelines should be established to manage these risks effectively, serving as a critical component of enterprise risk mitigation.

From the earliest stages of product development, organizations must clearly define requirements, establish regulatory prioritization strategies, and implement a comprehensive AI governance framework covering data management, risk assessment, model control, validation, maintenance, and dual-regulation preparedness.

 

Such an integrated approach not only minimizes regulatory and operational risk, but also reduces uncertainty in compliance interpretation, ultimately providing a stable foundation for safe and scalable deployment of innovative AI-driven healthcare products.