{"title":"实现基于人工智能的医疗设备网络安全的监管方法:跨大西洋视角","authors":"Elisabetta Biasin, Erik Kamenjašević","doi":"10.1017/err.2024.23","DOIUrl":null,"url":null,"abstract":"Cybersecurity of medical devices has become a concrete concern for regulators and policymakers in the European Union and United States. Following the COVID-19 pandemic, there has been an increase in cyber-attacks on critical healthcare infrastructures and their IT systems, which have suffered service disruptions and put patients’ health and safety at risk. The increase in cyberattacks on healthcare infrastructure, including medical devices, exacerbated by the growing digitalisation of healthcare services in the EU and the US, has led legislators and regulatory bodies to pay more attention to cybersecurity. Cybersecurity of AI-based medical devices requires the assessment of three areas subject to evolving regulatory approaches: medical devices, Artificial Intelligence (AI), and cybersecurity. Although they may appear distinguished in regulatory matters, the existence of AI-based medical devices and their possible cyber vulnerabilities makes clear that the three are intertwined and deserve closer attention from a regulatory point of view. Few scholars have devoted attention to AI and cybersecurity together. Even less, in our understanding, few comprehensive and EU/US comparative pieces of literature reflect on this specific issue. This paper aims to fill this gap and address the main implications of different regulatory approaches toward AI medical device cybersecurity in the EU and the US. The research stems from the assumption that regulation of medical devices in the EU has been historically inspired by regulatory trends in the US, although with the different cultural, societal, and legal traditions that made them adapt to the specificities of the territory. The paper observes that the US is a rule-based system reflecting a “command-and-control” approach, while the EU system is a principle-based one. While they share the main characteristic of being risk-regulation-based systems, their differences impact how AI-enhanced cybersecurity is regulated.","PeriodicalId":46207,"journal":{"name":"European Journal of Risk Regulation","volume":"66 1","pages":""},"PeriodicalIF":1.8000,"publicationDate":"2024-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Regulatory Approaches Towards AI-Based Medical Device Cybersecurity: A Transatlantic Perspective\",\"authors\":\"Elisabetta Biasin, Erik Kamenjašević\",\"doi\":\"10.1017/err.2024.23\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cybersecurity of medical devices has become a concrete concern for regulators and policymakers in the European Union and United States. Following the COVID-19 pandemic, there has been an increase in cyber-attacks on critical healthcare infrastructures and their IT systems, which have suffered service disruptions and put patients’ health and safety at risk. The increase in cyberattacks on healthcare infrastructure, including medical devices, exacerbated by the growing digitalisation of healthcare services in the EU and the US, has led legislators and regulatory bodies to pay more attention to cybersecurity. Cybersecurity of AI-based medical devices requires the assessment of three areas subject to evolving regulatory approaches: medical devices, Artificial Intelligence (AI), and cybersecurity. Although they may appear distinguished in regulatory matters, the existence of AI-based medical devices and their possible cyber vulnerabilities makes clear that the three are intertwined and deserve closer attention from a regulatory point of view. Few scholars have devoted attention to AI and cybersecurity together. Even less, in our understanding, few comprehensive and EU/US comparative pieces of literature reflect on this specific issue. This paper aims to fill this gap and address the main implications of different regulatory approaches toward AI medical device cybersecurity in the EU and the US. The research stems from the assumption that regulation of medical devices in the EU has been historically inspired by regulatory trends in the US, although with the different cultural, societal, and legal traditions that made them adapt to the specificities of the territory. The paper observes that the US is a rule-based system reflecting a “command-and-control” approach, while the EU system is a principle-based one. While they share the main characteristic of being risk-regulation-based systems, their differences impact how AI-enhanced cybersecurity is regulated.\",\"PeriodicalId\":46207,\"journal\":{\"name\":\"European Journal of Risk Regulation\",\"volume\":\"66 1\",\"pages\":\"\"},\"PeriodicalIF\":1.8000,\"publicationDate\":\"2024-04-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"European Journal of Risk Regulation\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1017/err.2024.23\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"LAW\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"European Journal of Risk Regulation","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1017/err.2024.23","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"LAW","Score":null,"Total":0}
引用次数: 0
摘要
医疗设备的网络安全已成为欧盟和美国监管机构和政策制定者关注的具体问题。COVID-19 大流行之后,针对关键医疗基础设施及其 IT 系统的网络攻击不断增加,导致服务中断,危及患者的健康和安全。欧盟和美国医疗服务的数字化程度不断提高,加剧了对包括医疗设备在内的医疗基础设施的网络攻击,这促使立法者和监管机构更加关注网络安全问题。基于人工智能的医疗设备的网络安全需要对三个领域进行评估,这三个领域的监管方法也在不断变化:医疗设备、人工智能(AI)和网络安全。虽然它们在监管问题上似乎有所区别,但基于人工智能的医疗设备的存在及其可能存在的网络漏洞清楚地表明,三者是相互交织的,值得从监管角度给予更密切的关注。很少有学者将人工智能和网络安全放在一起研究。据我们了解,很少有综合性的欧盟/美国比较文献对这一具体问题进行反思。本文旨在填补这一空白,探讨欧盟和美国对人工智能医疗设备网络安全的不同监管方法的主要影响。这项研究源于这样一个假设,即欧盟的医疗设备监管历来受到美国监管趋势的启发,尽管不同的文化、社会和法律传统使其适应了当地的特殊性。本文认为,美国的制度以规则为基础,反映了一种 "命令与控制 "的方法,而欧盟的制度则以原则为基础。虽然它们的主要特点都是基于风险监管的体系,但它们之间的差异影响了如何监管人工智能增强型网络安全。
Regulatory Approaches Towards AI-Based Medical Device Cybersecurity: A Transatlantic Perspective
Cybersecurity of medical devices has become a concrete concern for regulators and policymakers in the European Union and United States. Following the COVID-19 pandemic, there has been an increase in cyber-attacks on critical healthcare infrastructures and their IT systems, which have suffered service disruptions and put patients’ health and safety at risk. The increase in cyberattacks on healthcare infrastructure, including medical devices, exacerbated by the growing digitalisation of healthcare services in the EU and the US, has led legislators and regulatory bodies to pay more attention to cybersecurity. Cybersecurity of AI-based medical devices requires the assessment of three areas subject to evolving regulatory approaches: medical devices, Artificial Intelligence (AI), and cybersecurity. Although they may appear distinguished in regulatory matters, the existence of AI-based medical devices and their possible cyber vulnerabilities makes clear that the three are intertwined and deserve closer attention from a regulatory point of view. Few scholars have devoted attention to AI and cybersecurity together. Even less, in our understanding, few comprehensive and EU/US comparative pieces of literature reflect on this specific issue. This paper aims to fill this gap and address the main implications of different regulatory approaches toward AI medical device cybersecurity in the EU and the US. The research stems from the assumption that regulation of medical devices in the EU has been historically inspired by regulatory trends in the US, although with the different cultural, societal, and legal traditions that made them adapt to the specificities of the territory. The paper observes that the US is a rule-based system reflecting a “command-and-control” approach, while the EU system is a principle-based one. While they share the main characteristic of being risk-regulation-based systems, their differences impact how AI-enhanced cybersecurity is regulated.
期刊介绍:
European Journal of Risk Regulation is an interdisciplinary forum bringing together legal practitioners, academics, risk analysts and policymakers in a dialogue on how risks to individuals’ health, safety and the environment are regulated across policy domains globally. The journal’s wide scope encourages exploration of public health, safety and environmental aspects of pharmaceuticals, food and other consumer products alongside a wider interpretation of risk, which includes financial regulation, technology-related risks, natural disasters and terrorism.