实现基于人工智能的医疗设备网络安全的监管方法:跨大西洋视角

IF 1.8 Q1 LAW European Journal of Risk Regulation Pub Date : 2024-04-15 DOI:10.1017/err.2024.23
Elisabetta Biasin, Erik Kamenjašević
{"title":"实现基于人工智能的医疗设备网络安全的监管方法:跨大西洋视角","authors":"Elisabetta Biasin, Erik Kamenjašević","doi":"10.1017/err.2024.23","DOIUrl":null,"url":null,"abstract":"Cybersecurity of medical devices has become a concrete concern for regulators and policymakers in the European Union and United States. Following the COVID-19 pandemic, there has been an increase in cyber-attacks on critical healthcare infrastructures and their IT systems, which have suffered service disruptions and put patients’ health and safety at risk. The increase in cyberattacks on healthcare infrastructure, including medical devices, exacerbated by the growing digitalisation of healthcare services in the EU and the US, has led legislators and regulatory bodies to pay more attention to cybersecurity. Cybersecurity of AI-based medical devices requires the assessment of three areas subject to evolving regulatory approaches: medical devices, Artificial Intelligence (AI), and cybersecurity. Although they may appear distinguished in regulatory matters, the existence of AI-based medical devices and their possible cyber vulnerabilities makes clear that the three are intertwined and deserve closer attention from a regulatory point of view. Few scholars have devoted attention to AI and cybersecurity together. Even less, in our understanding, few comprehensive and EU/US comparative pieces of literature reflect on this specific issue. This paper aims to fill this gap and address the main implications of different regulatory approaches toward AI medical device cybersecurity in the EU and the US. The research stems from the assumption that regulation of medical devices in the EU has been historically inspired by regulatory trends in the US, although with the different cultural, societal, and legal traditions that made them adapt to the specificities of the territory. The paper observes that the US is a rule-based system reflecting a “command-and-control” approach, while the EU system is a principle-based one. While they share the main characteristic of being risk-regulation-based systems, their differences impact how AI-enhanced cybersecurity is regulated.","PeriodicalId":46207,"journal":{"name":"European Journal of Risk Regulation","volume":"66 1","pages":""},"PeriodicalIF":1.8000,"publicationDate":"2024-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Regulatory Approaches Towards AI-Based Medical Device Cybersecurity: A Transatlantic Perspective\",\"authors\":\"Elisabetta Biasin, Erik Kamenjašević\",\"doi\":\"10.1017/err.2024.23\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cybersecurity of medical devices has become a concrete concern for regulators and policymakers in the European Union and United States. Following the COVID-19 pandemic, there has been an increase in cyber-attacks on critical healthcare infrastructures and their IT systems, which have suffered service disruptions and put patients’ health and safety at risk. The increase in cyberattacks on healthcare infrastructure, including medical devices, exacerbated by the growing digitalisation of healthcare services in the EU and the US, has led legislators and regulatory bodies to pay more attention to cybersecurity. Cybersecurity of AI-based medical devices requires the assessment of three areas subject to evolving regulatory approaches: medical devices, Artificial Intelligence (AI), and cybersecurity. Although they may appear distinguished in regulatory matters, the existence of AI-based medical devices and their possible cyber vulnerabilities makes clear that the three are intertwined and deserve closer attention from a regulatory point of view. Few scholars have devoted attention to AI and cybersecurity together. Even less, in our understanding, few comprehensive and EU/US comparative pieces of literature reflect on this specific issue. This paper aims to fill this gap and address the main implications of different regulatory approaches toward AI medical device cybersecurity in the EU and the US. The research stems from the assumption that regulation of medical devices in the EU has been historically inspired by regulatory trends in the US, although with the different cultural, societal, and legal traditions that made them adapt to the specificities of the territory. The paper observes that the US is a rule-based system reflecting a “command-and-control” approach, while the EU system is a principle-based one. While they share the main characteristic of being risk-regulation-based systems, their differences impact how AI-enhanced cybersecurity is regulated.\",\"PeriodicalId\":46207,\"journal\":{\"name\":\"European Journal of Risk Regulation\",\"volume\":\"66 1\",\"pages\":\"\"},\"PeriodicalIF\":1.8000,\"publicationDate\":\"2024-04-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"European Journal of Risk Regulation\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1017/err.2024.23\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"LAW\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"European Journal of Risk Regulation","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1017/err.2024.23","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"LAW","Score":null,"Total":0}
引用次数: 0

摘要

医疗设备的网络安全已成为欧盟和美国监管机构和政策制定者关注的具体问题。COVID-19 大流行之后,针对关键医疗基础设施及其 IT 系统的网络攻击不断增加,导致服务中断,危及患者的健康和安全。欧盟和美国医疗服务的数字化程度不断提高,加剧了对包括医疗设备在内的医疗基础设施的网络攻击,这促使立法者和监管机构更加关注网络安全问题。基于人工智能的医疗设备的网络安全需要对三个领域进行评估,这三个领域的监管方法也在不断变化:医疗设备、人工智能(AI)和网络安全。虽然它们在监管问题上似乎有所区别,但基于人工智能的医疗设备的存在及其可能存在的网络漏洞清楚地表明,三者是相互交织的,值得从监管角度给予更密切的关注。很少有学者将人工智能和网络安全放在一起研究。据我们了解,很少有综合性的欧盟/美国比较文献对这一具体问题进行反思。本文旨在填补这一空白,探讨欧盟和美国对人工智能医疗设备网络安全的不同监管方法的主要影响。这项研究源于这样一个假设,即欧盟的医疗设备监管历来受到美国监管趋势的启发,尽管不同的文化、社会和法律传统使其适应了当地的特殊性。本文认为,美国的制度以规则为基础,反映了一种 "命令与控制 "的方法,而欧盟的制度则以原则为基础。虽然它们的主要特点都是基于风险监管的体系,但它们之间的差异影响了如何监管人工智能增强型网络安全。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Regulatory Approaches Towards AI-Based Medical Device Cybersecurity: A Transatlantic Perspective
Cybersecurity of medical devices has become a concrete concern for regulators and policymakers in the European Union and United States. Following the COVID-19 pandemic, there has been an increase in cyber-attacks on critical healthcare infrastructures and their IT systems, which have suffered service disruptions and put patients’ health and safety at risk. The increase in cyberattacks on healthcare infrastructure, including medical devices, exacerbated by the growing digitalisation of healthcare services in the EU and the US, has led legislators and regulatory bodies to pay more attention to cybersecurity. Cybersecurity of AI-based medical devices requires the assessment of three areas subject to evolving regulatory approaches: medical devices, Artificial Intelligence (AI), and cybersecurity. Although they may appear distinguished in regulatory matters, the existence of AI-based medical devices and their possible cyber vulnerabilities makes clear that the three are intertwined and deserve closer attention from a regulatory point of view. Few scholars have devoted attention to AI and cybersecurity together. Even less, in our understanding, few comprehensive and EU/US comparative pieces of literature reflect on this specific issue. This paper aims to fill this gap and address the main implications of different regulatory approaches toward AI medical device cybersecurity in the EU and the US. The research stems from the assumption that regulation of medical devices in the EU has been historically inspired by regulatory trends in the US, although with the different cultural, societal, and legal traditions that made them adapt to the specificities of the territory. The paper observes that the US is a rule-based system reflecting a “command-and-control” approach, while the EU system is a principle-based one. While they share the main characteristic of being risk-regulation-based systems, their differences impact how AI-enhanced cybersecurity is regulated.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
CiteScore
6.10
自引率
0.00%
发文量
34
期刊介绍: European Journal of Risk Regulation is an interdisciplinary forum bringing together legal practitioners, academics, risk analysts and policymakers in a dialogue on how risks to individuals’ health, safety and the environment are regulated across policy domains globally. The journal’s wide scope encourages exploration of public health, safety and environmental aspects of pharmaceuticals, food and other consumer products alongside a wider interpretation of risk, which includes financial regulation, technology-related risks, natural disasters and terrorism.
期刊最新文献
Management and Enforcement Theories for Compliance with the Rule of Law A Robust Governance for the AI Act: AI Office, AI Board, Scientific Panel, and National Authorities Standards for Including Scientific Evidence in Restrictions on Freedom of Movement: The Case of EU Covid Certificates Scheme Collaborative Governance Structures for Interoperability in the EU’s new data acts Dangerous Legacy of Food Contact Materials on the EU Market: Recall of Products Containing PFAS
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1