Harvard Petrie-Flom publishes EU and US Regulatory Challenges Facing AI Health Care Innovator Firms
By Editor
Cambridge, MA, April 4, 2024—The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School has published EU and US Regulatory Challenges Facing AI Health Care Innovator Firms on its Bill of Health blog. The piece is co-written by lead author Suzan Slijpen, an attorney in the Netherlands; Mauritz Kop, Founder and Executive Director of the Stanford Center for Responsible Quantum Technology (Stanford RQT) and a Stanford Law School TTLF Fellow; and senior author I. Glenn Cohen, who directs the Petrie-Flom Center. It maps the fragmented regulatory landscape that artificial intelligence health-care firms must cross on both sides of the Atlantic, and argues for a workable middle ground between Europe's precautionary instincts and the United States' permissionless tradition.
EU and US regulatory pathways for AI health care innovation (illustrative editorial image).
A fragmented landscape for AI in medicine
The op-ed opens from the clinic rather than the statute book. As the authors observe, "It is possible that in some fields of medicine in the future AI tools used in diagnostics will generally perform far better than a human clinician"—with radiology, and the detection and even prediction of malignant tumors, given as the prime example. The difficulty is not a shortage of guidance but a surfeit of it: where there was once too little direction on the ethical and technical questions, there is now a proliferation of guidelines that partly overlap, sometimes diverge, and are written at different levels of generality. For a well-meaning innovator firm—especially one trying to bring a product into the European market—keeping up has become a regulatory problem in its own right.
The article on Harvard's Bill of Health (Petrie-Flom Center), April 4, 2024.
Cross-sectoral Europe versus sectoral America
The piece draws the contrast in concrete legal terms. In the European Union, an AI-driven medical product must satisfy the Medical Device Regulation and the In Vitro Diagnostic Medical Devices Regulation, the General Data Protection Regulation, and—through the European Commission's Digital Strategy—a broad cross-sectoral rulebook that includes the EU AI Act, the Data Act and Data Governance Act, and the emerging European Health Data Space. These regimes share overlapping scope but take different views of what compliant, AI-powered technology actually means in practice, and how it must be achieved.
The United States takes the opposite tack. Federal health regulation is sectoral rather than cross-sectoral: the Health Insurance Portability and Accountability Act reaches only "covered entities" and their business associates, and a subset of protected health information, and the Food and Drug Administration regulates medical AI only where it falls within an existing category, most often as a medical device. The authors are even-handed about the trade-off. Cross-sectoral rules govern beyond the traditional clinical encounter—reaching health data drawn from wearables or internet searches—but may overlook the economic realities of a given sector and the legal structures, such as licensure and malpractice law, already doing some of the work. Sectoral rules fit those realities more closely, at the cost of fragmentation and gaps.
The hard cases: adaptive algorithms, generative AI, and quantum supply chains
Two structural difficulties run through the analysis. The first is the adaptive algorithm. It is desirable for a model to keep learning out in the world as it is deployed, yet that is precisely what makes it hard to say when it has changed enough to require regulatory re-review; the authors point to the FDA's 2023 guidance on predetermined change control plans as the kind of creative, iterative engagement the field needs more of. The second is tempo. The EU AI Act's long negotiation was overtaken by the arrival of generative systems such as ChatGPT, leaving open questions about how foundation models fit the Act—an illustration of how all-encompassing, civil-law-style regulation can age quickly against an exponentially moving target.
The analysis also reaches a frontier that connects this work to Kop's wider research program. AI health-care innovators, the authors note, face challenges "especially in the quantum/AI space": export, import, and trade controls on algorithms, chips, and rare earths; fragile supply chains; potential dual use; intellectual-property protection; and national and economic-security concerns. The thread from these material constraints to the law, ethics, and policy of quantum and AI in healthcare and the life sciences is one Kop has developed in parallel scholarship, and would later carry into the Hippocratic Quantum framework for biomedical discovery in the quantum age.
A mixed horizontal-vertical middle ground
The constructive core of the piece is its proposal of a "Best of Both Worlds" mixed horizontal-vertical approach. The U.S. permissionless, ad libitum model is pragmatic, agile, and problem-based, but fragmented and often viewed as insufficient for the promises and pitfalls of medical AI; the European model is comprehensive but, critics argue, overly precautionary, with a possible chilling effect on the fragile startups and scaleups that might otherwise become EU-origin health-care unicorns. Neither pole is adequate on its own. As the authors put it: "What the sector needs is regulation that is sensible (with a focus on patient safety and sound technology), practical (easy to understand and implement), and tailored to the specific needs of the sector."
Their recommendation is to mix the best of both the precautionary and permissionless worlds into a workable middle ground tailored to the specifics of AI- and quantum-driven innovation in health care—one that takes the sector's economic realities, from the cost of clinical trials to production and market licenses, seriously (the op-ed is cross-posted with the Stanford Center for Law and the Biosciences Blog). Done poorly, the authors warn, regulation is rendered ineffective quickly, either through a lack of specificity or by failing to address the topics that truly matter. For policymakers on both shores, the message is to abandon the false choice between blanket preemption and permissionless neglect, and to build instead the kind of sensible, practical, sector-tailored rules that let medical AI advance without putting patients at risk.
Last updated: June 6, 2026.