Postmarket Monitoring Approaches for AI Devices

The EU AI Act isn’t theory anymore — it’s live law. And for Medical AI teams, it just became a business-critical mandate. If your AI product powers diagnostics, clinical decision support, or imaging you’re now officially building a high-risk AI system in the EU. What does that mean? ⚖️ Article 9 — Risk Management System Every model update must link to a live, auditable risk register. Tools like Arterys (Acquired by Tempus AI) Cardio AI automate cardiac function metrics. They must now log how model updates impact critical endpoints like ejection fraction. ⚖️ Article 10 — Data Governance & Integrity Your datasets must be transparent in origin, version, and bias handling. PathAI Diagnostics faced public scrutiny for dataset bias, highlighting why traceable data governance is now non-negotiable. ⚖️ Article 15 — Post-Market Monitoring & Control AI drift after deployment isn’t just a risk — it’s a regulatory obligation. Nature Magazine Digital Medicine published cases of radiology AI tools flagged for post-deployment drift. Continuous monitoring and risk logging are mandatory under Article 61. At lensai.tech, we make this real for medical AI teams: - Risk logs tied to model updates and Jira tasks - Data governance linked with Confluence and MLflow - Post-market evidence generation built into your dev workflow Why this matters: 76% of AI startups fail audits due to lack of traceability. The EU AI Act penalties can reach €35M or 7% of global revenue Want to know how the EU AI Act impacts your AI product? Tag your product below — I’ll share a practical white paper breaking it all down.

I have said many times that we need reliable ways to test #ArtificialIntelligence and understand its implications before we implement it on a large scale across the #healthcare industry. Well, UCSF Health may be onto something with their new monitoring tool to test the efficacy, safety, and equity of new #AI technology through the lens of patient care. The Impact Monitoring Platform for AI in Clinical Care (IMPACC) will be the first continuous AI-monitoring platform designed to report when AI is performing its job correctly and to provide notification when devices could be unsafe or widen health disparities. The #data collected from this platform will help healthcare leaders make informed decisions about which AI enhanced tools are best suited for patient use. In a time of uncertainty around AI technology, having access to ongoing intelligence like this is critical for proving out its most effective healthcare use cases, and I’m eager to follow along with the findings that come from this tool.

What gets measured gets managed. That’s why MEASURE is a key function of the NIST AI RMF. Here’s how to practice it: 1/ Select and implement appropriate approaches for measuring risk. 💡For example, a company using AI for credit scoring should measure the accuracy, fairness, and transparency of the tool, documenting any risks or trustworthiness characteristics that cannot be measured. 2/ Monitor the functionality and behavior of the AI system and its components in production. 💡For instance, a healthcare organization conducting diagnoses should regularly evaluate the AI system's performance, reliability, and safety as compared to an expert human’s abilities. 3/ Establish approaches and documentation to identify and track existing, unanticipated, and emergent risks. 💡A tech company algorithmically moderating content should establish controls to evaluate the system’s impact on bias, privacy, and freedom of speech over time. Ensuring you have the right tools in place to collect data from AI systems and the correct frameworks for analyzing it from a risk management perspective is key here. How do you measure your AI risk management program? #ai #governance #compliance #riskmanagement