The AI Act is the first European regulation specifically designed to regulate artificial intelligence using a risk-based approach. The European Commission aims to ensure an innovative yet secure European AI market.

The regulation is based on four risk levels:

• Unacceptable risk: prohibited use (e.g., systems manipulating behavior).
• High risk: critical systems, including many e-health systems.
• Limited risk: transparency requirements.
• Minimal-risk use: permissive framework.

For healthcare, this means that many diagnostic support systems, clinical decision-making tools, or patient monitoring systems will be classified as "high-risk" and subject to stringent requirements, thereby reinforcing the compliance expected for each use.
 

Startups and providers: what are the obligations, and what does the legislation say?

Providers of artificial intelligence solutions, model developers, system integrators, and healthcare facilities must comply with specific obligations, including:

• Implementation of a risk management system.
• Comprehensive technical documentation.
• Quality and governance of training data.
• Transparency toward users.
• Mandatory human supervision for certain uses.
• Post-market procedures to monitor system behavior.

These requirements also apply to General-Purpose AI (GPAI) models, whose applications are increasingly impacting e-health, and reinforce the commission’s role in overseeing each system. 

Consequences of non-compliance

The AI Act provides for penalties proportionate to the risk and severity of violations. Fines can reach tens of millions of euros, particularly when fundamental rights or sensitive health data are involved.
Failure to apply the rules or inadequate implementation therefore exposes companies, both in France and across Europe, to financial risks as well as reputational risks, particularly in cases of inappropriate use or non-compliance.
 

Key Dates and Timeline

The law will be implemented gradually.
Key milestones:

1. Prohibitions (unacceptable risk): applicable a few months after publication.
2. GPAI rules: rapid entry into force to regulate large models.
3. High-risk systems: requirements applicable 2 to 3 years after publication.
4. Gradual establishment of European governance and supervisory authorities.

Companies must begin planning their roadmap for compliance with the regulation immediately.
 

A major impact on e-health

E-health is directly affected:

• heavy reliance on sensitive data;
• systems critical for diagnostics, prescriptions, and patient care pathways;
• significant ethical issues related to rights and transparency.

Europe is setting an ambitious vision here: AI in healthcare that remains reliable, explainable, controlled, and focused on patient safety.
France, already committed to digital regulation in healthcare, will need to align some of its requirements with this European framework, particularly regarding the use of artificial intelligence technologies.

How can companies prepare?

Here are the priorities to consider in anticipation of implementation:

• Map all systems and their risk levels.
• Assess the regulation’s impact on each use case.
• Integrate governance and compliance requirements from the design phase.
• Oversee suppliers and subcontractors in their use of the data.
• Verify data quality and prevent bias.
• Prepare the technical documentation required by law.
• Implement post-market monitoring.

The goal: to build a sustainable, responsible artificial intelligence strategy that is aligned with European legislation.