Relevant sources for phase 2

The e-health reference catalogue provides an overview of mandatory and recommended standards for health and care services, as well as other requirements documents such as technical specifications. Currently, there are no mandatory or recommended standards in the reference catalogue that deal specifically with AI. However, the European Commission has asked the European standardisation organisations CEN and CENELEC (ec.europa.eu) for European standards to support the implementation of the AI Regulation. Eventually, these will also be harmonised for Norwegian conditions and included in the reference catalogue.
The European Medical Device Coordination Group (MDCG) is composed of national experts and the establishment of the group is regulated in the MDR (Articles 103-108). Among other things, they have published guidance on
- qualification and classification of medical device software (health.ec.europa.eu)
- on clinical evaluation/performance evaluation of software (health.ec.europa.eu)
- on the qualification of software and hardware combinations (health.ec.europa.eu) and
- on cybersecurity for medical devices (health.ec.europa.eu)
The Norwegian Directorate of Health is currently (1 October 2024) assessing the degree of normalisation for a guide and standard (SN-CEN TS/ISO 82304-2:2021) for quality assurance of non-medical e health apps. This will be useful to use if the organisation is going to use an AI system for health and wellbeing that will not be used for medical purposes.
A report published by the UK National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA), among others, provides guidelines for the secure development of AI systems, and these can be used to see what a supplier can be expected to do to manage information security risks in the systems they develop: Guidelines for secure AI system development (ncsc.gov.uk)
The Open Worldwide Application Security Project (OWASP) has created an overview of how to handle privacy during the development of an AI system: OWASP AI Security and Privacy Guide | OWASP Foundation
In addition, an article on artificial intelligence in the health service (tidsskriftet.no) was published in the Journal of the Norwegian Medical Association in October 2023, which provides useful guidance.
New methods: Home (nyemetoder.no), Strategy for New Methods 2023-2028 (nyemetoder.no).
The Norwegian Institute of Public Health's page on mini-method assessments: Mini-method assessment (minimetodevurdering.no)
The Norwegian Institute of Public Health's product portfolio in New methods: Changes to the product portfolio (PDF).
Experiences with testing of ISO 42001 at AHUS (linkedin.com)
Act on Equality and Prohibition of Discrimination (Equality and Discrimination Act) (lovdata.no)
Report from the Equality and Anti-Discrimination Ombud: Built-in discrimination protection (ldo.no)
Ahus, final report: Heart space for ethical AI (datatilsynet.no). Report from the Danish Data Protection Agency's regulatory sandbox
Norwegian Directorate of Health: Circular for the regulations for the development of artificial intelligence.
How to get ChatGPT regulatory approved as a medical device - Hardian Health
Crafting an intended purpose in the context of software as a medical device (SaMD) - GOV.UK (www.gov.uk)
Medical devices and artificial intelligence (dmp.no)
Guidance and regulations - Norwegian Medical Products Agency
Clinical evaluation and performance evaluation - Norwegian Medical Products Agency
The EU is in the process of establishing a database of CE marked products (ec.europa.eu)
Relevant harmonised standard: ISO13485 - Quality system for medical (advisera.com)

Forrige kapittel

Assessing the quality of an AI system

Neste kapittel

Phase 3: Assess your organization's ability to adopt an AI system

Last update: 23. mai 2025