Inside the Accountability Vacuum: Why Clinical AI Errors Have No Owner

On 9 March 2026, ECRI, the Pennsylvania-based patient safety nonprofit that has been ranking healthcare hazards since the Carter administration, released a document that ought to have detonated through medicine the way the original Institute of Medicine report on medical error did twenty-five years ago. It did not. There were no congressional hearings, no rolling cable news segments, no minute-long agency statements promising action. What there was, instead, was a press release, a few trade-press write-ups, and a particular kind of silence: the silence of an industry that has heard the warning and decided to keep moving anyway.

ECRI's annual Top 10 Patient Safety Concerns is the closest thing American medicine has to an official threat assessment. For 2026, the organisation placed at number one the risk posed by artificial intelligence in clinical diagnosis. Not the chatbots patients talk to in the small hours, not the administrative scribes that write up notes from consultation audio, but the diagnostic systems sitting inside hospital workflows: the algorithms that read mammograms, screen chest X-rays for nodules, flag deteriorating patients on inpatient wards, route radiology priorities, and increasingly draft preliminary impressions that an overworked specialist either confirms or ignores.

The framing was deliberately cautious. ECRI did not call for moratoria. It did not name vendors. It noted, in a tone closer to a risk register than a manifesto, that AI diagnostic systems deployed without rigorous oversight increase the risk of missed, delayed, or incorrect diagnoses; that the data on which models are trained can encode bias; and that clinicians are now operating under the gravitational pull of a phenomenon long studied in aviation and now rapidly being documented in medicine: automation bias, the human tendency to defer to a confident-sounding machine even when the machine is wrong.

What ECRI was really describing, although it did not put it this way, is an accountability vacuum. Clinical AI has arrived in everyday care faster than the legal, regulatory, and institutional architecture needed to govern it. The algorithm is in the room. The clinician is in the room. The hospital, the vendor, and the regulator are all somewhere out of frame. When something goes wrong, and increasingly it does, no one is quite sure where the buck is meant to stop.

How We Got Here Without Noticing

If the ECRI announcement was the warning shot, the State of Clinical AI 2026 report, published two months earlier in January by a multidisciplinary group convened across Stanford and Harvard and their affiliated health systems, was the dispatch from the front line. Led by Peter Brodeur, Ethan Goh, Adam Rodman, and Jonathan H. Chen, the report distilled a year of influential research into a single argument: clinical AI is no longer speculative, no longer the next thing, no longer a topic for a panel discussion at a digital health conference. It is already embedded in care. The question is no longer whether it will arrive but whether the institutions that deploy it can evaluate it honestly once it has.

The report's authors describe a landscape in which AI systems are flagging hospitalised patients at risk of deterioration, assisting radiologists reading mammograms, drafting clinicians' notes, routing patient messages, and increasingly interacting directly with patients through chatbots and digital assistants. They draw a distinction that turns out to be critical: the gap between what AI does well in controlled studies and what it actually does once it is wired into a teaching hospital or a community clinic or a rural primary care practice. The performance figures cited in marketing decks are not lies, exactly; they are simply measurements taken in conditions that no real hospital has ever resembled.

The numbers tell a story of speed. By the early months of 2026, the United States Food and Drug Administration had authorised more than 1,350 AI-enabled medical devices, roughly double the figure from 2022. The European Union's AI Act, which came into force in stages from February 2025, classifies almost every clinical AI system as high-risk and brings its full enforcement regime to bear in August 2026. The United Kingdom's Medicines and Healthcare products Regulatory Agency, the MHRA, has been running its AI Airlock pilot since April 2024 and is expected to publish a new framework for AI in medical devices through the course of 2026. The technology is propagating into clinical workflows on three continents simultaneously, and the institutions tasked with policing it are still drafting the rulebook in public.

That regulatory churn matters because of what sits beneath it. The Stanford-Harvard report's central anxiety is not that clinical AI is bad. It is that nobody yet knows how to tell when it is. Evaluation standards in academic medicine were designed for drugs and devices whose mechanisms could be specified, whose effects could be isolated in trials, and whose failures could be traced. AI diagnostic tools rarely meet any of those conditions. Their behaviour depends on the data they were trained on, the data they encounter in deployment, the workflow they are embedded in, and the disposition of the clinician on the other side of the screen. A model that performs flawlessly at one teaching hospital can quietly degrade at a community hospital ten miles away because the patient population is different, the equipment is older, or the implementation team configured the alert thresholds in a slightly different way.

This is the problem ECRI ranked first. It is not a problem of malice or even of incompetence. It is a problem of opacity at scale.

The Oncology Stress Test

In April 2026, Frontiers in Artificial Intelligence published a peer-reviewed analysis examining the legal and ethical implications of AI failure in oncology. The piece, which built on a body of work going back several years, asked the question that medical lawyers had been chewing on quietly for some time: when an AI tool contributes to a missed or delayed cancer diagnosis, who assumes responsibility?

Oncology is the right stress test. A delayed breast cancer diagnosis can mean the difference between a lumpectomy and a mastectomy, between five years of life and twenty. A missed lung nodule on a chest CT, dismissed as a calcified granuloma by a model that has never seen a tumour quite like this one before, can mean a diagnosis at stage four rather than stage one. The consequences of an oncological miss are, in the technical language of the law, irreversible, and the magnitude of the harm pushes the liability question past the abstract.

The literature converges on a now-familiar list of candidates. The clinician, traditionally the locus of accountability under medical malpractice law, is the first name on the indictment. The hospital, which procured and deployed the system, is the second. The vendor that built and sold it is the third. Each can plausibly be blamed; each can plausibly deflect. The clinician will say the AI told them this finding was benign. The hospital will say it relied on the vendor's regulatory clearance and the clinician's professional judgement. The vendor will point to its end user licence agreement, its disclosed performance data, its assertion that the tool is decision support rather than decision making, and its careful instruction that a clinician must always make the final call.

This is the triple liability puzzle, and it is not new. What is new is the scale at which it now applies. When a single hospital deploys a single proprietary model across thousands of encounters a month, the calculus shifts. A 2024 analysis cited in subsequent legal commentary documented a roughly fourteen percent increase in malpractice claims involving AI tools compared with two years earlier, with the majority stemming from diagnostic AI used in radiology, cardiology, and oncology. Missed cancer diagnoses by machine-learning software have become the central focus of several high-profile cases working their way through the United States court system, although the bulk of these have settled quietly rather than producing the precedent-setting verdicts the field needs.

The peer-reviewed analyses converge on something else, too. The standard of care, that famously slippery legal concept, is moving. In jurisdictions where AI-enabled tools have become demonstrably useful and pervasive, the expectation of what a reasonable physician would do is shifting with them. The clinician who refuses to use a widely adopted AI screening tool may now face liability for not using it. The clinician who uses it and is misled by it may face liability for following it. The doctrine, in other words, is starting to demand that physicians be expert second-guessers of systems whose internal logic they cannot inspect.

The IBM Watson Inheritance

The historical reference point everyone in this debate eventually returns to is IBM Watson for Oncology, the cautionary tale that has become almost ritualistic in clinical AI discussions. Watson, marketed through the 2010s as a cognitive system to help oncologists choose treatment regimens, was eventually shown to be making unsafe and ineffective recommendations in some cases. Internal documentation later suggested that the failures were partly traceable to the way the system was trained: on hypothetical cases curated by a small group of clinicians at one institution rather than on real-world patient data. Watson Health was sold off in 2022. The lesson, repeatedly invoked but inconsistently absorbed, was that an AI system can confidently produce wrong answers because the world it was trained on is not the world it will be deployed in.

Watson is the high-profile cautionary tale. The Epic Systems sepsis prediction model is the more instructive one. Documented in a series of investigations published from 2021 onwards, the Epic Sepsis Model had been deployed across hundreds of American hospitals when an independent external validation by researchers at the University of Michigan, including the work of Karandeep Singh, found that the model missed sixty-seven percent of sepsis cases and that eighty-eight percent of its alerts were false positives. Epic had claimed accuracy of between seventy-six and eighty-three percent. The independent figure was closer to sixty-three.

What made the Epic story matter was less the performance gap than the institutional dynamics it revealed. Hospitals had bought a tool, in some cases under financial incentives that included payments of up to a million dollars to use the algorithm, without seeing an external validation study. Clinicians had spent months responding to alerts that turned out to be wrong most of the time, building up the very automation fatigue that ECRI now warns about. By October 2022, Epic had overhauled the model and was recommending that hospitals retrain it on their own patient data before clinical use, which is itself an admission that the original product was not fit for the purpose for which it had been sold.

No major patient lawsuit emerged from any of this. There was no settlement of consequence. The story passed into the curriculum of clinical informatics conferences as a teaching case rather than a legal one. That, more than anything, is the shape of the accountability problem. The systems propagate, the failures accumulate, the validation lags, and the legal architecture remains, for the moment, stubbornly unable to translate harm into redress.

The Audit Trail That Isn't There

Talk to a medical malpractice plaintiff's lawyer about AI cases, and the conversation eventually arrives at a particular kind of frustration: the audit trail that does not exist. A patient harmed by a delayed cancer diagnosis has historically been able, with effort, to reconstruct what happened. Medical records, while imperfect, exist. Radiologists' impressions are documented. Pathology reports are dated and signed. The clinician's reasoning is, at minimum, partially recoverable.

When AI sits in the chain of decisions, that reconstructibility starts to break down. The output a model produced at a particular moment, on a particular case, with a particular version of the software running, may not be retained. Even when it is, the patient cannot meaningfully access it. Subject access requests under data protection regimes have begun to be tested against this problem, and the results have been uneven. Vendors invoke commercial confidentiality and trade secret protection. Hospitals invoke procurement contracts that limit what they can disclose about the systems they have bought. Regulators have access to internal documentation in principle, but the patient bringing a claim may not.

This is the transparency problem the Stanford-Harvard authors keep returning to. It has two dimensions. The first is technical: many of the models in clinical use, particularly those based on deep neural networks, do not produce outputs whose reasoning can be inspected after the fact in any meaningful sense. There is no chart of inferences. The model produced a probability, and the probability turned into a flag, and the flag turned into a recommendation, and the recommendation either was or was not heeded. The second dimension is institutional. Even where reasoning could in principle be exposed, the legal and commercial architecture of clinical AI deployment is configured to keep it hidden.

The MHRA, in its consultations through 2025 and into 2026, has identified transparency and explainability as core issues. The European Union's AI Act mandates documentation, logging, and human oversight obligations for high-risk systems. California's Assembly Bill 2013, which came into force on 1 January 2026, requires disclosures about training data and use cases for AI systems. None of these instruments yet gives a harmed patient a clean route to find out what an algorithm said about them and why. That is the gap that all the new regulation is, in different ways, trying to close, but the gap is wide and the closure is partial.

What Meaningful Accountability Would Actually Require

Strip away the jargon and the puzzle reduces to a deceptively simple question: what would it look like, in practice, for clinical AI to be accountable in the way that, say, a drug or a surgical device is accountable? The answer has technical, legal, and institutional components, and the slog of the next few years will be in trying to assemble all three at once.

The technical component is the easiest to specify and the hardest to deliver. It would require, at minimum, that any AI system used in a clinical decision retain a tamper-evident log of its outputs at the time of the decision, including the version of the model, the inputs it received, the outputs it produced, and any thresholds or alerts it triggered. This log would have to be retained for a period commensurate with the relevant statute of limitations on medical negligence claims, which in many jurisdictions stretches to a decade or more. It would have to be accessible to the patient and to courts under appropriate process. And it would have to include a meaningful representation of what the model relied on, even when the model is a deep neural network whose internal computations are not human-interpretable. There are technical proposals for this, ranging from saliency maps to counterfactual explanations to surrogate models, but none has yet achieved consensus among clinicians, computer scientists, and regulators.

The legal component is harder. It would require either a new doctrine of AI-specific liability, or the careful adaptation of existing doctrines to the realities of how AI systems behave. The European Union has taken the more aggressive path. The revised Product Liability Directive, working in tandem with the AI Act, classifies software including AI as products and exposes providers to strict liability without the claimant having to prove negligence. When an AI system fails to comply with mandatory safety requirements, it may be presumed defective. The previous eighty-five million euro ceiling on liability for personal injury has been removed. In theory, a patient harmed by a defective AI medical system in the European Union now has a more direct route to compensation than they have in most American jurisdictions, where the tort architecture is still operating on doctrines designed for the bedside, not the back end.

The United States has chosen, so far, to leave most of this to state tort law and FDA premarket review. The FDA's January 2025 draft guidance on AI-enabled device software functions, alongside the agency's adoption from 2 February 2026 of the Quality Management System Regulation aligned with ISO 13485:2016, builds out a more rigorous lifecycle management regime for AI in medical devices. But the agency does not adjudicate harm. It clears products for market. The legal redress for a patient harmed by a cleared device is still routed through the same medical malpractice and product liability channels that have served other medical technologies, with all the difficulty those channels are now exhibiting in cases where the alleged tortfeasor is partly a piece of software.

The institutional component is, in many ways, the most consequential. Hospitals are the connective tissue in this story. They procure the systems. They configure them. They train the staff who use them. They define the policies that govern overrides and exceptions. And they are increasingly the parties best positioned, structurally, to know whether a tool is working. The Stanford-Harvard report's argument is that hospitals must develop the internal infrastructure to evaluate AI systems against their own patient populations, monitor them in deployment, and audit them after the fact. This is not a trivial demand. It implies a category of staffing, a clinical AI governance function, that most institutions have not yet built. Some leading academic medical centres now have such functions. Most community and rural hospitals do not, and many cannot afford to.

Who Has The Power To Demand It

Asking who can demand meaningful accountability in clinical AI is, in the end, an exercise in mapping power. There are six plausible candidates. None of them, in their current configuration, is sufficient on its own.

Regulators have the formal authority but not always the capacity. The FDA has cleared more than 1,350 AI-enabled devices but does not, as a matter of routine practice, conduct postmarket surveillance at the depth the technology requires. The MHRA has explicitly acknowledged that adaptivity, the property of AI systems that change after deployment through retraining or updates, exceeds the regulatory paradigm built for static medical devices. The European Commission's AI Act enforcement architecture is still being assembled, with national competent authorities being designated and notified bodies being built up to handle the volume of high-risk system conformity assessments that August 2026 will trigger. Regulators have power, but it is power exercised at scale across thousands of products, with budgets and staffing that have not grown in proportion to the technology they oversee.

Hospitals have operational authority but face commercial pressure. They are buyers in a market where vendor leverage is significant, where switching costs are high, and where the competing demands of efficiency, finance, and clinician retention all push towards adoption rather than caution. The hospitals best placed to demand transparency from vendors, the major academic medical centres, are also the ones most invested in being seen as cutting edge. ECRI's intervention is, in part, an attempt to give hospital quality and safety officers a vocabulary and a mandate to push back. Whether that mandate will be exercised against multimillion-dollar vendor contracts is another question.

Vendors have the technical capacity. They built the systems. They know, or can know, more about how they behave than anyone else. They have, in most cases, been disinclined to share that knowledge in ways that could be used against them. Some of this is rational commercial behaviour. Some of it is the structural opacity of the technology itself. The vendors, however, are also the actors who will respond fastest to a clear signal from regulators or from major institutional buyers. The market for clinical AI is concentrated enough, and the regulatory pressure global enough, that coordinated demands from a small number of large hospital systems and a small number of regulators could shift vendor behaviour faster than any other intervention. The question is whether such coordination will occur.

Professional bodies have moral authority and limited enforcement power. The American College of Radiology, the Royal College of Radiologists, and equivalent bodies in oncology, pathology, and primary care have begun to issue guidance on the use of AI in clinical practice. These bodies can shape the standard of care, in slow ways. They can influence training, certification, and continuing professional development. They cannot, on their own, force a hospital to retain audit logs or compel a vendor to disclose training data composition. Their power is real but indirect.

Courts are the last-resort accountability mechanism, and they have been notably slow to move. The reason is structural. Most AI-related medical harm cases settle. The discovery process in such cases is expensive and technically difficult. Plaintiffs' lawyers have to work with experts who can credibly testify about model behaviour. Defendants' lawyers have an incentive to settle quickly to avoid creating precedent. The result is that the body of case law that would, in normal medical liability, gradually clarify the standard, is accumulating slowly and out of public view. The Suffolk Journal of Health and Biomedical Law's analysis published in January 2026 noted that this dynamic has been particularly acute in cancer-related AI cases, where the stakes are high enough that defendants are eager to keep matters out of court.

Patients, the population in whose name all of this is being done, currently have the least power of all. They cannot, as a rule, find out which AI systems were used in their care. They cannot, in most cases, opt out. They cannot meaningfully evaluate the performance of the tools applied to them. Patient advocacy organisations have begun to mobilise around AI transparency, and groups working on data protection and informed consent have started to fold AI into their agendas. But the asymmetry of information and the asymmetry of resource between an individual patient and the combined apparatus of vendor, hospital, and regulator is, for the moment, almost total.

The Specific Shape Of The Demand

If this taxonomy of power is right, the question becomes more specific. What is it that any of these actors should actually be demanding?

The first demand, around which something like a consensus is forming across regulatory and academic literature, is mandatory logging. Every clinical AI deployment should be required to retain, in a forensically reliable form, the inputs, outputs, model versions, and decisions associated with each patient encounter. This is technically achievable. It is currently not standard practice. It would, in effect, create the audit trail whose absence is at the heart of the accountability problem.

The second demand is real-world validation. The Stanford-Harvard report's central methodological argument is that controlled trial performance is not a substitute for deployment performance. Hospitals should be required, and increasingly will be required under the EU AI Act and emerging FDA postmarket guidance, to monitor systems in their own environments and to report degradation or drift. This implies a capacity for continuous evaluation that most institutions do not yet have.

The third demand is meaningful transparency to patients. This does not necessarily mean opening the model weights, which most patients would not be able to interpret in any case. It means, at minimum, disclosure that AI was used in the patient's care, what role it played, and where the patient can find further information if they want it. The European AI Act gestures towards this. American practice has been more reticent. The transparency that matters is the transparency available to a patient who suspects something has gone wrong and wants to find out what happened.

The fourth demand is liability clarity. This is the hardest. The European model of strict liability for AI providers under the revised Product Liability Directive is one approach. Another, advocated by some American legal scholars, is enterprise liability, in which the institution that deploys an AI system bears primary responsibility regardless of which actor in the chain caused the harm, with internal apportionment handled through contractual arrangements between hospitals and vendors. A third approach is no-fault compensation schemes, modelled on the vaccine injury compensation framework, that would provide patients with a route to redress without requiring them to navigate the technical complexities of proving that a particular model output caused a particular harm.

The fifth demand is human oversight that is not theatre. The phrase 'human in the loop' has been doing a great deal of work in clinical AI marketing for several years. The reality, as the literature on automation bias documents, is that the human in the loop is often a human under time pressure looking at a confident-sounding suggestion from a system whose internal logic they cannot inspect, with productivity expectations that assume the system is right most of the time. Real human oversight requires workflow design that gives the clinician time, information, and incentive to disagree with the model, and it requires institutional support when they do.

The Politics Of The Vacuum

There is a political dimension to all of this that is harder to discuss in clinical terms but no less consequential. The vacuum in clinical AI accountability did not happen by accident. It is a product of decisions about what to regulate first, how aggressively to regulate it, and whose interests to protect when interests conflict.

The American approach has consistently prioritised speed of innovation. The FDA's evolution from its 2019 discussion paper through the 2021 AI/ML SaMD Action Plan, the 2023 draft guidance on Predetermined Change Control Plans, and the January 2025 draft guidance on AI-enabled device software functions has been a steady accommodation to the realities of AI development, not a containment of them. The European approach has prioritised harmonisation and rights protection, with the AI Act serving as the most visible expression of the bloc's broader posture on technology governance. The United Kingdom has positioned itself as a kind of pragmatic middle, with the MHRA's AI Airlock attempting to enable controlled experimentation while building regulatory capacity.

These are not neutral choices. They reflect different judgements about the proper relationship between technology firms, regulatory institutions, healthcare systems, and patients. The American model accepts a higher level of patient risk in exchange for faster diffusion of potentially beneficial technology. The European model accepts slower diffusion in exchange for more constrained risk and clearer liability. The British model is, depending on how one reads it, either a hedge or an indecision.

What ECRI's number one ranking of AI diagnostic risk for 2026 represents is an assertion, from inside the patient safety community, that the American calibration may be off. That the rate at which clinical AI is being deployed, and the rate at which the institutional architecture to govern it is being built, are not converging fast enough. That the absence of dramatic public failure, so far, is more a function of the kinds of failures these systems produce, which are quiet, dispersed, and individually difficult to attribute, than evidence that no failures are occurring.

What This Looks Like In A Hospital In 2026

A clinician working in a teaching hospital in Boston or Manchester or Munich in April 2026 is operating in an environment where AI is genuinely embedded. The radiologist reading a screening mammogram sees AI-generated annotations overlaid on the images, with the system's confidence scores and BI-RADS suggestions shaping what they look at and in what order. The hospitalist on the wards receives deterioration alerts driven by predictive models that ingest vital signs, lab results, and notes. The oncologist deciding on adjuvant therapy may consult a decision support tool that synthesises guidelines and patient features into a recommendation. The primary care physician in clinic has an AI scribe transcribing the encounter, and possibly drafting the assessment and plan, while they talk.

None of these tools is necessarily bad. Some of them are, on average, helpful. The literature on AI in screening mammography, including the studies analysed in the State of Clinical AI report, suggests that radiologists working with well-designed AI assistance can detect cancers earlier and miss fewer lesions. The literature on deterioration prediction, after the Epic sepsis episode, has matured. AI scribing has documented effects on clinician burnout. The picture is not uniformly grim. The picture is, however, characterised by a chronic mismatch between the scale of deployment and the scale of evaluation.

When something goes wrong inside this environment, the path to accountability is harder than it was a decade ago. The clinician may not have known which model contributed to which decision. The hospital may not have records of the precise system version active at the time. The vendor may have updated the model since. The regulator may have cleared the system on the basis of premarket evidence that does not reflect deployment conditions. The patient, if they suspect harm, may face a discovery process whose costs and complexities exceed the value of even a successful claim.

This is the present. It is not stable. The regulatory pressure building through the EU AI Act, the MHRA's forthcoming framework, the FDA's evolving postmarket guidance, and the gradual accumulation of state-level legislation in the United States all point in the same direction: more documentation, more transparency, more liability clarity. The question is whether the pace of that build-out will keep up with the pace of deployment, and whether the burden of the gap, in the meantime, will continue to fall, as it currently does, on the patients least equipped to bear it.

ECRI's ranking is a warning. The Stanford-Harvard report is a survey. The April 2026 oncology liability analysis is an early diagnosis of a doctrine in flux. None of these documents is, on its own, a remedy. The remedy, if it comes, will be assembled out of the slow work of regulators writing rules, hospitals building governance, vendors disclosing what they would prefer not to disclose, courts producing precedent, professional bodies updating standards, and patients, eventually, demanding the right to know what was decided about their bodies and by whom. The algorithm is in the room. The accountability is not yet. The work, in 2026, is to close that distance before the distance closes the conversation.

References

  1. ECRI. 'Top 10 Patient Safety Concerns 2026.' ECRI Thought Leadership Resources, March 2026. https://home.ecri.org/blogs/ecri-thought-leadership-resources/top-10-patient-safety-concerns-2026
  2. ECRI. 'AI use in diagnostic care, rural care access, and surge in preventable diseases top annual report of patient safety concerns.' ECRI News, 9 March 2026. https://home.ecri.org/blogs/ecri-news/ai-use-in-diagnostic-care-rural-care-access-and-surge-in-preventable-diseases-top-annual-report-of-patient-safety-concerns
  3. Stanford Medicine. 'Clinical AI Has Boomed. A New Stanford-Harvard State of Clinical AI Report Shows What Holds Up in Practice.' Stanford Department of Medicine News, January 2026. https://medicine.stanford.edu/news/stories/2026/01/clinical-ai-has-boomed.html
  4. ARISE Network. 'State of Clinical AI Report 2026.' ARISE, January 2026. https://arise-ai.org/report
  5. Frontiers in Artificial Intelligence. 'Legal and ethical reflections on the use of artificial intelligence in the diagnosis and treatment of cancer: who assumes responsibility?' April 2026. https://www.frontiersin.org/journals/artificial-intelligence/articles/10.3389/frai.2026.1812408/full
  6. New England Journal of Medicine. 'Understanding Liability Risk from Using Health Care Artificial Intelligence Tools.' Mello MM, Guha N. NEJM. https://www.nejm.org/doi/full/10.1056/NEJMhle2308901
  7. JCO Oncology Practice. 'Liability Risks of Ambient Clinical Workflows With Artificial Intelligence for Clinicians, Hospitals, and Manufacturers.' ASCO Publications. https://ascopubs.org/doi/10.1200/OP-24-01060
  8. United States Food and Drug Administration. 'Artificial Intelligence in Software as a Medical Device.' FDA. https://www.fda.gov/medical-devices/software-medical-device-samd/artificial-intelligence-software-medical-device
  9. United States Food and Drug Administration. 'Artificial Intelligence-Enabled Device Software Functions: Lifecycle Management and Marketing Submission Recommendations.' Draft Guidance, January 2025. https://www.fda.gov/media/184856/download
  10. Mayo Clinic Proceedings: Digital Health. 'United States Food and Drug Administration Regulation of Clinical Software in the Era of Artificial Intelligence and Machine Learning.' 2025. https://www.mcpdigitalhealth.org/article/S2949-7612(25)00038-0/fulltext
  11. European Commission. 'AI Act.' Shaping Europe's Digital Future. https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
  12. EU Artificial Intelligence Act. 'Annex III: High-Risk AI Systems Referred to in Article 6(2).' https://artificialintelligenceact.eu/annex/3/
  13. Bird & Bird. 'Liability of Healthcare AI Providers in the EU: How to Navigate Risks in a Shifting Regulatory Ecosystem.' 2025. https://www.twobirds.com/en/insights/2025/liability-of-healthcare-ai-providers-in-the-eu-how-to-navigate-risks-in-a-shifting-regulatory-ecosys
  14. UK Government. 'Software and artificial intelligence (AI) as a medical device.' GOV.UK. https://www.gov.uk/government/publications/software-and-artificial-intelligence-ai-as-a-medical-device/software-and-artificial-intelligence-ai-as-a-medical-device
  15. UK Government. 'Software and AI as a Medical Device Change Programme roadmap.' GOV.UK. https://www.gov.uk/government/publications/software-and-ai-as-a-medical-device-change-programme/software-and-ai-as-a-medical-device-change-programme-roadmap
  16. DLRC. 'AI Airlock: MHRA's Approach to AI in Healthcare.' https://www.dlrcgroup.com/ai-airlock-mhras-approach-to-ai-in-healthcare/
  17. Mills & Reeve. 'Regulating AI in healthcare: The UK government wants your input.' Life Sciences Blog, January 2026. https://www.mills-reeve.com/blogs/life-sciences/january-2026/regulating-ai-in-healthcare-the-uk-government-wants-your-input/
  18. STAT News. 'Epic's AI algorithms, shielded from scrutiny by a corporate firewall, are delivering inaccurate information on seriously ill patients.' Ross C, Herman B. 26 July 2021. https://www.statnews.com/2021/07/26/epic-hospital-algorithms-sepsis-investigation/
  19. STAT News. 'Epic's overhaul of a flawed algorithm shows why AI oversight is a life-or-death issue.' 24 October 2022. https://www.statnews.com/2022/10/24/epic-overhaul-of-a-flawed-algorithm/
  20. Michigan Institute for Data Science (MIDAS). 'Dr. Singh and Collaborators Find Private Health Prediction Model Performing Poorly, Despite Widespread Use.' University of Michigan. https://midas.umich.edu/external-validation-of-a-widely-implemented-proprietary-sepsis-prediction-model-in-hospitalized-patients/
  21. Radiology (RSNA). 'Automation Bias in Mammography: The Impact of Artificial Intelligence BI-RADS Suggestions on Reader Performance.' https://pubs.rsna.org/doi/full/10.1148/radiol.222176
  22. Radiology (RSNA). 'Automation Bias in Breast AI.' https://pubs.rsna.org/doi/full/10.1148/radiol.230770
  23. Suffolk Journal of Health and Biomedical Law. 'The New Standard of Care? AI and the Future of Medical Malpractice Law.' 25 January 2026. https://sites.suffolk.edu/jhbl/2026/01/25/the-new-standard-of-care-ai-and-the-future-of-medical-malpractice-law/
  24. Medical Economics. 'The new malpractice frontier: Who's liable when AI gets it wrong?' https://www.medicaleconomics.com/view/the-new-malpractice-frontier-who-s-liable-when-ai-gets-it-wrong-
  25. Stanford HAI. 'Medicine: The 2026 AI Index Report.' https://hai.stanford.edu/ai-index/2026-ai-index-report/medicine

Tim Green

Tim Green UK-based Systems Theorist & Independent Technology Writer

Tim explores the intersections of artificial intelligence, decentralised cognition, and posthuman ethics. His work, published at smarterarticles.co.uk, challenges dominant narratives of technological progress while proposing interdisciplinary frameworks for collective intelligence and digital stewardship.

His writing has been featured on Ground News and shared by independent researchers across both academic and technological communities.

ORCID: 0009-0002-0156-9795 Email: tim@smarterarticles.co.uk

Listen to the free weekly SmarterArticles Podcast

Discuss...