This focus on traceability is also shaping emerging legislation. In Europe, the proposed AI Act is expected to increase expectations around audit trails, performance monitoring, and transparency — particularly for systems handling sensitive health data. While the Act primarily targets AI used in products or clinical settings, its principles of transparency, traceability, and accountability are already influencing how regulators view AI use within regulatory operations.
For medtech companies, this means compliance can no longer be treated as a final checkbox. Regulatory strategy needs to be embedded throughout the entire data lifecycle, from the way data is gathered to how it is used in submissions, ensuring that every insight meets regulatory standards and supports patient safety.

Data security is now a regulatory issue

As regulatory processes become more dependent on real-world data, privacy and security expectations are rising. Regulators want to see exactly where data comes from, how it moves, who has access to it, and how it’s protected.

This becomes even more challenging when health data crosses borders, as privacy rules vary widely between regions. In Europe, for example, GDPR requires companies to demonstrate how personal data is collected, stored, and deleted. In the US, HIPAA places strict controls on how health information is shared. Other markets are introducing their own data localization and protection laws, adding further complexity for companies operating globally.

Data is now central to regulatory strategy in medtech. It’s reshaping how evidence is built, how submissions are managed, and how compliance is maintained. But working with that data, especially across multiple markets, means privacy and security need to be built in from the start, not bolted on later.

About the author: DJ Fang is the co-founder & COO of Pure Global.

Back to HCB News

Artificial Intelligence Homepage