Working framework · EU standard

Basic Ethical Principles & Trustworthy AI

The European framework for trustworthy AI in healthcare — from the 7 HLEG criteria to the EU AI Act and practical application in clinical care and industry.

EU HLEG 2019 EU AI Act GDPR Art. 9 Explainable AI Bias & fairness WHO Europe

EU High-Level Expert Group on AI, 2019

7 Requirements for Trustworthy AI

The European framework for trustworthy AI — not as a compliance checklist, but as a basis for responsible healthcare decisions.[1,2]

“Trustworthy AI has three components, which should be met throughout the system’s entire life cycle: (1) it should be lawful, complying with all applicable laws and regulations; (2) it should be ethical, ensuring adherence to ethical principles and values; and (3) it should be robust, both from a technical and social perspective.”
High-Level Expert Group on Artificial Intelligence,
2019, p. 2 [1]

7 Requirements for Trustworthy AI

The European framework for trustworthy AI — not as a compliance checklist, but as a basis for responsible healthcare decisions.[1,2]

1

Human control

AI should support human autonomy and professional judgment, not replace them. For high-risk systems, the EU AI Act requires appropriate human oversight: trained people must be able to understand, review and, where necessary, intervene in system outputs.[1][5]

2

Technical robustness

Reliability, safety and robustness must be assessed throughout the life cycle. In regulated high-risk or medical-device contexts, monitoring is also part of the regulatory requirements.[1][5][9]

3

Data protection & governance

Health data require particular protection. Data protection, purpose limitation, data quality, access control and governance must be clarified before use.[1][3]

4

Transparency & explainability

Clinicians must be able to understand and critically assess AI recommendations. Black-box systems can be ethically problematic in high-risk settings when explainability, traceability or accountability are missing.[1]

5

Fairness & non-discrimination

Training and validation data must be assessed for relevance, quality and representativeness. Known risks are illustrated by pulse oximetry[7] and algorithmic resource allocation.[4]

6

Social & ecological well-being

System impacts must be assessed: equity of care, resource distribution, participation and ecological sustainability.[1]

7

Accountability

Responsibilities, auditability, documentation and escalation routes must be clearly defined from procurement through monitoring. Breaches of high-risk system obligations can be sanctioned under the EU AI Act.[1][5]

Regulatory classification

Anchoring in European regulatory frameworks

The ethical requirements for trustworthy AI are not only a guiding principle in Europe, but increasingly part of binding regulatory frameworks. For healthcare organizations, this means: Responsible AI must be demonstrably anchored in procurement, data protection, clinical evaluation, operation and monitoring.

Regulatory classification (EU) [3][5][9]
The ethical requirements are made concrete in several regulatory frameworks: the EU AI Act classifies AI systems according to risk; the GDPR and MDR/IVDR set additional guardrails for data, clinical evaluation and operation; the European Health Data Space (EHDS, Regulation (EU) 2025/327) complements the framework for the use of health data.
EU AI Act Risk management, data governance, technical documentation, transparency, human oversight and post-market monitoring for high-risk systems.
GDPR Protection of health data, data protection impact assessment for high risk, purpose limitation and limits on exclusively automated decisions.
MDR/IVDR For AI-based medical devices: clinical evaluation, CE conformity, risk management and market surveillance across the life cycle.
EHDS European Health Data Space (Regulation (EU) 2025/327): framework for primary and secondary use of health data, with links to AI development and operation.

Practical relevance

What does this mean specifically — for decision-makers in the healthcare sector?

Responsible AI does not become effective through principle papers, but through concrete decisions before procurement, implementation and operation. For decision-makers, this means that benefit, risk, data basis, oversight and accountability must be clarified and demonstrably documented before go-live.

1

Clarify purpose and risk before procurement

Before any AI procurement, it must be clear which care problem is being solved, what clinical or organizational benefit the system should provide and what risks arise. This includes determining whether a high-risk system or medical device is involved and what role the system will play in the workflow.[1][5]

2

Assess data basis and bias

Responsible AI requires an assessment of training and validation data: Which populations are represented, which groups are missing and which measurement or label biases are known? Gaps relating to age, sex, ethnicity, comorbidity or care context must be documented and considered in the risk assessment.[2][4][7][8]

3

Operationally define human oversight

Human oversight is not an abstract control idea. Before use, it must be clear who evaluates system outputs, who may override or stop them, what qualification is required and how decisions are documented. This keeps AI a support for professional judgment, not a replacement for it.[1][5]

4

Safeguard data protection and purpose limitation

Health data require particular protection. Before go-live, the legal basis, purpose limitation, access concept, deletion periods and data subject rights must be clarified; where a high risk is likely, a data protection impact assessment is required.[3]

5

Plan validation and monitoring

A good test result before implementation is not enough. What matters is whether the system works safely, effectively and fairly in the organization’s own care context. Clinical validation, drift monitoring, deviation analysis and reporting routes must be planned before go-live and maintained during operation.[5][9]

6

Communicate transparency and accountability

Patients and staff need to know where AI is used, what role it plays and who remains professionally responsible. Transparency means not only disclosing AI use, but also communicating limitations, responsibilities and complaint or escalation routes in an understandable way.[1][5][6]

Deepening

Bias in medical AI systems — types and consequences

The following table shows selected examples of bias types as described in the literature. It does not claim to be exhaustive.

Bias type Creation (example) Consequence in healthcare
Data bias Training and validation data incompletely represent relevant patient groups; age, sex, ethnicity, comorbidity and care context must therefore be explicitly assessed.[2] Poorer diagnostic accuracy for underrepresented groups
Historical bias AI learns from historical treatment and resource decisions — even if they were systemically unfair[4] Reproducing and reinforcing past inequalities in resource allocation
Measurement bias Pulse oximetry can more frequently miss occult hypoxemia in people with darker skin pigmentation.[7] Incorrect measurements feed into AI recommendations; for oxygen saturation, this can become clinically dangerous.
Label bias Diagnoses, coding and documentation practices in EHR data can transfer existing care disparities into training labels.[8] The AI system adopts biases from clinical routine and scales them into future decisions.
Algorithmic bias Proxy variables (e.g. health expenditure instead of disease severity) as target variable[4] Systematic disadvantage of groups with historically less access to resources
Example: Pulse oximeter error and AI risk (Sjoding et al., NEJM 2020)[7] In the University of Michigan cohort, among patients with an indicated oxygen saturation of 92-96%, actual arterial oxygen saturation below 88% was present in 11.7% of Black patients, but only in 3.6% of White patients. If such measurement signals flow into AI systems without scrutiny, oxygen deficiency can be systematically underestimated.

Implementation recommendation

Apply basic ethical principles in practice

Ethics in AI implementation is not a separate workstream — it must be built into strategic and operational work from the start. The following recommendations describe how the framework can be effectively implemented:

No hype — structured decision-making work

Every AI introductory discussion should be preceded by the question: What problem is really being solved? And is AI the right solution - or is it creating hype-driven activism with no clear benefit?

Human-in-the-loop as a design principle

HITL is not only a regulatory obligation, but also a change management lever: employees who can override AI recommendations develop trust and competence more quickly in dealing with AI systems.

Bias audit before deployment

Before going live, a structured bias audit should be carried out: Which populations are represented in the training data? Where are known gaps and how are they documented?

🤝

Transparency towards patients

Patients have the right to know when AI is being used in their treatment. Clinics and practices should make this communication proactive, understandable and low-threshold.

📋

Governance structure from the start

Responsibilities, escalation paths and monitoring protocols must be defined before go-live - not as subsequent documentation, but as an operational reality with clear responsibilities.

Think about system effects

AI changes workflows, job profiles and power structures. These secondary effects on equity in care and employees should be explicitly addressed and evaluated in the planning.

In depth Humane AI use & vision From the 7 HLEG requirements to an applicable vision: four design principles and three key questions for AI adoption.
To the vision →
Free self-assessment

Start digital quick check

Where does your organization stand digitally? In 10-15 minutes you can get a grounded assessment of your digital maturity & AI readiness — based on validated frameworks.

Start quick check →

Bibliography

References

Unless otherwise stated, accessed: April 2026.

  1. High-Level Expert Group on Artificial Intelligence. Ethics guidelines for trustworthy AI. Brussels: European Commission; 2019 Apr 8. Available from: https://op.europa.eu/en/publication-detail/-/publication/d3988569-0434-11ea-8c1f-01aa75ed71a1.
  2. Lekadir K, et al. Artificial intelligence in healthcare: applications, risks, and ethical and societal impacts. Brussels: European Parliamentary Research Service; 2022 Jun. PE 729.512. Available from: https://www.europarl.europa.eu/thinktank/en/document/EPRS_STU(2022)729512.
  3. European Parliament, Council of the European Union. Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to processing of personal data and on the free movement of such data. Official Journal of the European Union. 2016 May 4;L119:1-88. Available from: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679.
  4. Obermeyer Z, Powers B, Vogeli C, Mullainathan S. Dissecting racial bias in an algorithm used to manage the health of populations. Science. 2019;366(6464):447-453. doi:10.1126/science.aax2342.
  5. European Parliament, Council of the European Union. Regulation (EU) 2024/1689 of 13 June 2024 laying down harmonised rules on artificial intelligence. Official Journal of the European Union. 2024 Jul 12;L2024/1689. Available from: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689.
  6. WHO Regional Office for Europe. Artificial intelligence is reshaping health systems: state of readiness across the WHO European Region. Copenhagen: WHO Regional Office for Europe; 2025. WHO-EURO-2025-12707-52481-81028. Available from: https://www.who.int/europe/publications/i/item/WHO-EURO-2025-12707-52481-81028.
  7. Sjoding MW, Dickson RP, Iwashyna TJ, Gay SE, Valley TS. Racial bias in pulse oximetry measurement. N Engl J Med. 2020;383(25):2477-2478. doi:10.1056/NEJMc2029240. Available from: https://www.nejm.org/doi/full/10.1056/NEJMc2029240.
  8. Gianfrancesco MA, Tamang S, Yazdany J, Schmajuk G. Potential biases in machine learning algorithms using electronic health record data. JAMA Intern Med. 2018;178(11):1544-1547. doi:10.1001/jamainternmed.2018.3763. Available from: https://pubmed.ncbi.nlm.nih.gov/30128552/.
  9. European Parliament, Council of the European Union. Regulation (EU) 2017/745 of 5 April 2017 on medical devices. Official Journal of the European Union. 2017 May 5;L117:1-175. Available from: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32017R0745.
Notice: This page provides a technical Overview of basic ethical principles and regulatory requirements for AI in healthcare. It does not replace legal advice. For binding information on regulatory requirements, please contact qualified legal or regulatory professionals.

Current information: Regulatory requirements — in particular the EU AI Act (2024/1689) — are in the active implementation phase. Implementing regulations, guidelines and national implementation measures may change continuously. The information on this page reflects the status of April 2026 and should be checked regularly. © 2026 Dipl.-Ing. Katja Kawaschinski MPH.
AI-assisted creation — EU AI Act Art. 50
Parts of this page were created with the support of generative AI and then professionally reviewed and approved. This is not automatically generated content without human control. In accordance with EU AI Act Art. 50 (transparency obligation), the use of AI is disclosed.
← Back