The AI Act Series: Post-Market Monitoring System

🌈 Abstract

The article discusses the post-market monitoring system (PMMS) required for AI systems under the EU AI Act. It provides an overview of the key features and requirements of a compliant PMMS, drawing insights from the medical and pharmaceutical industries.

🙋 Q&A

[01] Key Features of a Compliant PMMS

1. What are the key features of a compliant and efficient post-market monitoring system for AI systems? The key features of a compliant and efficient post-market monitoring system for AI systems are:

• Product-specific: Tailored to each AI system
• Enables Continuous Performance Monitoring
• Deals with Roles and Responsibilities
• Establishes Procedures and Facilitates Communication
• Includes Regular and Exceptional Reviews
• Involves (a Fair Bit of) Documentation
• Allows for Integration with other systems (risk management/quality management)

2. How does the PMMS serve as a safety net and risk investigator for AI systems?

• The PMMS is designed to let providers fix their AI systems on the fly, acting as a safety net for 'adaptive' AI systems that keep learning during deployment.
• The PMMS also doubles as an AI risk investigator, tasked with identifying and enabling timely reporting of any serious incidents or novel risks caused by the AI system.

3. What are the key obligations of providers under the PMMS?

• Providers are required to notify authorities and downstream parties (importers, distributors, deployers) of any serious incidents or novel risks caused by their AI system.
• Providers are also obligated to take action, including potentially pulling the AI system from the market, in case of any doubt about its compliance with the AI Act.

[02] Designing a PMMS Plan

1. What are the key elements to consider when designing a PMMS plan? The key elements to consider when designing a PMMS plan include:

• Scope: Defining the AI system, its type, underlying technology, risk category, intended use, and maturity
• Objectives: Outlining general objectives (reducing uncertainty, monitoring for risks) and specific objectives (addressing concrete questions/risks/concerns)
• Responsibilities and Authorities: Assigning responsibilities and authorities for various tasks throughout the AI system's lifecycle
• Data Collection: Mapping data sources, defining data attributes and their expected use, and establishing a data collection protocol
• Data Analysis: Choosing appropriate quantitative and qualitative analysis methods to meet the PMMS plan's goals

2. How does the PMMS plan relate to other regulatory requirements under the AI Act?

• The PMMS data feeds into the provider's Quality Management System (QMS) and Risk Management System (RMS), helping to refine processes, guide AI system design, and drive improvements.
• The PMMS also serves as a means to maintain compliance with other regulatory requirements, such as initiating corrective actions and reporting new risks or incidents.

3. What are the key elements of the PMMS Exit Report? The PMMS Exit Report can include:

• Summary of the data analysis and findings
• Conclusions and recommendations based on the analysis
• Proposed corrective or preventive actions
• Justification for any changes made to the PMMS plan during the review process