Question 7 - SISA CSPAI Real Exam Questions [Jan 2026 Update]

Q: 7

A company developing AI-driven medical diagnostic tools is expanding into the European market. To ensure compliance with local regulations, what should be the company's primary focus in adhering to the EU AI Act?

Options

Correct Answer:

Explanation

AI-driven medical diagnostic tools are classified as 'high-risk' under the EU AI Act (Annex III). The Act's primary obligation for high-risk systems is the establishment of a robust and continuous risk management system (Article 9). This framework is designed to identify, analyze, and mitigate potential risks to health, safety, and fundamental rights throughout the AI system's lifecycle. Therefore, the company's principal focus must be on implementing comprehensive measures to ensure the system's safety and prevent any adverse or harmful outcomes for patients, which is the core tenet of the regulation for this category of AI.

Why Incorrect

B. Fairness and ethics are mandatory requirements, but for a medical device, the immediate priority under the Act is mitigating direct risks to health and safety.

C. The system is high-risk by definition. Transparency is a requirement for compliance within this category, not a means to avoid it.

D. Data privacy is a critical concern governed primarily by the GDPR. The AI Act's main focus is on the operational risks posed by the AI system itself.

References

1. European Commission. (2021). Proposal for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act). COM(2021) 206 final.

Article 9 (1): "A risk management system shall be established

implemented

documented and maintained in relation to high-risk AI systems."

Annex III

Section 11(a): Lists medical devices as high-risk AI systems.

Recital 45: Emphasizes that the risk management system should ensure "any residual risks associated with the high-risk AI system are judged acceptable."

2. Stanford University Human-Centered Artificial Intelligence (HAI). (2023). The EU AI Act: A Primer. Stanford HAI Publications.

Section: "The Risk-Based Approach": Explains that the Act's requirements are proportionate to risk

with the most stringent obligations

including "risk management

data governance

technical documentation

record-keeping

transparency... and robustness

" applied to high-risk systems like those in healthcare.

3. Veale

& Borgesius

F. Z. (2021). Demystifying the Draft EU Artificial Intelligence Act. Computer Law Review International

22(4)

97-112.

Section 3.1 "High-risk systems": "The core of the draft Regulation is a set of binding requirements for systems classed as ‘high-risk’... These include requirements for risk management systems... [and] technical robustness and safety." (p. 101). https://doi.org/10.9785/cri-2021-220402

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE