Regulating AI in UAE Healthcare Sector: The Legal Framework Behind Innovation and Patient Safety

The rapid integration of artificial intelligence (AI) into healthcare is raising complex legal and regulatory questions around patient safety, medical liability, data protection and accountability. In response, the United Arab Emirates (UAE) has emerged as one of the few jurisdictions to develop healthcare-specific AI governance frameworks at an early stage of adoption, creating a legal structure designed to balance innovation with patient protection.

Artificial intelligence is rapidly transforming the healthcare sector, influencing everything from clinical decision-making and patient monitoring to diagnostics and medical imaging. While much of the global attention surrounding AI governance has focused on the European Union and the United States, Gulf Cooperation Council (GCC) countries, particularly the UAE, have positioned themselves at the forefront of healthcare-specific AI regulation.

The challenge lies in balancing innovation with patient safety, privacy, accountability and ethical considerations as AI becomes increasingly integrated into diagnostics, medical imaging, patient monitoring, hospital administration and predictive healthcare analytics.

AI is now a key component of the UAE's national development agenda. Through its National Artificial Intelligence Strategy 2031, the Government aims to establish the UAE as a global leader in AI.

The strategy identifies healthcare as a priority sector, with plans to utilise AI to improve diagnostic accuracy, enhance medical research, optimise healthcare delivery and support public health initiatives. To promote AI-driven healthcare innovation, the Government has also expressed interest in leveraging genomic initiatives such as the Emirati Genome Programme and national health databases.

AI solutions have already been implemented by healthcare providers across the country to improve patient flow in hospitals, support clinical decision-making, monitor chronic diseases and streamline administrative procedures.

However, the rapid adoption of AI technologies has made regulatory oversight increasingly necessary. UAE regulators have moved beyond broad AI policies and developed healthcare-specific governance frameworks in recognition of the potential risks associated with algorithmic decision-making, data processing and patient safety.

National Governance of Artificial Intelligence

The UAE's institutional framework reflects its commitment to AI governance. It became the first country in the world to appoint a Minister of State for Artificial Intelligence, highlighting the strategic importance of AI within national governance.

This framework is supported by the UAE Council for Artificial Intelligence and Blockchain, which promotes cross-sector AI adoption, advises on ethical and governance standards and facilitates coordination among stakeholders.

In addition to the national strategy, the UAE has introduced AI Ethics Principles and Guidelines. Although not legally binding, these guidelines establish ethical standards for the development and deployment of AI systems. Core principles include fairness, accountability, explainability, transparency, robustness, safety, privacy and human-centred design.

Particular emphasis is placed on fairness and the prevention of bias. The guidelines acknowledge that AI systems are often trained using datasets that may not accurately reflect local populations. Concerns about algorithmic bias are especially relevant in a region characterised by significant ethnic, linguistic and cultural diversity. Accordingly, developers and operators are encouraged to ensure that fairness assessments account for local social and cultural contexts and that AI systems treat individuals in similar circumstances equally.

Dubai's AI in Healthcare Policy

One of the UAE's most significant contributions to global AI regulation is the development of a dedicated healthcare AI policy by the Dubai Health Authority (DHA).

The policy applies to healthcare facilities, healthcare professionals, AI developers, researchers and organisations deploying AI solutions within Dubai's healthcare sector. It establishes operational and ethical standards intended to ensure that AI technologies enhance patient care while minimising associated risks.

A central feature of the policy is accountability. Developers and researchers are expected to remain accountable to end users and implement mechanisms that allow significant AI-assisted decisions to be challenged. The policy also envisages shared responsibility among designers, developers, healthcare organisations and end users. While these measures represent a significant effort to address one of the most difficult issues in AI regulation—responsibility for AI-generated outcomes — the practical operation of such accountability mechanisms remains uncertain.

Transparency is another key requirement. AI developers must disclose how systems function, the datasets used during development, validation methodologies and the extent of healthcare professional involvement in decision-making processes. These measures seek to address concerns surrounding opaque or "black box" algorithms and reinforce the principle that healthcare professionals should retain meaningful oversight of AI-assisted decisions.

Patient safety is similarly prioritised. The policy requires AI systems capable of significantly affecting patient care to include mechanisms enabling human users to override or reverse AI-generated decisions. This reflects a fundamental regulatory principle that AI should support, rather than replace, clinical judgement.

Medical Device Regulation and AI

AI regulation in healthcare is closely linked to medical device regulation.

The UAE Ministry of Health and Prevention (MoHAP) regulates medical devices through a market authorisation system based on risk classification. Medical devices must obtain regulatory approval before they can be imported, marketed or distributed within the country.

A notable feature of Dubai's healthcare AI policy is its application to both traditional medical devices and standalone digital health technologies. The policy's broad definition of digital health technology encompasses software applications and programmes, bringing many AI-based healthcare systems within its scope.

This approach mirrors emerging international frameworks, including the European Union's AI Act, which recognises that AI systems may operate independently or form part of regulated products. By extending regulatory oversight to standalone software, the UAE has acknowledged the increasingly digital nature of healthcare innovation and the need for regulation beyond conventional medical devices.

Data Protection and Health Information

Because AI systems depend heavily on access to large volumes of data, data protection forms a critical pillar of AI governance.

The UAE's regulatory framework combines the Federal Law Concerning the Use of Information and Communication Technology in Health Fields with the Personal Data Protection Law (PDPL).

Federal Decree-Law No. 4 of 2016 on Medical Liability, implemented through Cabinet Resolution No. 40 of 2019, remains particularly relevant to AI-assisted healthcare. These provisions establish standards of care, medical error, professional accountability and liability. Although enacted before the widespread adoption of AI in healthcare, they continue to apply because clinical decisions ultimately remain the responsibility of healthcare professionals.

Physicians are required to use recognised diagnostic and therapeutic methods, maintain proper medical records and exercise independent professional judgement. Consequently, healthcare practitioners cannot rely exclusively on AI-generated outputs. Responsibility for patient care continues to rest with the treating professional.

Data governance constitutes another cornerstone of healthcare AI regulation. Federal Decree-Law No. 45 of 2021 concerning the Protection of Personal Data governs the processing of personal information, including sensitive health and biometric data. The PDPL establishes principles relating to lawful processing, confidentiality and data security. However, where health information is subject to sector-specific legislation, those specialised frameworks take precedence.

Federal Law No. 2 of 2019 concerning the Use of Information and Communication Technology in Health Fields introduces a dedicated regulatory framework for health data. The law requires healthcare providers and technology users to maintain the security, validity, confidentiality and integrity of health information.

It also establishes extensive data localisation requirements that directly affect AI systems relying on cloud computing, international databases or cross-border data processing. Restrictions on storing, processing and transferring health data outside the UAE have significant implications for healthcare AI development.

Although exceptions permit certain international transfers for healthcare, research, insurance and personal wearable technologies, the overall framework remains restrictive.

These localisation requirements can present challenges for AI developers. Many advanced AI systems depend on cloud-based infrastructure, global datasets and cross-border processing arrangements. Limitations on data transfers may therefore reduce access to the large and diverse datasets often required to develop, train and improve healthcare AI models.

Emerging Challenges of Generative AI

The rise of generative AI presents a new set of regulatory challenges for healthcare. Systems capable of generating medical summaries, clinical recommendations, patient communications and other healthcare-related content offer significant benefits but also introduce novel risks.

Current regulatory guidance highlights concerns relating to data protection, transparency, human oversight and the verification of AI-generated outputs, all of which are particularly relevant in healthcare settings.

AI-powered medical software may qualify as Software as a Medical Device (SaMD), subject to registration and approval requirements administered by MoHAP. SaMD can include diagnostic algorithms, clinical decision-support tools, imaging analysis platforms and predictive healthcare applications.

Before deployment within the UAE healthcare system, such technologies must satisfy applicable safety, quality and effectiveness standards. Regulatory oversight of software-based medical technologies, including AI-enabled healthcare solutions, has been strengthened through amendments introduced under Federal Decree-Law No. 38 of 2024 Governing Medical Products, Pharmacists and Pharmaceutical Establishments.

Taken together, these measures create a multi-layered regulatory framework for healthcare AI. Although the UAE has not yet enacted a standalone AI law comparable to the European Union's AI Act, its combination of medical liability rules, health data legislation, data protection laws, medical device regulations and healthcare-specific AI policies has established one of the most comprehensive healthcare AI governance regimes currently in operation.

The Gulf region also faces a challenge that is less prominent elsewhere: linguistic diversity. While Arabic remains the UAE's official language, healthcare systems serve highly multilingual populations. Most generative AI models, however, have been trained predominantly on English-language datasets.

As a result, translation inaccuracies, cultural misunderstandings and linguistic limitations may affect the reliability of AI-generated healthcare outputs. Addressing these issues will be essential if generative AI is to be safely integrated into clinical practice.

Conclusion

The UAE has emerged as one of the Middle East's most advanced jurisdictions in regulating AI within healthcare. Through a combination of national AI strategies, ethical principles, healthcare-specific policies, medical device regulation and data protection laws, it has developed a sophisticated governance framework aimed at balancing innovation with patient protection.

Nevertheless, the regulatory landscape continues to evolve. Important questions remain regarding accountability, transparency, bias mitigation, enforcement and cross-border data transfers. As AI becomes more deeply embedded within healthcare systems, further regulatory clarification and practical guidance will be required.

Despite these challenges, the UAE's approach provides an important case study in healthcare AI governance. Its willingness to establish specialised legal frameworks at an early stage of AI adoption distinguishes it not only as a regional leader but also as a jurisdiction whose experience may offer valuable lessons for countries seeking to regulate healthcare AI while preserving innovation and public trust.

 

For any enquiries or information, contact ask@tlr.ae or call us on +971 52 644 3004. Follow The Law Reporters on WhatsApp Channels.