Legal Framework for AI in Ukrainian Healthcare: Navigating Regulations, Liability, and EU Harmonization

1. Introduction

The deployment of artificial intelligence in healthcare represents one of the most significant technological transformations in modern medicine, promising enhanced diagnostic accuracy, improved clinical workflows, and expanded access to specialized medical expertise. For Ukraine—a nation simultaneously advancing ambitious digital health initiatives while navigating the unprecedented challenges of ongoing conflict—the legal framework governing AI-assisted diagnosis carries implications that extend far beyond technical compliance, touching fundamental questions of patient safety, professional accountability, and healthcare system resilience.

Unlike jurisdictions such as the European Union, which enacted the comprehensive AI Act (Regulation 2024/1689) establishing legally binding requirements for AI systems based on risk classification, Ukraine’s approach to AI governance has followed a fundamentally different path. The Ukrainian regulatory landscape for healthcare AI is characterized by what scholars describe as “strategy-led rather than statute-led” governance—a framework in which high-level policy documents, sectoral guidelines, and existing medical device regulations provide the operative legal constraints, while comprehensive AI-specific legislation remains in development.

This regulatory architecture presents both opportunities and challenges for healthcare institutions, AI developers, and medical professionals. The flexibility inherent in strategy-based governance allows for adaptive responses to rapidly evolving technology, avoiding the rigidity that can render detailed statutory requirements obsolete before implementation. However, this same flexibility creates uncertainty regarding specific compliance obligations, liability allocation, and enforcement mechanisms—uncertainty that can chill innovation while simultaneously permitting deployment of inadequately validated systems.

The stakes of establishing appropriate legal frameworks for healthcare AI cannot be overstated. Diagnostic AI systems, by their nature, operate in high-consequence domains where errors can result in delayed treatment, inappropriate interventions, or missed diagnoses with life-altering implications. The allocation of legal responsibility when such errors occur—among AI developers, healthcare institutions, and individual clinicians—represents a foundational question that current Ukrainian law addresses incompletely at best.

This article provides the first comprehensive legal analysis specifically examining AI diagnostic systems within the Ukrainian healthcare context. Drawing upon primary legal sources, international comparative frameworks, and emerging jurisprudential trends, we map the current regulatory landscape while identifying critical gaps requiring legislative attention. Our analysis addresses four interconnected domains: (1) the foundational legal instruments governing healthcare AI deployment; (2) the medical device regulatory framework and its application to AI systems; (3) data protection requirements and their implications for AI development and operation; and (4) liability frameworks and their adequacy for addressing AI-related harms.

Understanding these legal dimensions is essential not only for achieving regulatory compliance but for designing AI systems that genuinely serve patient interests within Ukrainian healthcare’s unique operational context. The ongoing armed conflict has accelerated digital health adoption—with telemedicine utilization surging dramatically in conflict-affected regions—while simultaneously straining regulatory capacity and healthcare infrastructure. Any legal framework for healthcare AI must account for these realities, enabling innovation that addresses urgent care needs while maintaining appropriate safeguards.

2. Literature Review

2.1 International AI Healthcare Regulation Landscape

The global regulatory response to healthcare AI has produced diverse frameworks reflecting distinct philosophical approaches to balancing innovation with patient protection. The European Union’s AI Act, which entered into force in August 2024, represents the most comprehensive attempt at AI-specific regulation, establishing a risk-based classification system with correspondingly tiered requirements. Under this framework, medical AI systems are generally classified as “high-risk,” triggering mandatory conformity assessments, technical documentation requirements, human oversight obligations, and ongoing post-market surveillance.

Muehlematter et al. (2024), in their analysis published in Health Policy, identified significant implications of the EU AI Act for healthcare systems, noting that the regulation’s requirements for transparency, human oversight, and algorithmic accountability will fundamentally reshape how AI diagnostic tools are developed, deployed, and monitored across European healthcare institutions. Their findings indicate that compliance costs may particularly burden smaller healthcare technology developers, potentially concentrating the market among larger entities with greater regulatory capacity.

The United States Food and Drug Administration (FDA) has addressed healthcare AI primarily through its existing medical device regulatory framework, developing specialized pathways for Software as a Medical Device (SaMD). The FDA’s 2021 Action Plan for Artificial Intelligence and Machine Learning-Based Software as a Medical Device introduced concepts of predetermined change control plans, acknowledging that AI systems may evolve through continuous learning in ways that traditional device regulation cannot easily accommodate. Research by Wu et al. (2024) documented that as of late 2025, over 1,200 AI/ML-enabled medical devices had received FDA authorization, though systematic post-market evidence regarding clinical outcomes remains limited.

2.2 Ukrainian Digital Health Legal Framework

Ukraine’s digital health legal architecture has evolved significantly over the past decade, driven by healthcare reform initiatives that positioned electronic systems as central to transparency, efficiency, and access objectives. The foundational legal instrument is the Law of Ukraine “Fundamentals of the Legislation of Ukraine on Healthcare” (as amended), which provides the statutory basis for electronic health systems and telemedicine services.

Article 3 of this law defines “electronic health care (eHealth)” as the system of mutually agreed information relations among all healthcare subjects based on the use of digital technologies and information-communication infrastructure. This definition, while comprehensive in scope, was crafted before the emergence of sophisticated AI diagnostic tools and does not explicitly address algorithmic decision-making or autonomous diagnostic capabilities.

The academic literature examining Ukrainian digital health regulation remains relatively sparse, with most substantive analysis concentrated in recent years. Malakhov et al. (2023), publishing in the International Journal of Telerehabilitation, provided the most comprehensive examination of Ukraine’s eHealth legislative framework, documenting the evolution from Soviet-era healthcare information systems to the current electronic health record infrastructure. Their analysis highlighted significant regional variations in digital health adoption, with conflict-affected areas showing accelerated telemedicine utilization as traditional care access became constrained.

2.3 AI Governance and National Strategy

Ukraine’s National Strategy for the Development of Artificial Intelligence for 2021-2030, approved by the Cabinet of Ministers, establishes the conceptual framework for AI governance across all sectors, including healthcare. The Strategy identifies priority areas for AI development, implementation principles emphasizing human rights protection and ethical considerations, and sectoral objectives for healthcare applications.

In June 2024, the Ministry of Digital Transformation presented the White Paper on AI Regulation, detailing Ukraine’s approach to future AI governance. This document explicitly acknowledges alignment with European regulatory approaches, positioning Ukraine for potential future harmonization with the EU AI Act as part of broader European integration objectives. The White Paper emphasizes a “bottom-up” approach to regulation, developing sectoral guidance before comprehensive horizontal legislation.

Research by Nemko Digital (2025) analyzing Ukraine’s AI governance framework concluded that the strategy-led approach, while lacking the enforceability of statutory requirements, has enabled adaptive governance that responds to both technological evolution and the unique challenges of operating under martial law conditions. Their analysis identified healthcare as a priority sector for more detailed regulatory guidance, particularly regarding liability frameworks and clinical validation requirements.

2.4 Liability Frameworks for Medical AI

The question of legal liability when AI systems contribute to medical errors represents one of the most contested areas in health law scholarship. Traditional medical malpractice frameworks, premised on the professional duty of individual practitioners, struggle to accommodate scenarios where algorithmic recommendations influence clinical decisions. A systematic review by Goisauf et al. (2023) in Frontiers in Medicine examined liability allocation across jurisdictions, identifying three predominant models: physician-retained liability (AI as advisory tool), manufacturer liability (AI as defective product), and shared liability (distributed responsibility based on contribution to harm).

The EU’s proposed AI Liability Directive, complementing the AI Act, would introduce presumptions of causality for AI-related harms and require disclosure of evidence regarding AI system operation. While not directly applicable to Ukraine, this directive signals the direction of European liability frameworks with which Ukraine may eventually align.

3. Methodology

3.1 Legal Analysis Framework

This study employs doctrinal legal research methodology, systematically analyzing primary legal sources including Ukrainian legislation, Cabinet of Ministers regulations, Ministry of Health orders, and relevant technical regulations. The analysis follows a hierarchical approach, examining constitutional provisions, statutory frameworks, regulatory instruments, and soft law guidance documents including national strategies and ministry recommendations.

3.2 Comparative Legal Analysis

Given Ukraine’s explicit policy of EU harmonization, comparative analysis with the European regulatory framework forms a central component of this study. We systematically compare Ukrainian requirements with corresponding EU provisions, identifying gaps, alignments, and areas where Ukrainian law may exceed or fall short of European standards. This comparative approach is particularly valuable for organizations operating across jurisdictions and for anticipating future regulatory evolution.

3.3 Stakeholder Perspective Integration

The legal analysis is informed by stakeholder perspectives gathered through review of public consultations, industry submissions, and academic commentary. Healthcare providers, AI developers, patients, and regulators each bring distinct interests and concerns to questions of AI governance, and effective legal frameworks must balance these competing considerations.

3.4 Sources and Limitations

Primary sources include Ukrainian legislation accessed through official government databases, EU regulations from EUR-Lex, and academic literature from PubMed, Web of Science, and legal databases. The ongoing conflict conditions in Ukraine create certain limitations, including reduced regulatory capacity that may affect the currency of some guidance documents and disruptions to normal legislative processes. All legal analysis reflects the regulatory state as of February 2026.

4. Results: The Current Legal Framework

4.1 Constitutional and Fundamental Rights Foundations

The Constitution of Ukraine establishes foundational rights relevant to healthcare AI deployment, including the right to healthcare (Article 49), the right to privacy (Article 32), and protections for human dignity (Article 28). These constitutional provisions create an overarching framework within which all healthcare AI regulation must operate, establishing minimum protections that statutory and regulatory instruments cannot diminish.

The Constitutional Court of Ukraine has not yet addressed AI-specific questions in the healthcare context, leaving open the application of these fundamental rights to algorithmic decision-making. However, the Court’s broader jurisprudence on proportionality and rights limitation provides interpretive guidance suggesting that AI systems substantially affecting health outcomes would face constitutional scrutiny regarding their necessity, appropriateness, and safeguards.

4.2 Medical Device Regulatory Framework

AI diagnostic systems that meet the definition of medical devices fall under Ukraine’s medical device regulatory framework, governed primarily by Cabinet of Ministers Resolution No. 753 (October 2013) establishing the Technical Regulation on Medical Devices, along with parallel regulations for active implantable devices (No. 754) and in vitro diagnostics (No. 755). These Technical Regulations were modeled on the earlier EU Medical Device Directives (MDD) rather than the current Medical Device Regulation (MDR 2017/745), creating a regulatory gap that Ukrainian authorities are working to address.

For AI systems classified as medical devices, the current regulatory framework requires conformity assessment procedures proportionate to risk classification. Class I devices may be placed on the market through manufacturer self-declaration, while Class IIa and above require involvement of a Ukrainian conformity assessment body or recognition of EU notified body certificates. The classification of AI diagnostic software depends on its intended purpose, with systems providing diagnosis-supporting information potentially classified as Class IIa or higher depending on the clinical context and degree of automation.

4.3 Data Protection and Privacy Requirements

The Law of Ukraine “On Protection of Personal Data” (2010, as amended) establishes the primary framework for health data processing, including data used to train, validate, and operate AI diagnostic systems. Health data is classified as “sensitive personal data” requiring heightened protections, including explicit consent or other specified legal bases for processing.

In November 2024, the Ukrainian Parliament adopted foundational legislation (Law No. 12139) aimed at harmonizing Ukrainian data protection standards with GDPR and Convention 108+ requirements. This represents a significant step toward European alignment, though implementing regulations and full operational effect will require additional time to develop.

The intersection of data protection and AI development presents particular challenges. Training AI systems requires large datasets, often aggregating information from multiple sources. The legal basis for such processing—especially when data collected for clinical care is subsequently used for AI development—requires careful analysis. Anonymization can provide a pathway, as truly anonymized data falls outside data protection law’s scope, but effective anonymization of medical imaging data presents technical difficulties given the rich information content of radiological images.

4.4 National AI Strategy Implementation in Healthcare

The National Strategy for the Development of Artificial Intelligence identifies healthcare as a priority sector for AI implementation, with specific objectives including enhanced diagnostic capabilities, optimized resource allocation, and expanded access to medical expertise. The Strategy establishes principles that, while not directly enforceable, provide interpretive guidance for regulators and courts:

4.5 Professional Liability Framework

Ukrainian medical malpractice law, derived from the Civil Code and healthcare legislation, establishes physician liability for harm resulting from failure to meet professional standards of care. The standard of care is determined by reference to accepted medical practice, clinical protocols, and the conduct expected of a reasonably competent practitioner in similar circumstances.

The introduction of AI diagnostic tools complicates this framework in several ways. When a physician relies on an AI system’s recommendation and harm results, questions arise regarding whether the physician’s reliance was reasonable, whether the AI system was appropriately validated, and whether the healthcare institution adequately trained staff in AI system use. Current Ukrainian law does not explicitly address these questions, leaving resolution to case-by-case judicial determination.

5. Discussion: Ukrainian Implications and Recommendations

5.1 Regulatory Gaps and Modernization Needs

Our analysis identifies several critical gaps in Ukraine’s current legal framework for healthcare AI. Most significantly, the medical device regulatory framework, while providing a pathway for AI software classification, lacks specific provisions addressing the unique characteristics of AI systems—including continuous learning capabilities, algorithmic opacity, and the need for ongoing performance monitoring. The reliance on pre-MDR EU Directive models means Ukraine’s framework does not incorporate the more rigorous SaMD-specific requirements present in the EU MDR.

5.2 EU Harmonization Pathway

Ukraine’s EU integration objectives create both pressure and opportunity for regulatory modernization. The Association Agreement with the EU requires progressive approximation of Ukrainian legislation to EU standards, including in the healthcare and medical device sectors. The forthcoming full implementation of the EU AI Act (with complete application by August 2026) will establish requirements that Ukrainian AI developers seeking EU market access must meet regardless of domestic law.

5.3 Liability Framework Development

The absence of clear liability frameworks for AI-assisted diagnosis creates uncertainty that may both discourage beneficial AI adoption and fail to adequately protect patients harmed by AI errors. We recommend legislative action to establish clear principles for liability allocation, potentially including:

5.4 Practical Compliance Guidance for Ukrainian Healthcare

For healthcare institutions currently deploying or considering deployment of AI diagnostic systems, we identify the following compliance pathway based on existing legal requirements:

5.5 Conflict Context Considerations

The ongoing armed conflict in Ukraine creates unique considerations for healthcare AI deployment. Conflict-affected regions have shown dramatically increased telemedicine utilization as traditional care access becomes constrained. AI diagnostic systems could potentially expand access to diagnostic expertise in settings where specialist physicians are unavailable, but deployment in conflict conditions raises additional challenges including infrastructure reliability, data security, and the appropriateness of systems validated in peacetime conditions.

6. Conclusion

The legal framework for AI in Ukrainian healthcare stands at a critical juncture, characterized by foundational governance principles established through the National AI Strategy and existing medical device regulations, but lacking the AI-specific statutory provisions necessary for comprehensive governance of diagnostic AI systems. This gap creates both challenges—in terms of compliance uncertainty and liability risk—and opportunities for developing a regulatory framework informed by international experience and tailored to Ukrainian healthcare’s unique context and needs.

Our analysis identifies five priority areas for regulatory development: (1) modernization of medical device technical regulations to incorporate AI-specific requirements aligned with EU MDR and the AI Act; (2) establishment of explicit liability frameworks addressing the tripartite relationship among AI developers, healthcare institutions, and clinicians; (3) development of AI-specific clinical validation requirements ensuring systems perform appropriately within Ukrainian patient populations; (4) implementation of the recently adopted data protection reforms with specific guidance for AI training data governance; and (5) creation of regulatory capacity for ongoing AI system oversight and post-market surveillance.

Ukraine’s path forward should leverage its strategy-led governance approach as a strength, enabling adaptive development of sectoral guidance that can respond to rapid technological evolution while maintaining fundamental rights protections. The explicit alignment with European regulatory frameworks positions Ukraine for potential future mutual recognition arrangements, facilitating market access for Ukrainian AI developers while ensuring patient protections meet international standards.

For healthcare institutions and AI developers operating in Ukraine today, compliance with existing requirements—particularly medical device registration, data protection obligations, and professional practice standards—provides a foundation for responsible AI deployment. However, prudent risk management should anticipate strengthening regulatory requirements and incorporate compliance margins that position organizations for emerging frameworks.

The integration of AI into Ukrainian healthcare holds significant promise for addressing access challenges, enhancing diagnostic accuracy, and optimizing resource utilization—promises that acquire heightened importance in the context of ongoing conflict. Realizing this potential while maintaining patient safety and public trust requires legal frameworks that establish clear rules, allocate responsibility appropriately, and enable innovation within appropriate bounds. The analysis presented here provides a foundation for understanding the current landscape and a roadmap for necessary developments.

This article is part of the Medical ML Diagnostic Systems Research Program conducted by Stabilarity Hub.
For correspondence: research@stabilarity.com