Agentic Governance™ with Authority Finality™ for clinical AI in the EU and UK.
A clinical AI that informs a decision — a clinical decision support recommendation, a medical question-answer — needs a regulatory layer to operate in the EU and UK: who authorised the AI to inform this decision, the GDPR Article 9 basis for the health data it used, the EU AI Act and EU MDR / UK MHRA conformity behind it, and the clinician who reviewed it. The Clinical AI Governance Pack™ is the KYE Sector Pack Foundry™ productisation that supplies that layer — the governance and market-entry scaffolding US health-AI answer engines currently lack.
KYE™ governs whether the AI may inform — not whether the answer is right.
This is the honest scope. KYE Protocol™ is not a clinical model and not a clinical answer engine. It does not generate medical answers and it does not assess clinical truth. It governs authority-to-act: whether an AI clinical agent may inform a given clinical decision, and it proves the basis — the authority, the lawful basis, the conformity, and the human oversight. The clinician holds authority-to-act; KYE™ records that the authority existed and the oversight happened. See the wider clinical-AI authority view for the cross-speciality picture.
EU AI Act, EU MDR, UK MHRA, GDPR Article 9 — the clinical-AI perimeter.
A clinical AI that informs care in the EU or UK sits inside a named-accountability perimeter: the EU AI Act treats Annex III health systems as high-risk; EU MDR and UK MHRA treat clinical decision support as a regulated medical device; GDPR Article 9 governs the health special-category data the AI processes. Clinical-AI vendors, telemedicine providers, and hospital AI functions need recorded authority and signed, replay-derivable evidence per answer to place the product into clinical use.
Better evidence than reconstructed logs — signed at the moment, derivable from public keys alone.
The dominant evidence today is after-the-fact reconstruction. A KYE Protocol™ Evidence Pack™ plus Authority Finality™ outcome bound to the authority-to-inform, the GDPR Article 9 basis, the conformity declaration, and the reviewing clinician is materially better evidence: signed at the moment of the answer and Replay-Proof™ against the published JWKS a regulator or notified body can verify offline. KYE™ governs the authority around the answer — not the clinical content.
An 8-step pipeline — from AI clinical answer to recorded basis.
The Pack rides the canonical productisation shape: rule pack, dictionary, sector pack, obligation manifest, expert-pack envelope, coverage attestation, SKU row, and this marketing surface. It composes over the MEDS clinical-data evidence layer and reuses the Governed Research Rail evidence shape (source-pinned, no-hallucination, Ed25519 replay-proof). No Foundry-specific framework shape; the protocol evidence layer underneath is identical to every other Pack.
Bound to the canonical clinical-AI perimeter.
- EU AI Act (Annex III health systems as high-risk; conformity and record-keeping, Article 12; human oversight, Article 14)
- EU MDR / UK MHRA Medical Devices Regulations (clinical decision support as a regulated medical device)
- MHRA Software as a Medical Device supervision (intended purpose and clinical oversight)
- GDPR / UK GDPR Article 9 (health special-category data lawful basis)
Regulators of record: EU AI Office / MHRA / ICO. See the EU AI Act, MHRA Medical Devices Regulations, and GDPR coverage maps.