AI Act Compliance Within the MyHealth@EU Framework: Tutorial

The integration of artificial intelligence (AI) into clinical workflows is advancing even before full compliance with the European Union Cross-Border eHealth Network (MyHealth@EU) framework is achieved. While AI-based clinical decision support systems are automatically classified as high risk under the European Union’s AI Act, cross-border health data exchange must also satisfy MyHealth@EU interoperability requirements. This creates a dual-compliance challenge: vertical safety and ethics controls mandated by the AI Act and horizontal semantic transport requirements enforced through Open National Contact Point (OpenNCP) gateways, many of which are still maturing toward production readiness. This paper provides a practical, phase-oriented tutorial that enables developers and providers to embed AI Act safeguards before approaching MyHealth@EU interoperability tests. The goal is to show how AI-specific metadata can be included in the Health Level Seven International Clinical Document Architecture and Fast Healthcare Interoperability Resources messages without disrupting standard structures, ensuring both compliance and trustworthiness in AI-assisted clinical decisions. We systematically analyzed Regulation (EU) 2024/1689 (AI Act) and the OpenNCP technical specifications, extracting a harmonized set of overlapping obligations. The AI Act provisions on transparency, provenance, and robustness are mapped directly onto MyHealth@EU workflows, identifying the points where outgoing messages must record AI involvement, log provenance, and trigger validation. To operationalize this mapping, we propose a minimal extension set, covering AI contribution status, rationale, risk classification, and Annex IV documentation links, together with a phase-based compliance checklist that aligns AI Act controls with MyHealth@EU conformance steps. A simulated International Patient Summary transmission demonstrates how Clinical Document Architecture/Fast Healthcare Interoperability Resources extensions can annotate AI involvement, how OpenNCP processes such enriched payloads, and how clinicians in another member state view the result with backward compatibility preserved. We expand on security considerations (eg, Open Worldwide Application Security Project generative AI risks such as prompt injection and adversarial inputs), continuous postmarket risk assessment, monitoring, and alignment with MyHealth@EU’s incident aggregation system. Limitations reflect the immaturity of current infrastructures and regulations, with real-world validation pending the rollout of key dependencies. AI-enabled clinical software succeeds only when AI Act safeguards and MyHealth@EU interoperability rules are engineered together from day 0 . This tutorial provides developers with a forward-looking blueprint that reduces duplication of effort, streamlines conformance testing, and embeds compliance early. While the concept is still in its early phases of practice, it represents a necessary and worthwhile direction for ensuring that future AI-enabled clinical systems can meet both European Union regulatory requirements from day 1. risks such as prompt injection and adversarial inputs), continuous postmarket risk assessment, monitoring, and alignment with MyHealth@EU’s incident aggregation system. Limitations reflect the immaturity of current infrastructures and regulations, with real-world validation pending the rollout of key dependencies.