Healthtech startups looking to leverage the vast potential of AI and machine learning (ML) face a complex set of regulatory challenges. Unlike traditional pharma, where the journey from development to approval follows a well-worn road, AI/ML products are inherently dynamic. Models evolve, data shifts, performance can drift and no two validation pathways are identical.

Getting to market requires not just scientific rigour, but strategic clarity. You need to know what regulatory category you're in, what the rules of engagement are and how to build an evidence base that stands up to scrutiny.

We recently hosted a webinar that brought together a panel of experts for an in-depth exploration of the unique questions, complexities and opportunities facing businesses in this sector. Here, we summarise the key themes, talking points and takeaways from what proved to be a fascinating discussion.

Participants

• Ben Eloff – Vice-President at Healthcare Innovation Catalysts
• Jay Vaishnav – Director of Regulatory Affairs at Canon Medical Informatics
• Eva Yin – Partner at Wilson Sonsini
• Aman Khera – President at TOPRA
• Dominick Kennerson (Moderator) – Director of HealthTech at HSBC Innovation Banking

The boundary between a wellness product and a regulated medical device has always required careful navigation. In the age of AI and software-driven healthtech, the terrain has become even more complex and difficult to chart. Where a pharmaceutical product is relatively easy to categorise, software exists on a broad spectrum, from apps displaying electronic health records at one end, to diagnostic tools analysing data and identifying disease at the other. In between is a considerable grey zone in which many startups find themselves, often without even realising it.

Our panel agreed that the tipping point between wellness and regulated devices is less about the technology itself and more about what you claim it does. The moment a product's outputs feed into clinical decision-making, the regulatory bar rises sharply. Jay Vaishnav cited blood pressure monitoring as a telling example of a product that sits right on this edge. The practical implication for founders is that you may need to start thinking like a device company long before you enter device territory.

Validation is one area where AI healthtech startups consistently underestimate the challenge ahead. The true demands of this process in 2026 can be much more rigorous than many founders anticipate, and the gap between what companies prepare and what regulators expect can be both wide and expensive.

Part of the issue is structural. Traditional FDA frameworks were built around frozen designs: you validate, you move forward. AI, in contrast, is recursive, iterative and continuously learning. That demands a more flexible validation process.

As Ben Eloff put it, there's a meaningful distinction between verification (does the product meet its specs?) and validation (does it perform on entirely new, untested data?). For AI, the latter is an ongoing obligation, not a one-off milestone.

Regulators, as Aman Khera noted, aren't demanding perfection. But they do expect transparency. You need to show evidence that your data is fit for purpose, that you've interrogated the edges of your model's performance and that you've thought carefully about where and how it might fail.

That thinking should be part of the development process from day one – not just as a regulatory exercise, but as a scientific one.

Too many healthtech startups treat regulatory strategy as something to address when the moment demands it – when a fundraise is on the horizon, for example, or when a submission deadline is looming.

The panel agreed this can be a costly mistake.

The problem with deferring regulatory thinking is that early decisions about activities like data collection, intended uses and clinical claims have clear downstream consequences. Unpicking them later can be time-consuming, expensive and extremely difficult. Getting the right expertise involved from the outset gives you more options and brings problems to the surface before they become major roadblocks. Early FDA engagement is a powerful tool in that regard.

Perhaps most critically of all, a regulatory strategy isn't a document you write once and file away. It's an evolving framework that should develop in step with your product and business.

One of the clearest messages to emerge from the panel was that the FDA's fundamental instinct is to partner.

Rather than a gatekeeper whose job is to say no, the agency's goal is to work iteratively with companies, spot problems early and find routes to market that serve both public health and commercial viability.

Ben Eloff, who spent over a decade at the FDA, was direct on this point: a product that fails to reach approval isn't just a setback for the company – it's considered a failure by the regulator itself.

This shared stake in a successful outcome shapes how the FDA approaches its relationships with developers. The agency's preference is to give companies the opportunity to come into compliance voluntarily, rather than go down the legal route, which can be counterproductive for all parties.

The practical advice for founders is to treat your FDA interactions as a collaboration, not a confrontation. Investing in the relationship can pay dividends in the smoothness of the overall process.

For AI healthtech startups with ambitions beyond the US market, one of the most important realities to be aware of is the degree of divergence between regulatory frameworks across different regions.

The panel were clear: there is no meaningful convergence on the horizon. What earns approval in Europe won't automatically translate to the FDA and vice versa. Every jurisdiction reserves the right to assess products on its own terms, for its own population, and new legal frameworks such as the EU's AI Act add another layer of complexity.

The data dimension makes things even more complicated. Eva Yin highlighted that where a company houses its data has direct legal implications – touching on HIPAA in the US, GDPR in Europe and the data access rights of any third parties involved. International companies operating in the US often consider the option of establishing a separate legal entity there, both to limit liability and to give themselves greater commercial flexibility.

More broadly, Aman Khera emphasised the importance of planning for ambiguity. When a product doesn't fit neatly into an existing regulatory framework – which in healthtech is common – documenting your rationale and thinking clearly becomes essential.

Reading the FDA's guidance documents is the easy part. The harder and more valuable skill is knowing how to interpret and apply them in the context of your specific product, data and commercial model. That gap between the written rules and what they mean in practice is where experienced regulatory and legal advisors can offer real value.

The two disciplines need to work in tandem, and both need to be engaged early. Legal counsel isn't just for contracts and disputes – it's essential to protecting the foundations of your business from the outset. Data rights are a prime example: the language in your clinical trial agreements and informed consent forms will determine what you can do with that data in the future.

Getting broad consent from the outset preserves your options; leave it too narrow, and renegotiating later is costly and complex. The same logic applies if you're licensing technology from a university – securing the data rights, not just the software, is what makes that asset genuinely valuable.

The regulatory landscape for AI healthtech is undeniably complex, fast-moving and unforgiving of shortcuts. But the message from our panel was fundamentally optimistic: the tools, pathways and partnerships exist to help ambitious startups navigate it successfully.

What separates the businesses that succeed in this environment is rarely the technology alone – it's the strategic groundwork. Proactive regulatory thinking, the right advisory team and a genuine working relationship with the FDA are crucial foundations that can help turn a complex and demanding landscape into a competitive advantage.