Hong Kong Healthcare Artificial Intelligence SocietyHong Kong Healthcare Artificial Intelligence Society

Regulatory Compliance & Societal Risks of LMMs

Data protection, medical device boundaries, big-tech dominance, environmental footprints, and threats to human epistemic authority.

All articlesSource document
Regulatory oversight and societal impact of AI foundation models in global health

Compliance with existing law

WHO notes that LMMs may conflict with data protection laws (such as GDPR requirements for consent, erasure, explanation, and age-gating), even before new AI-specific rules apply. Concerns include scraping personal data for training, inability to explain automated decisions, retaining user chat data, and publishing inaccurate personal information through hallucinations.

Many patient-facing LMM apps sit in a grey zone between regulated clinical software and lightly regulated "wellness" applications — yet false medical advice can still harm patients, especially when no clinician is involved.

When LMMs are adapted for medical purposes or marketed for clinical use, they may qualify as medical devices requiring evidence of safety and efficacy — not merely disclaimers on experimental clinical decision support tools.

Societal risks beyond the health system

WHO highlights broader consequences:

  • Industry dominance — few companies control compute, data, and talent; voluntary ethics commitments may not replace government oversight
  • Carbon and water footprints — training and inference consume significant energy and water, with climate and local resource impacts
  • Epistemic authority — plausible AI text may undermine trust in human expertise in medicine and science
  • Model collapse — AI-generated misinformation polluting future training data
  • Ethical debt — rushing models to market shifts harms onto vulnerable users

Human rights and ethical obligations are non-negotiable, WHO stresses — even for AI classified as "low risk" under risk-based regulatory frameworks.

For Hong Kong healthcare professionals

Understand your institution's policies on approved AI tools and personal data. When evaluating vendors, ask for transparency on training data, performance testing (including hallucination rates), data residency, and compliance with Hong Kong's Personal Data (Privacy) Ordinance. Advocate for procurement criteria that prioritise patient safety over novelty.

Source: WHO — Ethics and governance of artificial intelligence for health: Guidance on large multi-modal models (2024)

Ready to test your knowledge?

Take a short quiz based on this article to check your understanding.

Take the quiz