Brazil sets standards for AI governance in medicine
In today’s healthcare environment where digital solutions are being integrated into clinical and administrative workflows at scale, the use of artificial intelligence systems — including large language models and generative AI tools — is growing rapidly.
At the same time, regulatory and institutional expectations are also growing, aiming to adopt these technologies with governance, traceability and controls commensurate with the risk, especially when they operate on health data, which is recognized as sensitive personal data.
In Brazil, this debate reached a significant milestone with the Federal Council of Medicine’s recent publication of Resolution No. 2,454/2026, which establishes standards for research, development, governance, auditing, monitoring, training and the responsible use of AI models, systems and applications in medicine.
The CFM is Brazil’s national body for regulating medical ethics that works in conjunction with the regional councils of medicine, which oversee and investigate ethical violations within their respective jurisdictions. In this context, CFM Resolutions serve as a normative reference for medical practice and the organization of services under medical technical direction with concrete implications for supervision and ethical-professional oversight.
Therefore, even though it is not a general law, the new regulation operates as a sector-specific standard of care for the use of AI in medicine, influencing internal policies, the design of care pathways and, increasingly, criteria for contracting, validating and monitoring suppliers.
Purpose and approach: Life cycle, proportionality and transparency
Resolution No. 2,454/2026 states its objective is to promote technological development and the efficiency of medical services in a safe, transparent, equitable and ethical manner for the benefit of patients and in compliance with fundamental rights. To this end, it adopts a life cycle approach, providing that verifications and controls accompany the system from conception and testing through implementation, updates, retraining and monitoring in production.