The Pharmacy and Poisons Board (PPB) is drafting new rules to govern how AI tools are used in healthcare, a response to the growing number of people turning to chatbots and health apps for medical advice with little to no oversight.
As these technologies embed themselves more into how people seek and receive medical advice, the gap between what AI systems can do and what is actually safe for them to do has become a public health concern that regulators can no longer afford to ignore.
The proposed framework assigns requirements based on how much is at stake. Tools that play a direct role in diagnosing illness or guiding treatment are held to the strictest standards, while software with a more limited role in patient care faces lighter scrutiny.
READ: Bill Gates Returns to Africa With $50 Million AI Health Project Backed by OpenAI
The guidelines address two distinct categories. The first is Software as a Medical Device (SaMD), which covers tools that operate on their own, including symptom checkers, diagnostic apps, and AI systems that assist clinicians in making medical decisions, typically running on everyday devices like smartphones or computers.
The second is Software in a Medical Device (SiMD), which covers software that is physically built into medical hardware and inseparable from it, such as the processing systems inside an MRI machine or the control software in an insulin pump.
Since the consequences of failure differ significantly between the two, so does the level of regulatory oversight applied to each.
READ: You Need to Think Twice Before Using ChatGPT As Your Therapist
The distinction matters because the risks differ. A standalone app that suggests a drug dosage carries a fundamentally different liability profile than software embedded within life-sustaining hospital equipment, and the regulatory scrutiny applied to each must reflect that difference.
What anchors the framework is its alignment with international standards, including those of the International Medical Device Regulators Forum, and national policy instruments such as the Kenya AI Strategy (2025–2030) and the Digital Health Act of 2023.
Manufacturers seeking approval to bring a product to market must prove that it works as claimed in a clinical setting, show their design and safety documentation, and commit to monitoring the product’s performance even after it has been released.
Cybersecurity is being treated as a non-negotiable requirement, with tools required to protect user data through measures such as encryption and access controls built in from the onset.
READ: New ChatGPT Health Tool Wants Access to Your Medical Records
The bar is even higher for AI-enabled tools. Developers must show that the data used to train their models is broad and representative enough to produce reliable results across different patient profiles and that the system was properly tested before being put in front of users.
These are safeguards against a category of failure that is both invisible and consequential: an AI tool trained on incomplete or skewed data will produce advice shaped by those gaps, often without the user ever knowing it.
READ: AI to Help 100,000 Kenyan Health Workers Track Patients in Real Time
Studies have found that AI chatbots can perform poorly in high-stakes clinical scenarios and remain vulnerable to spreading medical misinformation.
A human clinician draws on a patient’s full history, lifestyle, comorbidities, and circumstances when making a recommendation.
An AI tool, however sophisticated, responds to the inputs it is given, and those inputs are almost always incomplete when a person is consulting it remotely, trying to determine whether a symptom warrants urgent attention.
Self-prescription amplifies this risk considerably. When someone acts on AI-generated advice without clinical oversight, the consequences of a flawed recommendation are borne entirely by that individual.
READ: Penda Health Leverages AI to Catch Medical Mistakes in Real Time
There is no pharmacist asking follow-up questions or a physician reviewing the decision chain.
Kenya’s regulatory push is important precisely because it begins to close that gap. By requiring transparency, validation, and ongoing surveillance from developers, the PPB is establishing that AI in medicine is not a consumer product category where ‘buyer beware’ will suffice.
It is a clinical category, and it demands clinical standards.
