Back to Journals » Risk Management and Healthcare Policy » Volume 18
Paradigm Shift in Global Governance of Medical Brain-Computer Interface: Addressing Practical Challenges Through Institutional Innovation
Received 23 July 2025
Accepted for publication 16 November 2025
Published 26 November 2025 Volume 2025:18 Pages 3755—3768
DOI https://doi.org/10.2147/RMHP.S555754
Checked for plagiarism Yes
Review by Single anonymous peer review
Peer reviewer comments 2
Editor who approved publication: Dr Gulsum Kaya
Rongrong Zhu, Yangyang Zhao, Yetong Li
School of Humanities and Arts, China University of Mining and Technology, Xuzhou, Jiangsu, People’s Republic of China
Correspondence: Rongrong Zhu, School of Humanities and Arts, China University of Mining and Technology, Xuzhou, Jiangsu, People’s Republic of China, Email [email protected]
Abstract: The rapid advancement of medical brain-computer interface (BCI) technology necessitates the transformation and upgrading of traditional governance paradigms urgently. China, the United States, and the European Union hold prominent positions in the global medical BCI landscape and have developed three highly representative governance models. Existing research on medical BCI primarily focuses on specific countries or regions, but it has failed to conduct a comprehensive comparison of governance frameworks across different jurisdictions from a horizontal perspective. In this study, a horizontal policy text analysis was employed to comprehensively compare the divergent approaches of China, the United States, and the European Union in regulating medical BCI, focusing on regulatory frameworks, approval procedures, neural data governance, and ethical governance. China’s medical BCI governance is state-led, prioritizing safety; the United States features innovation-driven flexibility; the European Union uses an empowerment model to strictly mitigate risks. Yet these three models have inherent drawbacks. To ensure the healthy development of medical BCI, we suggest China, the United States, the European Union and other jurisdictions establish a lifecycle regulatory mechanism, introduce the regulatory sandbox, promote collaborative governance among multiple subjects, build hierarchical informed consent rules, endow users with neurorights and refine BCI ethical governance.
Keywords: medical BCI, medical device regulation, neural data, ethical governance
Introduction
Brain-computer interface (BCI) represents a class of hardware-software communication systems. These systems facilitate direct human-environment interaction by utilizing control signals derived from electroencephalographic activity, bypassing the need for peripheral nervous and muscular involvement. The operation of BCI systems includes five stages: signal acquisition, preprocessing or signal enhancement, feature extraction, classification and control interface.1 BCI can be categorized into distinct types based on different classification criteria. For example, according to interaction paradigms, BCI is classified into: active BCI, reactive BCI, and passive BCI.2 Based on signal acquisition methods, BCI systems are primarily classified into two categories: invasive and non-invasive systems. The invasive BCI includes implanting electrodes into the brain through surgery to provide accurate control, but the risk and complexity are higher. In contrast, non-invasive BCI utilizes external sensors positioned on the scalp to detect neural activity, and this BCI is safer and easier to use, but not as accurate as invasive methods.3 According to the application purpose of BCI, this study divides it into consumer BCI and medical BCI. At present, BCI is mainly used in medical field, which is also the research object of this paper.
BCI technology demonstrates substantial application potential, having been selected by Nature as one of seven most noteworthy technologies in 2024.4 According to projections by Towards Healthcare, the global BCI market is expected to reach 3.21 billion US dollars in 2025, and is predicted to grow to 12.87 billion US dollars by 2034, with an approximate compound annual growth rate of 16.7%.5 Recognizing the strategic significance of BCI technology, China, the United States (US), and the European Union (EU) have implemented national BCI programs, aiming to seize the leading position in the field of global BCI. In 2013, President Obama launched the US BRAIN Initiative, a research program focused on developing innovative neurotechnologies to discover new therapeutic interventions and preventive strategies for neurological disorders including Alzheimer’s disease, epilepsy, and traumatic brain injury.6 In 2013, the EU also launched the Human Brain Project. Although the project ended after ten years, it had an important impact on the development of neuroscience in the EU. In 2016, China promulgated the National Science and Technology Innovation Plan for the Thirteenth Five-Year Plan Period, designating “Brain Science and Brain-Like Research” as a major scientific and technological innovation project for 2030, marking the official launch of China’s Brain Project.
In the field of healthcare, BCI has demonstrated significant potential for replacing or restoring functions damaged by neurological conditions, such as amyotrophic lateral sclerosis, cerebral palsy, stroke, and spinal cord injuries.7 However, while advancing healthcare innovation, BCI also introduces many risks. Specifically, BCI may cause physical harm. Invasive BCI, which requires surgical implantation of intracranial sensors, may cause a certain degree of brain damage to the BCI users.8 In severe cases, medical BCI may potentially infringe users’ fundamental rights to health and life. Furthermore, BCI technology raises concerns regarding personal autonomy. As an intelligent human-machine interaction system, BCI is vulnerable to malicious cyberattacks that could result in unauthorized neural manipulation, thereby compromising individuals’ autonomous decision-making.9 Finally, BCI technology carries inherent risks of data leakage and privacy violations. By obtaining the electroencephalogram (EEG) signals of BCI users, the sensitive data can be extracted. Research demonstrates that “brain spyware” can successfully steal the user’s digital password, bank information, birth month, residential address.10 In practice, hospitals may share EEG databases with universities or corporations to help develop new medical systems. However, such direct EEG data sharing carries the risk that malicious actors could extract sensitive information unrelated to the BCI’s primary function, resulting in the disclosure of patient privacy information.11 For the whole society, as BCI technology advances, its devices may significantly enhance human endurance, senses, or cognition,12 potentially sparking disputes over equitable access and exacerbating social stratification.13
With the increasing risks associated with BCI technology, growing demands for regulatory intervention have emerged, transforming the “BCI race” into a “BCI governance race”.14 Currently, few specialized regulations exist for BCI technology. As BCI development primarily focuses on research and medical applications, most jurisdictions around the world classify BCI as medical devices, requiring the establishment of more rigorous regulatory frameworks that simultaneously ensure both safety and efficacy.15 However, classifying BCI solely as medical devices presents regulatory challenges, as BCI technology providers may bypass the regulation by indicating that these BCI technologies are used for non-medical purposes.16 In the context of neural data governance, some proponents argued that the existing international human rights protection system only partially covered human rights issues arising from neurotechnology, necessitating the establishment of independent neuro-rights.17 Opponents, however, contended that the international human rights framework already provided sufficient protection for neural data through its safeguards for the brain, mind, and thoughts.18 They emphasized that in response to the rapid advancement of BCI technology, existing rights should be further developed rather than creating new rights.19 As leading developers of BCI technology, China, the US, and the EU have also adopted corresponding regulatory measures, but they still face many governance challenges.20
While preliminary research on medical BCI governance exists, studies offering comprehensive cross-jurisdictional comparisons of its policies remain scarce. In this study, this gap was addressed by analyzing representative governance policies of China, the US, and the EU. They were compared across regulatory frameworks, neural data governance, and ethical governance to offset the limited persuasiveness of single-jurisdiction studies. A critical analytical approach was also adopted: acknowledging the strengths of these three jurisdictions’ governance models, identifying their shortcomings, and proposing feasible recommendations to inform global medical BCI policy-making. Our previous studies mainly focused on the field of data protection, and the research experience has provided support for the development of this study.
Materials and Methods
In the present study, medical BCI governance policies of China, the US, and the EU were selected and compared based on their strategic significance and representativeness. These three entities are core players in global medical BCI with the leading roles in technological advancement, market application, and governance rule-making. Moreover, differing historical cultures and values have shaped distinct governance models among them. A comparative analysis of their policies thus outlines the broader landscape, challenges, and future directions of global medical BCI governance.
A horizontal policy text analysis approach was adopted to examine key governance practices of medical BCI in China, the US, and the EU comparatively. To ensure the selected policy documents are representative and analytically valuable, they were screened based on four criteria: the authority of issuing bodies, direct relevance of content, temporal validity of documents, and thematic relevance. Currently, China, the US, and the EU lack specialized laws on BCI, resulting in fragmented regulatory approaches across these jurisdictions. China’s BCI regulatory landscape comprises multiple intersecting policies, including the National Science and Technology Innovation Plan for the Thirteenth Five-Year Plan Period (2016), Regulations on the Supervision and Administration of Medical Devices (2024 Revision), Ethical Guidelines for Brain Computer Interface Research (2024), Personal Information Protection Law of the People’s Republic of China (PIPL), Measures for Ethical Review of Life Science and Medical Research Involving Human Subjects (2023), Civil Code of the People’s Republic of China, Good Clinical Practice for Medical Devices Trials, Law of the People’s Republic of China on Scientific and Technological Progress, Guidelines on Strengthening the Governance of Science and Technology Ethics, and Measures for the Ethical Review of Science and Technology (Trial Implementation) (2023), etc. The relevant policies of the US on BCI include Federal Food, Drug, and Cosmetic Act (FD&C Act), Medical Device Amendments (MDA), Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), California Consumer Privacy Act (CCPA), etc. The relevant policies of the EU on BCI include Medical Device Regulation (MDR), Artificial Intelligence Act (AIA), General Data Protection Regulation (GDPR), etc.
Comparative Analysis of Global Regulatory Models for Medical BCI
As an emerging technological innovation, the rapid development of BCI makes legal regulation lag behind the pace of technological iteration. Currently, China, the US, and the EU have not enacted BCI-specific laws. The governance of BCI usually invokes relevant regulations on medical devices and personal data protection. To ensure comprehensive and accurate analysis, this study focuses on three core issues: medical device governance, neural data governance, and ethical governance.
Regulatory Framework for Medical BCI in China
China’s BCI technology is mainly applied based on the medical purposes. Therefore, the current regulatory approach to BCI technology primarily follows medical device governance frameworks. The Article 6 of Regulations on the Supervision and Administration of Medical Devices (2024 Revision) establishes a risk-based classification model. Specifically, the medical devices were categorized into three classes based on intended use, structural features, and operational methods. Class I was characterized as low-risk and requiring routine management, Class II was moderate-risk and requiring strictly controlled management, while Class III was high-risk and requiring stringent control measures. As far as BCI technology is concerned, China has adopted a classification framework that distinguishes between invasive and non-invasive BCI based on their physical penetration into the human brain. This classification serves as the foundation for assigning corresponding risk levels to each category. The Medical Device Classification Catalog designates invasive BCI and therapeutic non-invasive BCI with enhancement/stimulation functions, including implantable rechargeable deep brain stimulators, transcranial stimulators, and magnetic stimulators, as Class III devices due to their higher potential harm, mandating strict supervision. Conversely, general non-invasive BCI such as EEG devices and sleep monitoring systems are classified as Class II devices given their lower risk profiles.21
The Regulations on the Supervision and Administration of Medical Devices (Article 13) and the Good Clinical Practice for Medical Devices Trials (Articles 5 and 6) stipulate differentiated clinical trial approval and registration processes for medical BCI based on their respective risk levels (Figures 1 and 2). Furthermore, the qualification requirements for conducting clinical trials differ between Class II and Class III BCI. For Class II BCI trials, any medical device clinical trial institution with appropriate capabilities that has completed the required filing procedures may conduct the research. In contrast, Class III BCI trials must obtain approval from the National Medical Products Administration and be conducted exclusively at qualified third-class A medical institutions. Overall, China’s BCI approval process remains anchored in conventional regulatory models, where procedural complexity and prolonged timelines may hinder the technology’s clinical translation and broader adoption. Although Article 8 of the Regulations on the Supervision and Administration of Medical Devices stipulates prioritized review and approval for innovative medical devices to facilitate their clinical adoption, few BCI products have been successfully qualified. In August 2024, the wireless minimally invasive implantable BCI system NEO, developed by Professor Hong Bo’s team at Tsinghua University School of Medicine in collaboration with Neuracle (http://www.neuracle.cn/), became China’s first BCI product to enter the special review process for innovative medical devices, according to official reports.22 The increasingly shortened iteration cycles of BCI technology stand in stark contrast to the protracted approval procedures, potentially creating innovation bottlenecks in the field’s development.
 |
Figure 1 Approval procedures for clinical trials of medical device. |
 |
Figure 2 The filing and registration process for medical device. |
Neural data, also referred to as brain data, can reveal core private information including individuals’ thought processes, emotional states, value orientations, and social decision-making patterns.23 At present, China lacks specific legal provisions on neural data protection. While the Ethical Guidelines for Brain Computer Interface Research issued by the Ministry of Science and Technology stipulates that the scope of neural data collection and access permissions in BCI research must receive ethics committee approval, these provisions remain overly broad and fail to provide actionable regulatory guidance for neural data safeguarding. Under China’s PIPL, neural data may qualify for protection under both sensitive personal data regulations due to its inherent sensitivity and privacy rights provisions as confidential personal information, based on the law’s definitions of private and sensitive data categories. Under current regulations, special protection measures were implemented in China for sensitive personal information, permitting data processors to handle such data only when possessing specific legitimate purposes, demonstrating sufficient necessity, and implementing stringent protective measures. Compared with ordinary personal data, the processing of sensitive personal information follows stricter informed consent requirements. When data processors handle sensitive personal information, they must meet two layers of disclosure. First, they must provide the basic details required by Article 17(1) of the PIPL. These details include the processor’s identity, contact information, purposes and methods of processing, data categories, and retention periods. Second, they must explicitly tell individuals why the sensitive information is necessary to process. They must also explain how this processing could affect the individuals’ rights and interests. Regarding consent requirements, the processing of sensitive personal information mandates obtaining separate individual consent, with written authorization required when stipulated by laws or administrative regulations. Furthermore, Article 14(2) of the PIPL specifies that any modifications to the purpose, method, or categories of neural data processing require renewed individual consent.
In order to cope with the uncertain risks posed by emerging technologies, China has progressively intensified its governance of technology ethics, establishing a “national-provincial-regional” three-tier ethical review system. At the institutional level, China’s current legal framework for science and technology ethics is distributed across various laws, administrative regulations, and departmental rules. In accordance with Article 32 of the Basic Healthcare and Health Promotion Law of the People’s Republic of China and Article 2 of the Measures for the Ethical Review of Science and Technology (Trial Implementation), clinical trials and medical research involving medical BCI must comply with medical ethical norms and obtain proper ethical approval through established legal procedures. In February 2024, China’s Ministry of Science and Technology issued the Ethical Guidelines for Brain Computer Interface Research, which explicitly outlines fundamental principles for BCI research. These principles emphasize safeguarding health and enhancing well-being, respecting subjects and ensuring appropriate application, upholding justice and guaranteeing fairness, implementing risk management and safety assurance, maintaining information transparency and informed consent, as well as supporting innovation while adhering to rigorous regulations. Regrettably, the Ethical Guidelines for Brain Computer Interface Research present rather macro-level provisions concerning ethical review processes, with many stipulations serving primarily declaratory purposes. This situation results in the ethical review of BCI research having to resort to alternative regulations. According to the Measures for Ethical Review of Life Science and Medical Research Involving Human Subjects and the Measures for the Ethical Review of Science and Technology (Trial Implementation), the institutional review board (IRB) serves as the primary oversight body for medical BCI ethical review. These IRBs are established by medical institutions, institutions of higher education, and scientific research institutes. Ethical review methods include meeting review, expedited review and exempted review. Meeting review is the general review method. Expedited review and exempted review are only applicable when specific conditions are met. In terms of the review process, medical BCI must undergo initial ethical review followed by expert re-evaluation. The review decisions include approval, approval after modifications, re-review after modifications or disapproval. Although China has established regulations concerning the entities responsible for ethical review, review procedures, and review methods for BCI, these normative documents hold relatively low legal authority, making it difficult to provide mandatory legal protection for the ethical review of BCI. According to Article 4 of the Measures for the Ethical Review of Science and Technology (Trial Implementation), China has adopted an “institutional self-review” model. The relevant institutions serve as both “players” and “referees.” This self-regulatory ethical review mechanism fails to ensure the scientific rigor and independence of the review process.24 Furthermore, different institutions have different review capabilities. This multi-subject ethical review model may lead to inconsistent ethical review results of BCI and affect the effectiveness of ethical review. Additionally, the current legal framework lacks disciplinary measures against misconduct by ethical review committees, which could result in insufficient constraints on these oversight bodies and undermine the standardization of ethical review processes for medical BCI.
Regulatory Framework for Medical BCI in the US
In the US, the regulation of BCI is primarily administered by the Food and Drug Administration (FDA), which is mainly due to the leading application of BCI in the medical field. As the regulatory authority responsible for medical device approval, the FDA mandates that such devices must provide valid scientific evidence to prove that they are equivalent to legally listed equipment, and ensure that their benefits outweigh potential risks.25 The US has also adopted a tiered regulatory framework for medical devices. Enacted in 1976, theMDA classified medical devices into Class I, Class II, and Class III based on their risk levels. The higher the risk level, the stricter the regulation. Class I refers to low-risk medical devices, which can be generally controlled, such as prohibitions against adulteration or misbranding. Class II refers to devices with moderate risks, and regulatory measures need to be taken according to their performance standards. Most Class II medical devices require pre-market notification (510 k), where applicants need only demonstrate “substantial equivalence” to an existing legally marketed device for approval. Class III refers to high-risk devices necessitating stringent premarket approval (PMA) review, which includes clinical trials.26 Currently, several neurotechnology products such as implantable spinal cord stimulators and deep brain stimulation (DBS) devices have been approved by the FDA. Notably, the FDA still maintains post-market surveillance over approved devices, and developers of novel products like implantable BCI must similarly comply with regulatory requirements including product recalls and adverse event reports.27 However, the current FDA regulatory framework exclusively oversees “medical devices” while excluding “health devices” from its jurisdiction. Moreover, the FDA primarily determines the intended use of medical devices based on the promotional materials provided by applicants.28 It may create a potential loophole whereby companies circumvent FDA regulation by claiming their products solely for healthcare purposes rather than medical applications.29
In terms of approval procedures, the US has adopted different approval procedures based on the risk levels of medical devices, including 510 k, De Novo and Premarket Approval Application (PMA). Beyond these routine procedures, a series of expedited review mechanisms have been established to foster innovation in medical device development. In 2018, the FDA released the Breakthrough Devices Program (BDP), which facilitates more timely patient access to designated medical devices by accelerating product development, evaluation, and review processes.30 In 2020, the US company Synchron and Neuralink obtained the FDA’s Breakthrough Device certification and began to enter the human trial phase. In 2021, the FDA issued the guidance document titled “Implanted Brain-Computer Interface (BCI) Devices for Patients with Paralysis or Amputation Non-clinical Testing and Clinical Considerations”, which provided specific recommendations for Investigational Device Exemption (IDE) applications concerning implantable BCI medical devices. This regulatory framework was established to facilitate the translation of BCI from laboratory research to clinical applications. In addition, there is Humanitarian Device Exemption (HDE) in the US, which is a regulatory approach for medical device intended to treat rare diseases.31 The HDE waives the requirement for conducting clinical trials of appropriate scale and statistical effectiveness, thus encouraging enterprises to develop medical devices for the treatment of rare diseases. In essence, the HDE application shares similarities with the IDE, and the key difference between the two is that the HDE does not require manufacturers to demonstrate therapeutic efficacy through clinical trials.32
In the realm of neural data governance, the US currently lacks a unified personal data protection law, and its protection of personal data is mainly through fragmented legislation. At the federal level, existing regulations such as the HIPAA and HITECH provide partial regulatory guidance. However, the applicability of the HIPAA and HITECH is primarily confined to traditional “covered entities”. It means that brain data can only be protected when utilized in traditional healthcare scenarios, such as the treatment administered by physicians or other medical professionals. The narrow scope of application of US privacy legislation makes a large number of brain data may not be effectively protected.33 In contrast to the indirect and loose protection of neural data through healthcare data regulations at the federal level, states such as Colorado and California have formulated stricter protection measures for neural data. In April 2024, the amendment to the Colorado Privacy Act (CPA) expanded the scope of sensitive data protection by explicitly including neural data under its provisions, becoming the first comprehensive data law in the world to explicitly protect neural data. The CPA requires that companies must obtain explicit, voluntary, informed, and specific consent from data subjects before processing neural data. Furthermore, Colorado recognizes neural data as private property, granting residents the right to access and delete their neural data held by technology companies, as well as to prohibit the use of such data for marketing purposes.34 California amended the CCPA, which regards neural data as a category of sensitive data. Montana has also enacted privacy bill to protect neural data, which will automatically take effect on October 1, 2025 without the governor’s signature or veto. The bill fully recognizes the unique sensitivity of neural data, requiring strict informed consent and comprehensive protection measures.35
In the ethical governance of medical BCI, compared to China’s refined legal governance model, the US focuses more on technological freedom and innovation promotion. The US adopts a “soft law governance” approach through scientific ethics guidelines and provides more flexible regulatory measures.36 The US BRAIN Initiative has established the Neuroethics Working Group (NEWG), which focuses on neuroethics research and proposes guiding principles for neuroethics, such as protecting the privacy and confidentiality of neural data.37 However, neuroethical governance in the US remains predominantly advisory or guidance-oriented, lacking clear and specific ethical governance content. Most ethical governance documents are not mandatory, with the review process primarily relying on researchers’ self-declaration. Furthermore, the FDA conducts only procedural reviews without establishing an independent third-party supervision mechanism.
Regulatory Framework for Medical BCI in the EU
The EU adopts a “dual reinforcement” approach to the regulation of medical BCI, and builds a systematic governance framework through the integration of sector-specific regulations and horizontal comprehensive legislation.38 The EU currently lacks specialized regulations specifically targeting BCI. The primary legislation in the field of medical devices is the MDR, which applies to medical devices and their accessories that are placed on the market or put into service. According to the definition of medical devices in Article 2 of MDR, all BCIs with intended medical purposes fall within the scope of the MDR and must comply with its requirements.39 In accordance with Article 51 of the MDR, medical devices are divided into four grades based on their intended use and inherent risks, including Class I, Class IIa, Class IIb, and Class III. The higher the risk level, the greater the extent of involvement of the Notified Body (NB) in compliance assessment. Unlike the US regulatory framework, which requires to prove that they are not only safe but also effective before they go on the market, the EU manufacturers must prove that the device is safe and operates according to its intended use, which leads to a huge difference between the US and EU.40 In addition to the MDR, medical BCI is subject to regulation under the AIA due to their classification as AI systems. According to the AIA, the EU has adopted a risk-based regulatory approach for AI, which categorizes AI systems into unacceptable risk AI, high-risk AI, limited-risk AI, and low-risk AI. Based on the provisions of the AIA regarding AI systems of risk levels, medical BCI is likely to be classified as high-risk AI. Consequently, such high-risk AI systems must comply with stringent regulatory requirements. Notably, if medical BCI is utilized to manipulate personal consciousness, it may fall under the category of AI systems with unacceptable risks.
In terms of neural data protection, unlike the decentralized legislation and relatively loose regulatory approach in the US, the EU is one of the most stringent regions for personal data protection in the world. The enactment of the GDPR in 2018 marked a significant milestone, elevating the standard of personal data protection in the EU. Although the GDPR does not explicitly mention neural data, according to Article 4 (14), Article 4 (15) and Article 9 of the GDPR, brain data are biometric data or health-related data, and thus are considered as special categories of data to give stricter legal protection. Specifically, the GDPR enhances the protection of sensitive data by granting rights to data subjects and increasing the obligations of data processors. From the perspective of data processors, explicit consent must be obtained from data subjects when processing neural data, and a data protection impact assessment is required to be conducted. From the perspective of data subjects, the GDPR adopts a rights-based protection approach, empowering brain data subjects with the right to access, the right to restrict of processing and the right to objection, to ensure that brain data is not illegally processed. However, the neural data generated by the consumer BCI may exceed the scope of health data and biometric data, resulting in GDPR being unable to cover all neural data.41
In the ethical governance of medical BCI, the EU prioritizes “human rights supremacy”. It protects the interests of mental integrity and freedom of thought through empowerment. Article 18 of the International Covenant on Civil and Political Rights and Article 9 of the European Convention on Human Rights explicitly affirm individuals’ right to freedom of thought, providing a normative foundation for the ethical governance of BCI. In 2005, the European Group on Ethics in Science and Technology issued the European Group on Ethics in Science and Technology, asserting that information technologies implanted in the human body should not be used to change personal identity or manipulate psychological functions. This view focuses on the issue of personal dignity, particularly the right to respect for a person’s physical and mental integrity.42 In 2020, the Council of Europe emphasized the necessity for a cautious and precise regulatory approach to BCI, which should integrate both ethical frameworks and legally binding norms. At the same time, it is pointed out that BCI governance should follow the following basic principles: beneficence and prevention of malign use; safety and precaution; privacy and confidentiality; capacity and autonomy; human agency and responsibility; equity, integrity and inclusiveness as well as ensuring public trust through transparency.43 In 2023, the Council of the EU adopted the León Declaration on European Neurotechnology: A Human Focused and Rights’ Oriented Approach, which emphasizes that the development and deployment of neurotechnologies should adopt a rights-based approach. This framework aims to foster innovation consistent with international human rights law and enhancing the EU’s competitiveness in neurotechnology.44
Key Regulatory Differences in BCI Governance Among China, the US, and the EU
Currently, China, the US, and the EU have not yet introduced comprehensive legislation specifically targeting medical BCI. Regulatory frameworks for BCI mainly depend on existing medical device laws and regulations, and adopts a risk-based regulation approach. However, significant differences exist among these three jurisdictions in regulatory philosophies, approval procedures, neural data governance, and ethical governance (Table 1). It should be clarified that in the present study, medical BCI governance policies of China, the US and the EU were mainly analyzed and local practices in its research scope were not included. This means the conclusions on the main differences in medical BCI governance among China, the US and the EU are not absolute.
 |
Table 1 Comparative Analysis of Medical BCI Regulatory Frameworks: China, the US, and the EU |
Differences were found in medical BCI regulatory concepts, neural data governance and ethical governance among China, the US and the EU, which are related to their historical backgrounds, legal traditions and social concepts. China is a civil law country, and its distinctive feature is that the state plays an important role in industrial development. The Next-Generation Artificial Intelligence Development Plan issued by the State Council in 2017 states that AI development must be safe, reliable and controllable, putting safety at the top of AI development priorities. Under national macro-strategic guidance, China has initially built a basic framework for medical BCI governance by formulating a series of laws, administrative regulations and departmental rules. Due to its common law tradition and significant legislative authority of states, the US mainly governs medical BCI through a combination of decentralized legislation and industry self-regulation. Meanwhile, the US leads other countries in medical BCI technology; to encourage independent innovation of enterprises, it tends to be market-oriented and adopts more flexible regulatory strategies. After World War II, EU countries gradually recognized the importance of human rights protection. This concept that emphasizes the supremacy of human dignity and freedom has profoundly influenced EU legislation. EU’s BCI regulation also emphasizes the supremacy of human rights; it issues legislation to establish a series of rights to protect users’ psychological integrity, freedom of thought and neural data rights, thus achieving comprehensive control of medical BCI risks.
In recent years, China, the US and the EU have adjusted their governance concepts for medical BCI to some extent: China has begun to emphasize the importance of medical BCI development and issued policies such as Accelerating Beijing BCI Innovation and Development Action Plan (2025–2030) and Shanghai BCI Future Industry Cultivation Action Plan (2025–2030); the EU’s AIA includes a dedicated chapter on the regulatory sandbox system to promote the innovative development of medical BCI in the EU; the US has also gradually attached importance to protecting the rights and interests of subjects in medical BCI applications. However, these minor adjustments have not shaken the basic governance logic of the three entities.
Recommendations for Improving the Governance of Medical BCI
To better address practical challenges posed by medical BCI, we propose developing a systematic governance framework across three dimensions: regulatory frameworks, neural data governance, and ethical governance (Figure 3). For effective implementation, clear governance entities and evaluation methods are required. Currently, National Medical Products Administration (NMPA) of China, the FDA of the US, and the European Commission (plus its member states’ market regulators) should serve as core governance bodies, responsible for formulating rules, monitoring risks, and conducting ethical reviews. These entities should also establish regular evaluation mechanisms through comprehensively assessing rules annually or biennially based on economic benefits, expert evaluations, and user feedback, and dynamically adjust rules based on results. By conducting an in-depth analysis of the distinctive features of medical BCI governance in China, the US, and the EU, this study not only provides an actionable model for global medical BCI governance but also offers a transferable analytical framework for the future governance of other emerging technologies. Going forward, the interaction and competition among these paradigms will profoundly shape the landscape of global tech governance. Actually, the implementation of any policy recommendation must consider not only the recommendation itself but also external factors such as the region’s legal culture, values and practical needs. Therefore, the recommendations proposed in this study may not apply to all regions and are open to debate and discussion.
 |
Figure 3 Governance framework for medical brain-computer interfaces. |
Establishing a Comprehensive Lifecycle Regulatory Mechanism
Under the background of continuous technological innovation, regulatory agencies are at a crossroads. On the one hand, it is necessary to ensure that technological innovation is not stifled by excessive and outdated supervision; on the other hand, it is also necessary to protect consumers from technology service providers.45 The traditional regulatory framework adheres to a “command-and-control” model. This stringent regulatory approach establishes detailed rules in advance, which can provide guidance for resolving practical disputes related to BCI. However, such rigid “command-and-control” mechanisms may result in inadequate or excessive regulation.46 At this stage, the development of medical BCI is getting faster and faster, resulting in higher unpredictability and uncertainty of BCI risks. Regulatory frameworks of BCI must keep pace with the rapid advancements of the neurotechnology, in order to ensure sustainable development of the BCI market.47
In 2025, the NMPA issued the Measures on Optimizing Lifecycle Supervision to Support the Innovation and Development of High-end Medical Devices, which provides a reference for the lifecycle supervision of medical BCIs. In this regard, the regulatory authorities should shift from traditional ex-post, passive and command-based supervision toward ex-ante, active and negotiated governance approaches. This paradigm shift requires establishing comprehensive regulatory mechanisms encompassing pre-event, in-event, and post-event full-process supervision mechanisms to effectively respond to the risks associated with BCI. In the pre-market stage of BCI, regulatory authorities should innovate the evaluation and approval procedures. For eligible medical BCI, expedited approval pathways such as “investigational device exemption” and “priority approval” could be implemented. In the clinical application stage of BCI, regulatory authorities should establish a flexible and systematic risk assessment mechanism to periodically evaluate the functional effects, safety safeguards and compliance requirements of BCI. Based on the results of risk assessment, corrective measures should be implemented accordingly. In order to reasonably balance the development of technology and the protection of rights and interests, it is necessary to establish an exit mechanism for BCI. BCIs that fail to comply with regulatory requirements should be mandatorily withdrawn from the market.
Innovative Regulatory Approaches: The Introduction of Regulatory Sandboxes
In 2024, the EU’s AIA introduced a regulatory sandbox system. As a forward-looking regulatory approach, the regulatory sandbox can cope with the disruptive challenges of the digital era.48 The regulatory sandbox provides a platform for dialogue between medical BCI technology providers and regulatory authorities, allowing BCI providers to conduct real-world testing on potential users in a safer environment. The regulatory sandbox shows the tendency of regulatory authorities to support innovation, and also promotes a comprehensive understanding of the innovation of BCI.49 It must be emphasized that the regulatory sandbox does not equate to deregulation or a lowering of existing safety standards.50 The regulatory sandbox system has been implemented in the UK, Canada, Singapore and other countries. Its application scope has also expanded from the financial sector to other fields such as medical care, transportation, energy, telecommunications and AI. To foster the innovation of BCI and control the risks, it is necessary to introduce a regulatory sandbox framework. This framework should be reinforced through the authorization of mandatory legislation, the guidance of ethical regulations and constraints imposed by industry self-discipline, thereby consolidating its foundational role in governance. At the same time, the legislation must clarify the access conditions and review procedures to enhance the transparency and credibility of the regulatory sandbox.
Due to differences in legal systems and cultural contexts, China, the US, the EU and other jurisdictions need to adjust the specific application of medical BCI regulatory sandboxes appropriately. Jurisdictions like China are led by the state in industrial development; they can adopt a pilot-first approach, select several areas for small-scale testing first, and after success, the state can issue relevant policies or laws to clarify the applicability of regulatory sandboxes in the medical BCI field. Jurisdictions like the US have decentralized legislation; localities can develop their own medical BCI regulatory sandbox systems based on the actual progress of medical BCI technology, then the national level can introduce a unified medical BCI law into it. The EU has already introduced the regulatory sandbox system into the AI field via its AIA; it can apply the regulatory sandbox system to medical BCI through legal interpretation.
Facilitating Collaborative Governance Among Diverse Stakeholders
As a complex technological system, BCI involves multiple stakeholders, and regulatory agencies should actively engage a broader range of interested parties in the governance process.51 As the cornerstone of BCI regulation, regulatory authorities should strengthen the top-level design of BCI governance. This can be achieved through establishing regulatory frameworks, innovating regulatory approaches and fostering international collaboration to ensure comprehensive governance of BCI. In practical implementation, regulators should adopt flexible governance strategies and carefully determine the regulatory approach. Furthermore, regulatory agencies should actively introduce regulatory technology to enhance the efficiency of regulatory processes.52
As far as BCI providers are concerned, the risks arising from the inherent technical imperfections of BCI systems can be solved from two approaches: internal embedding and external embedding. The former involves the implicit integration of ethical values, while the latter entails the explicit implementation of protective measures. Specifically, the internal embedding of BCI refers to the integration of ethical values during the design phases of BCI, making it a socio-technical system that integrates social values. For example, basic ethical values such as security, trustworthiness can be embedded into research stage of BCI through “privacy by design”. The external embedding of BCI refers to the BCI should be embedded in the risk detection system or access to the relevant audit platform. By continuously monitoring the operational status of BCI technology and rigorously evaluating its safety level, BCI providers can implement measures such as risk warnings or service suspension to effectively mitigate potential hazards.
In the era when BCI technology has emerged as a global topic, any jurisdiction cannot ignore the governance rules of other countries. It is necessary to coordinate domestic regulations with international regulations. Since BCI involves multiple areas of human activity, it is difficult to effectively regulate the complex risks of BCI by adopting a “one-size-fits-all” governance model. This requires a coordinated global governance framework for medical BCI that integrates multiple regulatory dimensions, including neuroethical guidelines, soft-law instruments, responsible innovation mechanisms and mandatory regulatory regulations.53 Consequently, there is an urgent need to establish global technical and ethical standards for medical BCI, establish a global ethics and standards committee, incorporate neurorights into the fundamental framework of international human rights, and promote the preliminary formation of an international governance framework.
Development of Tiered and Dynamic Informed Consent Frameworks
Neural data contains complex interests, which are not only related to the personality rights of data subjects, but also to the public interests. If the rational use of neural data is prohibited, it may hinder the long-term development of the healthcare industry. The clinical application of medical BCI is characterized by long-term engagement, inherent complexity, and dynamic variability. Conventional one-time or generalized informed consent mode is difficult to meet the needs of neural data utilization in the practical application of medical BCI. To reconcile the dual imperatives of advancing BCI technologies and safeguarding data subjects’ rights, it is necessary to construct tiered and dynamic informed consent rules according to the differences in neural data sensitivity. Specifically, when participating in BCI research or clinical applications, users must adhere to stringent informed consent. Inaccurate or insufficient disclosure may lead to unrealistic expectations of patients and diminish their perception of potential risks.54 Therefore, healthcare or research institutions must provide comprehensive disclosures regarding the objectives, potential risks and scope of data collection involved in BCI for therapeutic or research purposes. Simultaneously, they should adopt an easy-to-understand way to ensure BCI users genuinely comprehend the relevant information pertaining. When obtaining the consent of the BCI user, it is necessary to expand the identification method of consent. In cases where BCI users are incapable of expressing their will conventionally, technological means may be employed to interpret cerebral signals as indicators of consent. When such determination remains unfeasible, consent may alternatively be provided by legally authorized guardians or agents.
For legally acquired neural data, processing beyond the original purpose of collection should adopt flexible opt-out or opt-in mechanisms based on data sensitivity. Specifically, when handling less sensitive neural data, an opt-out mechanism should be implemented. It permits healthcare or research institutions to process the data freely unless the data subject explicitly objects. In contrast, for highly sensitive neural data, healthcare or research institutions must re-obtain valid informed consent from data subjects. Such neural data may only be processed after clearly informing users of relevant matters and securing their separate, explicit consent. For collected neural data, the default setting should be “no sharing permitted” unless explicitly authorized by the user.12 Furthermore, it is necessary for neural data processors to implement robust encryption mechanisms during data transmission and storage, employing techniques such as differential privacy or homomorphic encryption to ensure effective anonymization of data, so as to better protect the rights of neural data subjects.55
Recognizing Neurorights
Compared to general sensitive data, neural data is particularly sensitive personal information.56 In response to concerns regarding the misuse of neural data in medical BCI applications, Chile incorporated “neurorights” into the constitution in 2021. This legal framework requires that the development of BCI must rigorously uphold mental integrity, establishing a precedent for legislative safeguards against neural data exploitation. The concept of neurorights, rooted in human rights principles, represents a proactive neurotechnological protection mechanism.57 “Neurorights” constitute a bundle of rights encompassing mental privacy, identity integrity and equitable access to cognitive enhancement.58 To ensure comprehensive and targeted protection of neural data, it is imperative to establish neurorights.59 It should be clarified that while data subjects possess neurorights over their neural data, these rights do not constitute absolute control. Data processors may handle neural data for purposes such as research, education or public interest, provided such processing remains strictly within the defined scope of these objectives.
As China, the US and the EU serve as governance samples for medical BCI, differences in their legal traditions mean the three entities should take different paths to implement neurorights. For China, there is currently no legislative plan for neurotechnology; to maintain legal stability and predictability, it can protect users’ neurorights through interpretations of the existing legal system. In the near future, it may consider establishing neurorights via special legislation to form a legal system combining general and special protection. For common law countries represented by the US, neurorights of users can be recognized through rulings in specific cases; besides, the US can also establish neurorights through state-level legislation. The EU has long been at the forefront of global legislation in emerging technology fields and can confirm neurorights through forward-looking legislation. Meanwhile, it is also necessary to build supporting rules related to neurorights, and regularly evaluate the practical effects of neurorights to revise relevant rules appropriately.
Enhancing Ethical Governance of BCI
To ensure the sound development of BCI technology, it is imperative to refine the ethical review mechanisms. First, formulating unified legislation is essential. Legislative bodies should proactively establish more stringent ethical guidelines to fully ensure the enforceability of ethical oversight. Second, optimizing organizational structures. Given the highly specialized nature of BCI technology, it is essential to establish dedicated governance bodies, such as BCI ethics committees, while clearly defining the authority of BCI ethical review institutions to prevent regulatory gaps resulted from overlapping or ambiguous oversight responsibilities among agencies. Unlike conventional ethical reviews focused solely on technical aspects, the ethical evaluation of BCI technology spans multiple disciplines, including ethics, medicine, computer science, and law. This necessitates the active inclusion of experts from medical, legal, and computer science fields as members of ethics committees to ensure the scientific character of ethical oversight. Third, it is essential to strengthen the openness and transparency of ethical review. To ensure fairness and impartiality in ethical oversight, the introduction of independent third-party institutions is necessary to further standardize the procedures for ethical review of BCI technologies. Concurrently, the ethical review information of BCI needs to be released to the society in a timely manner, and the transparency of communication is essential to maintain public trust.60 Fourth, it is imperative to strengthen the punitive measures for ethical review of BCI. Review personnel who fail to fulfill their due diligence in ethical oversight should bear corresponding civil, administrative, or criminal liabilities. Where necessary, penalties should also be imposed on the responsible leaders of the ethical review committees. Fifth, it is essential to establish a comprehensive ethical review and evaluation mechanism that aligns with the entire lifecycle of BCI technology, encompassing upstream fundamental research, midstream clinical trials, and downstream clinical applications. Simultaneously, differentiated ethical review standards should be further implemented. Generally, the ethical review criteria for clinical applications should be more stringent than those for clinical trials, while the ethical review standards for clinical trials should, in turn, exceed those applied to fundamental research.61
Conclusions
As a groundbreaking technological achievement in the medical field, medical BCIs hold significant promise for patients with neurological disorders. This requires that the regulatory frameworks must be sufficiently flexible to effectively mitigate potential risks posed by BCI, and to avoid excessive supervision hindering BCI technology innovation. China, the US, and the EU lead the world in medical BCI technologies, but they adopt different regulatory models for BCI. By comparing their regulatory paths, approval procedures, neural data governance, ethical governance and other specific measures of BCI, this paper analyzed their reasonable practices and existing shortcomings, which could provide valuable insights for shaping global BCI regulatory frameworks. Looking ahead, the governance of medical BCI must strike a rational balance between technological innovation and safety assurance. Therefore, it is necessary to establish a comprehensive, inclusive, and innovative regulatory mechanism, taking into account both neural data protection and neural data utilization. Simultaneously, it emphasizes the important role of ethical governance of BCI, and runs ethical requirements through the whole process of BCI activities.
Funding
This research is funded by the Jiangsu Provincial Social Science Foundation Youth Program (24FXC010), General Program of Jiangsu Provincial Philosophy and Social Science Research Project in Higher Education Institutions (2024SJYB0779), Fundamental Research Funds for the Central Universities (2024SK16).
Disclosure
The authors declare that they have no conflicts of interest in this work.
References
1. Nicolas-Alonso LF, Gomez-Gil J. Brain computer interfaces: a review. Sensors-Basel. 2012;12(2):1211–1279. doi:10.3390/s120201211
2. Liv N. Neurolaw: brain-computer interfaces. U St Thomas J L & Pub Pol’y. 2021;15:328.
3. Mühlenen E, Chatzidimitriadou Z, Balsiger A. Regulating the future: navigating ethical and legal pathways in brain-computer interface technology. Available from: https://www.sidley.com/en/insights/publications/2024/04/regulating-the-future-navigating-ethical-and-legal-pathways-in-brain-computer-interface-technology.
4. Eisenstein M. Seven technologies to watch in 2024. Nature. 2024;625(7996):844–848. doi:10.1038/d41586-024-00173-x
5. Brain computer interface market size, technology & EEG signal classification. Available from: https://www.towardshealthcare.com/insights/brain-computer-interface-market.
6. Secretary TWHOotP. Fact sheet: BRAIN initiative. Available from: https://obamawhitehouse.archives.gov/the-press-office/2013/04/02/fact-sheet-brain-initiative#:~:text=Launched%20with%20approximately%20%24100%20million%20in%20the%20President%E2%80%99s,as%20Alzheimer%E2%80%99s%20disease%2C%20epilepsy%2C%20and%20traumatic%20brain%20injury.
7. Shih JJ, Krusienski DJ, Wolpaw JR. Brain-computer interfaces in medicine. Mayo Clin Proc. 2012;87(3):268–279. doi:10.1016/j.mayocp.2011.12.008
8. Klein E, Ojemann J. Informed consent in implantable BCI research: identification of research risks and recommendations for development of best practices. J Neural Eng. 2016;13(4):043001. doi:10.1088/1741-2560/13/4/043001
9. King BJ, Read GJM, Salmon PM. The risks associated with the U.S.e of brain-computer interfaces: a systematic review. Int J Hum–Comput Int. 2024;40(2):131–148. doi:10.1080/10447318.2022.2111041
10. Agarwal A, Dowsley R, McKinney ND, et al. Protecting privacy of users in brain-computer interface applications. IEEE T Neur Sys Reh. 2019;27(8):1546–1555. doi:10.1109/TNSRE.2019.2926965
11. Xia K, Duch W, Sun Y, et al. Privacy-preserving brain–computer interfaces: a systematic review. IEEE Trans Comput Soc Syst. 2023;10(5):2312–2324. doi:10.1109/TCSS.2022.3184818
12. Yuste R, Goering S, Y ABA, et al. Four ethical priorities for neurotechnologies and AI. Nature. 2017;551(7679):159–163. doi:10.1038/551159a
13. Burwell S, Sample M, Racine E. Ethical aspects of brain computer interfaces: a scoping review. BMC Med Ethics. 2017;18(1):60. doi:10.1186/s12910-017-0220-y
14. Smuha NA. From a ‘race to AI’ to a ‘race to AI regulation’: regulatory competition for artificial intelligence. Law Innovation Tech. 2021;13(1):57–84. doi:10.1080/17579961.2021.1898300
15. García LV, Winickoff DE. Brain-computer interfaces and the governance system. Upstream Approaches. 2022;1.
16. Est RV, Stemerding D. European governance challenges in 21st century bio-engineering. European Parliament, STOA, Available from: https://pure.tue.nl/ws/portalfiles/portal/3639333/35323156635777.pdf.
17. Yuste R, Genser J, Herrmann S. It’s time for neuro-rights. Horizons. 2021;18:154–164.
18. Ligthart SS, Bublitz C, Alegre S. Neurotechnology: we need new laws, not new rights. Nature. 2023;620(950):950. doi:10.1038/d41586-023-02698-z
19. Bublit JC. Novel neurorights: from nonsense to substance. Neuroethics-Neth. 2022;15(1):7. doi:10.1007/s12152-022-09481-3
20. Tournas LN, Johnson WG. Regulating brain–computer interfaces: ensuring soft law does not go flat. IEEE Trans Tech Society. 2023;4(2):119–124. doi:10.1109/TTS.2022.3208821
21. Sheng Y, Pengzhi Z. China’s medical device evaluation: regulatory status of brain-computer interfaces. Available from: https://mp.weixin.qq.com/s/OGJbg8fqCFIxfeEgajsuhw.
22. Wei, XIayi Multiple approaches advance in parallel: industrialization of brain-computer interfaces accelerates. Economic Information Daily. 2025, 5 26;004 doi:10.28419/n.cnki.njjck.2025.002220.
23. Naufel S, Klein E. Brain–computer interface (BCI) researcher perspectives on neural data ownership and privacy. J Neural Eng. 2020;17(1):016039. doi:10.1088/1741-2552/ab5b7f
24. Xiong Z. Research on a three-dimensions regulation framework for brain computer interface technology. J Xi’an U Finance Econ. 2015;1:84–93.
25. Montalbano L. Brain-machine interfaces and ethics: a transition from wearable to implantable. J Bus Tech Law. 2021;16(2):191–221.
26. Needleman G. The medical device amendments of 1976. Cambridge University Press, Available from: https://www.cambridge.org/core/product/31F49F8FF2658795113F8D9432291BA1.
27. Johnson WG. Catching up with convergence: strategies for bringing together the fragmented regulatory governance of brain-machine interfaces in the United States. Annals Health L & Life Scis. 2021;30(1):177–206.
28. Gaudry KS, Ayaz H, Bedows A, et al. Projections and the potential societal impact of the future of neurotechnologies. Front Neurosci-Switz. 2021;15:658930. doi:10.3389/fnins.2021.658930
29. Rothermich E. Mind games: how robots can help regulate brain-computer interfaces. J Law Public Aff. 2022;7(2):391–431.
30. Breakthrough devices program. Available from: https://www.fda.gov/media/162413/download.
31. Humanitarian device exemption. Available from: https://www.fda.gov/medical-devices/premarket-submissions-selecting-and-preparing-correct-submission/humanitarian-device-exemption.
32. Fins JJ, Mayberg HS, Nuttin B, et al. Misuse of the FDA’s humanitarian device exemption in deep brain stimulation for obsessive-compulsive disorder. Health Affairs. 2011;30(2):302–311. doi:10.1377/hlthaff.2010.0157
33. Greenberg A. Inside the mind’s eye: an international perspective on data privacy law in the age of brain machine interfaces. Alb LJ Sci Tech. 2019;29(1):79–122.
34. George AS. Safeguarding neural privacy: the need for expanded legal protections of brain data. Partners Univers Multidiscip Res J. 2024;1(1):56–82. doi:10.5281/zenodo.11178464
35. Montana on the brain: a bold step for neural privacy. Available from: https://www.cooley.com/news/insight/2025/2025-04-22-montana-on-the-brain-a-bold-step-for-neural-privacy#:~:text=Montana%20has%20now%20become%20the%20third%20state%20in,activity%20of%20the%20central%20or%20peripheral%20nervous%20system.
36. Jingwu Z. Model classification and system connection of artificial intelligence science and technology ethics review system. Contemp Law Rev. 2025;1:84–96.
37. Greely HT, Grady C, Ramos KM, et al. Neuroethics guiding principles for the NIH BRAIN initiative. J Neurosci. 2018;38(50):10586–10588. doi:10.1523/JNEUROSCI.2077-18.2018
38. Vokinger KN, Gasser U. Regulating AI in medicine in the United States and Europe. Nat Mach Intell. 2021;3(9):738–739. doi:10.1038/s42256-021-00386-z
39. Steindl E. Consumer neuro devices within EU product safety law: are we prepared for big tech ante portas? Comput Law Secur Rev. 2024;52:105945. doi:10.1016/j.clsr.2024.105945
40. Yusifova L. Ethical and legal aspects of using brain-computer interface in medicine: protection of patient’s neuro privacy; 2020. doi:10.6092/UNIBO/AMSDOTTORATO/9342
41. Yang H, Jiang L. Regulating neural data processing in the age of BCIs: ethical concerns and legal approaches. Digit Health. 2025;11:20552076251326123. doi:10.1177/20552076251326123
42. Lucivero F, Tamburrini G. Ethical monitoring of brain-machine interfaces: a note on personal identity and autonomy. Ai Soc. 2008;22(3):449–460. doi:10.1007/s00146-007-0146-x
43. Becht O. The brain-computer interface: new rights or new threats to fundamental freedoms? Available from: https://pace.coe.int/en/files/28722/html.
44. The león declaration on european neurotechnology: a human focused and rights’ oriented approach. Available from: https://www.publicnow.com/view/90714A0C3A36CD6E886A0D275927B0DEE7989445?1698148078.
45. Ranchordás S. Does sharing mean caring? Regulating innovation in the sharing economy. Minnesota JL Sci Technol. 2015;16(1):413.
46. Sunstein C. Administrative substance. Duke Law J. 1991;1991:630.
47. I CM, Lau C, Minielly N, et al. Owning ethical innovation: claims about commercial wearable brain technologies. Neuron. 2019;102(4):728–731. doi:10.1016/j.neuron.2019.03.026
48. Brummer C, Yadav Y. Fintech and the innovation trilemma. Georgetown Law J. 2019;107(2):291.
49. RP Buckley, D Arner, R Veidt, et al. Building fintech ecosystems: regulatory sandboxes, innovation hubs and beyond. Wash UJL Pol’y. 2020;61:55.
50. Pošćić A, Martinović A. Regulatory sandboxes under the draft EU artificial intelligence act: an opportunity for SMEs? J Inter EU Law East. 2022;9(2):71–117.
51. Leenes R, Palmerini E, Koops B-J, et al. Regulatory challenges of robotics: some guidelines for addressing legal and ethical issues. Law Innovation Tech. 2017;9(1):1–44. doi:10.1080/17579961.2017.1304921
52. Arner DW, Barberis J, FinTech BRP. RegTech, and the reconceptualization of financial regulation. Nw J Int’L L & Bus. 2016;37:371.
53. Lenca M. Common human rights challenges raised by different applications of neurotechnologies in the biomedical field. 2021.
54. Ienca M, Haselager P. Hacking the brain: brain–computer interfacing technology and the ethics of neurosecurity. Ethics Inf Technol. 2016;18(2):117–129. doi:10.1007/s10676-016-9398-9
55. Bernal SL, Celdrán AH, Pérez GM, et al. Security in brain-computer interfaces: state-of-the-art, opportunities, and future challenges. ACM Comput Surv. 2021;54(1):1–35. doi:10.1145/3427376
56. Ienca M, Malgieri G. Mental data protection and the GDPR. J Law Biosci. 2022;9(1):lsac006. doi:10.1093/jlb/lsac006
57. Khan S, Cole D, Ekbia H. Autonomy and free thought in brain-computer interactions: review of legal precedent for precautionary regulation of consumer products. UC L Sci Tech J. 2024;15:95.
58. Genser J, Damianos S, Yuste R. Safeguarding brain data: assessing the privacy practices of consumer neurotechnology companies. 2024;1–99.
59. Wajnerman Paz A. Is your neural data part of your mind? Exploring the conceptual basis of mental privacy. Mind Mach. 2022;32(2):395–415. doi:10.1007/s11023-021-09574-7
60. Qiansu Y, Nan B, Wenbin S, et al. Ethical review key points of brain-computer interface clinical research. In: 2024 IEEE International Conference on Signal, Information and Data Processing (ICSIDP); 2024:1–4. doi:10.1109/ICSIDP62679.2024.10868636
61. Long C. Reflections on the ethical issues of brain-computer interfaces. Sci Tech Law Chin-Engl. 2025;02:75–82+92.
© 2025 The Author(s). This work is published and licensed by Dove Medical Press Limited. The
full terms of this license are available at https://www.dovepress.com/terms
and incorporate the Creative Commons Attribution
- Non Commercial (unported, 4.0) License.
By accessing the work you hereby accept the Terms. Non-commercial uses of the work are permitted
without any further permission from Dove Medical Press Limited, provided the work is properly
attributed. For permission for commercial use of this work, please see paragraphs 4.2 and 5 of our Terms.