AI is quickly outgrowing healthcare's legal frameworks, leaving a regulatory void with real-world consequences. With questions about patient safety, usage and liability left unanswered, doctors have become reluctant to use clinical AI tools (Skills for Health), delaying the roll out of a technology that might ease the overwhelming strain on our healthcare system.

But delay is not the only risk. The greater danger is that badly designed regulation penalises those trying to follow the rules, while leaving generic AI apps, which are not purpose-built for healthcare and may not protect patient data, only a browser tab away.

I used to be an NHS doctor; I've felt the pressure doctors are under. But I've also seen how clinical AI tools can lighten the weight placed on doctors: cutting documentation time (NIH), reducing A&E waiting times (The Guardian) and improving patient outcomes (GOSH). If we're to see these benefits at scale, and soon, we need to balance safety with timely implementation of clinical AI.

The answer is not simply more regulation. It's smarter, clearer and more proportionate regulation: national standards that are simple and affordable enough for innovators and healthcare providers to follow, paired with the ability for healthcare institutions to govern AI usage at a granular level. This would allow healthcare institutions to manage AI risks with precision and speed, in ways that work for them.

What would this look like?

The UK already has some of the ingredients for this blended governance model. Healthcare-specific regulators and public bodies set part of the baseline, while NHS trusts act as the granular decision-making layer, developing their own AI implementation and governance frameworks.

But the UK model has its shortcomings and these demonstrate how important it is that regulation is clear and navigable. One of the clearest weaknesses of the UK's approach is how it approves clinical AI. The path to approval is slow, expensive and opaque. Although it's done in patients' best interests, the complicated route actually puts patient safety at risk. Those trying hardest to develop safe, compliant tools face the greatest challenges, while generic AI remains easily accessible. 

The best approach is a single national assurance process for clinical AI, covering key factors like clinical safety, data protection and interoperability. If a tool passes that test, then that approval should be recognised nationwide.

A national clinical AI benchmark would help healthcare institutions make more informed decisions about what tools they should use; instead of relying on generic certificates, they would have information about how different tools perform across real clinical tasks and different specialties.

It's not just about speed

Enabling healthcare institutions to self-govern their AI use won't just accelerate the roll out of AI tools; it will also create a regulatory framework genuinely tailored to clinical reality. This is what really sets it apart from a solely legislation-based approach.

AI tools aren't interchangeable. Staffing, patient demographics, volume and specialty all shape which tools are appropriate. Regulation must not assume the most widely used tool is the safest. It should ask what the tool is meant to do, how consequential its outputs are and whether it has been evaluated in the context where it will actually be used.

Healthcare institutions, operating within a clear national framework, are best placed to make these distinctions: selecting tools, determining appropriate contexts and setting roll out pace in line with their own workforce readiness.

Trust doctors to use their judgment

Admittedly, the self-governance model can make people feel a little jumpy. But doctors aren't passive users of software. They've spent years interpreting evidence and weighing uncertainty. AI outputs are simply another source to scrutinise. That's why clinical AI governance shouldn't be built only around legal compliance. It should be built around clinical judgement, informed by evidence.

Any self-governance framework needs continued oversight: internal audits, rigorous staff training and external checks that standards are being met. Above all, it needs transparency. Bodies like the Coalition for Health AI have proposed networks for sharing AI evaluations (JAMA Network), enabling peer scrutiny and pushing vendors and providers to raise their standards.

Governance shouldn't be an either/or. National bodies must set a shared, enforceable baseline and a national clinical AI benchmark should give healthcare institutions meaningful evidence about real-world tool performance. Institutions should then have the authority to build frameworks that best serve their patients and workforces.

Above all, we need to make safe AI easier to adopt than unsafe AI. Regulation too complex to navigate doesn't eliminate risk. It displaces it.

The blended approach replaces one-size-fits-all legislation with something built on clinical reality: national standards, meaningful benchmarking, and local judgement. Guardrails for doctors that respect the authority they've earned.