Regulatory Landscape: Considerations and Examples

A key aspect of educational neurotechnologies is their potential interaction with the nervous system, including the human brain. Developers of educational neurotechnologies must, therefore, confront the deeply ethical nature that such intervention entails. Traditionally, regulatory agencies have focused primarily on the risks and safety of these technologies. However, the creation, development, and application of advanced educational neurotechnologies are likely to introduce new or additional ethical, social, and legal challenges, as outlined in the Safety, Risk, and Wellbeing section. These challenges will require more extensive regulatory oversight. This is due to the unique risk associated with these technologies; it is not in immediate harm caused by their use, but in the way their application could potentially be used to produce long term, irreversible change in brain structure and function. Additionally, training data could introduce bias into an education neurotechnologies applications/experiences. Addressing these issues will likely require creating new or more comprehensive legal frameworks to oversee the development and application of these technologies in educational settings.

Principles pertaining to learning neurotechnologies can look to two lineages for regulatory guidance. First, traditions of medical ethics and bioethics have specified principles protecting human dignity, welfare, and liberty. Second, the recent rise of neuroethics has enunciated particular prescriptions about brain research and effects on personal agency, selfhood, and personhood. Research ethics, clinical ethics, and bioethics generally trace back to the 1947 Nuremberg Code in the wake of Nazi atrocities (Shuster 1997) [34]. Its prohibitions against inexpert and involuntary experimentation, excessive risks versus benefits, unnecessary suffering, and similarly abusive practices in turn inspired later codes such as the 1964 Declaration of Helsinki and the 1979 Belmont Report. Their focus on research and experimentation was enlarged with later declarations and laws to encompass how medical treatment is invented, tested, provided, and distributed. Examples include the 1997 Oviedo European Convention on Human Rights and Biomedicine and the 2005 Universal Declaration on Bioethics and Human Rights.

Since the early 2000s, neuroethics has focused on ethical, legal, and social issues arising from the invention and implementation of brain-focused technologies with a watchful eye on impacts to personal agency and competency (necessary for responsibility), one’s sense of self-identity, and interpersonal relationships, among many issues. One confluence from bioethical and neuroethical traditions has inspired an interest in neurorights for enshrinement in national laws. More than medicine is involved with neuroscience, as the central nervous system houses uniquely intimate and supremely valuable matters. Traditional medical rules and rights gesture at such significance without due precision or precaution. Furthermore, medical ethics can’t cover everything. Because neurotechnologies targeting cognitive abilities for learning performance are aiming at improvement rather than restoration or rehabilitation, they needn’t be classed with medical devices or psychiatric therapies.

In the realm of education, specific educational principles are paramount when considering the ethical use of neurotechnologies. First, the principle of informed consent is crucial. Students and their guardians must be fully aware of the nature, benefits, and potential risks associated with the use of neurotechnologies in learning environments. This aligns with broader medical ethics but requires additional focus on educational context and age-appropriate communication.

Second, the principle of equity and access ensures that neurotechnological advancements in education do not exacerbate existing disparities. All students, regardless of socioeconomic status, should have equal opportunities to benefit from such technologies, preventing a digital divide in cognitive enhancement. Third, the principle of privacy and confidentiality is essential. The data generated by neurotechnologies can be highly sensitive, revealing intimate details about cognitive processes and mental health. Educational institutions must safeguard this data against misuse and unauthorized access, aligning with broader data protection laws and ethical standards.

Fourth, the principle of non-maleficence emphasizes that the use of neurotechnologies in education should not harm students. This includes avoiding cognitive overload, stress, or any adverse psychological effects. The goal is to enhance learning without detrimental impacts on students’ well-being. Fifth, the principle of autonomy and agency supports students’ ability to make informed choices about their learning. Neurotechnologies should empower students, enhancing their ability to learn and engage autonomously, rather than imposing rigid structures that limit personal agency.

Lastly, the principle of educational integrity maintains that neurotechnological interventions should support the holistic development of students. Education is not just about cognitive enhancement but also about fostering critical thinking, creativity, and emotional intelligence. Neurotechnologies should complement and enhance these broader educational goals rather than narrow the focus solely on cognitive metrics.

These educational principles, informed by neuroethical and bioethical traditions, ensure that the integration of neurotechnologies in learning environments respects and promotes the holistic development, dignity, and rights of students.

Bioethical and legal frameworks for regulating medical devices offer strong but vague direction for the statutory regulation of non-medical techniques and devices. They usually do not specify provisions about technological design protocols or consumer protection laws, which remain the purview of individual countries. The USA, for example, relies on the Food and Drug Administration for medical matters while the Federal Trade Commission (FTC) scrutinizes electronic devices. Since brain monitoring and brain modulating devices can be labeled as non-medical, the FTC shoulders the burden of regulation after a technology departs the experimental subject clinic.

The Food and Drug Administration (FDA) in America and the European Commission for the European Union implement and enforce statutory directives. The World Health Organization (WHO) also monitors and counsels international cooperation on matters of population health and public medical programs.

Additional American agencies regulate direct-to-consumer products and devices. The Federal Communications Commission (FCC) offers guidance about devices causing electromagnetic effects on brain tissues. The International Electrotechnical Commission (IEC) is globally respected for its guidelines about manufacturing safe electrical products, including BCI devices such as standard ISO/IEC JTC 1/SC 43. In the USA the Underwriters’ Laboratories (UL) hosts a compilation of standards and resources regarding safety compliance very similar to that of the IEC.

The Federal Trade Commission is charged with preventing fraudulent, deceptive, and unfair business activities and alerting the public to violations. Misleading or erroneous claims about a product’s safety, capabilities, correct usage, or expected results gets scrutiny from the FTC. The Consumer Product Safety Commission (CPSC) has the opportunity to take similar oversight of manufacturer designs and marketing claims.

No national or international binding regulation specifically addresses non-medical and recreational use of neuro-monitoring devices such as EEG recording. Manufacturers can aim at meeting minimal regulations set for medical devices, especially if a device is employing transcranial stimulation of any sort. Any device using electricity, however, is covered by technical safety standards having regulatory standing and effect in many countries.

The International Electrotechnical Commission (IEC) has established globally accepted guidelines to ensure the manufacture of safe electrical products. Electronic devices, both medical and non-medical, should comply with IEC 60601-1 and IEC/EN 62304 (for device software). The Underwriters’ Laboratories (UL) offers testing for its certification in accordance with IEC 60601-1. However, the IEC refuses to explicitly cover transcranial stimulation devices (60601-2-10).

The International Organization for Standardization (ISO) covers transcranial stimulation devices with ISO 13485 and ISO 10993 (biocompatibility) requirements, and manufacturers also should comply with EN ISO 14971:2019 on the management of risks.

The European Medical Device Regulation 2017/745 (MDR) addresses non-medical products in Annex XVI, where transcranial brain stimulation is included for statutory oversight.

Devices that record, store, transmit, and make brain data available to third parties can be covered by applicable statutes protecting personal information. Where educational matters pertaining to minors are concerned, agencies may decide that their supervision extends to the ways that neurotechnologies manage brain data.

The Family Educational Rights and Privacy Act in the United States (FERPA, 20 U.S.C. § 1232g; 34 CFR Part 99) instructs educational institutions to protect the confidentiality of personally identifiable data, information, and records collected for educational purposes. FERPA applies to education records generally, but data collected by devices might not qualify, and it does not directly apply to third-party vendors.

The Children’s Online Privacy Protection Act of 1998 in the United States (COPPA, 15 U.S.C. §§ 6501-6506 and 16 C.F.R. §§ 312.1-312.13) is enforced by the FTC to regulate the online collection and use of personal information from children under the age of 13. It applies to commercial websites and online services, so an extension to ways that brain data collection is managed would be a matter of legislative or judicial prerogative.

The United Kingdom’s Children’s Code of 2021 orders the country’s data protection authority, the Information Commissioner’s Office (ICO), to expect compliance with UK GDPR and the Privacy and Electronic Communications Regulations (PECR). However, the collection and use of biometric, including brain data information, is not specifically addressed. Biometric data is covered under personal identifiable information of GDPR EU articles 34, 50, 10 [35]