The New EU Medical Device Software Requirements

Author: Carrie Hetrick | Date: February 18, 2021

With the EU’s new medical device software (MDSW) requirements, the guidance related to qualification, classification, clinical evaluation and cybersecurity present challenges for software as a medical device (SaMD) manufacturers. Approaches to MDSW under the EU Medical Device Regulation (MDR) 2017/745 and In Vitro Diagnostic Regulation (IVDR) 2017/746 are much stricter than other regulations and require a deeper dive.

The Regulatory Affairs Professionals Society details these changes in Medical Device Software Under the EU MDR. Here is a synopsis of their findings to help you navigate the process.

Qualification:

Qualification is the activity that determines whether the MDSW is covered under the MDR. To that end, MDCG 2019-11 offers a qualification workflow that takes manufacturers through the following questions:

  • Is the product software in accordance with the definition of the MDCG 2019-11 guidance?
  • Is the software an annex XVI device, an accessory for a medical device according to MDR art 2(2)?
  • Is the software driving or influencing the use of a (hardware) medical device?
  • Is the software performing an action on data different from storage, archival, communication or simple search?
  • Is the action for the benefit of individual patients?
  • Is the software an MSDW according to the definition of the guidance?

Classification:

Classification determines the risk class of a medical device. Software under the MDR is an active device and must follow active device classification rules. The final classification will be determined by the highest classification of the MSDW after all classification rules are applied.

To avoid being assigned a classification that is too high, follow MDR Annex VIII Rule 3.3 and MDCG 2019-11 guidance, which is based on International Medical Device Regulators Forum (IMDRF) recommendations. For example, according to this guidance, because most software has an indirect influence on treatment or diagnosis, the classification should be lower. And any software that drives a medical device or influences its use should be assigned the same risk class as the device itself.

Evaluation:

The most recent clinical evaluation guidance (MEDDEV 2.7.1 rev 4) was not written with MDSW in mind. Yet governing bodies expect clinical evaluations to follow the guidance, using the Clinical Evaluation Assessment Report (CEAR) template for the review. Therefore, manufacturers should have solid understanding of the CEAR, keeping in mind the following omissions from MEDDEV which create critical gaps for MDR requirements:

  • No references to the MDR, such as articles, annexes, and general safety and performance requirements (GSPR) sections.
  • No discussion about MDR Article 61(10) that technical data can replace clinical data under certain conditions
  • Missing MDR requirements for clinical evaluation plan, identifying GSPRs requiring (clinical) data and defining which level of clinical evidence is required
  • Clinical investigation for class IIb implantables and class III devices
  • Post-market surveillance plan, post-market clinical follow-up plan and clinical development plan
  • Common specifications
  • Stricter requirements for clinical data
  • Qualified assessment of sufficient level of clinical evidence

Clinical Evidence:

According to the MDR, clinical evidence is based on a very strict definition of clinical data from an original or equivalent device, with clinical data coming mainly from clinical investigations (and not from post-market surveillance clinical data). To help MSDW manufacturers navigate the regulation, the Medical Device Coordination Group (MDCG) created a suite of documents that offer guidance specific to:

  • Sufficient clinical evidence for legacy devices
  • Clinical evaluation
  • Clinical (MDR) or performance (IVDR) evaluation of medical device software

Note, both MDR and MDSW clinical evaluations are required.

Cybersecurity guidance

With the recent prevalence of ransomware attacks on hospitals around the world, MDCG 2019-16 guidance on cybersecurity was developed to protect MDSW—and updated guidance is expected soon.  The guidance also requires that manufacturers inform the hospital asset owner and system integrator on how the MDSW can be protected.

Manufacturers are strongly encouraged to carefully study the MDCG guidance for the MDR, as it contains solutions for common problems, plus additional requirements for acquiring the MDR CE mark. If you have any questions or are looking for additional information about the new EU medical device software requirements, contact our regulatory team.

Share This!

Resources

October 7, 2013

Guidelines to Follow When Creating A Medical Device Mobile Application

Guidelines to Follow Many new medical mobile applications are being developed for use on mobile platforms (smart phones, tablets, etc.). Before delving into the steps to be taken to develop a...
Read More >
View More Blogs

February 18, 2021

5 Mistakes Medical Device Startups Make

Startups are the lifeblood of medical device innovation. Without universities researching ways to solve pressing healthcare problems or doctors with experience in a particular field who have an idea to develop a prototype medical device that could help patients, the future technologies needed to help save lives wouldn't happen. But the long, arduous road through the FDA submission process to get market approval can take a long time and cost a lot of money without help. Sterling Medical Devices has been helping startups through the FDA approval process since 1998 without ever having a submission rejected.
Read More >
View More Videos
people developing a product

November 23, 2020

Sterling Helps Print Parts Win Contract with City of New York for Production of Medical-Grade Nasal Swabs

Sterling Medical Devices performed design services for a Class III breathing pacemaker with Major Level of Concern software, intended for use by patients who have lost neurological control of respiration. This life-sustaining device is comprised of two main components: an internal passive receiver and an external controller....
Read More >
View More Case Studies

Need help with your medical device?

Let Sterling Medical Devices show how to bring your idea from concept to prototype to
FDA/CE approval with a free custom project analysis.
Request Free Analysis