EU Medical Device Regulation (MDR): What eHealth companies should know

Companies with digital health solutions are drivers of innovation in the healthcare industry. However, they are also subject to complex regulations. One of the most important is the Medical Device Regulation (MDR) – especially for EU digital health tech adoption. This article provides an overview of the key information and challenges of the MDR, as well as tips on what eHealth companies should consider when developing a digital medical device.

Current development and significance of the Medical Devices Regulation

The digitalization of healthcare is accompanied by new regulations to protect patient safety. In April 2017, the EU Medical Devices Regulation was adopted; and was to be applied in full from May 2021.

A reason to breathe a sigh of relief: On March 7, 2023, an extension of the transition period was decided. For medical device manufacturers whose certificate or declaration of conformity was issued before May 26, 2021, the transition period will be extended until December 31, 2028, at the latest, depending on the classification.

The MDR has a significant impact on the medical technology industry. Effort aside, it also offers clear benefits: by understanding the requirements and implementing confidence-building processes in the software and hardware development cycle, companies can ensure that their products meet these standards, improve health outcomes and remain compliant. At the same time, they increase brand awareness, competitiveness and credibility with potential customers.

What is the EU Medical Devices Regulation?

The EU Medical Device Regulation (MDR) is a regulation of the European Union (EU). As a European supranational set of regulations, the MDR imposes strict safety, quality and risk management requirements in connection with all medical devices.

Note: The MDR must be distinguished from the Medical Devices Implementation Act (MPDG), which supplements the EU medical device regulations with specific national requirements and replaces the German Medical Devices Act (MPG).

What does the European Medical Devices Regulation regulate – and for whom?

The regulation governs the approval, placing on the market and monitoring of medical devices in the EU by independent testing bodies and regulatory authorities. By setting uniform standards and requirements for different markets, the MDR aims to improve the safety, quality and efficacy of medical devices and create more transparency.

In addition to manufacturers, importers and distributors of medical devices in the EU, the new regulations are also relevant for compliance or quality management professionals for example.

What is a medical device?

The MDR defines a medical device (https://eur-lex.europa.eu/eli/reg/2017/745/2020-04-24?locale=de) as:

  • an instrument, apparatus, device, software, implant, reagent, material or another article
  • that is intended for people and
  • alone or in combination, is intended to serve at least one medical purpose.

For example, if your app or wearable fulfils a medical purpose such as diagnosing, monitoring, treating, or alleviating disease or disability, it is likely considered a medical device and subject to the Medical Device Regulation.

Examples of digital medical devices – DiGAs and DiPAs

A wide range of terms and definitions circulate for digital medical devices. Not every piece of medical software or hardware is automatically a medical device.

Digital medical devices include:

  • Digital health apps (DiGA) such as digital therapeutics (DTx) or sleep apps. DiGA denotes low-risk class applications that serve medical purposes and can be used by the patient.

  • Digital care apps (DiPA) such as senior tablets or memory training apps. DiPA denotes applications that are used in care and support or improve care processes.

  • Wearables with sensors such as fitness trackers or chest straps

Both DiGA and DiPA application classes have to undergo a special certification procedure in the EU countries since January 21, 2021, in order to be recognized as a medical device and approved for the market.

The difference between SaMD and SiMD

Medical software is basically divided into two categories:

  • Software as a Medical Device (SaMD) SaMD includes stand-alone software usable on non-medical devices such as smartphones, tablets or wearables, e.g. apps to improve sleep quality or blood glucose levels.
  • Software as part of a medical device (Software in a Medical Device, SiMD). SiMD refers to embedded software that is part of a medical device.

The following figure illustrates the process of classification.

SimD or SaMD graph

Product classification in the EU vs. the USA

You want to distribute your SaMD in the USA as well? The MDR only applies to the EU market, and the US healthcare market and public health matters are regulated by the Food and Drug Association (FDA). As a result, different regulations apply – for example, to the product class, albeit developing a global strategy based on knowledge of both is usually possible.

In the EU (MDR) the classification is made in four classes (I, IIa, IIb and III) and is based on the intended purpose and the potential risks of the respective medical devices. The intended purpose refers to the intended use according to the manufacturer’s specifications, instructions for use, advertising or sales material, and clinical evaluation.

In the USA (FDA) SaMD is classified into three classes I, II and III. The classification is based on the controls on effects and functionality required to demonstrate safety and efficacy.

What does the MDR change compared to the old directive?

The MDR has replaced the old Medical Device Directives (MDD, AIMD and IVDD) with the In Vitro Diagnostics Directive (IVDR):

Old specificationsNew specifications
Medical Device Directive (93/42/EEC, Medical Device Directive or MDD)EU Medical Device Regulation (2017/745, Medical Device Regulation or MDR)
Directive on Active Implantable Medical Devices (90/385/EEC, Active Implantable Medical Devices or AIMD).
Directive on in vitro diagnostic medical devices (98/79/EC, In Vitro Diagnostic Device Directive or IVDD).In Vitro Diagnostic Medical Devices Directive (2017/746, In Vitro Diagnostic Medical Devices Regulation or IVDR).

The IVDR defines the requirements that in vitro diagnostic devices such as laboratory equipment must meet in the EU. The amendments to the MDR and IVDR impose stricter requirements on manufacturers and stakeholders.

The most important innovations of the MDR Regulation:

  • Expanded definition of a medical device

  • Introduction of a unique product identifier (UDI)

  • Strict post-market surveillance (PMS)

  • Designation of a person responsible for MDR compliance

  • New product classification according to risk, contact duration and invasiveness

  • Stricter clinical evidence requirement for implantable medical devices and class III medical devices

  • More rigorous clinical evaluation of Class IIa and Class II medical devices.


What impact will MDR have on the development of digital health solutions?

The MDR places stricter requirements on the development and distribution of digital medical devices. As a result, many companies will have to adjust their planning, revamp processes, or invest more time and money in their projects.

Risk management, intended use and compliance

One of the biggest impacts on development is the risk management system. It is designed to ensure that the risks of the application are controlled and minimized throughout the life cycle, from risk identification to risk mitigation measures. The MDR also requires careful clinical testing to assess the safety and performance of the digital medical device. This requires a comprehensive analysis of clinical data.

Depending on the risk and intended use, each product is subject to increasing levels of clinical evaluation, regulatory oversight and data requirements.

Enterprise SystemsApplications for cliniciansWellness treatments for patientsDiagnostic and monitoring systems for patientsPatient-oriented therapeutic interventions
Platforms for health systems, clinics and other scopes of practicePlatforms for clinicians and clinical support staff
Products that collect, store or transmit health dataProducts for diagnosis, diagnostic support or active monitoringProducts that enable medical interventions and therapies
e.g. clinical management tools, predictive analytics
e.g. health information technology, electronic medical records, telemedicine platformse.g. lifestyle and wellness apps, activity and fitness trackers, wearables and sensors (non-clinical quality)e. g. digital diagnostic systems, wearables and biometric sensors (clinical quality)e. g. digital therapeutics (DTx) delivered directly to patients via software and non-digital therapeutics

In addition, a conformity assessment must be performed, with the procedure depending on the particular risk class and product characteristics. In addition, the MDR affects product liability: The regulation requires medical device manufacturers to have liability insurance to cover patient claims for damages.


Typical challenges in the implementation of the MDR

Especially for small and medium-sized companies with health tech solutions, the MDR can be a challenge. There are a number of stumbling blocks on the path to approval that can delay the market launch or cause additional costs.

  • The stricter requirements mean that costs are rising – whether due to the higher requirements for documentation, systems for UDI product labeling, the obligation to appoint a compliance officer or the re-approval of products already approved under MDD.

  • More stringent requirements apply to product types such as medical device software or software-containing products: Some apps are classified in Class IIa and higher, which requires a Notified Body and incurs additional time and costs.

  • If the new specifications change the class and thus the conformity assessment procedure, manufacturers and stakeholders must meet other requirements. This can delay product approval.

  • Some specifications, such as the procurement of clinical data, leave room for interpretation and are a subject of controversy in health care.

  • The requirements for clinical evaluation are significantly higher due to the new MDR. On the one hand, companies must conduct more extensive clinical studies. On the other hand, the clinical evaluation report (CER) poses a challenge for many companies.

  • On the one hand, not all notified bodies serve all specialist areas. On the other hand, bottlenecks are to be expected in the coming years concerning the recertification of existing digital medical devices.


12 tips for MDR compliance in digital health solutions

  1. Check whether your digital solution is considered a medical device or accessory to a medical device under the MDR, or whether it is subject to other guidelines.

  2. Formulate a clear purpose statement that corresponds to the actual use of the product.

  3. Based on the intended use, check which risk class your product falls into and find out about the associated conformity assessment procedures.

  4. Integrate the regulatory requirements applicable to your medical device early in the development process and establish the correct guidance document.

  5. Develop a clear risk assessment strategy throughout the development and design phases.

  6. Follow Good Automated Manufacturing Practice (GAMP) and ensure that the steps required for MDR compliance are followed in manufacturing.

  7. Define a process for MDR-compliant clinical evaluation of your products early on, as this often involves a lot of effort.

  8. Regularly check the conformity and update of the products.

  9. Check whether your product documentation meets the new requirements and to what extent the technical documentation needs to be revised.

  10. Research the NANDO database (https://ec.europa.eu/growth/tools-databases/nando/index.cfm?fuseaction=country.notifiedbody&cou_id=276) to find an available Notified Body for your field and agree on a schedule for certifying your products.

  11. Make sure all systems are MDR-compliant – from clinical evaluation to quality and risk management to UDI labelling, post-market surveillance and liability.

  12. Bring experienced partners on board in good time to work with you to develop and design your eHealth solution to be MDR-compliant.

Conclusion

The European Medical Device Regulation is one of the most important sets of regulations for digital health companies that want to market their applications in the EU. It determines what is considered a medical device and regulates the approval, placing on the market and monitoring of medical devices.

The strict requirements of the MDR can put pressure on small and medium-sized companies in particular. Complex processes such as clinical evaluation or post-market surveillance can delay the market launch, lead to violations or cause additional costs.

All affected companies should therefore familiarize themselves with the regulations at an early stage and implement necessary systems such as the risk assessment strategy in an effective software and hardware development cycle. Service providers specializing in health tech will support you in successfully implementing your products.

Learn more about our digital health solution ideation and design

  • Discovery, Customer Research, and Product Strategy
  • User Experience and Product Design
  • Requirements and Solution Delivery Roadmap