The EU has released an updated model for the assessment of when to classify software as a medical software device
The Medical Device Coordination Group (MDCG) has released an updated model, which in a brief outline describes the questions that should be asked in the assessment of whether a software is a medical device and must comply with either Regulation 2017/745 on medical devices (MDR) or Regulation 2017/746 on in vitro diagnostic medical devices (IVDR).
The MDCG is composed of representatives of all Member States and it is chaired by a representative of the EU Commission. The MDCG was established by Article 103 of MDR and is to provide advice to and assist the Commission and the Member States in ensuring harmonised implementation of the regulations on Medical Devices.
Updated tool for classification of medical devices
The updated model will function as a tool for classification of medical devices. It is pivotal that medical devices are classified correctly, as this determines whether the software is regulated by MDR, and if so, to which extent it is regulated.
Assessment involves five criteria, which are reviewed below.
The five assessment criteria
The guidance illustrates what to include in the assessment of whether software is subject to the rules of the regulations on medical devices. Criteria are:
First it must be considered whether this is even software in accordance with the definition in the guidance "MDCG 2019-11". In summary, software is a set of instructions that processes input data and creates output data
2. Medical purpose
If it is software, it must be considered whether the software may be characterised as either 1) a device subject to MDR Annex 16 (products without an intended medical purpose), 2) an accessory to a medical device, or 3) software driving or influencing the use of a (hardware) medical device. If the software falls into categories 1-3, the software is regulated by MDR according to the provisions to which the software is related, see 1-3.
3. Performing an action
If the software does not fall within one of the three categories, the next question is whether the software processes data in a manner that goes beyond storage, filing, communication or simple searches. If it does not go beyond that, the software is not regulated by MDR.
4. Benefiting individual patients
If the software performs an action, it must be considered whether such processing benefits individual patients. If the software performs actions aimed towards more general issues, the software is not regulated by MDR.
5. Software as a medical device
If the relevant software is performing actions for a medical purpose for the benefit of individual patients, it must finally be assessed whether the software is meant to be used on its own or in combination with other devices. If not, MDR does not apply. If so, the software is regulated by MDR.
Medical device or in vitro diagnostic medical device?
The guidance also includes a decision model for whether to classify software as a medical device or an in vitro diagnostic medical device.
First, it must be assessed whether the software contributes information within the framework of the definition of in vitro diagnostic medical devices. The purpose of an in vitro diagnostic medical device is to provide information about, for instance, physiological states and illnesses or information based on specimens from the human body, allowing the monitoring of therapeutic measures, etc.
If the software does not contribute information as described above, it will be subject to MDR.
Second, if the software is not subject to MDR, it must be assessed whether the software contributes information that is solely based on data collected through in vitro diagnostic medical devices. If so, the software will be subject to IVDR.
Further, software may be subject to IVDR if its intended purpose is driven by data sources coming from in vitro diagnostic medical devices.
Software almost always classifies in risk class IIa as a minimum
Medical devices are divided into four risk classes, I, IIa, IIb and III. Classification is constructed so that the lower the risk class defined for the medical device, the less damage it is considered as possibly contributing.
So far, medical software devices have typically been classified in risk class I. Going forward, the new MDR rules tighten the requirements to medical software devices, so that medical software devices as a general rule are classified as risk class IIa. Specific examples of software that will be classified in a higher risk class are, for instance, apps for diagnosing sleep apnoea and apps that help selecting and calculating the dosing of medicines.
If a software is re-classified above class I, it is subject to tighter regulatory requirements. The new rules make requirements to the procedure of preparing a declaration of conformity. Further, they require that an externally authorised body certify this declaration of conformity.
Comments by Bech-Bruun
The new rules on medical devices apply from 26 May 2021. Due to the tightened requirements, manufacturers of medical software will experience a more expensive and time-consuming process when launching devices. The consequence may be that new software will not be available in the EU (anymore). On the other hand, MDR helps ensuring a high degree of safety and benefits of the software that complies with the new requirements.
Manufacturers should note that at present only 20 authorised bodies can grant certification under the rules of MDR and four under the rules of IVDR. The deadlines of MDR and IVDR increase pressure on the authorised bodies that have been accredited to certify under the regulations. Currently there are around 500,000 types of medical devices on the market, of which many will need certification. On 8 October 2020, Denmark decided to allocate financing to attract an authorised body to Denmark.
Bech-Bruun's Life Sciences division follows developments closely and is ready to assist your enterprise.
Click here to read more about the guidance.