EU Releases Final Revision to the MDD

The EU parliament released a final revision of the Medical Device Directive (MDD) and Active Implantable Medical Device Directive (AIMDD). It includes a number of additions related to software. These additions and clarifications stress that standalone software can be a medical device but not all software used in healthcare is a medical device. It also stresses use of “state of the art” development, validation and risk management practices.

Article 4 on page 15 says that the countries have until December 21, 2008, to amend their laws, and those laws shall be applied beginning March 21, 2010. This provides a 15-month period to update the laws and an additional 15-month transition period.

The full report of revisions is at the link provided. The focus of the revisions seemed to be clarification of the scope of medical device software. The explanation on page 50 says electronic health cards and similar items should not be within the scope of medical device regulation. In addition, there were clarifications to allow risk-based validation activities and to avoid burdensomeness.

In some cases they did not agree with the suggested revisions. One point they chose to stress is regarding the scope of software regulation. This is stated in several places. On page 6 they included a clarification that not all software used in a healthcare setting would be a device. “It is necessary to clarify that software in its own right, when specifically intended by the manufacturer to be used for one or more of the medical purposes set out in the Software for general purposes when used in a healthcare setting is not a medical device.”

Page 12 clarifies the definition: “(a) ‘medical device’ means any instrument, apparatus, appliance, material or other article, whether used alone or in combination, including the software intended by its manufacturer to be used specifically for diagnostic and/or therapeutic purposes and necessary for its proper application, intended by the manufacturer to be used for human beings for the purpose of . . .
Only diagnostic and therapeutic software should be included in this Article and not all software as such. The addition of the sentence ‘for medical purpose’ might allow certain products to be excluded from the Directive. This would create uncertainty among the users and has a potential for uncontrolled products to be used on patients.”

Page 31 revises the use of validation terminology and removes use of “state of art” and instead states:
“For devices which incorporate software, in terms of the software the principles of development lifecycle, risk management, validation and verification should be taken into account. The concept of validation should always be based on the relevant risk classification of the medical device concerned.
The term ‘validation’ should be replaced in order to prevent the collection of unnecessary data. With regard to the principles of validation the existing real risk should be taken into account. The demands made regarding software for a robotic device in neurosurgery would undoubtedly be rather different from those made of software for a UV lamp for hardening resin in dental fillings .”

MDD Final Revisions 2007

Cybersecurity Review

Our cybersecurity experts are NESSUS Pro Licensed and can quickly remediate cybersecurity deficiencies with your medical device or digital health software.  Planning, requirements, validation, and submissions – we can assist with all.

Interested in having a conversation?  Email us to arrange a Zoom meeting or call us at +1 781-721-2921.

Corporate Office

15148 Springview St
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN), Canada, and Italy.