October 4, 2022

Volume XII, Number 277


October 03, 2022

Subscribe to Latest Legal News and Analysis

New EU Medical Device Guidance on Standalone Software

On 15 July 2016, the European Commission updated MEDDEV 2.1/6 (the “MEDDEV Guidance), its medical device guidance on the qualification and classification of stand alone software used in the healthcare setting. The updated version replaces an earlier version of MEDDEV 2.1/6 issued by the European Commission in January 2012.

MEDDEV 2.1/6 generally stands as a valuable resource to assist software developers in the assessment of whether software is a medical device. However, some have expressed disappointment that the updated guidance did not go further in clarifying the picture, particularly those operating within the mobile health (mHealth) space.

Indeed, the main changes consist of additions to the definitions section of the MEDDEV Guidance. There is now a definition to clarify that “software” is a “set of instructions that processes input data and creates output data“. There are also accompanying definitions of “input data” and “output data”.

Input data” is defined as “any data provided to software in order to obtain output data after computation of this data”. The MEDDEV Guidance provides a number of non-exhaustive examples of input data:

  • Data given through the use of a human data-input device such as a keyboard, mouse, stylus, or touch screen;

  • Data given through speech recognition;

  • Digital document: formatted for general purpose such as Word file or pdf file or jpeg image, formatted for medical purpose such as DICOM file or ECG records or Electronic Health Record, unformatted document. Note that digital documents have to be differentiated from software able to read such documents;

  • Data received from / transmitted by devices.

Output data” is defined as “any data produced by a software”. Non-exhaustive examples provided by the MEDDEV Guidance are:

  • Screen display data (such as layout with number, characters, picture, graphics etc.);

  • Print data (such as layout with number, characters, picture, graphics etc.);

  • Audio data;

  • Digital document (formatted for a general purpose such as Word file or pdf file or jpeg image, or formatted for medical purpose such as DICOM file or ECG records or Electronic Health Record, unformatted document);

  • Haptic buzzing as an alternative to audio sound Mobile applications.

Helpfully, the updated version retains the annotated decision-trees to assist with classification, which have been slightly amended to reflect the new definitions.

The updated guidance does include a new statement in the introduction that “The criteria specified in this document apply also to mobile applications.” But that is nothing particularly new since it was well-accepted that mobile applications potentially were covered if they are intended for the diagnosis, prevention, monitoring, treatment or alleviation of disease. The updated version also contains a new definition of “Software as a Medical Device” (SaMD) as meaning “software intended to be used for one or more medical purposes that perform these purposes without being part of a hardware medical device.” This definition was taken from the International Medical Device Regulatory Forum work item on software. But it seems somewhat redundant in the MEDDEV Guidance since it is not referred to anywhere else in the document.

As before, the guidance contains a number of illustrative examples of software that would or would not qualify as a medical device, including hospital information systems (e.g., PACS), invoicing systems, decision support software, telesurgery, home monitoring, laboratory information systems, and so forth. Some will be particularly disappointed to see that software applications intended purely for fitness/wellness purposes have not been similarly excluded, since there are a growing number of mobile applications dedicated to this sector. That said, it is well-established that the key factor for determining whether a particular device or software qualifies as a medical device is the manufacturer’s intended purpose, as evidenced on the product packaging or labeling or in the manufacturer’s promotional material.  The software MEDDEV Guidance states:

“[i]t should be noted that only the intended purpose as described by the manufacturer of the product is relevant for the qualification and classification of any device and not by virtue of the way it may be called.

With respect to information systems that are intended only to store, archive and transfer data, the MEDDEV Guidance states that these are not qualified as medical devices in themselves.  However, they may be used with additional modules that might be qualified in their own right as medical devices.  Hence, it is necessary to consider each specific element of a product to determine whether any aspect falls under the definition of a medical device.

Ramon Luque Contributed to this post

© 2022 Covington & Burling LLPNational Law Review, Volume VI, Number 218

About this Author

Brian Kelly, Covington, Litigation lawyer

Brian Kelly is a partner in the London Life Sciences group, whose practice focuses on EU food and drug regulatory law, public and administrative proceedings, internal investigations, European Union law and product liability and safety.  Chambers UK Guide to the Legal Profession has described him as a “talented” lawyer, who “receives very encouraging feedback from clients”, and notes “his impressive attention to detail.”  According to the Legal 500 UK Guide, the team has “notable expertise in food law regulation, led by ‘excellent analyst’ Brian...

Philippe Bradley-Schmieg, Covington Burling, Data privacy and cybersecurity attorney

Philippe Bradley-Schmieg's practice covers a range of regulatory and commercial matters affecting the IT, internet media, e-health and telecoms sectors across the world.

Mr. Bradley-Schmieg advises on legislation, enforcement, advocacy and contracts relating to privacy, data protection, consumer protection, intermediary liability, copyright and databases, Big Data, medical confidentiality, cybersecurity, law enforcement data requests, and smart medical devices and apps.