How MDR regulates software?
Artificial Intelligence (AI) has been used more and more in healthcare. When it comes to medical devices, the most frequently used AI technique is machine learning (Joher Institute, 2019). There are two main points that manufacturers are challenged by:
- Classification of medical devices;
- Demonstrating conformity of devices, i.e. which standards and practices should be followed when manufacturing compliant machine learning medical devices.
As software is defined as an active device, for the classification of active (hardware) devices, which also includes Medical Device Software providing information for patient management, Rule 9, 10, 11, 12 ,13, 15 or 22 of Annex VIII of the Medical Device Regulation (MDR) should be considered. In line with implementation rule 3.5, the strictest rule or sub-rule should hence apply.
The Medical Device Coordination Group has published a guidance concerning the classification of these devices, Guidance on Qualification and Classification of Software in Regulation (EU) 2017/745 – MDR and Regulation (EU) 2017/746 – IVDR.
The main change, as opposed to the Medical Device Directive, is that the majority of these devices will no longer be considered as Class I devices:
‘’Software intended to provide information which is used to take decisions with diagnosis or therapeutic purposes is classified as class IIa, except if such decisions have an impact that may cause:
- death or an irreversible deterioration of a person's state of health, in which case it is in class III; or
- a serious deterioration of a person's state of health or a surgical intervention, in which case it is classified as class IIb. Software intended to monitor physiological processes is classified as class IIa, except if it is intended for monitoring of vital physiological parameters, where the nature of variations of those parameters is such that it could result in immediate danger to the patient, in which case it is classified as class IIb.
- All other software is classified as class I’’ (Official Journal of the European Union, 2017, Annex VIII, Chap.III, Rule 11).
Demonstrating compliance with General Safety and Performance Requirements
Manufacturers shall demonstrate compliance with the applicable general safety and performance requirements listed in Annex 1 of the MDR, including the specific requirements related to electronic programmable system to ensure repeatability, reliability and performancein line with their intended use.
In the event of a single fault condition, appropriate means shall be adopted to eliminate or reduce as far as possible consequent risks or impairment of performance (Official Journal of the European Union, 2017, annex I, 17.1):
- To ensure that the software is developed and manufactured in accordance with the state of the art considering the principles of development life cycle, risk management, including information security, verification and validation (Official Journal of the European Union, 2017, annex I, 17.2);
- Software intended to be used in combination with mobile platforms, must be designed and manufactured considering specific features of the mobile platform and the external factors related to the use (Official Journal of the European Union, 2017, annex I, 17.3);
- Manufacturers shall set out minimum requirements concerning hardware, IT networks characteristics and IT security measures, including protection against unauthorised access, necessary to run the software as intended (Medical Device Coordination Group, 2020b). At the moment, no harmonized standard providing presumption of conformity with the relevant general safety and performance requirements specified in Annex 1 of the MDR has yet been published.
However, the following harmonized standards published in context of the medical device directive represents today the state of the art and may be used with the understanding that they may not be totally in line with the requirements set out in MDR. Therefore, it is advised to use them together with the MDR.
- ISO 13485:2016
- IEC 62304:2006
- IEC 62366-1
- ISO 14971
- IEC 82304
More room to improve
2020 has been a year of digitalisation. As such, it comes as no surprise that the main healthcare players have been focused on AI. This resulted in the establishment of:
- International Medical Device Regulators Forum (IMDRF) established Artificial Intelligence Medical Devices (AIMD) at the global level;
- European Parliament established Special Committee on Artificial Intelligence in a Digital Age, AIDA at the EU level.
Our team is closely monitoring the news in the sector and is experienced in reclassification of medical devices with software. Are you a medical devices software manufacturer? Will your device be re-classified under the MDR?
Obelis Publishing department
Contact Obelis today and assure your devices can stay on the EU market as Class I Legacy devices!Get in touch
- European Commission. (2020). Guidance on the applicable legislation for leave-on hand cleaners and hand disinfectants (gel, solution, etc.). Retrieved on 15/12/2020 from https://ec.europa.eu/docsroom/documents/40523
- Joher Institute. (2019). Artificial Intelligence in Medicine. Joher Institute. Retrieved on 15/12/2020 from https://www.johner-institute.com/articles/software-iec-62304/and-more/artificial-intelligence/
- Medical Device Coordination Group. (2020a). Guidance on Qualification and Classification of Software in Regulation (EU) 2017/745. Retrieved on 18/12/2020 from https://ec.uropa.eu/docsroom/documents/37581
- Medical Device Coordination Group. (2020b). Guidance on Cybersecurity for medical devices. Retrieved on 18/12/2020 from https://ec.europa.eu/docsroom/documents/41863
- Official Journal of the European Union. (2017). Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April 2017 on medical devices, amending Directive 2001/83/EC, Regulation (EC) No 178/2002 and Regulation (EC) No 1223/2009 and repealing Council Directives 90/385/EEC and 93/42/EEC. Retrieved on 18/12/2020 from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32017R0745