Medical apps & traps: new stricter and broader rules for medical software manufacturers

Lasting a day without using medical apps (as a medical device), for example, heart-monitoring systems, glucose meters, digital thermometers, stethoscopes,…, has become unthinkable. Medical apps have changed our traditional healthcare system and have led to not only innovation but also (more) affordable and more accessible healthcare. This has become even more evident during the Covid-19 crisis. The fact that the costs for certain medical apps are now even reimbursable in Belgium is a real breakthrough in digital healthcare.

Needless to say, these innovative technologies must be placed in the European market in a responsible way. Diverging interpretations of earlier directives and a few high-profile scandals (for example, the PIP scandal relating to harmful (defective) breast implants in 2012) forced legislative bodies to intervene. It is thus no surprise that the legislation on medical device or devices and software as medical devices was recently amended.

At EU level, two new regulations were approved:

  • the medical devices regulation (“MDR”), which entered into force on 26 May 2021; and
  • the in vitro diagnostic medical devices regulation (“IVDR”), which will enter into force on 26 May 2022.

The new rules apply to all medical devices that are sold in the EU regardless of whether they are manufactured in the EU or placed on the EU market directly through import.


Which criteria apply?

It is important to know that the MDR amended and broadened some elements in the definition of medical device. For example, the previous legal definition did not cover “prognosis”, but the new definition now does explicitly. Also, DNA analysis software that assesses the risk of certain diseases would be considered a medical device under the MDR, but this was not so before.


The effect of the amended definition is that from now on more software developers will have to consider the rules governing medical devices.

It is therefore crucial for software developers or distributors to know if their software is classified as a medical device or not. In this respect, the MDR has already offered the some guidance:

  • Software that is intended by the manufacturer to be used for one or more medical purposes is regarded as a medical device.
  • Software that is intended for general purposes (even relating to healthcare) or for well-being purposes is not considered a medical device.

The classification of medical devices in different categories according to the level of danger they pose for health was preserved in the MDR, and this in accordance with existing international practice. However, new (stricter) classification rules for software were added in

that context. The effect of these new rules is that the majority of existing health and fitness apps (which already qualify as medical devices) will now be belong to a higher risk category. This has significant consequences for the way in which these software can be placed on the European market.


Obligations and points of attention

Let us summarize for you the most important obligations and points of attention for software that are classified as medical device:

  • The software must meet the general safety- and performance requirements, as described in the MDR and IVDR.
  • The regulations devote a very elaborate appendix to the required technical documentation. This was not so in the past.
  • A conformity process and, if appropriate, even certification, must be conducted by a registered body.
  • After all the required documentation have been drawn up (before the software is marketed as a medical device), the software must be identified and registered.
  • A quality management system that tailored to the risk category and the medical device type must be developed. In addition, monitoring must also be set up after the software has be placed on the market.
  • The obligations concerning vigilance (that is, being alert for incidents) were broadened for producers of software that qualify as a medical device.



The market for digital healthcare is growing rapidly, so lawmakers are keeping up with it: the range of legal rules and obligations continues to increase. The ultimate purpose of the legislature is certainly to safeguard patient safety, but for (existing) software manufacturers, this mainly entails a series of (new) obligations.

In addition, the liability framework relating to artificial intelligence in healthcare also appears to be a complicated story. You can read everything about this exciting topic in the article written by my colleague Lisa Opdecam, which will be available on our website in June 2022.

This article is written by

Looking for advice on a specific topic?

We will guide you to the right person or team.