Software as a Medical Device (SaMD) in EU MDR and its submission Process

European Medical Device Regulation (EU MDR) will create a robust, transparent, and sustainable regulatory framework, recognized internationally, that improves clinical safety and creates fair market access for manufacturers, it includes defining aspects, qualification criteria, classification, clinical evaluation, CE certification and QMS. For continued innovation, the SaMD manufacturers should understand the proposed regulations and adopt a robust system supporting all the devices and software functionalities with the EU MDR Regulatory recommendations, to ensure high quality and compliance.

The product must adhere to the definition of a “medical device”, “software”, or in vitro diagnostic medical device according to Regulation (EU) 2017/745– MDR and/or Regulation (EU) 2017/746 – IVDR.

ISO 14971 and IEC 62304 are international standards planned to help you fulfil regional requirements, established by the European Medical Devices Directive (MDD 93/42/EEC) and the EU Medical Device Regulation (MDR 2017/745).

How SaMD classified in Europe

1. Annex VIII, Chapter III of the EU MDR deals with how medical devices are classified in the European market. Chapter III Rule 11 summarizes: If the software is used for diagnosis or therapeutic purposes, then it is considered a Class IIa medical device UNLESS:-

1a.Failure could cause serious deterioration of health or surgical intervention – then it is Class IIb (e.g., software driving monitoring of a respiratory or circulatory system).

1b. Failure could cause death or irreversible deterioration of health – then it is Class III (e.g., the software driving an active implantable device).

1c.If it does not fit into any of the criteria mentioned above, it is considered as a Class I (e.g., imaging software from CT scans).

2. Annex 1 of the EU MDR deals with General Safety and Performance. Chapter 1, Section 15 briefly notes that devices with a measuring function “ shall be designed and manufactured to provide sufficient accuracy, precision, and stability for their intended purpose, based on appropriate scientific and technical methods.” This includes the following testing methods:

2a. Verification testing is crucial to ensure that the software algorithm conducts proper measurements.

2b. Validation testing is needed to support what the users see and how they may interpret results.

2c. Performance testing supports analytical accuracy and resolution of measurement (e.g., SpO2 specification +/- 2% within range).

3. Section 17 deals with PEMS (Programmable Electrical Medical System), which these days is generally referred to as “software in a medical device.” These can be devices that incorporate electronic programmable systems and software, or software that is a device into itself. This includes the following testing methods:

3a.Software verification testing needs to link to hazards identified for the software and/or hardware interface.

3b. Software life-cycle development is key for managing hazards, verification, validation, and cybersecurity issues.

3c. Interoperability with other software-controlled devices and their connectivity via Wi-Fi, Bluetooth, and networks must be addressed.

Involvement of Notified Body in EU MDR

Notified Bodies are the organizations designated by the Competent Authority of the European member country for assessing and certifying products before they are placed in the European markets or put into service. They are responsible to execute all the processes and assessments by conducting audits against the relevant directives or regulations and the European regulatory standards. Also, all the technical documentation needs to be reviewed and verified in laboratories.

The European medical device database (EUDAMED) has a module specifically for Notified Bodies where the certificates will be uploaded. It is one of the key aspects of the EU IVDR, and it creates effective communication when sharing information between various stakeholders.

Application process requirements

For the Application process of EU MDR, manufacturers should review and consider the following requirements:

1. Quality Management System (QMS) and Regulatory Requirements: The manufacturer of medical device software shall demonstrate the software that consistently meets customer requirements and applicable regulatory requirements. A QMS for the EU which comply to ISO 1345:2016 will ensure manufacturers adhere to this requirement.

It is essential for medical device software manufacturers to have a copy of EN 62304:2006 standard which specifies all the software life cycle processes in detail. It could be better if manufacture also include 2015 amendment as important updates are made under the same. Items which are only applicable to software safety classes, B and C previously are now also applicable to safety class A. This would include:

1a. Use of the software resolution process

1b. Retesting after changes

1c. Documenting known residual anomalies

1d. Archiving software

1e. Ensuring reliable delivery of released software

1f. Applying the requirements early in development

Manufacturers must assign a safety class to their software device and should create a report of requirements against IEC 62304. This report can be maintained in your quality management system/ process.

2. Premarket Requirement: This includes the following considerations

2a. New classification rule based on Software, Nanomaterials, Absorbable device applied to the body, And Active therapeutic device for patient monitoring

2b. Revise conformity assessment

2c. Compliance with the general safety and performance requirements

3. Technical Documentation Requirements: It covers all aspects of product realization and the entire life cycle. We are supporting the following technical documentation:

3a. User Requirements

3b. Product Requirements

3c. Gap Analysi

3d. Regulatory complianc

3e. Traceability Matri

4. Post Market Surveillance Requirements: It includes Post Market Surveillance Report (PMSR),¬ Periodic Safety Update Report (PSUR), Summary of Safety & Clinical Performance (SSCP), Post Market Clinical Follow Up Reports (PMCFR)

5. Risk Management Requirements: The manufacturer shall apply a risk management process complying with ISO 14971. Risk Assessment and Clinical Evaluation should be updated using data and information gathered through post-market surveillance and lessons learned from any implemented preventive and/or corrective actions.

Medical device manufacturers need to be aware of the above requirements and obligations with regards to SaMD and we are happy to provide the assistance to our clients for all these processes with the expertise in EU MDR standards.

[1] Oriel STAT A MATRIX | Medical Device Training, Consulting & Audits

Devesh-Agarwal circle-1

This article was provided to you by Decos, a cutting-edge partner ready to meet your software needs in the medical domain. We love to get in touch with you! A question on one of our projects, and advice on your project or a POC, just contact me and let’s connect.

Plan an online introduction