​

​

​

​Despite various amendments to both US and EU medical device legislation over the last 20 years, the issue of medical software regulation remains a challenging one for the regulators. The definition of a medical device has been amended to include various types of software, but a fundamental problem remains. The issue of change management of regulated medical software was recognised by academics over 20 years ago [reference], but successive regulatory updates have simply ‘shoe-horned’ different aspects of medical software (particularly standalone software) into a system that wasn’t originally designed to accommodate it.

 

Software is developed in a unique iterative fashion, both during initial development and following release. The first issue has been (partially) addressed by the legal requirement of of software techniques based on its life cycle, but the subsequent growth of the product post-release is more difficult to control. This is due to the inherent adaptability of computer code and the fact that both developers and (especially) users soon identify things that could be done to improve the product. It is therefore quite common for new versions of the software to be released every 1-2 years, with simple ‘bug fix’ releases in between. Regulatory control of medical devices is often perceived as an inhibitor of proactive continuous improvement [reference] and this is something that needs to be addressed. From a standards viewpoint, IEC 13485: 2016 has a section on ‘measurement, analysis and improvement’, but the latter is essentially reactive, based on traditional post-market surveillance, received complaints etc.

​

On the other side of the pond, the FDA and US Congress have taken steps to address long-standing industry concerns about how software medical devices are regulated [reference].  As part of its Digital Health Programme, the FDA recently launched a pilot scheme that, if fully implemented, would represent a radical new way to deal with the regulation of medical software. The Digital Health Innovation Action Plan, launched in July 2017, acknowledges that its traditional approach to hardware-based medical devices is not well suited to the faster iterative design, development, and validation methods used for software-based medical technologies.

 

The practical upshot of this new philosophy is as yet unclear, but the FDA’s Digital Health Software Precertification (‘Pre-Cert’) Pilot Programme gives an insight into how a possible future regulatory approach might work. The programme is intended to help the Agency design a "tailored approach" to regulating software by focusing on the developer rather than the product, in stark contrast to how how the FDA evaluates all other medical devices. One of the stated goals of the new pilot scheme is “to enable a modern and tailored approach that allows software iterations and changes to occur in a timely fashion”, so the programme is to be encouraged and supported.

​

With different regulatory agencies now cooperating more then ever (see International Medical Device Regulators Forum, IMDRF ) it is expected that the EU might start a discussion/consultation of this type once the new MDR17 regulations are completely bedded in. Note that much-delayed UK medical device regulations are expected in 2025. ​​​​

​

The ideas referred to above are all discussed in detail in our book published in 2024.

 

This page last updated: 17 February 2025

​

​

 

 

​

​