The Role of Medical Device Software in EU Healthcare

THE FUTURE OF HEALTHCARE IS SOFTWARE—HERE’S HOW THE EU REGULATES IT
Medical Device Software (MDSW) is becoming essential in EU healthcare, especially as hospitals and patients rely more on digital tools for diagnosis, monitoring, and clinical decision-making. Under the EU Medical Device Regulation (MDR 2017/745) and In Vitro Diagnostic Regulation (IVDR 2017/746), any software used for medical purposes such as analyzing health data, helping doctors make decisions, or supporting IVD tests is legally considered a medical device and must meet strict safety and performance requirements. The EU classifies medical software based on the risk it poses to patients. Under MDR, software that supports high-risk decisions (for example, decisions that may lead to serious harm if wrong) falls under higher classes like Class IIb or III. Under IVDR, software used with diagnostic tests is classified from Class A to D depending on how critical the test is. Whether the software is a mobile app or built inside a device, it must follow the same rules: clear intended purpose, proper validation, cybersecurity protection, and safe usability. To be sold in Europe, MDSW must undergo conformity assessment and receive CE marking. This involves preparing technical documentation that explains how the software was developed, tested, and secured. Manufacturers must also show clinical or performance evidence proving that the software works safely and as intended. After approval, companies must monitor how the software performs in the real world, report issues, and update it responsibly without introducing new risks. As Europe moves toward digital health systems like telemedicine, AI-based tools, and cross-border health data sharing, MDSW plays a major role. The regulations may seem strict, but they ensure safer, more reliable digital healthcare. Morulaa can support companies through the entire process classification, documentation, CE marking, Notified Body interactions, and post-market surveillance making compliance easier for manufacturers entering or expanding in the EU market.

THE FUTURE OF HEALTHCARE IS SOFTWARE—HERE’S HOW THE EU REGULATES IT

Medical Device Software (MDSW) is becoming essential in EU healthcare, especially as hospitals and patients rely more on digital tools for diagnosis, monitoring, and clinical decision-making. Under the EU Medical Device Regulation (MDR 2017/745) and In Vitro Diagnostic Regulation (IVDR 2017/746), any software used for medical purposes such as analyzing health data, helping doctors make decisions, or supporting IVD tests is legally considered a medical device and must meet strict safety and performance requirements.

The EU classifies medical software based on the risk it poses to patients. Under MDR, software that supports high-risk decisions (for example, decisions that may lead to serious harm if wrong) falls under higher classes like Class IIb or III. Under IVDR, software used with diagnostic tests is classified from Class A to D depending on how critical the test is. Whether the software is a mobile app or built inside a device, it must follow the same rules: clear intended purpose, proper validation, cybersecurity protection, and safe usability.

To be sold in Europe, MDSW must undergo conformity assessment and receive CE marking. This involves preparing technical documentation that explains how the software was developed, tested, and secured. Manufacturers must also show clinical or performance evidence proving that the software works safely and as intended. After approval, companies must monitor how the software performs in the real world, report issues, and update it responsibly without introducing new risks.

As Europe moves toward digital health systems like telemedicine, AI-based tools, and cross-border health data sharing, MDSW plays a major role. The regulations may seem strict, but they ensure safer, more reliable digital healthcare. Morulaa can support companies through the entire process classification, documentation, CE marking, Notified Body interactions, and post-market surveillance making compliance easier for manufacturers entering or expanding in the EU market.

INTRODUCTION

Medical Device Software (MDSW) plays a pivotal role in modern healthcare, especially within the European Union. With advancements in digital health, MDSW is not only used for diagnosis and monitoring but also in supporting clinical decisions. The EU Medical Device Regulation (MDR) 2017/745 and In Vitro Diagnostic Regulation (IVDR) 2017/746 provide a clear legal framework for regulating such software. This blog explores the significance, classification, and regulatory expectations for MDSW in the EU context.

WHAT IS MEDICAL DEVICE SOFTWARE (MDSW) UNDER EU REGULATIONS?

Under MDR and IVDR, Medical Device Software is defined as software intended by the manufacturer to be used for one or more medical purposes. According to Annex VIII of MDR 2017/745, this includes software used for diagnosis, prevention, monitoring, treatment, or alleviation of disease. For in vitro diagnostics, IVDR 2017/746 extends this to software that processes data from IVD devices to determine patient health status.

CLASSIFICATION RULES FOR MDSW: MDR VS IVDR

Medical device software is classified based on its intended purpose and associated risk.

Under MDR, software is classified using Rule 11 of Annex VIII. For example:
- Class III if it is intended to provide information for therapeutic decisions that can result in death or irreversible deterioration.
- Class IIa or IIb depending on the severity of the condition managed.
Under IVDR, software intended to be used alongside IVD devices is classified similarly using Annex VIII, Chapter III, with Classes A to D depending on public health impact.

These classification rules impact conformity assessment procedures and Notified Body involvement.

STANDALONE SOFTWARE VS EMBEDDED SOFTWARE: REGULATORY DISTINCTION

EU MDR and IVDR distinguish between:

Standalone MDSW: Software functioning independently on a general-purpose platform (e.g., mobile apps, web-based tools).
Embedded MDSW: Software that is integral to a physical medical device (e.g., software running on an MRI machine).

Both are regulated equally under MDR/IVDR if they serve a medical purpose. Manufacturers must define the intended use and clinical functionality regardless of deployment format.

KEY GENERAL SAFETY AND PERFORMANCE REQUIREMENTS (GSPRS) FOR MDSW

MDSW must comply with the General Safety and Performance Requirements (Annex I) of MDR and IVDR. Key areas include:

Software validation: Demonstrating performance according to intended use, including under normal and fault conditions.
Cybersecurity: Protection against unauthorized access and data breaches.
Interoperability: Compatibility with other systems and devices, especially in clinical environments.
Usability: Design should minimize use-related risks and support clinical workflows.

CLINICAL EVALUATION AND PERFORMANCE EVALUATION OF MDSW

Under MDR Article 61, a clinical evaluation is mandatory to demonstrate clinical safety and performance of MDSW.
For IVD software, Article 56 of IVDR requires a performance evaluation comprising scientific validity, analytical performance, and clinical performance.

Manufacturers must provide robust evidence either via clinical data or literature especially when software supports critical decisions.

CONFORMITY ASSESSMENT AND CE MARKING FOR MDSW

Depending on classification, manufacturers must undergo conformity assessment procedures, often involving a Notified Body.

Technical Documentation (Annex II and III of MDR/IVDR) must detail software development lifecycle, risk management, validation, and cybersecurity measures.
Once conformity is demonstrated, the MDSW receives CE marking, allowing it to be marketed across the EU.

THE ROLE OF MDSW IN SUPPORTING EU DIGITAL HEALTH STRATEGIES

MDSW is a key enabler of EU healthcare transformation:

Telemedicine: Remote diagnosis and patient monitoring.
AI/ML Integration: Decision support tools improving diagnostic accuracy.
EHR Integration: Seamless data flow between devices and hospital systems.

The EU’s eHealth Digital Services Infrastructure (eHDSI) and European Health Data Space (EHDS) initiatives further emphasize the need for compliant and interoperable medical software.

POST-MARKET SURVEILLANCE AND VIGILANCE FOR MDSW

Manufacturers must implement a Post-Market Surveillance (PMS) system to track software performance in real-world settings. According to Articles 83 to 86 of MDR and Articles 78 to 81 of IVDR, this includes:

Collecting user feedback and incident data.
Updating software to correct errors or improve functionality.
Submitting vigilance reports to competent authorities and Notified Bodies as needed.

MDSW updates must be assessed for whether they qualify as significant changes under regulatory criteria.

CHALLENGES AND OPPORTUNITIES FOR MDSW MANUFACTURERS IN THE EU

Manufacturers face several challenges under the current regulatory framework:

Evolving expectations for AI-based algorithms and continuous learning models.
Stringent documentation requirements and evidence-based validation.
Delays in Notified Body availability.

However, these challenges are balanced by opportunities to innovate responsibly and contribute to better healthcare outcomes within a regulated ecosystem.

CONCLUSION

Medical Device Software is revolutionizing EU healthcare through smart, connected, and data-driven solutions. MDR 2017/745 and IVDR 2017/746 provide a harmonized regulatory framework to ensure safety, performance, and public health protection. Compliance with these regulations is not just a legal obligation but a strategic advantage for manufacturers seeking to lead in the digital health space.

HOW MORULAA CAN HELP

Morulaa supports medical device software manufacturers in achieving EU MDR and IVDR compliance through expert regulatory strategy, technical documentation, and CE marking guidance. We assist in clinical and performance evaluations, manage interactions with Notified Bodies, and help set up robust post-market surveillance systems. With our deep understanding of evolving digital health frameworks like EHDS, we ensure your software remains compliant and competitive in the EU market.

REFERENCES

Regulation (EU) 2017/745 of the European Parliament and of the Council on medical devices. Official Journal of the European Union. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32017R0745
Regulation (EU) 2017/746 of the European Parliament and of the Council on in vitro diagnostic medical devices. Official Journal of the European Union.
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32017R0746
MDCG 2019-11: Guidance on Qualification and Classification of Software in Regulation (EU) 2017/745 and 2017/746. https://health.ec.europa.eu/system/files/2021-10/md_mdcg_2019_11_guidance_en_0.pdf