MedTech Compliance in the EU and USA
Due to the continuing growth of the Medical Devices sector and the rise of countless technologies like software (MDSW / SaMD / SiMD[1]), artificial intelligence (AI) – machine learning (AI/ML), Internet of Medical Things (IoMT) and others, we are facing a huge expansion of technological medical devices promising to revolutionize the practice of medicine. The safety and effectiveness of medical devices entering the market are set by regulations and private sector consensus standards[2], and there are several challenges emerging.
Europe put in place the EU 2017/745 – Medical Device Regulation (MDR), and Directive 98/79/EC on In Vitro Diagnostic, which will remain in force until 22 May 2022 when it will be replaced by the EU 2017/746 (IVDR). The MDR and the Directive both include a number of generic requirements applicable to software, including:
- i) Obligations of manufactures related to Unique Device Identification (UDI), technical documentation, quality management, clinical performance
- ii) Design and manufacturing requirements (diagnostic and measuring functions, constructions and others)
- iii) Information supplied with the device (instructions for use and labeling)
In addition, MDR contains specific requirements to be followed concerning avoidance of negative interactions between software and the IT environment, electronic programmable systems, protection against unauthorized access and others, including those placed on Annex VIII and its rules (e.g. Rule 3.3 and 11)[3]. Also, in order to provide guidelines to facilitate and assure compliance with both regulations, the EU has launched guidance documents MDCG 2019-11 on Qualification and Classification of Software, and MDCG 2020-1 on Clinical Evaluation (MDR)/Performance Evaluation (IVDR) of Medical Device Software.
Regarding AI/ML based medical devices, the EU currently applies the MDR, Directive 98/79/EC and the General Data Protection Law (GDPR), however, there are concerns on if these regulations are enough to cover all aspects of these new technologies and its specificities. That is the reason why, on 21 April 2021, the EU proposed a Draft Regulation[4] laying down harmonized rules on artificial intelligence (Artificial Intelligence Act) and, if it is adopted, it is probable that manufacturers of SaMD will need to comply with both MDR requirements and with those laid down in the Artificial Intelligence Regulation[5].
In the US, the Food and Drug Administration (FDA) is developing many studies, guidances and plans to enhance its regulatory approach regarding SaMD and AI/ML based medical devices, since their traditional framework is not well suited for the design, development, and validation techniques used to achieve high quality, safe and effective software. Marketing authorizations are under the FDA’s existing regulatory pathways (Code of Federal Regulations – Title 21 – e.g. Part 820 and other documents)[6].
These documents and guidances show the current thinking of the FDA and should be followed by those placing these products on the market in order to facilitate the whole process. It is worth emphasizing the Digital Health Precertification (Pre-cert) Program[7], and others jointly established with the International Medical Device Regulators Forum (IMDRF), such as the Key Definition for Software as Medical Device[8], Software as a Medical Device (SAMD): Clinical Evaluation[9] and so on.
Specifically on AI/ML based medical devices, on 12 January 2021, the FDA proposed an Action Plan[10] where the main goal, among others, is to improve the regulatory framework based on the preview documents mainly with respect to the predetermined change control plan (for software’s learning over time).
One of the greatest benefits of AI/ML is the ability to learn from real-world use/experience and improve its performance, however it is also a concern that indicates the necessity of a total product lifecycle (TPLC) regulatory approach that aids continuous product improvement by providing effective safeguards. Trust, validation, skill degradation and other important aspects remain unresolved.
There are many challenges ahead to ensure safe use of these devices since AI related risks are harder to quantify and mitigate. Yet, as a result of numerous uncertainties, the FDA has already anticipated that many of these artificial intelligence and machine learning driven software changes to a device may require a premarket review. They also expect some of this may also be relevant to different medical device areas as the Software in a Medical Device (SiMD).
All in all, bearing in mind the scenario is still being built and includes efforts of global actors[11], it also requires insights from all stakeholders to ensure a reasonable assurance of safety and effectiveness of these products.
Want to find out how you can stay on top of medical device regulations and standards around the globe? Book a Demo now!
[1] SaMD: Software as Medical Device/ SiMD: Software in a Medical Device
[2] E.g. https://www.iso.org/standard/38421.html
[3] https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32017R0745&from=EN – Classification Rules
[4] https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1623335154975&uri=CELEX%3A52021PC0206
[5] Large penalties are being discussed for companies that fail to comply with the EU requirements on AI
[6] https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?fr=820.30
[7] https://www.fda.gov/media/142107/download; https://www.fda.gov/medical-devices/digital-health-center-excellence/digital-health-software-precertification-pre-cert-program
[8] http://www.imdrf.org/docs/imdrf/final/technical/imdrf-tech-131209-samd-key-definitions-140901.pdf
[9] https://www.fda.gov/media/100714/download
[11] http://www.imdrf.org/workitems/wi-aimd.asp – International Medical Device Regulators Forum (IMDRF) is currently developing a work to concretize a harmonized approach to the management of artificial intelligence (AI) medical devices
Edited by Compliance & Risks
Close
