Digital health applications are routinely used to inform or drive clinical treatments. This means they need to prove they are both safe and effective. Read on to find out how to classify such applications under the MDR.

Nowadays, digital health applications are viewed just like any other medical product. This means they must demonstrate that they are safe and effective. The precise rules differ between countries. In the EU, they generally come under the new Medical Device Regulation (MDR). Such applications are known as Medical Device Software (MDSW)

Classifying software under MDR

The MDR (which will be enforced from May 26) defines digital health applications as Medical Device Software (MDSW). Under the MDR, medical devices are classified according to the risk they pose to patients. In November last year, the Medical Device Coordination Group released formal guidance on classifying MDSW. The 28 page document explains how to interpret the rules within the MDR. It then gives guidelines on how these should be applied when risk assessing any MDSW. Finally, they give some examples.

The table below is based on the MDCG guidance. It gives a good starting point for classifying any digital health application.

Classifying software under MDR |

What is the software doing?

The first step is to decide what the application actually achieves. There are 3 options:

  • Diagnose or treat. Does the application actually provide a diagnosis or treatment for the patient? For instance, an application that enhances CT images to highlight bleeding on the brain in stroke patients.
  • Drive clinical management. In this case, the application is directly supporting patient care decisions. For instance, an application that monitors vital signs during anaesthesia.
  • Inform the treatment. Here, the application is simply providing information that helps with diagnosis or treatment. For instance, an application that provides a psychiatrist with information about a patient's mental state over recent days.

How seriously is the patient harmed?

The second step is determining how serious the risks are. Here, you have to think what might happen to the patient if the application made the wrong choice or gave the wrong advice.

  • Critical or fatal. The highest risk with medical products is death or permanent disability. Exactly what constitutes a critical but non-fatal risk has to be determined case-by-case.
  • Serious. This means there is a real risk that the patient's health will be harmed if the MDSW gives the wrong advice.
  • Other. This covers all other cases, where the patient is either not harmed at all, or the harm is minimal.

Other rules to know about

Within Germany, certain types of digital health application will be available on prescription by the end of this year. This is thanks to the new Digital Health Act (DVG). DVG only applies to applications that are certified Class I or Class IIa under MDR. However, in addition to the requirements of MDR, the application developer needs to prove that the app achieves an improvement in care delivery. This is a bit broader than the requirement to be safe and effective.

Within the UK, digital health applications are available via the NHS Apps Library. In order to be included in the library, apps need to meet various criteria.  These include:

  • The app must be certified if it falls under MDR.
  • The app must meet all technical and organisational requirements set out in GDPR. This is assessed via an extremely detailed checklist.
  • If the app provides a pharmacy service, it needs to be registered with the General Pharmaceutical Council.

Want to find out more?

The MDR is just one of many regulations and standards that apply to digital health. Here at, we are the experts when it comes to this field. So, we have put together a short overview to help you. Click below to get your free copy.