Introduction
Digital health technologies are changing how healthcare is delivered and managed. From fitness trackers and mobile health apps to software that monitors chronic diseases like diabetes or heart conditions, these tools are now part of daily life.
However, with this growth comes tighter regulation. In Europe, manufacturers of digital health technologies, wearable sensors, and medical software must now comply with the EU Medical Devices Regulation (MDR 2017/745), which officially replaced the Medical Device Directive (MDD) on 26 May 2020.
The new MDR brings updated definitions, stricter classification rules, and expanded regulatory requirements—especially for medical device software that was previously classified as Class I. Many apps and software that were once outside regulatory focus are now covered under the MDR.
Looking For a Medical Device Regulatory Consultant?
Let’s have a word about your next project
Understanding MDR Requirements for CE-Marked Digital Health Apps
Before selling or distributing a digital health product in the EU, manufacturers must determine whether their software qualifies as a medical device under the MDR.
Article 2 (1) of the MDR defines a medical device as any instrument, apparatus, software, or material intended by the manufacturer to be used for:
- Diagnosis, prevention, monitoring, prediction, prognosis, treatment, or alleviation of disease
- Diagnosis or monitoring of an injury or disability
- Investigation, replacement, or modification of anatomy or physiological processes
- Providing diagnostic information through in vitro examination of human specimens
The device must achieve its function through non-pharmacological means, although it can be assisted by them.
The MDR expands this definition to include technologies that predict or provide a prognosis for diseases. This means that apps or algorithms that analyze patient data to forecast potential health conditions may now fall under medical device regulations.
Even apps focused on wellness or fitness could be affected if they process physiological data that influences a medical decision.
Software Classification under MDR: Rule 11
The biggest change for digital health technologies comes from Annex VIII, Rule 11 of the MDR, which sets out how software is classified:
- Software providing diagnostic or therapeutic information
- Class IIa if it supports decisions for diagnosis or treatment.
- Class IIb if the decisions could cause serious deterioration of health or require surgery.
- Class III if decisions could lead to death or irreversible health damage.
- Software monitoring physiological processes
- Class IIa by default.
- Class IIb if monitoring vital parameters where changes could cause immediate danger.
- Class IIa by default.
- All other software is Class I.
Although Rule 11 does not explicitly mention “prognosis” or “prediction,” the rule implies that any software used for diagnostic or therapeutic decisions could be classified as Class IIa or higher.
This means that even predictive algorithms or AI-based diagnostic tools may need to undergo CE marking under higher risk classifications.
Medical Software as an Active Device
Under Article 2 (4) of the MDR, software is also defined as an active medical device, since it relies on an external energy source (like electricity) to function.
This includes any hardware that software interacts with, such as smartphones, sensors, or cloud-based systems. Therefore, both the software and its hardware components may fall under medical device regulatory requirements.
The MDR further specifies that:
- Software that drives or influences a device is classified in the same class as that device.
- Software functioning independently is classified on its own.
Manufacturers must also provide detailed technical documentation under Annex II, including:
- Software verification and validation data
- Test protocols and performance results
- Safety, stability, and compatibility information
These steps ensure that the software performs as intended and is safe for patient use.
Independent Software and Cloud-Based Platforms
Modern digital health technologies are no longer limited to dedicated hardware. Many operate on general-purpose platforms such as mobile phones, tablets, or cloud systems.
This shift increases complexity, as these devices connect to networks and exchange data across multiple platforms. MDR compliance must therefore cover data security, system interoperability, and cybersecurity risks, in addition to clinical performance.
The Issue of Prediction and Prognosis in MDR
The MDR’s lack of explicit language on “prediction” and “prognosis” creates uncertainty.
If an algorithm predicts disease risk based on patient data, does it fall under Class I or a higher class? Rule 11 is somewhat vague, and future EU Commission guidance is expected to clarify how self-learning AI and predictive models should be classified.
Until then, manufacturers should assume a higher classification if their product supports any diagnostic or therapeutic decision-making.
What About Wellness and Fitness Apps?
Article 1, paragraph (19) of the MDR provides clarity:
- Software with a specific medical purpose (diagnosis, monitoring, treatment) is a medical device.
- Software for general or lifestyle use, even if used in healthcare settings, is not a medical device.
So, a fitness tracker that counts steps or calories is not regulated as a medical device. But if it claims to detect heart arrhythmias or monitor glucose levels, it will require CE marking under the MDR.
Software Classification: Medical Device vs Non-Medical Device
The MDR clearly distinguishes between software that qualifies as a medical device and software that does not. The key difference lies in the software’s intended medical purpose.
| Software Considered a Medical Device | Software Not Considered a Medical Device |
|---|---|
| Intended for diagnosis or therapy | Intended for documentation only |
| Monitors physiological processes | Used for research or education |
| Supports medical decisions or provides diagnostic information | No defined medical purpose |
CE Marking and Transition Rules
All medical devices, including software, must have a valid CE mark to be marketed in the EU.
However, the MDR transition period (Article 120) does not apply to Class I devices under the MDD that are up-classified to Class IIa under the MDR. These products must undergo a Notified Body review and obtain a new CE certificate before entering the market.
GDPR and Data Protection
Digital health technologies must also comply with the General Data Protection Regulation (GDPR), which came into effect on 25 May 2018.
GDPR introduces strict rules for handling personal and health data, placing greater responsibility on manufacturers to ensure privacy, consent, and data security.
Facing regulatory challenges? Contact Us Today!
How Can Operon Strategist Help?
At Operon Strategist, we help manufacturers of digital health technologies and medical device software navigate the complex EU MDR and CE marking process. Our team assists with regulatory strategy, technical documentation, risk classification, clinical evaluation, and Notified Body coordination. We also support you in aligning your software verification and validation process with MDR requirements and ensuring GDPR compliance for data handling. Whether you’re launching a new digital health app or upgrading an existing one to meet MDR standards, our experts provide complete guidance to help you achieve CE marking approval efficiently and confidently.
