The global digital health market is expected to grow almost 200% in the next three years. EU consumers are becoming increasingly accustomed to accessing digital health products using their smartphones and other connected devices. Manufacturers and developers must continue to innovate and compete to deliver even more sophisticated, intuitive and life-enhancing health solutions. Digital health in the EU, however, is a heavily regulated space. Those seeking to enter this market need to be familiar with the various regulatory issues and challenges that come as part of operating in such a sophisticated regulatory environment.

We consider some current and emerging issues in the digital health space and conclude with some practical tips for navigating an uncertain, but exciting, next few years.

Software Medical Devices

Medical Device Software (MDSW) must comply with requirements under the Medical Devices Regulation (EU) 2017/745 (MDR), which replaced the Medical Devices Directive 93/42/EEC (MDD), to be permitted onto the EU market. In the context of lifestyle and wellness, general wellbeing software may not trigger obligations under the MDR. However, software and apps seeking to address specific diseases, injuries or other health conditions need to be treated with care from a regulatory standpoint. The features of any given software product, and the way that those features are presented to the market, therefore need to be carefully assessed by manufacturers to determine whether the medical device framework is triggered in any given case.

MDR Compliance

The MDR has brought about various important changes for MDSW, many of which leverage the sensors and connectivity of wearable consumer tech products such as smartwatches, fitness trackers, VR headsets and smartphones. Software medical devices can be offered as downloads on app stores or come pre-installed on these devices. In other cases, manufacturers may choose to customise a consumer device for use with their software medical device. These types of decisions need to be carefully considered in terms of the added regulatory requirements that they can trigger under the MDR. This has led to a growing sophistication in the justifications and analyses deployed by manufacturers to account for these rules and the positioning of their products as part of their regulatory strategies.

As another example, Rule 11 of the MDR Classification Rules now operates to ‘up-classify’ a large proportion of MDSW from class I, the lowest risk category, under the MDD to at least a class IIa under the MDR. This ‘up-classification’ means that many software medical devices now require, for the first time, the involvement of a notified body for certification under the MDR. Certification by a notified body as a class IIa device (and above) requires a manufacturer to present robust evidence that the device has been carefully designed, thoroughly tested and that the various systems necessary for safety and performance of the device are in place and being complied with.

Another important issue arises where manufacturers wish to make changes to devices availing of the transitional provisions under Article 120 of the MDR. One of the conditions laid down by Article 120 is that no ‘significant change’ can be made to the intended purpose or design of a relevant device after 26 May 2021. This can be particularly challenging for MDSW, with releases of updates and newer versions of existing software devices occurring very frequently. Manufacturers who avail of the transitional provisions under Article 120(2) and (3) also need to be mindful that various MDR requirements have been ‘live’ since 26 May 2021, despite the transitional provisions, namely those relating to post-market surveillance, market surveillance, vigilance and registration of economic operators.

Artificial Intelligence (AI)

In April 2021, the European Commission published its Proposal for a Regulation on Artificial Intelligence ( Draft AI Regulation), which aims to provide a comprehensive regulatory framework for AI. Given the classification of AI used in medical devices as ‘high-risk’, manufacturers of medical devices incorporating AI would likely need to demonstrate conformity with the requirements of the Draft AI Regulation, as well as the general safety and performance requirements for MDSW provided for in Annex I of the MDR. Successfully demonstrating conformity under both regulatory frameworks will require a very careful consideration, in conjunction with notified bodies, of the “state of the art” in medical devices incorporating AI and how these devices will achieve the high levels of safety required under both frameworks.

Consumer Electronics

Depending on their functionality, some digital health products, owing to their status as electronic goods, may also require manufacturers to track and ensure compliance with a wide array of EU regulatory requirements other than the MDD or the MDR such as:

  • Directive 2014/53/EU (RED)
  • Directive 2014/35/EU (LVD)
  • Directive 2014/30/EU (the EMC Directive)
  • Directive 2012/19/EU (the WEEE Directive), and
  • Directive 2011/65/EU (the RoHS Directive)

An additional layer of complexity is added with the increased connectivity of digital health products, and the need to account for safety and compliance across systems of networked devices, each with their own unique regulatory profile. The new draft General Product Safety Regulation is aimed at addressing some of these particular risks and safety issues that can arise from connected devices and new technologies.

Data Considerations

The General Data Protection Regulation (EU/2016/679) (GDPR) and its implications when designing digital health products and services also needs to be carefully reviewed by manufacturers seeking to enter the EU market. Integration by manufacturers of GDPR principles into their processes and systems as soon as possible will ensure that they are in the strongest position to achieve compliance and avoid future issues, such as needing to redesign a product at a later date or risks of user complaints or enforcement. The GDPR principle of “data protection by design and default” means that GDPR compliance cannot be an afterthought - a manufacturer must be able to show that it has been ‘baked into’ the design process and the functionality of the product from the outset.

Liability

A revised Product Liability Directive 85/374/EEC is expected in the coming years, to account for the application of concepts such as ‘product’, ‘producer’, ‘defect’ or ‘damage’ in an increasingly digitised and networked market for consumer products. Other recent pieces of EU legislation, like the Collective Redress Directive (EU) 2020/1828, also bring an increased potential for litigation and class action-style claims by groups of EU consumers. This increases the likelihood of a new body of case law forming across the EU in relation to liability for defective medical devices and the software connected to them. This is a development that needs to be closely monitored in terms of its potential impact on the EU digital health market. Associated pieces of EU legislation focusing on consumer protection, such as the Market Surveillance Regulation (EU) 2019/1020, are also expected to enhance the rights of consumers and their abilities to seek redress, especially for goods sold online.

Reimbursement

Digital health tools are well-recognised as having the potential to provide for massive efficiency gains in the provision of health services across the EU. In order for the sector to continue to thrive, and to allow for ongoing growth and innovation, it is vital that efforts continue to realise strategies and schemes aimed at creating concrete and coordinated reimbursement pathways across the EU. Although not specifically addressed to the reimbursement of digital health technologies, Regulation (EU) 2021/2282 on Health Technology Assessment (the HTA Regulation), which came into force in January 2022, could prove to be a particularly significant development in this context. The HTA Regulation seeks to enhance cooperation amongst Member States across various review and consultation activities related to assessing the value of the new technology against other health technologies. As reimbursement pathways for digital health products continue to develop, manufacturers therefore need to remain abreast of policy developments at both EU and national level when deciding where and when to launch their digital health products.

Conclusion

With a lot to negotiate already, and further regulatory issues and challenges requiring active management on the horizon, manufacturers of digital health products seeking to access the EU market are required to commit significant resources to demonstrating safety and compliance. As part of a strategy to access the EU digital health market, there are several practical steps that should be borne in mind:

  • Regulatory intelligence: Invest resources in tracking the development of various pieces of new and proposed legislation planned for adoption in the next one to five years
  • Stakeholder engagement: Work done to track legislative proposals should be leveraged, using open consultation processes, to ensure that the views of all stakeholders are taken into account as new regulatory regimes take shape
  • Partner planning: Developing and launching regulated products requires close coordination with external advisors and stakeholders across the value chain, particularly notified bodies, who must continue to adapt to new guidance and new legislation in real time
  • Product placement: Products need to be assessed at an early stage to ascertain whether or not they will be regulated under the medical device framework and if so, how. Manufacturers can then adopt a structured and strategic approach to regulating their offering to ensure the product is compliant with all necessary regulatory requirements.