We help you determine the correct software qualification and classification for the EU and USA, the associated requirements and their impact on products and processes, identify relevant ISO/IEC standards and how to establish the necessary proof of compliance.

Why is this important for the manufacturer?
Software in the medical context may or may not be a medical device, an IVD, and/or an AI system. Depending on the manufacturer's product claims, the software may have a medical purpose. Software without a medical purpose is used for storing or exchanging patient data, communication, or lifestyle & wellness, for example. The relevant legislation in both situations has a significant impact on the manufacturer's product and process requirements and varies by region. Examples of legislation include the EU MDR, EU IVDR, EU AI Act, GDPR, and FDA 21CFR.

We can help you navigate today's complex regulatory landscape, determine the impact of the EU AI Act, and coordinate the right route to market in consultation with Notified Bodies.

Why is the EU AI Act complex?
Artificial Intelligence (AI) is a rapidly evolving field with enormous potential for healthcare, education, government and mobility. It can quickly gather essential information from data, make processes more efficient, offer new solutions to complex problems, and enhance human capabilities. There is a difference between AI software based on mathematical calculation rules and AI systems that imitate human skills such as learning, reasoning, problem-solving, and decision-making. When an AI system has a medical purpose, the EU AI Act may apply in addition to the EU MDR/IVDR. The timelines for complying with the EU AI Act are short, with requirements imposed on both the provider and the deployer, and in addition expectations from Notified Bodies.

We can help you develop your data management strategy for product development, clinical studies, finished products, and market access.

Why a regulatory data strategy?
Data management is essential during the process of gathering evidence for intended use, clinical applicability, and product claims. This is also part of the regulatory strategy for obtaining market access. High-quality and usable data for development, verification, and validation are key. Data strategy and management must consider, e.g., the General Data Protection Regulation (GDPR), the European Data Act and Data Governance Act (DGA). Applying ISO 8000 and ISO 27000 standards may be relevant to demonstrating regulatory compliance.

We can help you determine the requirements you and your customers need to meet to secure devices, software, platforms, and IT networks. We can also assist in identifying the necessary evidence and reporting required for market access applications.

Why is it of public interest?
Personal data and medical records are privacy sensitive. This makes them highly valuable to criminals and often the target of cyberattacks. When developing products, it is crucial to determine which personal data is required and the conditions attached to it. It is also important to determine what type of data the final product will use. All of this influences the level of evidence and risk mitigation required for privacy and cybersecurity under the GDPR, EU and/or FDA cybersecurity legislation, and NIS2. Evidence of implementation can be expected in the form of a Secure Product Development Framework (SPDF), a Software Bill of Materials (SBOM), and robust cybersecurity risk management plans.

We can support you during the development of your IVD software product to meet all the requirements of the EU IVDR.

Why specifically EU IVDR?
The regulation for medical devices, the EU MDR, is better known and more widely implemented. The EU IVDR is intended for a specific group of medical devices, in vitro diagnostic products, such as tests developed for the analysis of human materials. Software as an IVD is a specific group of IVD products that must also comply with the IVDR. Correctly interpreting the IVDR for these software products is often seen as a challenge, particularly with regard to the requirements for performance evaluation and product claims, and the expectations regarding demonstrating safety and effectiveness.

We can guide you at concept phase in determining and optimizing the paths to market access.

Why already at Concept Phase?
For well-informed decisions about grants and investments, not only is the technical feasibility of the product concept necessary, but also the intended claims and the regulatory-based market access strategy. In addition to the product requirements, insight into the requirements for the (quality) management system is crucial, as are the associated timelines and costs. Exploring opportunities in various markets (e.g., the EU and the US) and understanding the step-by-step development of product claims can reveal opportunities that form a key component of the strategic business plan.