Medi­cal Device Soft­ware: What Plat­form Ope­ra­tors Must Know to Stay Compliant

Apps that are con­side­red medi­cal devices are sub­ject to strict regu­la­ti­ons in the EU – and app plat­forms are also respon­si­ble. Our FAQ explains the most important aspects of the MDCG Gui­dance Docu­ment 2025-04 of the EU Medi­cal Device Coor­di­na­ti­on Group. 

What is an MDSW app and why is its secu­ri­ty important?

A medi­cal device soft­ware app (MDSW app) is soft­ware that is used for medi­cal pur­po­ses – for exam­p­le to dia­gno­se or con­trol the­ra­pies. It can be used direct­ly by pati­ents. Its safe­ty is cru­cial as it can have a direct impact on health. MDSW apps must the­r­e­fo­re com­ply with strict EU requi­re­ments (in par­ti­cu­lar MDR (EU 2017/745) and IVDR (EU 2017/746)).

What role do app plat­form pro­vi­ders play in MDSW apps?

App plat­forms can sim­ply pro­vi­de MDSW (e.g. as hos­ting ser­vices) or actively dis­tri­bu­te them. In the first case, they are con­side­red inter­me­dia­ries and are pri­ma­ri­ly sub­ject to the Digi­tal Ser­vices Act (DSA, EU 2022/2065). Howe­ver, if they assu­me owner­ship or dis­tri­bu­ti­on of the app, they are con­side­red dis­tri­bu­tors or importers and must com­ply with the requi­re­ments of the MDR/IVDR.

What legal requi­re­ments app­ly to MDSW apps in the EU?

Main­ly the MDR (EU 2017/745) and IVDR (EU 2017/746) app­ly. In addi­ti­on, the DSA (EU 2022/2065) appli­es to plat­form pro­vi­ders. All legal requi­re­ments must be met befo­re an MDSW app can be offe­red in the EU.

What obli­ga­ti­ons do plat­forms have as intermediaries?

As inter­me­dia­ries under the DSA, plat­forms must, among other things:

• offer mecha­nisms for report­ing ille­gal content,
• Enable trans­pa­ren­cy of pro­duct information,
• very lar­ge plat­forms (VLOPs) must car­ry out addi­tio­nal risk analyses.

When are plat­form pro­vi­ders con­side­red dis­tri­bu­tors or importers?

If they actively dis­tri­bu­te MDSW apps or assu­me owner­ship rights, they are con­side­red eco­no­mic ope­ra­tors and must com­ply with all MDR/IVDR requi­re­ments – e.g. on pro­duct safe­ty and coope­ra­ti­on with authorities.

What infor­ma­ti­on must manu­fac­tu­r­ers provide?

MDSW manu­fac­tu­r­ers must pro­vi­de clear infor­ma­ti­on accor­ding to MDR/IVDR, e.g:

• Cont­act and manu­fac­tu­rer information,
• Pro­duct details (name, UDI, purpose),
• Safe­ty and ope­ra­ting instructions.

Why is app cate­go­riza­ti­on important?

So that users can distin­gu­ish bet­ween genui­ne medi­cal device apps and gene­ral health apps. Only apps with MDR/IVDR con­for­mi­ty may be labe­led as “medi­cal devices”.

What addi­tio­nal inspec­tion obli­ga­ti­ons do plat­forms have?

Plat­form pro­vi­ders must also com­ply with the DAS:

• Check dea­ler infor­ma­ti­on befo­re activating,
• Ran­dom­ly check pro­ducts for legality,
• ana­ly­ze and miti­ga­te sys­te­mic risks annu­al­ly for very lar­ge platforms.

What to do now?

1. Iden­ti­fy MDSW: Check whe­ther your app is clas­si­fied as a medi­cal device.
2. Ensu­re legal com­pli­ance: Ensu­re that all requi­red pro­duct infor­ma­ti­on, labe­l­ing and evi­dence is available.
3. Cla­ri­fy roles: Check whe­ther your plat­form is acting as an inter­me­dia­ry, dis­tri­bu­tor or importer – and ful­fill the cor­re­spon­ding obligations.
4. Crea­te trans­pa­ren­cy: Design your plat­form so that users can cle­ar­ly reco­gni­ze rele­vant infor­ma­ti­on about MDSW apps.
5. Estab­lish risk assess­ment and moni­to­ring: Lar­ge plat­forms in par­ti­cu­lar should intro­du­ce and docu­ment pro­ces­ses for risk assess­ment and mitigation.

Now is the right time to clo­se regu­la­to­ry gaps – befo­re super­vi­so­ry aut­ho­ri­ties beco­me acti­ve. We are hap­py to pro­vi­de support.