A straightforward guide to navigating medical device product regulations

Claire Burrows has been helping innovators to navigate the choppy waters of medical device regulations for over a decade. She’s conscious that many people in the sector are looking for a simple explanation of the rules and requirements free of jargon and without ‘sounding like a lawyer’.

Here, Claire joins fellow regulatory solicitor Thorrun Govind to discuss the importance of taking tailored, holistic legal advice to keep up with the ever-changing regulatory environment post-Brexit, including the dual UK and EU regimes and evolving MHRA guidance. 

The pair also delve into the impact of new AI and cybersecurity regulations on product compliance, CE and UKCA marking, post-market surveillance requirements and more.

Overview of recent MHRA guidance changes

With technology changing the ways we create products, the MHRA is trying to play catch up and releasing lots of new guidance. This can be tricky to get your head around — especially if you work across more than one jurisdiction, since there are different sets of rules for Europe, the US and the UK.

This year, the post-market surveillance regulations have been released. These are all about safeguarding, patient safety, accountability and reporting issues back to the regulator within specific timeframes.

There has also been a move towards international reliance, which is a huge positive that means regulatory regimes in different countries will either ‘recognise’ CE marking and product conformity testing that's been done in a different jurisdiction or ‘rely’ on it, so at least you’ll have a reduced compliance process to go through. This prevents you from having to go through extensive processes in multiple countries and get to market more quickly.

AI & the digital landscape

There are also new regulations coming out for AI in software that can impact some medical devices. These centre around how AI is actually being implemented and embedded and importantly form part of the conformity testing process. 

This may come as a surprise to some innovators, who can assume that it's only the medical device or in vitro diagnostic regulations that must be complied with. Yet in reality, a conformity tested and CE-marked product must comply with every bit of legislation that applies, including around AI.

Unfortunately, the AI regulations are going to recognise medical devices as high risk by default. So it’s important to understand what you can and can’t do — prohibited practices include things like recording patient’s emotions to protect against impediments to individual privacy and freedoms.

Having a specialist lawyer that you trust to help navigate this area is so important.

Cybersecurity

Cybersecurity is another key area that’s only going to become a bigger issue over time. We’ve all seen cyber attacks in the news recently with major companies like M&S, Co-op and Harrods being targeted. This has to be something that you take into consideration when placing products on the market — particularly if they’re connected to Wi-Fi or AI.

There’s also the patient data aspect of this — under GDPR, you must safeguard personal data and health data is an even higher risk category that requires more stringent controls.

CE & UKCA marking

The CE Mark basically says to consumers that a product is safe, meets all relevant standards and complies with all applicable legislation. You can’t legally place a product on the market unless it has been conformity assessed and marked.

As a result of Brexit and the new regulations coming in, we now also have UKCA marking, which is the UK-only version of CE marking. If you have a UKCA mark and your product needs a conformity assessment by a notified body, that body must be based in the UK to grant you a UKCA mark. 

CE marking is set to be accepted in the UK until June 2030. However, the MHRA recently said that given the pressure around CE marking and its validity, it’s now considering whether it’ll be indefinitely recognised in the UK. It’s worth watching this space because that’ll be a lot easier than going through the process of getting UKCA marking if you can continue to just use your CE marking.

Post-market surveillance regime

As of June this year, there are new requirements for post-market surveillance. These have been added to the medical device regulations (in Section 4) to set out the requirements for reporting any issues that have arisen with a product. The reporting timescale has been decreased to 15 days to allow the regulator to keep track of those devices and enable manufacturers to spot and solve issues more quickly.

Patient safety really is at the heart of this regime. Patients now know that products are under constant scrutiny to ensure that they perform in the expected way.

For compliance teams, this all means that it’s critical to have a compliance framework in place. That means developing a matrix to set out all the relevant bits of legislation that each of your products must comply with as well as the deadlines for when they come into force. Since there are many more regulations set to take effect — from battery regulations to packaging waste regulations and more — this is even more important now than ever before. 

You can then seek the right advice from the right people — even if it’s just someone to sense-check your working to ensure that your product will overcome any regulatory challenges and is able to be placed on the market.

Talk to us

Our medical devices team contains leading advisors on the complexities of placing medical devices on the market. We’ll ensure that your products meet all the requirements in respect of health and safety, conformity testing and certification, technical file and labelling to ensure full compliance and manage regulatory liability.

If you’re looking for guidance, talk to us by calling 0333 004 4488, emailing hello@brabners.com or completing the contact form below.