Follow: Email

France’s medicines regulator, the Agence Nationale de Sécurité du Médicament et des Produits de Santé (ANSM), has released draft guidelines, currently subject to a public consultation, setting out recommendations for manufacturers designed to help prevent cybersecurity attacks to medical devices. Notably, the draft guidelines are the first instance of recommendations released by a national regulator in Europe that apply cybersecurity considerations specifically to medical devices. The full ANSM draft guidelines, ‘Cybersécurité des dispositifs médicaux intégrant du logiciel au cours de leur cycle de vie’ (‘Cybersecurity of medical devices integrating software during their life cycle’) published 19 July 2019, is available in French here, and in English here.

The draft guidelines note that while the European regulatory framework (the Medical Devices Regulation 2017/745 and In Vitro Diagnostic Medical Devices Regulation 2017 /746) has been modified “in line with technological developments” (e.g. “data exchange, monitoring, risk prediction and control software”) to include software within the definition of a medical device, and accompanying security and performance requirements specific to such medical devices incorporating software, the “[medical device and in vitro diagnostic medical device r]egulations do not explicitly refer to or elaborate on the notion of cybersecurity”. For the purposes of the guidelines, ‘cybersecurity’ is described as “the full set of technical or organisational measures set up to ensure the integrity and availability of a [medical device] and the confidentiality of the information held on or output by this [medical device] against the risk of targeted attacks.” 
Continue Reading French medicines regulator produces first in Europe medical devices cybersecurity guidelines

On 26 February, the UK’s Medicines and Healthcare products Regulatory Agency (MHRA) published further guidance (available here) setting out the anticipated regulation of medical devices in the UK, should the UK leave the EU without a deal (Guidance).  This Guidance will apply from ‘exit day’ (expected to be 11 p.m. 29 March 2019) subject to the (currently draft) Medical Devices (Amendment) (EU Exit) Regulations 2019 (UK MDR 2019) (available here) being passed by UK Parliament. This latest Guidance follows on from the MHRA’s previous ‘no deal’ scenario further guidance note in January regarding medicines, medical devices and clinical trials regulation (available here).

  1. Legislative Background

The Medical Devices Regulations 2002 (UK MDR 2002) implement Directives 90/385/EEC, 93/42/EEC and 98/79/EC on active implantable medical devices, medical devices, and in vitro diagnostic medical devices (IVDs), respectively (EU Directives) into UK law.  Pursuant to the European Union (Withdrawal) Act 2018, the UK MDR 2002 will continue to apply.


Continue Reading UK regulator provides further ‘no deal’ Brexit guidance for medical devices regulation