Classification, Certification and Validation of Medical Software Application and Active Medical Devices
If your company is developing medical software or software-integrated devices and plans to access the European market, it is essential to understand the regulatory framework defined by the EU Medical Device Regulation (MDR). The CE Certification process for software as a medical device (SaMD) or software integrated in active medical devices follows strict classification and validation requirements.
In Medical Software Application Certification and Validation, three different systems must be considered:
If software is part of the Medical Device (e.g., diagnostic apps, embedded control software, therapy planning tools), it must be assessed according to its risk classification (per MDR Annex VIII). If classified as a Medical Device, the software must undergo conformity assessment and demonstrate compliance with applicable standards.
Software Systems that influence the production quality of a Medical Device (e.g., test systems, monitoring tools) must be validated to ensure they function as intended and do not compromise product safety or performance.
Any digital tool used to control processes within your QMS — including document control, complaint handling, or training management — must also be validated. This ensures the reliability and traceability of quality-relevant activities and data.
The focus in all of this is on the influence of the Software on the Medical Device or Service. The manufacturer must ensure to use only verified and suitable Software (Software Validation).
Validation requires documented and traceable evidence to prove that a system reliably meets its intended purpose in actual use. In the EU context, this includes:
The main question is whether these requirements can be effectively, practically and efficiently implemented. Although validation has been a topic in DIN EN ISO 13485 for a long time, there is still uncertainty regarding the scope and depth of these activities in medical technology.
It is not easy to answer if a Medical App is a Medical Device. The intended use is crucial. A simple monitoring of blood sugar levels does not automatically lead to classification as a Medical Device. Once the classification of the software has been clarified, questions arise regarding DIN EN ISO 62366 (Usability Engineering) or 62304 (Software Life Cycle).
Medical Software is classified under Annex VIII, Rule 11 of the MDR. Software that provides information used for diagnostic or therapeutic decisions is generally classified as Class IIa, IIb or III, depending on the risk.
Validation ensures that your software reliably meets its intended use. It includes defining requirements, risk assessment, and performing tests (IQ/OQ/PQ). This applies to software embedded in devices, used in manufacturing, or in the QMS.
Yes. Software that affects product quality (e.g., testing, inspection, monitoring systems) must be validated to demonstrate that it does not compromise safety or performance.
• IQ (Installation Qualification) – Ensures software is installed correctly in its intended environment.
• OQ (Operational Qualification) – Verifies the software performs its intended functions under simulated conditions.
• PQ (Performance Qualification) – Confirms that the software consistently performs in real-world usage.
WQS provides you with detailed information on your subject.
You can also explore our FAQ page and other resources for further insight
– or simply contact us for direct support.
Support for US companies to enter the European market. EU Rep, Certification, QM System, Technical Documentation, support of the Procedure, selection of a Notified Body, support of the Certification Procedure, preparation of a Clinical Evaluation, support of Clinical Studies, including the Logistical Concepts.
Copyright 2024 WQS Management Consultants GmbH