Trade update: Medical device under the MDR

11 Jan '22

The Medical Device Regulation (EU) 2017/745 (“MDR”) entered into force on 26 May 2021. In the MDR, a 'medical device' is defined as follows:

“any instrument, apparatus, appliance, software, implant, reagent, material or other article intended by the manufacturer to be used, alone or in combination, for human beings for one or more of the following specific medical purposes:

  • diagnosis, prevention, monitoring, prediction, prognosis, treatment or alleviation of disease,
  • diagnosis, monitoring, treatment, alleviation of, or compensation for, an injury or disability,[…]”.

This definition is very broad. In practice, this will therefore be met quickly. The aim of the MDR is to increase the safety of patients within the European Union when using medical devices and to give patients more insight into what exactly the use of medical devices entails. In addition, the MDR should stimulate the availability of innovative medical devices.

Software as a medical device

Software now falls under these regulations more quickly than before (in addition to the devices that may be required when using the e-health application, such as a fall mat or blood pressure monitor). Software intended for conducting medical scientific research may also fall under the MDR; a sports watch that can only measure heart rate but does not draw a conclusion from it, does not have to fall under the above definition.

However, if the sports watch has a function with which it can diagnose a heart problem, it is a medical device. It is therefore always a question of whether the manufacturer (or the developer of an app, for example) has intended the software to be used solely or in combination for one of the aforementioned medical purposes (diagnosis, prevention, monitoring, etc. of a disease or limitation). To qualify software as a medical device, software must do more than just search, store, archive or transmit patient data. In particular, it should interpret data and assist (for example) in making diagnoses and initiating therapies. Sometimes products, especially software, fall into a gray area. Guidelines have also been drawn up for this, such as the Borderline Manual and Guidance on Qualification and Classification of Software in Regulation (EU) 2017/745 MDR.

It is also irrelevant for the qualification as a medical device whether the software has a direct effect (physical impact) on the human body. It also does not matter where the software is used. It therefore makes no difference whether a patient uses an application at home or whether it is used in the practice of a medical care provider. In addition, we also mention that the MDR means that a product falls more quickly into a higher risk category (whereby, for example, CE marking is required earlier and more clinical evidence is needed).

Legal requirements under the MDR (software)

The moment you wish to market a medical device, this device must meet a number of requirements that are included in the MDR. The MDR mainly entails obligations for manufacturers (or importers, distributors) of an e-health application, but is also relevant for healthcare institutions (which are defined separately in the MDR). This applies to both the development process and the purchase of e-health applications. We mention a few matters:

  • A different regime applies to software that is produced within the healthcare institution and that is intended for internal use than for software that is not produced internally. For this it is sufficient if the general safety and performance requirements of Annex I MDR and the conditions referred to in paragraph 5 of Article 5 MDR are met. A condition is, for example, that the device is not transferred to another legal entity and also that the healthcare institution reviews the experience gained from the clinical use of the medical device and - if necessary - takes all necessary corrective actions. All other requirements of the MDR apply (in addition to the general safety and performance requirements) for software that is not produced and used internally within the healthcare institution. It is therefore important to determine whether a medical device is only manufactured and used for internal use and whether all the requirements of paragraph 5 of Article 5 MDR are met in that case.
  • Before a medical device may be used, a clinical evaluation pursuant to Article 61 MDR must first take place. It must follow from this that the device in question is an effective and safe medical device. The requirements for this evaluation can be found in Annex XIV of the MDR. For example, Article 10 paragraph 3 MDR states that the clinical evaluation must be performed by the manufacturer of the device (in accordance with Annex XIV of the MDR).
  • For example, when developing devices, it must be demonstrated (and justified in documentation) that the target patient group's specific needs cannot be met, or cannot be met at the appropriate level of performance by an equivalent device available on the market. Continued evaluation and improvement of the device is also needed.
  • Article 16 MDR also provides that, among others, a natural or legal person (i.e., the healthcare institution) assumes the obligations incumbent on manufacturers in a number of cases, including the situation that a medical aid is made available on the market (solely) under its name, registered trade name or registered trade mark (except in cases where a distributor or importer enters into an agreement with a manufacturer whereby the manufacturer is identified as such on the label and is responsible for meeting the requirements placed on manufacturers in this regulation) or in the event of a substantial modification of a device already placed on the market or put into service in such a way that compliance with the applicable requirements may be affected. The latter does not apply to a person who assembles or adapts a device already on the market for an individual patient without changing its intended purpose.

As a healthcare institution, it is important – also in the context of liability – to take the MDR into account in the purchasing policy for e-health applications. Good contractual agreements must be made in the field of guarantees, indemnifications and liability, but also regarding, for example, maintenance and updates (and who is or are responsible for this). In that regard, a CE marking does not necessarily offer sufficient guarantees with regard to the liability of a healthcare provider. Medical software with a valid CE certificate (from a notified body) does not have to comply with the MDR until the certificate has expired (this applies until May 2024).

Consequences of non-compliance with MDR

In the Netherlands, the Inspectorate for Health and Youth Care (IGJ) monitors compliance with the MDR (and related national regulations). If the MDR is not or not correctly complied with, the IGJ is authorized to impose a fine or take other action (for example, require corrective actions to be taken).

For further information, please refer to this European Union website where guidelines are included (for download): For example, see the document titled: “Is your software a Medical Device?”

This blog was published in the e-health magazine of December 2021 which is available upon request at:

If you have any questions about the MDR (or guidance documents), compliance issues or contracts, we will be happy to assist you. You can contact us directly at:, or


Attorney at law

Mirjam Louws

Expertises:  Customs,Transport law,Food safety & product compliance , Transport and Logistics,Customs, Trade & Logistics,Food, Customs and International Trade,E-health,E-commerce,

Attorney at law

Nina Witt

Expertises:  IT-Law,Privacy law,Cybersecurity ,Marketing and Advertising, Food,Health Care & Life Sciences, E-health,E-commerce,

Share this article

Stay up to date

Click on the plus and sign up for updates on this topic.

Met uw inschrijving blijft u op de hoogte van de laatste juridische ontwikkelingen op dit gebied. Vul hieronder uw gegevens in om per e-mail op te hoogte te blijven.

Personal data


Company details

For more information on how we use your personal information, please see our Privacy statement. You can change your preferences at any time via the 'Change your details' link or unsubscribe via the 'Unsubscribe' link. You will find these links at the bottom of every message you receive from Ploum.

* This field is required

Interested in

Personal data


Company details

For more information on how we use your personal information, please see our Privacy statement. You can change your preferences at any time via the 'Change your details' link or unsubscribe via the 'Unsubscribe' link. You will find these links at the bottom of every message you receive from Ploum.

* This field is required

Interested in

Create account

Get all your tailored information with a My Ploum account. Arranged within a minute.

I already have an account

Benefits of My Ploum

  • Follow what you find interesting
  • Get recommendations based on your interests

*This field is required

I already have an account

Benefits of My Ploum

Follow what you find interesting

Receive recommendations based on your interests



Why do we need your name?

We ask for your first name and last name so we can use this information when you register for a Ploum event or a Ploum academy.


A password will automatically be created for you. As soon as your account has been created you will receive this password in a welcome e-mail. You can use it to log in immediately. If you wish, you can also change this password yourself via the password forgotten function.