Story Highlight
– MHRA clarifies UK regulatory framework for software as medical devices.
– Key focus on intended purpose and regulatory compliance.
– Clinical investigations required for safety and performance evidence.
– New post-market surveillance rules effective from June 2025.
– MHRA supports innovators with guidance and resources.
Full Story
In a recent webinar hosted by techUK, experts from the Medicines and Healthcare products Regulatory Agency (MHRA) engaged with participants to provide an extensive overview of the regulatory framework governing software classified as a medical device (SaMD) in the UK. This session aimed to clarify essential regulatory aspects for developers, manufacturers, and National Health Service (NHS) adopters, especially as the field of software and artificial intelligence (AI) continues to evolve rapidly, raising important questions related to compliance, clinical evidence, and post-market obligations.
The MHRA representatives elucidated the entire regulatory pathway, addressing critical topics including the criteria that determine whether software qualifies as a medical device, the processes involved in conducting clinical investigations, and the enhanced post-market surveillance measures scheduled to take effect in 2025. Throughout the presentation, the MHRA team reiterated their dedication to assisting innovators in navigating the increasingly intricate regulatory landscape.
**Legislative Context and Definitions**
To initiate the discussion, the MHRA provided clarity on the legislative framework governing medical devices across the UK. They highlighted the differences in regulation between Great Britain and Northern Ireland, stressing that while Great Britain accepts both UK Conformity Assessment (UKCA) and CE markings, Northern Ireland remains aligned with the European Union’s Medical Device Regulations. Developers were advised to consider their target markets carefully, particularly in light of ongoing consultations regarding the recognition of CE marking within Great Britain.
A pivotal theme of the session was the significance of the intended purpose of medical software. This foundational statement influences whether software is classified as a medical device, the classification it receives, and the necessary evidence to establish safety and performance. The MHRA underlined that precise and specific intended use statements are crucial, impacting all subsequent regulatory procedures—including software design, risk management protocols, clinical evaluations, and post-market responsibilities.
To assist manufacturers, the MHRA has made available comprehensive guidance and a decision-making flowchart. This resource aids developers in determining whether their products meet the definition of a medical device and offers interpretations for various use cases, such as decision-support tools, calculators, and AI-integrated systems.
**Clinical Evidence Requirements**
The MHRA’s clinical investigations team elaborated on the expectations surrounding the generation of clinical evidence. All medical devices, irrespective of their classification, must validly demonstrate their safety and performance. If a manufacturer cannot establish sufficient clinical evidence through existing studies or draw equivalencies with similar devices, they are obligated to conduct a regulated clinical investigation.
Key points discussed included the requirement for MHRA review and authorization of a clinical investigation application within a statutory 60-day timeframe before it commences. Applications are submitted via the Integrated Research Application System (IRAS) and mandated to include essential documentation, adhering to ISO/IEC 62304 standards for the best practices in medical device software development. Sites intending to conduct studies must obtain a Letter of No Objection prior to initiating research, and separate ethics approval from a Research Ethics Committee is also mandatory.
The session also clarified the differences between pre-market clinical investigations, which are subject to regulation, and post-market studies, which, while unregulated by MHRA, still require ethics approval. Attendees expressed appreciation for guidance on ambiguous areas such as digitised clinical calculators, novel AI tools, and the role of equivalence in mitigating undue burdens on developers.
**Revised Post-Market Surveillance Protocols**
The MHRA’s market surveillance representative detailed significant reforms that will come into effect in June 2025, affecting both CE and UKCA-marked medical devices introduced to the market thereafter. These amendments aim to enhance traceability, standardise incident reporting, and accelerate regulatory responses to new safety issues.
Notable changes include the reduced reporting timelines: serious incidents must be reported to the MHRA within 15 working days, with even tighter deadlines for fatalities and public health risks. Additionally, a wider array of incidents, including specific adverse effects, now must also be reported. Enhanced oversight will be implemented for any field safety corrective actions that must be reported within three days, and the MHRA will now conduct pre-publication reviews of Field Safety Notices. Furthermore, manufacturers will be required to collect real-world data to facilitate ongoing surveillance, particularly pertinent for software and AI applications that may undergo continuous evolution.
All incident reporting will be managed through the MORE online portal, a platform designed to ensure systematic tracking and risk assessment.
**Implications for Developers and NHS Stakeholders**
The insights shared during the webinar highlighted several crucial points for manufacturers. They should:
1. Define a clear intended purpose early in the process, in line with MHRA guidance.
2. Comprehend the conditions that necessitate clinical investigations and plan for appropriate evidence generation.
3. Adhere to strengthened post-market surveillance regulations.
4. Utilise MHRA’s available guidance, including flowcharts and standards, to minimise uncertainty in compliance.
For NHS organisations involved in procuring or deploying SaMD, the MHRA reinforced that while medical device status is significant, it does not eliminate the necessity for local clinical safety assessments, such as those outlined in DCB 0129/0160. Even though products listed on the MHRA register comply with regulatory standards, local due diligence remains critical for evaluating workflow compatibility, risk management, and integration considerations. While the MHRA welcomes inquiries for clarification, they noted that they cannot provide consultancy services regarding specific implementation decisions.
**Future Engagement and Support**
The session underscored the MHRA’s commitment to maintaining an open line of communication with innovators as well as the health and care system. As software and AI applications become further embedded within clinical processes, the MHRA is focused on expanding its guidance, enhancing clarity, and addressing emergent areas where the industry requires further assistance.
techUK plans to collaborate closely with the MHRA to create a resource pack summarising key guidance, addressing common inquiries, and providing examples based on member concerns, aiding the industry in navigating this complex landscape.
Our Thoughts
The article highlights essential aspects of the UK regulatory framework for software as a medical device (SaMD) under the Medicines and Healthcare products Regulatory Agency (MHRA). To prevent compliance issues and enhance safety, several key actions could be implemented:
1. **Clear Intended Use Statements**: Developers must ensure precise definition of intended purpose early in the development process, which influences classification and evidence requirements (UK Medical Devices Regulations).
2. **Robust Clinical Investigations**: Adequate clinical evidence must be derived from regulated studies if existing literature is insufficient. This stipulation, guided by ISO/IEC 62304, helps mitigate risks related to device safety and performance.
3. **Post-Market Surveillance Compliance**: Adhering to new reporting requirements effective from June 2025, including tighter incident reporting timelines and broader incident categories, would enhance ongoing monitoring of device safety.
4. **Local Clinical Safety Assessment**: NHS organisations should conduct thorough local risk assessments in addition to relying on MHRA compliance, ensuring alignment with DCB 0129/0160 standards.
Failure to adhere to these regulations can lead to compromised patient safety and regulatory breaches, underlining the necessity of stringent compliance and vigilance in the evolving landscape of SaMD.
