White Paper: The Future of Medical Device Regulation and Standards


The REG-MEDTECH project has just published a White Paper entitled “The Future of Medical Device Regulation and Standards: Dealing with Critical Challenges for Connected, Intelligent Medical Devices”, in partnership with BSI, the UK National Standards Body. The paper reviews the main trends in the existing standards and regulatory landscape applicable to connected, intelligent medical devices (CIMDs) and captures critical challenges and potential gaps in this area.

Based on interviews and a roundtable with key experts and practitioners in the field, the White Paper identifies several critical challenges that should inform the future development of standards and guidelines applicable to CIMDs, with a specific focus on artificial intelligence, cybersecurity, and data governance issues:

  • Liability concerns resulting from the complexity of devices, their changing characteristics through updates and algorithmic learning, and questions about the distributed responsibility of several parties including software developers, device manufacturers, clinical staff operating the technology, patients or other end users.
  • Risk classification challenges, especially resulting in modifications in the characteristics of medical devices, arising from potential exploitation of cybersecurity vulnerabilities or the limited predictability of their machine learning component.
  • Detecting and managing cybersecurity vulnerabilities, especially in connected devices that do not have a clear vulnerability reporting, maintenance, and software update policy.
  • Interaction between new medical devices and legacy components in the digital healthcare system, which can affect the performance of new devices and expose them to vulnerabilities and security attacks.
  • Assessing and communicating the transparency and explainability of dynamic and deep learning-based medical devices.
  • Understanding and assessing types of bias in training data and algorithmic learning in AI-based or AI as Medical Device (AIaMDs).
  • Responsible and accountable data management across the lifecycle of a medical device, covering input, output, transfer, storage, and analytics. These measures should include data quality and integrity controls for software and AI-based medical devices, which are largely missing from standards and regulatory guidelines at the moment.

The Paper provides valuable insights to regulators, standards-making bodies, notified bodies, manufacturers, software developers, clinicians, and researchers regarding present gaps and potential loopholes that CIMDs create in current regulatory frameworks, concluding with recommendations for standards development and initiatives in the context of widespread adoption of CIMDs in the healthcare sector.

Access the White Paper “The Future of Medical Device Regulation and Standards” here.

To cite, please use:

Mkwashi, A and I. Brass (2022) The Future of Medical Device Regulation and Standards: Dealing with Critical Challenges for Connected, Intelligent Medical Devices. London: PETRAS National Centre of Excellent in IoT Systems Cybersecurity.