UK Market Access for Software as Medical Devices

UK Regulatory and compliance requirements

To access the UK market, regulatory and compliance activity required is two-fold:

• Work required to obtain regulatory clearance to place the device on the market and obtain either a UK or CE mark (if applicable).
• Work required to build trust by meeting customer expectations and complying with other legal requirements to gain market access.

Key requirements for all parts of the UK market are:

1.The General Data Protection Requirements

2.General Product and Safety Requirements

Key requirements for doing business with UK government (public) entities including NHS organisations are:

3.Certification against the CyberEssentials scheme

4.Public Sector Bodies (Websites and Mobile Applications) Accessibility Regulations) 2018

5.Compliance with the Government Digital Standards (this is not mandated but highly encouraged to promote a consistent and accessible user interface).

Other key requirements for selling into the NHS are:

6.Compliance with the Digital Technology Assessment Criteria (DTAC)

7.Compliance with the NHS Data Security Protection Toolkit (DCB129)

8.Compliance with the NHS Information Standard for clinical safety for health IT manufacturers (DCB0129)

9.Compliance with NICE Evidence Framework

10.ISO27001 (this is not mandated but is referenced in government procurement frameworks)

Care Quality Commission registration may also be required if you plan on providing a regulated activity including treatment of disease, disorder or injury or independent diagnostic and screening procedures (https://www.cqc.org.uk/guidance-regulation/providers/registration/scope-registration/regulated-activities)

For any software as a medical device manufacturer seeking to enter the UK market (either UK or EU based), we think the goal should be to obtain a CE marking and use this to place the device on the UK market. Pursuing this route, however, will likely take between 12 and 15 months as most SaMD is likely to be classified as class 2 or above and will require an external notified body conformity assessment.

A UKCA mark can be obtained in a short time (1-6 months) and you can start pilots and explore commercial opportunities sooner with a registered medical device. You have the option to register for a clinical investigation of unregistered medical devices in the UK  prior to CE approval, but this introduces a level of complexity and reduces the speed at which you can execute on pilot opportunities.

If your software has a class1 risk profile under the UK MDR*, Deviceology’s suggested approach for faster access is to obtain a class I UKCA mark as an expediency to support activity in the UK, and at the same time plan to register as a CE class II medical device in Europe.

Once a CE marking for your device has been obtained, there will be no need to maintain the UKCA class I medical device mark, as the CE marking can be used for regulatory clearance to place and sell a medical device on the UK market,

OPTION 1: Obtain the UKCA mark

Based on your intended use and risk classification, you can self-certify under the current UK regulations without going through a conformity assessment with an external body if your device has a class 1 (MDR) or class A(IVD) risk profile requirements.*

To do this you will need to:

1.Establish a quality management system

2.Build and maintain a technical file for the medical device

3.Resolve and address UK specific usability considerations (language, instructions for use and UK human factors)

4.Document how you meet the essential requirements of the UK MDR (which is the 1993 version of the medical device regulations that were in force across Europe prior to Brexit, as amended over time to include more robust post-market surveillance requirements that mimic the current EU requirements).

5.Establish a UK place of business and registered office in country or appoint a UK representative to act on your behalf and place the device on the market

6.Register with the MHRA to obtain the UKCA mark by submitting a declaration of conformity. (Subject to approval which normally happens within 5 days)

Advantage

Speed to market and reduced cost – you can self-certify without the involvement of a notified body and should be able to place your device on the market quickly (within 2-3 months)

Disadvantages

• You cannot sell in Northern Ireland or Europe
• The next iteration of the UK regulations which will be presented in 2025/26 are likely to require further regulatory work to register as a class 2 risk device with a conformity assessment
• You have an additional UK regulatory obligation to maintain compliance with the UK MDR

* See https://assets.publishing.service.gov.uk/media/64a7d22d7a4c230013bba33c/Medical_device_stand-alone_software_including_apps__including_IVDMDs_.pdf

OPTION 2: Obtain a CE mark under the EU MDR as a class 2 risk medical device

To do this you need to:

1.Establish a quality management system

2.Build and maintain a technical file for the medical device

3.Resolve and address specific usability considerations (language, instructions for use and human factors)

4.Document how you meet the EU general safety and performance requirements to place a medical device on the market

5.Establish a European place of business and registered office in country or appoint an EU authorised representative to act on your behalf and place the device on the market

6.Register with the notified body to undergo a conformity assessment, which if successfully completed with result in you obtain a CE mark

7.Register the device and manufacturer on the EU database of medical devices (EUDAMED)

8.Register the device with the MHRA regulatory and supervisory authority. (Your UKRP will do this for you if you have no place of business in the UK)

Advantage

You have access to a wider European market as well as the whole of the UK. (Manufacturers can currently place CE marked devices on the UK market until 2030 and the MHRA has announced its intention to recognise CE marked devices in future through the international pathways)

Disadvantages

• This will likely take a minimum of 9 months and more likely a year to complete – waiting for regulatory clearance will require adjustment to other market access activity. You have the option to register for a clinical investigation of unregistered medical devices in the UK prior to approval, but this introduces a level of complexity and reduces the speed at which you can execute on pilot opportunities.