Global Medical Device Regulations

Regulations governing medical device development and use

Global medical device regulations

  • United States of America: Food and Drug Administration (FDA), FDA Medical Devices regulates medical devices under the Federal Food, Drug, and Cosmetic Act (FD&C Act), and the Medical Device Amendments of 1976
  • European Union: European Medicines Agency (EMA), EMA Medical Devices regulated under the Medical Devices Regulation (MDR) 2017/745 and the In Vitro Diagnostic Medical Devices Regulation (IVDR) 2017/746
  • Australia: Therapeutic Goods Administration, TGA Medical Devices regulates medical devices under the Therapeutic Goods Act 1989 and the Therapeutic Goods (Medical Devices) Regulations 2002
  • Canada: Health Canada, Health Canada Medical Devices regulates medical devices under the Food and Drugs Act and the Medical Devices Regulations
  • Japan: Ministry of Health, Labour and Welfare, MHLW regulated under the Pharmaceutical Affairs Law (PAL) and the Medical Device Regulations (MDR) administered by the Pharmaceuticals and Medical Devices Agency (PMDA)
  • United Kingdom: Medicines and Healthcare products Regulatory Agency, MHRA Medical Devices oversees medical devices regulation in the UK, following the EU regulations (MDR and IVDR) as of the date of separation from the EU
  • South Korea: Ministry of Food and Drug Safety, MFDS regulates medical devices under the Medical Devices Act
  • China: National Medical Products Administration, NMPA, formerly known as the China Food and Drug Administration (CFDA)
  • India: Central Drugs Standard Control Organization, CDSCO regulated under the Drugs and Cosmetics Act, 1940, and the Medical Device Rules, 2017
  • Brazil: Agência Nacional de Vigilância Sanitária, ANVISA regulates medical devices under Resolução de Diretoria Colegiada (RDC) No. 185/2001 and RDC No. 16/2013
  • South Africa: South Africa Health Products Regulatory Authority, SAHPRA regulates medical devices under the Medicines and Related Substances Act, 1965
  • ASEAN Medical Device Directive, AMDD is a harmonised medical device regulation applicable across the Southeast Asian Nations (ASEAN) countries (Brunei Darussalam, Cambodia, Indonesia, Lao People’s Democratic Republic, Malaysia, Myanmar, Philippines, Singapore, Thailand, Vietnam)

World Health Organization (WHO) prequalification (WHO-PQ)

The WHO prequalification (WHO-PQ) for in vitro Diagnostics (IVDs) and Male Circumcision Devices (MCDs) is a process through which specific priority medical device products are assessed for their quality, safety, and performance.

The WHO-PQ programme aims to facilitate access to medical devices meeting the 5As criteria, particularly in low-resource settings and during public health emergencies. Medical device manufacturers may apply to the WHO Prequalification Team, which reviews the technical documentation, audits the Quality Management System (QMS), and commissions performance or clinical evaluations of products. The evidence is reviewed by a team of independent experts who evaluate the submitted data and audit reports to ensure that the product meets the WHO’s prequalification criteria prior to listing.

WHO prequalification status provides assurance to countries, procurement agencies, and donors that a product has undergone a thorough evaluation and meets international quality standards. As such, WHO-PQ approval and listing are often required by donors and organisations operating in low and middle-income countries (LMICs). However, only a small number of products are eligible for WHO-PQ as historically, the most focus has been on IVDs for infectious diseases and Male Circumcision Devices (MCDs), which are critical commodities supporting the delivery of priority disease area programmes (HIV/AIDS, Tuberculosis and Malaria). Recently, IVDs for cardiometabolic diseases have become eligible for WHO-PQ. The first digital health product, computer-assisted diagnosis of X-ray medical images, is expected to be included in the WHO-PQ programme in 2024.

What other regulations impact medical devices?

In addition to specific medical device regulations, other regulations and standards can impact medical device production and use. These regulations address general product safety, clinical studies, environmental impact, digital and cybersecurity, and data management.

Clinical Trials Regulations

Clinical trials regulations encompass legal frameworks that govern the conduct, ethics, and oversight of clinical research involving human participants to ensure safety, efficacy, and ethical standards are upheld. Examples:

  • Good Clinical Practice (GCP) is an international ethical and scientific quality standard for designing, conducting, recording, and reporting clinical trials involving human subjects.
  • The EU Clinical Trials Regulation (CTR) regulates and harmonises the conduct of clinical trials within the EU, ensuring the rights, safety, and well-being of trial participants and the reliability of the data generated.

Good Manufacturing Practice (GMP)

Provides guidelines for manufacturing, testing, and quality assurance to ensure that medical products are consistently produced and controlled according to quality standards.

Data Protection Regulations

Governs the processing and protection of personal data, which is especially relevant for medical devices that collect or process patient information. Examples:

  • The Health Insurance Portability and Accountability Act (HIPAA) in the U.S.A. ensures the protection of patient data and privacy, relevant to medical device manufacturers handling health information.
  • The General Data Protection Regulation (GDPR) is a comprehensive European Union (EU) law that governs the collection, processing, and protection of personal data of individuals within the EU and European Economic Area (EEA).

Software and Cybersecurity Standards

Standards and regulations that address the use and cybersecurity of technology, ensuring protection against data breaches, misuse and cyber threats. Examples:

  • The EU AI Act is a regulatory framework aimed at governing artificial intelligence (AI) systems within the European Union, ensuring they are developed and used in a manner that upholds fundamental rights and societal values.
  • The EU Cyber Resilience Act (CRA) is legislation aimed at enhancing cybersecurity resilience across the European Union, focusing on critical sectors such as healthcare, energy, and transport.
  • The Federal Information Security Modernisation Act (FISMA) is legislation that mandates federal agencies to implement comprehensive cybersecurity programs to protect their information and information systems.
  • The UK Online Safety Bill is legislation designed to establish a regulatory framework aimed at tackling harmful content and behaviours online, ensuring digital platforms take responsibility for user safety.

Telecommunications Regulations

Telecommunications regulations refer to rules and policies established by governments or regulatory bodies to govern the operation, management, and use of telecommunications networks and services within a country or region. They may be relevant for medical devices that use telecommunications technology. Examples:

  • International Telecommunication Union (ITU) Standards
  • Federal Communications Commission (FCC) regulations in the U.S.A.

Environmental Regulations

Compliance with environmental regulations or national laws concerning environmental impact assessments may be required to manufacture and dispose of medical devices. Examples

  • The European Green Deal is a comprehensive plan by the European Union to achieve climate neutrality by 2050 while promoting sustainable growth and reducing greenhouse gas emissions.
  • The WEEE Directive (Waste Electrical and Electronic Equipment) mandates the proper disposal and recycling of electronic devices, including medical devices.
  • The Canadian Environmental Protection Act (CEPA) is federal legislation in Canada aimed at protecting the environment and human health by regulating pollutants and substances that pose risks to these areas.

Hazardous Substance Regulations

Examples:

  • RoHS Directive (Restriction of Hazardous Substances) limits the use of certain hazardous substances in electrical and electronic equipment, including medical devices.
  • REACH Regulation (Registration, Evaluation, Authorisation, and Restriction of Chemicals) controls the use of chemical substances in manufacturing, ensuring safety and environmental protection.
  • Biocidal Products Regulation (BPR) regulates biocidal products used to protect medical devices, ensuring they do not pose risks to human health or the environment.
  • China RoHS for restriction of hazardous substances.

Resources

    MedDev Central Academy:

    MedDev Central Knowledge Hub:

    Regulation: The rules, laws, standards, and requirements set by regulatory authorities to ensure the safety, efficacy, and quality of devices intended for medical use.

    Regulatory Authority: An official body overseeing and enforcing laws, regulations, and standards within a specific industry or sector to ensure compliance and protect public interests. Also known as a Regulatory Authority. Also see Competent Authority and Notified Body.

    Standard: A document that provides guidance, requirements, or specifications established by regulatory bodies, industry organisations, or international consensus groups.

    Stringent Regulatory Authority (SRA): An established governmental agency or body that rigorously evaluates and monitors the safety, efficacy, and quality of medical devices through comprehensive regulatory frameworks and standards. Also see Regulatory Authority.

    World Health Organisation (WHO): A specialised agency of the United Nations responsible for international public health.

    Updated on 29 May 2024