/cdn.vox-cdn.com/uploads/chorus_asset/file/24016885/STK093_Google_04.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/24808816/Starfield__The_Settled_Systems___Supra_Et_Ultra_____Starfield__The_Settled_Systems___Supra_Et_Ultra_2023_7_25_94252.263_1440p_streamshot.png)
chris ockleshaw, International Product Recall Advisor, Sedgwick Brand Safety Questions, if impending medical device regulations, and those that follow, will be fit for purpose.
Over the past several years, the European medical device industry has championed innovation as a driver of growth, supported by both private and public investment. Advances in modern technology such as new software, increasing connectivity of medical devices, and the use of artificial intelligence (AI) for healthcare applications have been key to helping the industry move forward.
While these advances in medical device technology will ultimately be beneficial to patient health and safety, the rapid pace of innovation has presented a challenge to regulatory authorities. Several regulatory bodies are already working to modernize rules for the digitalized medical device industry, but with technology advancing so quickly, those revisions may be out of date before the ink is dry on final approval.
A significant number of new medical device regulations were introduced in 2022 targeting modern issues such as cyber security and AI. Both the European Commission and the UK’s Medicines and Healthcare Products Regulatory Agency (MHRA) issued guidance and proposals for the new legislation. However, as the first several months of 2023 have shown us, new technologies such as natural language AI could have a broad impact across industries that could render existing or proposed regulations inadequate.
key regulatory developments
In the EU, the Commission focused on cyber security, recognizing the threat to patient safety should a connected medical device be breached.
Adopted in November 2022, Directive (EU) 2022/2555, commonly known as the NIS2 Directive, establishes measures for a higher common level of cyber security throughout the European Union. It builds on the lessons learned from the original NIS Directive and sets out more specific rules, aimed at cyber security requirements and the implementation of cyber security measures in EU member states. The directive establishes minimum rules for a member state’s regulatory framework and introduces a size-cap rule as a general guideline to determine which entities will be covered under the directive. This means that all medium and large sized entities in the relevant sectors will be covered by NIS2.
A significant change to the NIS2 Directive is its expanded scope, which now covers manufacturers of medical devices and in vitro diagnostic (IVD) medical devices. Most medical device manufacturers are classified as “critical” entities, while a subset of devices deemed “critical during a public health emergency” qualify as “essential” entities subject to stricter supervisory measures. Are.
Any manufacturer that is considered “critical” or “essential” in any sector must adopt measures related to risk analysis, conduct regular risk assessments and implement crisis management plans. These measures are highly recommended for any industry that manufactures products for the European market that may be subject to recall or remediation. However, the new obligations under NIS2 will require manufacturers to take this additional step, rather than simply making it a best practice.
The commission also introduced two proposals related to AI, the AI Act and the AI Liability Directive, which will be applicable to all industries. This could lead to confusion for the medical device industry due to overlap and conflict with Regulation (EU) 2017/746 on Medical Devices (MDR) and Regulation (EU) 2017/745 on 2017/746. in vitro Diagnostic Medical Device (IVDR), both of which were recently updated. If the AI Act is approved, medical device manufacturers may find themselves required to go through multiple certification processes and slightly different post-market surveillance requirements to comply with both the AI Act and MDR or IVDR regulations. Could
While the EU MDR and IVDR outline specific rules for software as a medical device (SAMD) that will come into force from 2026, the UK recently set out to establish its own regulatory framework for these devices. Is. The MHRA released its guidance on “Software and AI as a Medical Device Transformation Program – Roadmap” in October 2022. The publication outlines a number of work packages and deliverables that the MHRA will issue to develop the future regulatory framework. Major changes outlined in the roadmap include: qualifying as SAMDs, refining classification rules for SAMDs, clarifying premarket requirements, strengthening post-market surveillance systems, improving cyber security of SAMDs, Ensuring the Safety of AI as a Medical Device (AIAMD). and considering a human explanation for AIMD.
The UK is expected to issue the first formal legislation on SaMD and AIaMD in 2024, but the MHRA will be busy in the interim. Announced in early 2023, the UK will soon issue a legislative framework to set up its own regulation of modern medical devices. After Brexit, the UK reverted to Medical Device Regulations 2002, which implemented EU legislation from the 1990s and have become predictably out of date with modern technology advances.
All these proposed regulations will certainly propel the EU and the UK towards creating a modern regulatory regime for the medical device industry that is aligned with the current technology and the risks it poses. However, as we have seen with the frequent delays in the MDR transition period, drafting, approving and implementing a new regulatory framework of the scale necessary to meet existing innovations and technology is a multi-year process. This raises concerns about whether the new rules will be able to keep pace with rapid technological advances, or whether a new model of regulation is needed to address the ever-evolving market and allow for greater flexibility in regulating the industry. Needed.
To hope
The next several years will mark a period of change as regulators catch up with medical device innovations and manufacturers work to comply with an array of new regulations and laws. Whether those rules will be able to keep pace with new developments in medical device technology will be a question for the foreseeable future. However, it is clear that the technology will continue to be a top concern for manufacturers and regulators alike. For example, as noted in the Sedgwick Brand Protection 2022 State of the Nation European Recall Index report, software was the leading cause of recall activity in 2022, overtaking quality concerns, which accounted for recalls for the previous two years. The most common reason was With devices becoming increasingly connected and regulations introducing new requirements for manufacturers, this increased focus on software is likely to continue.
Even though technology is advancing rapidly with new AI tools like ChatGPT and others, medical device companies should be careful about adopting an “early leader” mindset. While it is worth exploring how these technologies could be used in the medical device industry, companies should be slow to integrate them as regulatory authorities are still determining their shortcomings and the negative impact they can have on users. Whatever their use may be.
These advances also bring new ideas from a reminiscence and therapeutic perspective. Recalling an actual product is very different from knowing how to recall the SaMD application downloaded to users’ mobile devices in many countries.
While we want to encourage innovation, it is also important that medical device companies involve their cybersecurity, information technology and data privacy experts in the research and development process to avoid problems along the way.
We have already seen many countries and authorities prohibiting the use of these advanced technologies. From a risk and compliance perspective, medical device manufacturers are already busy aligning their operations with the many changes in MDR and IVDR regulations. Adding more burden to that with unproven AI techniques and other innovations can be difficult.
