You are here

TGA Internet site archive

The content on this page and other TGA archive pages is provided to assist research and may contain references to activities or policies that have no current application. See the full archive disclaimer.

Consultation: Medical device cyber security

Draft regulatory guidance and information materials

20 December 2018

This consultation closed on Thursday, 14 February 2019.

The TGA sought comments from interested parties on the applicability and usefulness of the content contained in the draft regulatory guidance and information materials.

The guidance is intended to assist industry understand and comply with their responsibilities to ensure that medical devices are cyber secure. The guidance will also contain information to assist users (including those in health care settings) with managing cyber security matters related to the use of medical devices.

Consultation documents

How to access a pdf or Word document

*Large file warning: Attempting to open large files over the Internet within the browser window may cause problems. It is strongly recommended you download this document to your own computer and open it from there.


Document released for consultation on Thursday, 20 December 2018.

Interested parties should respond by close of business Thursday, 14 February 2019.

Feedback will be released following consideration of submissions. (See 'What will happen').

About the consultation

The purpose of the consultation is to seek stakeholder feedback on the proposed guidance and information materials which have been prepared to assist industry understand and comply with their responsibilities to ensure that medical devices are cyber secure under the Therapeutic Goods Act 1989 as well as in accordance with the 'Essential Principles', as set out in Schedule 1 of the Therapeutic Goods (Medical Devices) Regulations 2002.

Feedback from the medical device cyber security public consultation and webinar, and targeted stakeholder interviews has informed the development of this guidance.


Connectivity and digitisation of medical device technologies may help improve or increase device functionality. However, the connection of devices to networks or the internet exposes devices to increased cyber vulnerabilities that can potentially lead to unacceptable risk of harm to patients. A large number of Class II, Class III and Active Implantable medical devices on the ARTG include electronic components with embedded software, have a software accessory or are a software device. This is a growing area of interest as more health care systems and patients rely on medical devices that are 'connectable'. There is also significant innovation and fast moving technological advancements in software development underpinning more personalised medical devices.


Submissions may provide general, technical or editorial feedback.


Any questions relating to submissions should be directed to the Medical Devices Branch by email to

What will happen

All submissions will be placed on this website unless marked confidential or indicated otherwise in the submission form (see Privacy information).

Submissions will be reviewed by the TGA and feedback on submissions will be provided through this website.

Once the TGA has considered feedback from this consultation, and any subsequent consultations the TGA undertakes as a result of feedback received, final guidance and information materials will be developed. At this stage it is anticipated the final guidance will be published in mid-2019.

Privacy information

  • The TGA collects your personal information in this submission in order to:
    • contact you if the TGA wants to seek clarification of issues raised in your submission or to check whether you consent to certain information that you have provided being made publicly available.
    • help provide context about your submission (e.g. to determine whether you are an individual or a director of a company or representing an interest group).
    • Seek feedback about how the consultation was undertaken.
  • Please do not include personal information about other individuals in the body of your submission. Personal information in this context means information or an opinion about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
  • More information on consultations and privacy is included in the submission form and on our website.