Regulation of software based medical devices
Software based medical devices are medical devices that incorporate software or are software.
Software is becoming increasingly important in medical devices and digital adoption more broadly. In addition, it is becoming more important as a medical device in its own right.
Rapid innovation in technology has driven significant changes to software function and adoption, giving rise to a larger number of devices able to inform, drive or replace clinical decisions, or directly provide therapy to an individual. Advances in computing technology and software production have led to a large increase in the number of software-based medical devices available on the market, requiring the implementation of reforms to ensure patient safety.
Software based medical devices are medical devices that incorporate software or are software, including software as a medical device, or software that relies on particular hardware to function as intended, and are regulated in Australia by the Therapeutic Goods Administration (TGA). Software (including mobile apps) is a medical device if it fits within the definition of a medical device in section 41BD of the Therapeutic Goods Act 1989, unless otherwise excluded.
Many mobile apps are simply sources of information, or tools to manage a healthy lifestyle. The TGA does not regulate health and lifestyle apps or other software that does not meet the definition of a medical device.
The following guidance is intended to provide information on the regulation in Australia for software and apps which meet the legislated definition of a medical device.
The purpose of this guidance is to help manufacturers and sponsors understand how the TGA interprets requirements, and thus indicate how manufacturers and sponsors can comply.
This is a guide only, and manufacturers and sponsors are encouraged to familiarise themselves with the legislative and regulatory requirements in Australia, and if necessary, to seek professional advice. It is the responsibility of each manufacturer or sponsor to understand and comply with these requirements.
These documents are currently in draft and updates and clarifications will be included as required. Feedback on the guidance is always welcome, please send any comments to email@example.com.
If you are new to TGA regulation, this flowchart will assist developers and users of software to work out which software and apps are medical devices, and which are general health management and fitness software:
Frequently asked questions about the regulatory approach of the Therapeutic Goods Administration (TGA) for software based medical devices.
This guidance summarises the regulatory approach of the TGA for software based medical devices:
The TGA has implemented reforms to the regulation of software-based medical devices, including software that functions as a medical device in its own right. The following guidance provides a summary of changes to the regulation of software based medical devices (including software as a medical device - SaMD) which came into effect from 25 February 2021. It outlines transition arrangements available for devices that may need to be reclassified.
The following provides detailed guidance on products that are excluded from regulation, or exempt from inclusion on the Australian register of Therapeutic Goods.
Clinical Decision Support Software (CDSS). The following documents provide guidance on CDSS and the exemption:
- Clinical decision support software - Scope and examples (general guidance)
- Exemption for certain clinical decision support software - Guidance on the Exemption Criteria (more detailed interpretative guidance NEW)
- Notification form: Clinical decision support software exemption (for sponsors of exempt CDCC
Cybersecurity is an important consideration for medical devices and IVD medical devices (IVDs). We have produced guidance specific to industry as well as guidance and information specific to users, including consumers and health professionals:
The following guidance is to assist manufacturers of active medical devices, including software-based medical devices, in correctly classifying their devices.
The following factsheet provides information for providers and suppliers regarding the regulation of digital mental health software.
New Communications Program
TGA is partnering with ANDHealth to deliver an additional communications program of webinars and personalised regulatory discussion sessions on software based medical devices. This new program delivered the first webinar in September 2021 - for further details on dates and how to book please see ANDHealth website .
Software as a Medical Device (SaMD) – use of data collection components
Below is an update in relation to our regulatory position for data collection components used by Software as a Medical Device (SaMD) in smart devices, tablets, laptops and similar digital hardware.
For SaMD that use data collection components integrated into consumer smart devices:
- Where the data collection components (such as sensors) are integrated into a smart device, the smart device is a finished consumer product (e.g. smart phones, tablets and laptops). In this circumstance, the smart device is not required to be included in the Australian Register of Therapeutic Goods (ARTG).
- In order to demonstrate compliance with the essential principles, it is a requirement that the SaMD is validated against the data collection component(s) and/or smart device. The data collection components or smart device must also be validated for the intended use of the SaMD to ensure it is safe and fit for purpose.
- It should be expected that the level of scrutiny applied to such data collection component(s) would be commensurate with the level of risk associated with the intended use. For example, a Class III SaMD which provides a diagnosis of a life-threatening disease or condition should expect a high level of scrutiny applied to the validation of any sensors used to perform its intended use, such as a camera.
In summary, SaMD must be included in the ARTG for supply in Australia, with evidence of validation against the data collection component(s), using applicable state of the art testing; the data collection component(s) themselves are not required to be included in the ARTG if integrated into a finished consumer smart device.
International regulatory activities
The TGA is a founding member of the International Medical Device Regulators Forum (IMDRF), a group of medical device regulators from around the world who meet regularly to address current challenges in regulating medical devices, and to accelerate harmonisation of regulation.
In 2013, the IMDRF established a working group dedicated to Software as a Medical Device. As an active member of the working group, the TGA contributed to the four published technical documents relating to the regulation of SaMD:
- Software as a Medical Device (SaMD): Key Definitions
- Software as a Medical Device: Possible Framework for Risk Categorization and Corresponding Considerations
- Software as a Medical Device (SaMD): Application of Quality Management System
- Software as a Medical Device (SaMD): Clinical Evaluation
These documents were consulted internationally before being finalised and are available on the IMDRF Documents webpage (Technical documents section). Together, they cover the definition of Software as a Medical Device, as well as how existing regulatory tools such as quality management and clinical evidence can be applied to it.
Risks of harm from software
To understand the actual and possible risks of harm from software, a rapid literature review was undertaken. The review considered articles and papers published over the last seven years that specifically addressed safety and efficacy, including mobile apps and medical software more broadly. The papers were identified using MEDLINE, Pubmed and Google Scholar.
Many of the studies cited in the review relate specifically to challenges with SaMD, and software controlling medical devices, however some additional reports of safety and performance issues with medical software have also been included for context.
The literature review can be found at Actual and potential harm caused by medical software.
The TGA has people dedicated to software and other challenges associated with regulating digital medical devices. If you have questions about the regulation of software or other digital medical technologies, please contact: firstname.lastname@example.org.
Note that, most software apps that are not medical devices are a consumer product and issues with these apps should be referred to the Australian Competition and Consumer Commission (ACCC).
- Regulation of software based medical devices
- Medical device cyber security guidance for industry
- Actual and potential harm caused by medical software
- How the TGA regulates software based medical devices
- Examples of regulated and unregulated software (excluded) software based medical devices
- Is my software regulated?
- Clinical decision support software
- Software-based medical devices FAQs
- Medical device cyber security guidance for industry