You are here
Regulation of software based medical devices
Software based medical devices are medical devices that incorporate software or are software.
Software is becoming increasingly important in medical devices and digital adoption more broadly. In addition, it is becoming more important as a medical device in its own right.
Rapid innovation in technology has driven significant changes to software function and adoption, giving rise to a larger number of devices able to inform, drive or replace clinical decisions, or directly provide therapy to an individual. Advances in computing technology and software production have led to a large increase in the number of software-based medical devices available on the market, requiring the implementation of reforms to ensure patient safety.
Software based medical devices are medical devices that incorporate software or are software, including software as a medical device, or software that relies on particular hardware to function as intended, and are regulated in Australia by the Therapeutic Goods Administration (TGA). Software (including mobile apps) is a medical device if it fits within the definition of a medical device in section 41BD of the Therapeutic Goods Act 1989, unless otherwise excluded.
Many mobile apps are simply sources of information, or tools to manage a healthy lifestyle. The TGA does not regulate health and lifestyle apps or other software that does not meet the definition of a medical device.
The following guidance is intended to provide information on the regulation in Australia for software and apps which meet the legislated definition of a medical device.
The purpose of this guidance is to help manufacturers and sponsors understand how the TGA interprets requirements, and thus indicate how manufacturers and sponsors can comply.
This is a guide only, and manufacturers and sponsors are encouraged to familiarise themselves with the legislative and regulatory requirements in Australia, and if necessary, to seek professional advice. It is the responsibility of each manufacturer or sponsor to understand and comply with these requirements.
These documents are currently in draft, and updates and clarifications will be included as required. Feedback on the guidance is always welcome, send comments to email@example.com.
If you are new to TGA regulation, this flowchart will assist developers and users of software to work out which software and apps are medical devices, and which are general health management and fitness software:
Frequently asked questions about the regulatory approach of the Therapeutic Goods Administration (TGA) for software based medical devices.
This guidance summarises the regulatory approach of the TGA for software based medical devices:
The TGA has implemented reforms to the regulation of software-based medical devices, including software that functions as a medical device in its own right. The following guidance provides a summary of changes to the regulation of software based medical devices (including software as a medical device - SaMD) which came into effect from 25 February 2021. It outlines transition arrangements available for devices that may need to be reclassified.
The following provides detailed guidance on products that are excluded from regulation or exempt from inclusion on the Australian register of Therapeutic Goods.
Clinical Decision Support Software (CDSS). The following documents provide guidance on CDSS and the exemption:
- Clinical decision support software - Scope and examples (general guidance)
- Exemption for certain clinical decision support software - Guidance on the Exemption Criteria (more detailed interpretative guidance)
- Notification form: Clinical decision support software exemption (for sponsors of exempt CDCC)
Cybersecurity is an important consideration for medical devices and IVD medical devices (IVDs). We have produced guidance specific to industry as well as guidance and information specific to users, including consumers and health professionals:
- Medical device cyber security guidance for industry
- Medical device cyber security information for users
The following guidance is to assist manufacturers of active medical devices, including software-based medical devices, in correctly classifying their devices.
The following documents provide information for providers and suppliers in the mental health sector about the regulation of digital mental health software.
- Factsheet - Digital mental health: Software based medical devices (pdf,269kb)
- Digital tools and medical device guidance (NEW)
The following two factsheets provide information for industry regarding the advertising of software-based medical devices to health professionals and consumers.
- Factsheet – Advertising software based medical devices to health professionals (pdf,289kb)
- Fact sheet – Advertising software based medical devices to consumers (pdf,291kb)
Baby Movement Apps
The TGA is aware that there are a range of apps and other software on the market for recording diaries, or for monitoring baby movements or kicks during pregnancy. These products are widely available for download by consumers. The TGA’s view is that, although they may be presented as diaries, these digital products are intended to prevent foetal harm through monitoring foetal movement and are medical devices which must be included in the Australian Register of Therapeutic Goods (ARTG).
There is a risk of false reassurance to consumers once the movements are recorded in such an app, even though the developer may not make claims to take any action; this false reassurance may lead to failure to seek prompt medical attention.
If concerned, pregnant mums should get checked out at a healthcare facility.
TGA wants to hear about any suspected adverse events related to baby movement apps. We urge consumers and health professionals to report any suspected adverse events.
New Communications Program
TGA is partnering with ANDHealth to deliver an additional communications program of webinars and personalised regulatory discussion sessions on software based medical devices. This new program delivered the first webinar in September 2021 - for further details on dates and how to book see ANDHealth website .
Software as a Medical Device (SaMD)
Below is an update in relation to our regulatory position for data collection components used by Software as a Medical Device (SaMD) in smart devices, tablets, laptops and similar digital hardware.
For SaMD that use data collection components integrated into consumer smart devices:
- Where the data collection components (such as sensors) are integrated into a smart device, the smart device is a finished consumer product (e.g., smart phones, tablets and laptops). In this circumstance, the smart device is not required to be included in the Australian Register of Therapeutic Goods (ARTG).
- To demonstrate compliance with the essential principles, it is a requirement that the SaMD is validated against the data collection component(s) and/or smart device. The data collection components or smart device must also be validated for the intended use of the SaMD to ensure it is safe and fit for purpose.
- It should be expected that the level of scrutiny applied to such data collection component(s) would be commensurate with the level of risk associated with the intended use. For example, a Class III SaMD which provides a diagnosis of a life-threatening disease or condition should expect a high level of scrutiny applied to the validation of any sensors used to perform its intended use, such as a camera.
In summary, SaMD must be included in the ARTG for supply in Australia, with evidence of validation against the data collection component(s), using applicable state of the art testing; the data collection component(s) themselves are not required to be included in the ARTG if integrated into a finished consumer smart device.
International regulatory activities
The TGA is a founding member of the International Medical Device Regulators Forum (IMDRF), a group of medical device regulators from around the world who meet regularly to address current challenges in regulating medical devices, and to accelerate harmonisation of regulation.
In 2013, the IMDRF established a working group dedicated to Software as a Medical Device. As an active member of the working group, the TGA contributed to the four published technical documents relating to the regulation of SaMD:
- Software as a Medical Device (SaMD): Key Definitions
- Software as a Medical Device: Possible Framework for Risk Categorization and Corresponding Considerations
- Software as a Medical Device (SaMD): Application of Quality Management System
- Software as a Medical Device (SaMD): Clinical Evaluation
These documents were consulted internationally before being finalised and are available on the IMDRF Documents webpage (Technical documents section). Together, they cover the definition of Software as a Medical Device, as well as how existing regulatory tools such as quality management and clinical evidence can be applied to it.
Risks of harm
To understand the actual and possible risks of harm from software, a rapid literature review was undertaken. The review considered articles and papers published over the last seven years that specifically addressed safety and efficacy, including mobile apps and medical software more broadly. The papers were identified using MEDLINE, Pubmed and Google Scholar.
Many of the studies cited in the review relate specifically to challenges with SaMD, and software controlling medical devices, however some additional reports of safety and performance issues with medical software have also been included for context.
The literature review can be found at Actual and potential harm caused by medical software.
Artificial Intelligence Chat, Text, and Language
Artificial intelligence text-based products like ChatGPT, GPT-4, Bard, and other large language models (LLMs) have recently received media attention.
When LLMs have a medical purpose and are supplied to Australians, they may be subject to medical device regulations for software and need approval by the TGA. It is important to note that regulatory requirements are technology-agnostic for software-based medical devices and apply regardless of whether the product incorporates components like AI, chatbots, cloud, mobile apps or other technologies. In these cases, where a developer adapts, builds on or incorporates a LLM into their product or service offering to a user or patient in Australia - the developer is deemed the manufacturer and has obligations under section 41BD of the Therapeutic Good Act 1989.
The TGA has published guidance to help developers determine whether a product is a software-based medical device – the “Is my software regulated?” flowchart on the TGA website in addition to other guidance about recent regulatory changes and boundary clarifications for software and FAQs.
Clinical and technical evidence will need to demonstrate the safety and performance of the product using the LLM to the same standard as other medical devices – for higher risk products, clinical and technical evidence are required to be more stringent.
- Software developers will need to understand and demonstrate the sources and quality of text inputs used to train and test the model, and in clinical studies, in addition to showing how the data is relevant and appropriate for use on Australian populations.
- It is important to note that where there are no medical purpose or claims associated with the product using the LLM or if it does not meet the definition of a medical device as defined in the section 41BD of the Therapeutic Good Act 1989, it is unlikely to be a medical device and is not regulated by the TGA.
The TGA has people dedicated to software and other challenges associated with regulating digital medical devices.
For non-medical device software apps see, Australian Competition and Consumer Commission (ACCC).
- Regulation of software based medical devices
- Actual and potential harm caused by medical software
- How the TGA regulates software based medical devices
- Examples of regulated and unregulated software (excluded) software based medical devices
- Is my software regulated?
- Clinical decision support software
- Software-based medical devices FAQs
- Medical device cyber security guidance for industry