EU Releases Final Revision to the MDD

The EU parliament released a final revision of the Medical Device Directive (MDD) and Active Implantable Medical Device Directive (AIMDD). It includes a number of additions related to software. These additions and clarifications stress that standalone software can be a medical device but not all software used in healthcare is a medical device. It also stresses use of “state of the art” development, validation and risk management practices.

Article 4 on page 15 says that the countries have until December 21, 2008, to amend their laws, and those laws shall be applied beginning March 21, 2010. This provides a 15-month period to update the laws and an additional 15-month transition period.

The full report of revisions is at the link provided. The focus of the revisions seemed to be clarification of the scope of medical device software. The explanation on page 50 says electronic health cards and similar items should not be within the scope of medical device regulation. In addition, there were clarifications to allow risk-based validation activities and to avoid burdensomeness.

In some cases they did not agree with the suggested revisions. One point they chose to stress is regarding the scope of software regulation. This is stated in several places. On page 6 they included a clarification that not all software used in a healthcare setting would be a device. “It is necessary to clarify that software in its own right, when specifically intended by the manufacturer to be used for one or more of the medical purposes set out in the Software for general purposes when used in a healthcare setting is not a medical device.”

Page 12 clarifies the definition: “(a) ‘medical device’ means any instrument, apparatus, appliance, material or other article, whether used alone or in combination, including the software intended by its manufacturer to be used specifically for diagnostic and/or therapeutic purposes and necessary for its proper application, intended by the manufacturer to be used for human beings for the purpose of . . .
Only diagnostic and therapeutic software should be included in this Article and not all software as such. The addition of the sentence ‘for medical purpose’ might allow certain products to be excluded from the Directive. This would create uncertainty among the users and has a potential for uncontrolled products to be used on patients.”

Page 31 revises the use of validation terminology and removes use of “state of art” and instead states:
“For devices which incorporate software, in terms of the software the principles of development lifecycle, risk management, validation and verification should be taken into account. The concept of validation should always be based on the relevant risk classification of the medical device concerned.
The term ‘validation’ should be replaced in order to prevent the collection of unnecessary data. With regard to the principles of validation the existing real risk should be taken into account. The demands made regarding software for a robotic device in neurosurgery would undoubtedly be rather different from those made of software for a UV lamp for hardening resin in dental fillings .”

MDD Final Revisions 2007

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:




Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now



Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.