Theme Cybersecurity
Target Audience Manufacturer
Products Concerned MD that include programmable electronic systems and software that are MD in their own right
Regulatory reference MDR (EU) 2017/745

Annex I

IVDR (EU) 2017/746

Annex I

Documents mentioned –          IMDRF/CYBER WG/N 60

–          Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

–          Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union

–          ANSM: Cybersecurity of medical devices integrating software during their life cycle; currently under development

–          Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act)

–          Numerous normative references (see page 45 of the document)

 

This document of 47 pages, which is aligned with IMDRF guidance, provides guidance to manufacturers on how to meet the general security and performance requirements of Annex I of the MDR and the IVDR with respect to cybersecurity. It explains the pre- and post-market requirements to help companies ensure an appropriate balance between benefits and risks.

It addresses devices with programmable electronic systems and software that are devices in themselves.