Breaking: UK Software and Artificial Intelligence Regulation Roadmap for Medical Devices Published

The UK medical devices regulator MHRA has today published their roadmap on Software and Artificial Intelligence (AI) Medical Device Changes. The change builds upon the previously published MHRA consultation on the future of UK regulation.
The strategic approach being taken by MHRA is to regulate software through high level legislation, backed up by more prescriptive, interpretive and informative guidance – this potentially enables more frequent changes of regulatory expectations through updates to guidance, and better allows regulatory expectations to keep up with the fast pace of change and evolution in the software and AI landscape.
We can see from these changes that the MHRA is looking to shape regulatory policy to be both friendly to innovators and include appropriate safeguards for patients.
The proposals outline several new pieces of legislation within the roadmap;
– Update of UK Software Classification rules to take into account and more closely align with international software risk classification rules.
– Creation of an “airlock process” for innovative software that meets a critical unmet clinical need, allowing earlier and quicker market access to get technology in the hands of patients, with stricter post market monitoring controls.
– Review and update essential performance and safety requirements for software, to ensure they provide robust assurance that software meets its intended purpose and is safe for patients and users
– Creating a process for authorization of predetermined change control plans and change protocols, acknowledging that current change management procedures can be cumbersome and do not keep pace with innovation, and looking to significantly reduce time to market for pre-authorised changes to medical device software.
– Defining Cybersecurity requirements for medical devices and IVDs, to impose cybersecurity and IT requirements to guard against interference, tampering with personal data and to help prevent injury to patients from cybersecurity issues.
Over 20 new guidance documents are proposed as deliverables from the roadmap to support and expand upon the legislation, including guidance on use and analysis of real world clinical data gathered by software devices, management of software devices which are outside of the manufacturer’s support period, and machine learning development best practices.
The UK regulatory system, following its divergence from the EU after Brexit, now has the potential to start showing itself as being a different and more attractive target market for companies developing medical device software.
With only 8 months to go until EU CE marking medical device approvals are no longer accepted in the UK, and all medical devices will legally require a UKCA marking – now is the time that the MHRA roadmap needs to be actioned and implemented into concrete, released and actionable form.
The new guidance documents include;
– Guidance on what qualifies as Software as a Medical Device (SAMD)
– How to craft an intended purpose for Software as a Medical Device
– Guidance on classification rules for Software as a Medical Device
– Best practice guidance for development and deploymen
– Guidance on retrospective non-interventional studies, covering use and analysis of real-world clinical data gathered by software devices)
– human-centered SaMD clarifying the importance of human factors, usability, ergonomic, or behavioural science evidence as part of software development and user interface design.
– Change management for SaMD, including for pre-determined change control plans.
– Guidance on cybersecurity requirements for medical device and IVDs
– Management of software devices which are outside of the manufacturer’s support period
– Good machine learning practice for medical device development
– Best practice for AI and machine learning development

Tim Bubb
Technical Director