Sheet of paper with a magnifying glass, showing a scale in the glass. It symbolizes the conformity with the law in harmonized standards

Harmonized Standards for Medical Software

Standards are technical rules. They reflect the current state of science and technology and play an important role in the medical device industry. Most manufacturers use harmonized standards to prove the conformity of their medical devices with the “essential requirements” either of the Medical Devices Directive 93/42/EEC (MDD) or the Directive 90/385/EEC on actively implantable medical devices (AIMDD). Anyway, things are changing, and that also applies to the legal basis for medical devices. On 25 May 2017 the European Medical Device Regulation (2017/745, EU MDR) came into force. Although the MDR continues to apply the concept of harmonized standards, manufacturers will have to make a number of changes during the three-year transitional period. So it’s time to take a look at the exact state of play on harmonized standards.

Who Makes Standards?

Two international organizations play an essential role in the development of medical device standards, ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission). The standards, which are developed by the respective national member committees, define requirements for medical devices in order to manage their risks. ISO and IEC members may decide if an international standard will be used by them, if they will adopt it unchanged into a national standard, or if they want to create their own national standard in accordance with the international standard. In order to avoid parallel development of standards, ISO and IEC sometimes jointly develop international standards. The choice of the name IEC/ISO or ISO/IEC depends on which organization has initiated the development of the standard. In Europe CEN Comité Européen de Normalisation, CENELEC Comité Européen de Normalisation Électrotechnique and ETSI European Telecommunications Standards Institute develop harmonized standards as part of a mandate awarded by the European Commission. Refer to the “Blue Guide” for details. All CEN and CENELEC members, i.e. the national standards institutes, must adopt all European standards unchanged into national standards. The standards institutes in Germany are the DIN German Institute for Standardization and DKE German Commission for Electrical, Electronic & Information Technologies of DIN and VDE.

What is a Harmonized Standard?

A harmonized standard has the following characteristics:
  • a European standardisation organisation has developed the standard,
  • the standard meets at least one requirement of relevant EU legislation, and
  • the EU Official Journal (OJEU) publishes the standard in series C.
Find here the actual list of harmonized standards under the Council Directive 93/ 42/EEC (EU MDD) concerning medical devices.

Why Do I Need Harmonized Standards?

Manufacturers can use harmonized standards to demonstrate that their medical device complies with the EU MDR requirements. The European legislator then assumes that some of the general safety and performance requirements have been met (Art. 8 para. 1, “presumption of conformity”).
However, presumption of conformity must not be compared with conformity with the standard, i.e. full application of the standard.
This sounds good, but you should notice that
  • the EU Commission has not yet harmonized any EU standards with the EU MDR, and
  • the EU Commission has the right to adopt common specifications whenever there are no harmonized standards or if the requirements specified therein are insufficient (Art. 9 (1)).
CEN and CENELEC have compiled a list of more than 200 existing standards for revision and 17 new standards that have to be drafted before harmonization. Moreover, discussion between the standardization committees and the EU commission are ongoing about the exact assignment of single requirements to certain parts of the standards. Thus, it is not foreseeable that the EU Commission will list harmonized standards in the EU Official Journal before the start of application of the EU MDR. As a consequence manufacturers will lose the presumption of conformity option for their products.
Notice that compliance with harmonized standards does not free you from liability for your medical device. However, you have shown that the medical device was developed and manufactured according to highest safety and security requirements.

How Do I Obtain Presumption of Conformity?

  1. Select the relevant safety and performance requirements of Annex I for your product based on a risk analysis.
  2. Select the applicable harmonized standards in relation to the relevant safety and performance requirements.
  3. Create a list with the information mentioned in 1. and 2. also for the technical documentation.
  4. Compare the individual sections of the standard text with the individual sections in Annex I, as their correspondence sometimes relate only to individual sentences.
In Annex ZA (CEN standard) or ZZ (CENELEC standard) you will find a representation of the relationship between the standard and the requirements of the EU regulations. The adaptation of the Z annexes to the EU MDR is still pending.
The legislator will presume conformity of a medical device if the manufacturer uses harmonized standards.
Infographics showing the relationship between EU MDR requirements and harmonized standards

Types of Harmonized Standards

There are different types of harmonized standards:
  • Basic standards include general product requirements (e.g., EN 60601-1).
  • Collateral standards describe additional general requirements and tests (e.g. EN 60601-1-1).
  • Product standards or vertical standards supplement or replace general definitions by specific ones. They only apply to certain medical devices according to a European legal act and refer to the underlying and supplementary standards (e.g. EN 60601-2-4).
  • Process standards describe the requirements for developing, introducing, and maintaining processes with significance for all medical devices (e.g. EN ISO 13485).
  • Technical reports include instructions for implementing and testing standards requirements (e. g. ISO/TR 24971). Usually, they do not serve as evidence that medical devices meet certain quality and safety aspects of medical devices. Consider them as additional help.

Sections of Harmonized Standards

A standard has certain sections whose meaning you should know:
  • Foreword: The foreword of a harmonized standard includes important information from the responsible committee.
  • Introduction: The introduction mainly describes the scope. It is important that you use the scope to check whether the standard is suitable for your medical device or process, as the standard specifies the requirements. Take, for example, different quality management standards. Only EN ISO 13485 defines the scope as “organizations providing medical devices”.
  • References: The section on normative references lists those documents that have become part of a standard by being referred to in the text (“standard A requires standard B”).
  • Literature: The literature list compiles recommendations of other standards (“standard A recommends standard B”).
Moreover, the European standards have informational annexes explaining the agreements and differences between standards.

Important Standard Dates

There are three important dates with standards you should know:
  1. DOP: The date of publication determines when the European standard must be available.
  2. DOW: The date of withdrawal specifies when the conflicting national standards must be withdrawn.
  3. DOCOPOCOSS: The date of cessation of presumption of conformity of superseded standard specifies the effective date of the European standard.

Relationship Between Medical Device Standards and Regulatory Requirements

In the following figure you see
  • requirements by the EU legislation for medical devices (blue boxes),
  • the corresponding European harmonized standards under EU MDD (white boxes), and
  • examples for other European and international standards
in the context of medical software. The lines show you the type of connection between the different elements. Note that the quality management as higher-level system houses all lower-level processes like the risk management and the software life cycle. Relationship between Medical Device Standards and Regulatory Requirements

Our Recommendations

Standards are an important part of the legal framework for medical devices. However, they are often complex and sometimes difficult to understand for the inexperienced user.
  • To get closer to the subject, we recommend reading the DIN 820-2 standard, which lays down rules for the structure, drafting and design of documents that are intended as national, European or international standards or specifications.
  • Further information on standards relevant to medical technology can be found in the document “Optimizing Standards for Regulatory Use” published by the International Medical Device Regulators Forum (IMDRF).
  • Monitor the implementing legislation of the EU commission.