In December 2019 the European Medical Device Coordination Group (MDCG) released the Guidance notes for manufacturers of class I medical devices and the Guidance on Cybersecurity for medical devices.
In particular, “MDCG 2019-15 Guidance Notes for Manufacturers of class I medical devices” aims to provide Manufacturers of Class I devices (other than custom-made devices) with provisions, by covering the necessary steps for placing their products on the EU market on their own name or trademark. Also, this guidance notes applies to Importers, Distributors or Third Parties who will undertake the obligations referred to in article 16 (1) of MDR. Indeed, before proceeding to the commercialization in the countries, Manufacturers must provide EC mark in accordance with Annex V and draw up the Declaration of Conformity pursuant Annex IV, but not prior to have demonstrated the conformity to MDR and to general security and performance requirements referred to in Annex I.
“MDCG 2019-16 Guidance on Cybersecurity” provides Manufacturers with guidance on how to fulfil the relevant essential requirements of Annex I of the MDR and IVDR with regard to cybersecurity. Moreover, considering the complexity of the supply chain and the role which any economic operator plays thereby protecting the device from any cyber threat, further considerations concerning expectations from actors other than Manufacturer are provided in the document, besides references to regulations and other guidance referring to cybersecurity in the field of medical devices.