We want to bring MDR class I software as a medical device to market. We’ve talked to other founders and checked out the list of MDR class I devices on this website and it seems that MDR class I software is mainly brought to market in Hamburg and Munich. Is it true that certain competent authorities, e.g. Berlin, are more critical of MDR class I software and it’ll be much harder there? Should we move our company to Hamburg or Munich to increase our chances of making it to market?
Some quick background information first!
Contrary to MDR class IIa/b devices, class I devices don’t need a prior audit by a notified body (those are companies you pay to audit you - yes, I know). Instead, the regulatory requirements can be summarized as “dude, just create your documentation and, when you think it’s complete, register your device in the official Dimdi database and bring it to market”.
Now, the completeness and correctness of your documentation can be checked through surprise audits by the competent authority (and that actually happens!). Who is the competent authority responsible for you? Well, that depends in which state your company is located. Each state in Germany has its own competent authority. If you think this might lead to chaos, you’re right!
The MDR classification of medical device software has created lots of confusion in certain cases. Actually, in most cases - see our comment on the guidance document, and our list of MDR class I software. Initially, everyone thought that class I software no longer exists. That would be a bummer because there truly are low-risk software products out there, and up-classifying them into class IIa would remove them from the market as their manufacturers are not willing to go through the pain (and cost) of an audit.
But now that sentiment has changed, and people, including auditors and competent authorities, think that MDR class I software exists again. Not sure how that happened. Did that spontaneously occur to them under the shower?
Okay, now if MDR class I software exists (yes, check our list) - do competent authorities differ in whether they “allow” software to be MDR class I? We don’t know for sure. It’s still early days regarding MDR class I software, so we’ll hopefully be seeing more data on this in the next few months (or years - medical device regulation moves at a slow pace).
But we already have data to note a few facts: There are two states in which there clearly are multiple MDR class I software devices on the market: Hamburg and Munich. I wouldn’t go so far as call them safe bets, but at least there’s some real precedent there that multiple MDR class I software devices are on the market.
Then there’s one more, slightly softer data point: There aren’t any MDR class I devices on the market in Berlin. This is surprising, because many Healthcare startups are in Berlin. Possible explanations are that, for some reason, all Berlin Healthcare startups have decided to drag their feet on MDR compliance (while some remain on the market as legacy MDD devices), or that the competent authority there is way stricter when it comes to MDR class I software. Personally, I think the latter explanation is more plausible. But we don’t know.
So what should you do if you’re a freshly-founded company in Berlin planning to bring an MDR class I software device to market? Again, I see multiple scenarios here:
Scenario 1: Stay in Berlin because Berlin is a nice city. Develop your device (takes a few months), do your MDR documentation (takes 1-3 months with us, or 1-3 years with other consultants.. chuckle) and then attempt to register your device in the Dimdi database. Now the Berlin competent authority will review your intended use, and it might reject it because, for some reason, their interpretation of MDR class I is stricter than in Hamburg. Now you’re in a bad situation. You can water down your device with less features and try to make it more class-I-compatible (if that’s possible at all), or you can try to move somewhere else. But if you move somewhere else, you now already have one competent authority (Berlin) who has stated that you’re not MDR class I. I don’t know what the legal situation here would be. I mean, one competent authority says that you’re not class I, can you then move to another competent authority with the same device, and can they override that decision? Sounds implausible unless you change your device. Ugh.
Scenario 2: Move to Hamburg or Munich because you want to reduce regulatory risks. There’s precedent of MDR class I devices there. The main complexity will be about actually moving your company. Like, if you’re funded by state-sponsored grants, you may be required to actually.. remain in the state which gave you funding. Or you may simply want to continue working and hiring people in Berlin. In that case, you might have to found a subsidiary company or so? This definitely gets into the “legal weeds” where I truly have no clue. I only know that a “clean” solution would be to move your entire company.
If I would found a MDR class I startup nowadays, I would probably go for scenario 2 - move to Hamburg or Munich.
Now, is this good? Bad? Evil? None of those, I think.
It’s simply chaotic. I’m not a big fan of exploiting the tolerance of certain competent authorities (even though the entire post above may create that impression). I would much rather prefer to have something like “regulatory predictability” - for any software as a medical device, it should be clear which class it is and the manufacturer should have some sort of guarantee that this classification is correct (and no, an official BfArM classification request is not an option because it takes too long, that’s another dumpster fire which I’ll hopefully recount in a future post). There should be clear rules with examples, and all competent authorities should adhere to those. That would be the ideal situation.
That would give manufacturers predictability and enable them to turn their focus back on what matters most: Building products and ensuring that they’re compliant and safe.