OPENREGULATORY
Sign in Get started
Ask a question
Quality Management 2 answers

How to implement BSI TR-03161 and similar requirements in a QMS for DiGA?

Anonymous · Published December 10, 2025 · 2 comments
I came across BSI TR-03161 regarding DiGA requirements. How should these requirements be implemented in an existing system? Should some be added as QMS procedures, and others as business requirements? If already implemented, is it best to reference them? For new requirements, should they be added to the requirements list?
Additionally, there may be upcoming requirements such as ISO/IEC 82304-2 or IEC 81001-5-1. Should these be treated in the same way?
Note: I am aware this list is not yet official.

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

Anonymous 6 months ago
Are you using the latest version of BSI TR-03161? There is a newer (German-only) version available.
 Reply to this comment
Anonymous 6 months ago
Some elements, such as GDPR considerations, might also affect implementation if they are relevant to MDR conformity.
 Reply to this comment

Discussion

2 Answers

Accepted answer Dr. Oliver Eidel · Founder & CEO, OpenRegulatory ·
If possible, it's a good idea to integrate these requirements directly into your existing system for tracking stakeholder and software requirements. You'll eventually need full traceability, especially for certification, and some of the BSI requirements may result in additional risk control measures, so it's important to link them properly.
For implementation, you can either reference where each requirement is addressed (such as in your QMS, privacy policy, or code repository), or create a checklist in your technical documentation noting where each requirement is fulfilled. If you already have related procedures in your QMS, reference those. For new requirements, add them to your requirements list and ensure traceability.
For upcoming standards like ISO/IEC 82304-2 or IEC 81001-5-1, it's a similar approach—track them alongside your other requirements, and update your processes if they become mandatory.

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

No comments yet. Be the first to share your thoughts.
A
Anonymous ·
Just a heads up: there is a newer version of BSI TR-03161, but it's only available in German right now. If you're using the English version, make sure you're not relying on outdated information.

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

No comments yet. Be the first to share your thoughts.
Want to add your answer to this question?
Write an answer under your name by logging in or signing up, or post anonymously.

Keep reading

All questions
User Needs List

User Needs List

Sven Piechottka

updated about 2 years ago
A

Examples for SOP content for Infrastructure and Work Environment in ISO 13485 QMS for software

Anonymous · 1 comment
4 months ago
Our company is establishing a QMS according to ISO 13485, and I have been asked to identify procedures, assign them to the standard's clauses, and draft SOPs. My background is mostly hardware-related,
Accepted 3 answers

The infrastructure topic really depends on your business setup, especially your IT infrastructure. There's no single generic description, but you shou

SOP Deployment

SOP Deployment

Sven Piechottka

updated about 2 years ago

Still have a question? Ask a question here publicly — for free.

Or talk to one of our consultants — first calls are free. Check out our services and prices.

Looking to automate your regulatory work? Check out our eQMS, Formwork. Built for lean, founder-led companies. There’s a free version too.