European Commission issues guidance on making safer apps available

By Annette van Raamsdonk and Sade Sobande

In our daily lives and also in the medical field, patients and healthcare professionals are increasingly using apps. On June 16, the European Commission (EC) published “MDCG 2025-4 Guidance on the safe making available of medical device software (MDSW) apps on online platforms.”

While the EC has published several pieces of guidance on MDSW already (our next update will be on the MDCG 2019-11 revision), this guidance is aimed at describing the responsibilities and obligations of platform providers under the European Medical Devices Regulation 2017/745 (MDR) and the European In-vitro Diagnostic Medical Device Regulation 2017/746 (IVDR) and the Digital Services Act (DSA). The guidance describes the responsibilities and obligations of platform providers that facilitate MDSW manufacturers in making their apps available in the Union market. 

Overlapping legislation. What prevails?

The MDR, IVDR and DSA contain provisions for those entities that provide devices/products/services to the EU market. The MDR/IVDR identifies economic operators (EOs) as the importer, distributor, European Authorized Representative and of course the manufacturer. The DSA addresses “online platforms,” “service providers” and other intermediary service providers. This implies that platform providers can be identified as an importer or distributor according to the MDR, IVDR and the DSA.

If both laws apply, the exemption of the liability principles, Article 6 DSA prevails and “non-general monitoring obligations (Article 8) fully apply.” Online platforms allowing the user of the MDSW to conclude a contract with manufacturers are subject to the requirements of the DSA. Platforms must have a mechanism to notify and act when they become aware of illegal content. Also, competent authorities (CAs), may require the platform provider to remove certain illegal content related to the MDSW.

Additionally, transparency and compliance requirements following Article 31 DSA must be met, similar to the requirements following the MDR/IVDR on providing instructions for use and patient safety warnings.

Lastly, and maybe the most interesting, is that large online platforms and those designated by the EC need to comply with risk assessment framework obligations and can be held accountable for showing illegal content.

What is the role of platform providers when offering MDSW?

Depending on whether the manufacturer of the MDSW is located in a third country or not, the platform provider can be identified as a distributor (MDSW manufacturers located in the EU) or importer (MDSW manufacturers located in a third country). In addition, MDSW manufacturers in third countries must comply with the EU Authorized Representative requirements. Following Articles 13 and 14, MDR/IVDR importers and distributors must cooperate with CAs. Thus, large online platforms such as the Apple App Store and the Google Play Store must cooperate with CAs and the EC in the future.

Concluding remarks

Exciting and interesting times lie ahead, as digital health solutions become increasingly central to healthcare and the user experience. The release of this guidance is a welcome step towards confirming that MDSW is deemed safe and compliant within the EU market.