EU Rolls Out New Guidance on Cybersecurity

The EU’s Medical Device Coordination Group released new guidance on cybersecurity requirements for devicemakers under the new Medical Devices Regulation (MDR) and In Vitro Diagnostics Regulation (IVDR).

The guidance is intended to help devicemakers comply with the new cybersecurity regulations that become effective in May for devices and in 2022 for IVDs. The MDR and IVDR include new safety requirements for all medical devices that incorporate electronic programmable systems and software that are medical devices in themselves.

The guidance spells out that devicemakers should ensure their devices are designed and manufactured such that the risks associated with “reasonably foreseeable environmental conditions” are removed or minimized.