Software, Digital Health & AI Regulatory Expertise That Drives Global Approval

From SaMD classification and IEC 62304 validation to AI-based diagnostics under IVDR/MDR and compliance with the AI Act-MDx CRO delivers the specialized expertise you need for digital health regulatory success.

Book a SaMD Assessment Explore Our Digital Health Insights

Specialized Regulatory Support for Digital Innovation

As software transforms healthcare delivery, manufacturers face increasingly complex regulatory challenges across SaMD development, digital health solutions, and AI-driven diagnostics. MDx CRO provides specialized regulatory and clinical expertise to navigate these evolving frameworks-from IEC 62304 compliance and software validation to AI Act risk classification and clinical performance studies.

Our team of software regulatory specialists, former Notified Body reviewers, and digital health experts delivers targeted support for every stage of your digital product lifecycle. Whether you’re developing an AI-based diagnostic algorithm, a mobile health application, or complex SaMD integrated with a physical device, we provide the expertise needed to accelerate regulatory approval while ensuring compliance with MDR, IVDR, FDA, and emerging AI regulations.

Innovative medical technology discussion at MDX Accelerating MedTech event featuring professional collaboration and digital health solutions.

Core Software & Digital Health Services

Software as a Medical Device (SaMD) Regulatory Solutions

SaMD Classification & Regulatory Strategy

  • MDR/IVDR software classification assessment
  • Global regulatory pathway determination
  • Strategic roadmapping for EU, US, and international markets
  • AI Act classification and regulatory impact assessment
  • Documentation structure planning and gap analysis

IEC 62304 Implementation & Compliance

  • Software development lifecycle (SDLC) documentation
  • Software safety classification and risk management
  • Configuration management and change control
  • Documentation of architecture and detailed design
  • Integration with ISO 14971 risk management
  • Software verification and validation planning

Software Verification & Validation

  • Test plan development and execution
  • Software verification protocols and reports
  • Integration testing and system-level validation
  • Usability engineering (IEC 62366) for software interfaces
  • Performance testing for AI/ML algorithms
  • Clinical validation planning for software functionality

Cybersecurity Compliance

  • Medical device cybersecurity risk assessment
  • Security requirements documentation
  • Threat modeling and vulnerability analysis
  • MDCG 2019-16 and FDA cybersecurity compliance
  • Post-market security monitoring plans
  • Security update management and documentation

AI & Machine Learning Regulatory Support

AI-Based Medical Device Compliance

  • AI Act compliance assessment and documentation
  • AI/ML algorithm validation strategies
  • Continuous learning systems regulatory approaches
  • Performance monitoring for adaptive algorithms
  • Clinical evidence generation for AI-based diagnostics
  • Explainability and transparency documentation

AI Diagnostics under IVDR

  • Clinical performance studies for AI-driven IVDs
  • Performance evaluation plans for algorithm-based diagnostics
  • Scientific validity assessment for biomarkers
  • Reference dataset validation and documentation
  • IVDR classification and conformity assessment for AI solutions
  • Technical documentation for algorithm-based decision support

Change Management for AI/ML Systems

  • Change control procedures for evolving algorithms
  • Algorithm version control and documentation
  • Significant change determination
  • Update and upgrade management
  • Post-market surveillance for AI performance drift
  • Regulatory notifications for algorithm modifications

Digital Health & Mobile Applications

mHealth & Digital Health Applications

  • Medical app qualification and classification
  • Software borderline determination
  • Wellness vs. medical purpose assessment
  • Regulatory strategy for digital therapeutics
  • Remote monitoring compliance considerations
  • MDR/IVDR regulatory pathway development

Connected Medical Device Systems

  • Interoperability documentation and validation
  • System-level risk assessment
  • Cloud integration regulatory considerations
  • Data security and privacy compliance
  • Communication protocol validation
  • System integration testing documentation

Specialized Technical Documentation Services

Comprehensive SaMD & Digital Health Documentation

Technical Documentation Development
  • Complete MDR/IVDR technical file compilation
  • Software development documentation organization
  • Algorithm description and performance claims
  • Clinical evaluation/performance evaluation for software functions
  • FDA submission documentation
  • AI Act compliance documentation
Clinical Evidence Generation
  • Clinical evaluation planning for software
  • Literature-based evidence compilation
  • Clinical investigation design for software functions
  • User validation studies and protocol development
  • Statistical analysis for algorithm performance
  • Clinical evidence appraisal for AI-based systems
Quality Management & Risk Control
  • Software-specific quality management procedures
  • Risk management file development (ISO 14971)
  • Software verification and validation SOPs
  • Release procedures for software medical devices
  • Configuration management procedures
  • Design control for software development
Our Digital Health Expertise Sets Us Apart
Capability
Software Classification Expertise
AI Act Compliance
Integrated Regulatory & Clinical Approach
Clinical Validation for Software
IEC 62304 Documentation
Cybersecurity Integration
Software Change Management
MDx CROTypical Consultants
Former NB reviewers with MDR/IVDR software focusLimited understanding of borderline cases
Proactive guidance on emerging regulationsOften reactive or unfamiliar
Complete software validation strategyOften fragmented services
Specialized protocols for software/AI clinical evidenceGeneric clinical approaches
Complete software development life cycle supportPartial coverage
Holistic approach integrating security with regulatoryOften separated services
Strategies for evolving software & AI/MLLimited post-market focus
Success Metrics
15+
SaMD/MDSW products successfully CE marked under MDR/IVDR
100%
success rate in technical documentation for software components
1st
AI-based solutions to market
ISO
End-to-end standards coverage 62304, 82304-1, 62366, 14971

Our SaMD & Digital Health Approach

1.
Assessment & Classification
  • Software qualification and classification determination
  • Regulatory pathway identification
  • Gap analysis against relevant standards
2.
Strategic Planning
  • Documentation structure and development plan
  • Clinical evidence strategy
  • Verification and validation planning
3.
Implementation Support
  • Technical documentation development
  • Software verification and validation
  • Usability engineering and risk management
4.
Clinical Evidence Generation
  • Clinical evaluation for software functionality
  • User validation studies
  • Performance analysis for AI algorithms
5.
Regulatory Submission Management
  • Technical file compilation
  • Notified Body/FDA interaction support
  • Response management and follow-up
Case Studies
AI-Driven Diagnostic Algorithm
Challenge
Challenge

A digital health company sought CE marking under IVDR for their AI-powered diagnostic algorithm, with significant classification questions and limited clinical evidence.

Solution
Solution

MDx implemented a comprehensive regulatory strategy including:

  • Software classification guidance under IVDR rules
  • AI algorithm validation protocol development
  • Clinical performance study design specific to the algorithm’s diagnostic claims
  • Complete technical documentation aligned with IVDR Annex II and IEC 62304
Result
Result

Successful CE marking achieved under IVDR with minimal deficiencies, establishing a regulatory precedent for similar AI-based diagnostics.

Mobile Health Application with MDR Compliance
Challenge
Challenge

A startup developed a mobile application for therapy adherence that qualified as a Class IIa medical device under MDR but lacked the internal regulatory expertise to navigate software requirements.

Solution
Solution

MDx delivered:

  • Complete IEC 62304 implementation and documentation
  • Cybersecurity risk assessment and documentation
  • Usability engineering process aligned with IEC 62366
  • Clinical evaluation strategy based on real-world evidence collection
Result
Result

CE marking achieved in 11 months, enabling the client to launch in the European market ahead of competitors.

View Case Studies
Client Testimonials

“MDx’s expertise in software medical device regulations was instrumental in our successful MDR submission. Their team understood both the technical aspects of our software and the regulatory requirements, bridging a gap that other consultants couldn’t.”

CTO
Digital Therapeutics Company

“When developing our AI-based diagnostic solution, MDx provided invaluable guidance on clinical validation requirements specific to our algorithm. Their approach to documenting the AI system for regulatory review set us up for a smooth approval process.”

Regulatory Affairs Director
AI Diagnostics Startup

Frequently Asked Questions

Ask us a Question
  • How are software applications classified under MDR and IVDR?

    Under MDR and IVDR, software classification is determined through a comprehensive assessment that considers the software’s intended purpose, functionality, and clinical impact, guided by the latest MDCG guidance documents. For MDR, Rule 11 applies primarily, classifying software into Class I, IIa, IIb, or III based on risk, especially when the software provides diagnostic or therapeutic decision support that could cause serious or irreversible harm. For IVDR, multiple rules may apply—such as Rule 1 for high-risk infectious disease software (Class D), Rule 2 for blood and life-threatening conditions (Classes C or D), and Rule 3 for genetic testing and companion diagnostics (mainly Class C)—with the classification depending on the specific use, influence on the device, and the risk posed to patients or public health. Our assessments incorporate these rules, along with MDCG guidance (2019-11, 2021-24, 2019-16, and 2023-1), ensuring accurate classification and the appropriate regulatory pathway.

  • What documentation is required for IEC 62304 compliance?

    IEC 62304 documentation includes software development plans, risk management files, architecture and detailed design documentation, verification and validation protocols/reports, problem resolution documentation, and software configuration management plans. The exact documentation depends on your software safety classification (A, B, or C). MDx provides complete documentation templates and development support tailored to your software’s specific risk class.

  • How do we validate AI/ML algorithms for regulatory approval?

     AI/ML algorithm validation requires demonstrating performance, robustness, and safety through comprehensive testing with diverse datasets, clear performance metrics, and risk mitigation strategies. For regulatory approval, you need documentation of the algorithm design, training data characteristics, performance metrics, limitations, and clinical validation evidence. MDx develops custom validation protocols specific to AI technologies that satisfy both current regulatory requirements and emerging AI regulations.

  • How does the EU AI Act affect medical software development?

    The EU AI Act introduces risk-based classifications and requirements for AI systems, with medical AI often falling into “high-risk” categories requiring robust risk management, data governance, and transparency measures. While harmonization with MDR/IVDR is ongoing, manufacturers need to prepare for additional documentation, testing, and post-market monitoring specific to AI components. MDx provides gap assessments and compliance strategies to align your development processes with both medical device regulations and the AI Act.

  • What clinical evidence is required for SaMD approval?

    Clinical evidence requirements for SaMD depend on its classification and claims but typically include demonstration of clinical performance (IVDR) or clinical benefit (MDR), performance in the target population, and safety in clinical use. This may involve literature reviews, analytical validation, clinical performance studies, and/or real-world performance data. MDx designs targeted clinical evidence strategies that align with your software’s specific regulatory pathway and risk classification.

  • How do you manage post-market surveillance for software that undergoes frequent updates?

    Post-market surveillance for frequently updated software requires a robust change management process, clear documentation of version changes, significance assessments for each update, continuous performance monitoring, and regular safety reporting. MDx develops comprehensive PMS plans specific to software products, including criteria for determining when updates require regulatory notification or new conformity assessment.

Expert Software Regulatory Solutions for Digital Health Innovation

Whether you’re developing AI-driven diagnostics, mobile health applications, or complex SaMD systems, MDx delivers the specialized regulatory expertise you need for global market access and compliance.

Navigate Digital Innovation. Achieve Regulatory Success.

Book a Software Regulatory Assessment Explore Our SaMD Compliance Guide
Request the Precision Medicine Services Pack​
Gain access to MDx’s Precision Medicine Services Pack—detailing our capabilities in clinical research, regulatory strategy, and companion diagnostics. Learn how we support pharma, CDx, and advanced therapy developers across the clinical and regulatory lifecycle.
We respect your privacy. All information submitted will 
remain confidential.
Checkboxes