This whitepaper is aimed at discussing Software as a Medical Device (SaMD) and Medical Device Software (MDSW), the similarities and differences between the two, their regulatory landscape, SaMD / MDSW that are not regulated, their QMS requirements, application of IEC 62304, benefits, challenges faced by SaMD / MDSW manufacturers and how Cyient can help various Medical device companies comply and expedite SaMD / MDSW compliance.


In 2007, the Swedish Medical Products Agency observed that software was the root cause of the top 10 incidents in healthcare. For example, medical data lost from a temporary database, medication assigned to the wrong patient, the wrong dose calculated, failure to caution that a patient is allergic to an active substance, and more., In several cases, software happened to cause the death of a patient as well. It was also found that a lot of the software used in healthcare qualified as a medical device but had not undergone a conformity assessment and did not carry CE marking. Even though EU regulators had long considered that software-only products could be subject to medical device legislation, it had not been very clear to people that the term ‘device’ could also be applicable to something intangible like software.

In 2009, at the presidency of the Council of the European Union, Sweden took the issue forward and convinced other regulators to add the word ‘software’ to the EU definition of ‘medical device’. In 2011, the Global Harmonization Task Force (GHTF), the predecessor of the International Medical Device Regulators Forum (IMDRF), also changed its definition causing a ripple effect across the world. Following the direction of the World Health Organization (WHO), other countries started putting in place medical device legislation and leveraged the new GHTF definition for ‘medical device’, in effect, regulating Software as a Medical Device (SaMD). Later, in 2013, IMDRF published its guidance to clarify what software it considers to be a medical device. The IMDRF defines ‘SaMD’ as ‘software intended to be used for one or more medical purposes that perform these purposes ‘without being part of a hardware medical device’. The IMDRF provides clarification through notes, further supplemented by U.S. Food & Drug Administration (FDA) guidance. An important clarification is that the italicized term does not refer to the physical location from where the software is running but to the regulatory status of the software. Software can run on general-purpose IT equipment in the ‘cloud’ as well as on the computing platform of a hardware medical device and still be SaMD. When the hardware medical device needs the software to achieve its intended medical purpose, the software is not SaMD but part of the medical device in the regulatory meaning of the term. For example, consider software for automatic nerve detection intended to run on the computing platform of an ultrasound device. A manufacturer can place such software on the market as SaMD or as part of the ultrasound device, depending on whether the manufacturer wants to assign the nerve detection claim to the ultrasound device or just to the software. Software that does not fulfill a medical purpose on its own, on the other hand, is not SaMD. For example, software intended to solely drive an ultrasound transducer can be placed on the market as an integral part of the ultrasound device or as an accessory of the ultrasound device.

The use of software has revolutionized the healthcare industry, transforming the way medical devices are developed, used, and regulated. SaMD, in particular, is gaining prominence due to its capacity to deliver accurate and real-time information and personalized solutions.


Overview of Software as a Medical Device (SaMD)

Software as a Medical Device (SaMD) is defined by the International Medical Device Regulators Forum (IMDRF) as "software intended to be used for one or more medical purposes that perform these purposes without being part of a hardware medical device."

It is designed to perform medical functions such as diagnosis, prevention, monitoring, treatment, or management of diseases or medical conditions. Unlike traditional medical devices, SaMD operates solely through software code, algorithms, or applications, and does not require a separate physical hardware component to function.

The key distinguishing feature of SaMD is its ability to transform raw data from medical devices, inputs from users, or other sources into valuable medical information, diagnostic insights, or actionable medical recommendations. SaMD operates across a wide range of platforms including mobile apps, cloud-based platforms, wearables, and standalone software programs, empowering healthcare professionals and patients to make informed decisions and improve patient outcomes.

To be considered as SaMD, the software must meet specific regulatory criteria outlined by relevant health authorities, such as the U.S. Food and Drug Administration (FDA) or the European Medicines Agency (EMA). These criteria typically include the software's intended use, risk classification, and potential impact on patient safety and public health.

Unique features of SaMD

  • Use of software codes, algorithms, or applications to perform medical functions
  • Ability to evolve and adapt over time allowing for continuous improvement by incorporating the latest medical knowledge, advances in technology, and user feedback which can lead to improved performance and accuracy
  • Compatibility with a vast range of medical devices
  • Real-time data processing
  • Ability to deliver personalized and conceptualized information
  • Ease of connectivity and accessibility through various devices and platforms, such as mobile apps, web browsers, and cloud-based services. This accessibility enables patients and healthcare providers to access medical information from virtually anywhere
  • Robust data security measures and privacy protections are critical to safeguard patient data from unauthorized access, breaches, or misuse

Overview of Medical Device Software (MDSW)

Medical Device Software (MDSW) is software that is intended to be used, alone or in combination, for a purpose as specified in the definition of a “medical device” in the EU MDR-2017/745 or EU IVDR-2017/746 regardless of whether the software is independent or driving or influencing the use of a medical device. The classification of MDSW is as per the Annex VIII of EU MDR & EU IVDR.



Major difference between SaMD and MDSW

SaMD cannot drive a medical device however MDSW can. In other words, a software that drives a medical device does not fall under SaMD but it falls under MDSW. All SaMDs fall under MDSW but all MDSW do not fall under SaMD.


Classification of SaMD and MDSW

In the US, a medical device manufacturer typically classifies its SaMD by browsing through FDA databases to determine the applicable product code and matching device class. If no code appears to fit, the manufacturer can submit a request for information to the FDA – a straightforward approach that leads to Class I, II or III classification, requiring, respectively, a registration, a 510(k) submission/De Novo submission or a Premarket Assessment (PMA).

Classification in the EU is more complex. The EU MDR distinguishes Class I, IIa, IIb and III, whereas the EU IVDR uses letters to distinguish the classes: Class A, B, C and D. The MDR also makes a distinction for Class I devices that contain a measuring function, are reusable surgical instruments or are sterile. Only Class I devices that are not sterile, not reusable surgical instruments, and do not contain measuring functionality and Class A IVDs do not require a Notified Body. The class also affects the Notified Body sampling frequency and the type and frequency of reporting. In addition, all medical devices require a clinical evaluation or a performance evaluation. Many devices and almost all Class III devices and Class IIb implantable devices will require a clinical investigation. Not carrying out a clinical investigation requires a documented justification.

SaMD and MDSW Regulatory Landscape (US and Europe)

The US FDA has released guidance documents for SaMD to help Medical Device manufacturers comply with their requirements. In the case of Europe, EU MDR-2017/745 and EU IVDR-2017/746 hold good to help Medical Device companies ensure compliance to European Regulatory requirements.

SaMD and MDSW that is not regulated

  • In Europe, MDSW with functionality that is limited to storage, communication, lossless compression or simple searching is not regulated
  • In the US, information from SaMD to clinical management is not regulated if it is intended for a healthcare professional to independently review and understand the basis of the software recommendation, on the condition that the software does not perform signal or image acquisition, processing or analysis. Consequently, the EU regulation has a larger scope than that of the US including significantly more clinical decisions-support software to inform clinical management, such as drug–drug interaction and allergy checkers
  • EU and US do not regulate MDSW and SaMD intended for conducting clinical investigations or population and epidemiological studies because such software is not intended for providing diagnosis or treatment information for an individual, even though it might use data from individuals

SaMD and MDSW that is not regulated


SaMD medical device manufacturers shall comply with US FDA 21 CFR Part 820 (QSR) and SOTA version of ISO13485 to ensure compliance to US and EU markets.

SaMD/ MDSW and IEC 62304

IEC 62304 applies to the development and lifecycle process of MDSW and SaMD in which a software itself is a medical device or when the software is an embedded or integral part of the final medical device.

IEC 62304 relationship with other standards


Reference Standard Description and Relationship to IEC 62304
ISO 13485 Quality management systems for medical devices. IEC 62304 aligns with ISO 13485's principles of quality management and emphasizes documentation and traceability.
ISO 14971 This standard outlines the principles of risk management for medical devices. IEC 62304 incorporates risk management activities and considerations for software development within the context of medical devices.
IEC 60601-1 Applies to medical electrical equipment and systems, and provides general safety requirements. IEC 62304 complements this standard by focusing specifically on software aspects within medical devices.
IEC 61508 A generic standard for functional safety of electrical and electronic systems. IEC 62304 adapts and tailors some of the concepts from IEC 61508 to the context of medical device software.
IEC 62366-1 Addresses usability engineering for medical devices. IEC 62304 references usability engineering processes and integration of usability activities within software development.
IEC 61010-1 Addresses electrical test and measuring equipment, electrical control equipment and electrical laboratory equipment. Only a part of the laboratory equipment is used in a medical environment or as In Vitro Diagnostic equipment (IVD).
IEC 12207 Addresses requirements for software life cycle processes in general, i.e. not restricted to medical devices.


IEC 62304 relationship with other standards

Software Safety classification as per IEC 62304

The manufacturer of SaMD shall assign to each software system, a software safety class (A, B, or C), according to the risk of harm to the patient, operator, or other people resulting from a hazardous situation to which the software system can contribute in a worst-case scenario as indicated in the flowchart below

Software Safety classification as per IEC 62304

Benefits and Application of SaMD / MDSW

Some of the key challenges faced by Medical SaMD manufacturers are

Increased Accessibility and Convenience

SaMD can be accessed through various digital platforms, including mobile apps, web browsers, and cloud-based services. This accessibility allows patients and healthcare providers to access critical medical information and insights conveniently, regardless of their physical location.

Real-time Monitoring and Data Analysis

Enables real-time monitoring of patients' health conditions and can process vast amounts of data quickly.

Personalized Healthcare

Delivers the potential to analyze individual patient data and provide personalized medical insights and treatment recommendations.

Clinical Decision Support

Provides healthcare professionals with evidence-based recommendations, diagnostic support, and treatment options.

Enhanced Efficiency and Workflow Integration

Streamlines healthcare workflows by automating tasks, data analysis, and reporting.

Remote Healthcare Delivery

Facilitates telemedicine and remote consultations, enabling patients to receive medical advice, prescriptions and monitoring without the need for in-person visits.


More cost-effective than traditional medical devices, as it eliminates the need for expensive physical hardware.

Data-driven Insights

Analyzes and interprets large datasets, providing valuable insights into population health trends and disease patterns.

Promoting Patient Engagement and Empowerment

Empowers patients to take an active role in managing their health by providing them with access to personalized health information and self-monitoring tools.

Benefits and Application of SaMD / MDSW

Challenges faced by SaMD / MDSW manufacturers

Some of the key challenges faced by Medical SaMD manufacturers are

Regulatory Compliance

Meeting the SaMD regulatory requirements can be complex and time consuming.

Clinical Evidence and Validation

Conducting clinical studies and obtaining sufficient data to demonstrate the safety and effectiveness support claims can be challenging, especially for SaMD targeting novel medical applications or operating with rapidly evolving technology.

Interoperability and Integration

Ensuring seamless integration of SaMD with existing healthcare systems and devices can be challenging. Compatibility issues, data exchange, and interoperability standards must be carefully addressed to facilitate smooth communication between different healthcare platforms.

Data Security and Privacy

SaMD often deals with sensitive patient health information. Therefore, robust data security and privacy measures are essential to protect patient data from unauthorized access, breaches, or misuse.

Cybersecurity Risks

As SaMD relies on software and digital networks, it is vulnerable to cybersecurity threats and attacks. Manufacturers must implement stringent cybersecurity measures to safeguard against data breaches and potential harm to patients.

Software Updates and Maintenance

SaMD requires regular updates to remain current with medical knowledge and technological advancements. Ensuring that software updates are timely, seamless, and do not disrupt device functionality is crucial.

User Acceptance and Adoption

The successful adoption of SaMD depends on user acceptance by healthcare professionals, patients and caregivers. Demonstrating the usability, reliability, and userfriendliness of the software is essential for widespread adoption.

Interpreting Regulatory Guidance for AI and Machine Learning

For SaMD that employs artificial intelligence (AI) or machine learning (ML) algorithms, there can be challenges in interpreting and adhering to the specific regulatory requirements and guidelines for AI/ML-based medical devices.

Educating Healthcare Providers

Introducing novel SaMD technologies may require educating healthcare providers about their proper use, limitations, and integration into clinical workflows. Ensuring that healthcare professionals understand the benefits and potential risks associated with SaMD is crucial for successful implementation.

Cost and Resources

Developing SaMD that meets regulatory requirements, conducting clinical studies and maintaining compliance can be resource-intensive and costly. Smaller companies and startups may face financial limitations in meeting these demands.

SaMD / MDSW – the way forward

Software as a Medical Device holds immense promise for the future of healthcare. The SaMD industry has seen significant growth and development in recent years due to technological advancements and increased demand for digital health solutions. As technology continues to advance, SaMD will become increasingly sophisticated, leveraging artificial intelligence, machine learning and predictive analytics. This will enable more accurate diagnoses, personalized treatment plans and early intervention to prevent diseases. Some of the applications of SaMD include


A form of healthcare that involves the use of telecommunications technology such as video calls, phone calls, and internet-based platforms, to provide medical consultations, diagnoses, treatment, and health-related information remotely

Artificial Intelligence and Machine Learning

Leveraging AI and ML to develop diagnosis, decisionmaking, and personalized treatment solutions

Wearables and IoT devices

Developing innovative solutions that integrate with these devices to provide real-time monitoring and tracking of health metrics


SaMD / MDSW stands at the forefront of a transformative era in healthcare, where digital innovation and medical technology converge to reshape the landscape of patient care and medical decision-making. With the potential to improve patient outcomes, personalized medicine, and reduce healthcare costs, SaMD / MDSW holds great promise for the future of medicine. However, its adoption comes with significant regulatory considerations to ensure patient safety, data security, and the efficacy of these technologies. By addressing the challenges, harmonizing regulatory approaches, and fostering collaboration between stakeholders, the healthcare industry can fully harness the potential of SaMD / MDSW to revolutionize patient care.

Using CyARC – Cyient Accelerated Regulatory Platform, Cyient can help accelerate SaMD / MDSW compliance to Global markets such as Europe and US. Empowered by our Quality Assurance and Regulatory Affairs (QARA) CoE, Cyient has certified professionals across all functions including software. Professionals who have the required skill sets and expertise to support medical device companies throughout the lifecycle process of SaMD / MDSW.

About the Author

Abhishek Kumar-1

Abhishek Kumar is an SME in medical device regulatory and quality assurance services. With 12+ years of experience, he has successfully led multiple engagement programs for US, Europe, China, and ASEAN markets for NPD and sustenance. Additionally, Abhishek has prepared and implemented the regulatory plan for NPD for 90+ countries by analyzing project feasibility, freezing regulatory requirements, and coordinating with various cross-functional teams.

About Cyient

Cyient (Estd: 1991, NSE: CYIENT) is a leading global engineering and technology solutions company. We are a Design, Build, and Maintain partner for leading organizations worldwide. We leverage digital technologies, advanced analytics capabilities, and our domain knowledge and technical expertise, to solve complex business problems.

We partner with customers to operate as part of their extended team in ways that best suit their organization’s culture and requirements. Our industry focus includes aerospace and defense, healthcare, telecommunications, rail transportation, semiconductor, geospatial, industrial, and energy. We are committed to designing tomorrow together with our stakeholders and being a culturally inclusive, socially responsible, and environmentally sustainable organization.

For more information, please visit www.cyient.com