The COVID – 19 pandemic, acted as a catalyst to accelerate the uptake of technological solutions in the healthcare industry, for the purposes of monitoring, diagnosis, treatment, prevention of diseases and disorders alike. A recalibration of interests during a tumultuous period has refocused the demographic’s attention on their personal health, with wearable devices, applications to monitor vital statistics, provide lifestyle advisories, garnering widespread interest.

The regulators have taken a proactive approach to provide legislative guidance for the regulation of the new age digital solutions in healthcare, and further harness the technologies to create a cooperative healthcare ecosystem within the country. The Medical Device Rules, 2017 (MD Rules), modeled after Food and Drug Administration of USA (FDA) regulations and the European Union Medical Devices Regulations (EU MDR), provides for a regulatory framework in India for the manufacture and sale of medical devices in India.

Medical Device Rules, 2017

It is interesting to note that MD Rules introduced the concept of a software as a medical device, whether as a part of a hardware component or as a stand-alone product, subject to onerous testing requirements and regulatory approval. Typically, software medical device [in combination with hardware product or standalone basis] qualify as in vitro diagnostic medical devices .

The MD Rules imposes a risk-based approach to classify and regulate medical devices, and mandates submission of detailed information on the software design and development process and evidence of the validation of the software, as used in the finished device .

MD Rules further imposes quality management checks upon the manufacturer of the medical device; manufacturers are required to establish documented procedures and maintain records for the validation of the application of computer software (and its changes to such software or its application) for production and service provision that affect the ability of the product conform to specified requirement.

The MD Rules were issued in 2017, and have been further amended, to bolster the regulatory framework to govern the quality and standard of medical devices. It is pertinent to note however, that the provisions of these Rules are broad-ranging, universally applicable upon all forms and classes of medical devices; there is an urgent need to update/ modernize the regulations, in view of the considerable new age solutions available in healthcare technology. This is evidenced by the renewed legislative focus in USA and EU, where discussions have commenced to modernize the medical device regulation ecosystem.

Legislative Action in Parallel Jurisdictions

Consumer safety and wellbeing represents the guiding principles for any policy discussion/ decision in the healthcare industry. The prevalence of real time data on an ongoing basis, with the use of wearables and smart devices, has germinated the concept of “gamification of the human body”, and permits consumers to make proactive decisions on their lifestyle, basis the inputs from these devices. Further, artificial intelligence capabilities are being increasingly relied upon to create new and important insights from the vast amount of data generated during the delivery of health care every day.

In view of the same, regulators have sprung into action across jurisdictions, to commence discussions, inviting stakeholder consultations and legislating upon the pertinent issues in relation to the new age software medical devices, discussed herein.

Wearable Smart Devices

Remote or wearable patient monitoring devices include (1) non-invasive remote monitoring devices that measure or detect common physiological parameters and, (2) non-invasive monitoring devices that wirelessly transmit patient information to their health care provider or other monitoring entity. In view of the garnering consumer interest and industry applications, the FDA released a guidance document in 2016 to provide clarity on the definition of a general wellness device.

The guidance document defines general wellness products as products that meet the following two factors: (1) are intended for only general wellness use, as defined in this guidance, and (2) present a low risk to the safety of users and other persons. General wellness products may include exercise equipment, audio recordings, video games, software programs and other products that are commonly, though not exclusively, available from retail establishments (including online retailers and distributors that offer software to be directly downloaded), when consistent with the two factors above.

Citing low risk levels associated with such products, the guidance document purports to classify wearable medical devices such as heart rate monitors (Apple Watch) and applications like MyFitnessPal as general wellness products. The distinction between a general wellness product and a medical device is vital to ensure undue compliances, conditions are not imposed upon unsophisticated devices, which do not make claims bout medical benefits such as disease prevention, treatment, mitigation, or cure.

It is further interesting to note that the FDA document scopes in applications as well under the scope of general wellness products, subject to its compliance with all the conditions. We may surmise that an application may further qualify as a medical device, should it qualify per the necessary conditions imposed in law.

Similar guidance documents have been issued by UK’s Medicines and Healthcare products Regulatory Agency (MHRA) to determine if a particular product would qualify as a medical device. Further, reliance has been placed on the “intended purpose” of the device itself, to determine its standing in law. For instance, a wearable device may collect, analyze and process the heart rates of a person, and may be regulated separately as under:

  • In the event the analysis is done to determine the proper functioning of the body, and keep track of the general health, condition of the heart [general wellness device]
  • In the event the analysis is done to determine if the person suffers from tachycardia and similar ailments. [medical device]

AI/ ML in software devices

The discussion around regulation of AI/ ML capabilities in medical devices germinated in 2019, vide the issuance of a discussion paper by the FDA, which described the agency’s plan to regulate premarket review for AI and ML driven software modifications. Basis inputs from stakeholders and further review by the agencies, the FDA published an action plan on AI-ML‒based SaMD.

The action plan discussed the need for a tailored regulatory framework for AI/ ML based SaMD, and further encourage robust methodological framework for the evaluation and implementation of machine learning algorithms, including identification and elimination of bias and promotion of algorithm robustness in scientific community. The action plan further stresses upon the need for a robust cybersecurity network to build patient confidence in these technologies.

The European framework around medical device and AI regulation is governed by the EU MDR and In Vitro Diagnostic Regulations (IVDR), that, came into force on 26 May 2021. Further, with the notification of the Artificial Intelligence Act, clarity will be sought on its alignment with the existing regulatory frameworks, which may create duplicate quality control mechanisms, testing protocols for the use of AI/ ML solutions in medical devices .

Singapore has co-developed a set of recommendations, in association with state regulators, to encourage the safe development and implementation of AI centric medical devices . In addition, the document also provides better clarity to industry stakeholders on the regulatory requirements for AI centric medical devices. The exclusive aim is to support patient safety and to improve trust in the ecosystem.


Lawful and legitimate processing of health data has the potential to unlock new benefits for the end users, and has the potential to overhaul the global healthcare industry. However, regulators must muster all their regulatory might to rein in and administer the innovative bug of developers and manufacturers worldwide.

Regulation in this area will undoubtedly increase compliance burden, but also provide the necessary clarity, reduce litigation risks, and give SaMD manufacturers with the confidence they need to innovate and leverage these new age technologies in the healthcare sector to its maximum extent. Continuous dialogue between stakeholders is key in this respect, to ensure that the legacy of Therac – 25 is not repeated in the modern age. The only consolation being, the regulators have now the keenness to prevail over such untoward incidents, and also proscribe such actions from repeating themselves.

In a peculiar set-up that the healthcare industry is, reliance on self-governing, automated processes would mean not just boosting consumer confidence, but also having the necessary buy-in from the practitioner who is wielding the tool. Till the healthcare practitioner, is convinced of the efficacy and the purported utility of the solutions, the ethical concerns, biases in the systems cannot be completely eroded. We have seen in past that there is an inherent risk in adoption and reliance on techniques which are driven by Artificial Intelligence and Machine Learning. With new technologies and solutions being brought to the fore, it should not be a case of “overpromise” and “under-delivery”. At the end of the day, any perceived “dehumanization” of the healthcare sector will cause great disbalance and disservice.

Bagmisikha Puhan, Associate Partner

Bagmisikha is a technology lawyer with about seven years of experience. Her primary areas of practice are regulatory advisory and general corporate and commercial with specific emphasis on subject areas such as privacy, healthcare, telecommunications and space commercial. She has advised clients in creating privacy frameworks and has helped them implement the same at an enterprise level. She has advised and assisted healthcare institutions and associations in government agencies for regulatory and policy matters.

Siddhant Gupta, Associate

Siddhant Gupta is an Associate with TMT Law Practice. He is a graduate of the 2015-2020 batch from Symbiosis Law School, Pune and his core areas of interest lies in the areas of Intellectual Property Laws, Media and Entertainment Laws. Siddhant has previous internship experience in intellectual property and litigation fields and interned with TMT Law Practice in 2020. During his time with TMT Law Practice, Siddhant gained valuable experience in the sectors of Telemedicine, Data Privacy, Gaming Laws and Corporate Laws.

    Internship Opportunities

    Upload CV

      Work With Us