The article describes in detail the further quality requirements imposed with respect to digital health applications intended to be marketed and used in Germany.

BfArM medical device regulations

The German regulating authority in the sphere of healthcare products (BfArM) has published a guidance document dedicated to digital health applications (DiGA). 

The document describes in detail the applicable regulatory requirements and also provides additional clarifications and recommendations to be taken into consideration by medical device manufacturers and other parties involved in order to ensure compliance thereto. 

The authority also reserves the right to make changes to the guidance, should such changes be reasonably necessary to reflect corresponding changes to the underlying legislation.

Quality Requirements for DiGA: Key Points 

By the applicable regulatory requirements, digital health applications should comply with several quality requirements in addition to interoperability. 

These criteria are detailed in the DiGAV document, and manufacturers must complete the checklists provided. This appendix outlines the need for certain information to be made available on a “Sales Platform” or an “Application Website”. 

The sales platform refers to the medium through which insured individuals access and install a DiGA.

The application website, on the other hand, is a manufacturer-operated platform that offers comprehensive information about the DiGA to various stakeholders, including active users and potential users. 

The guidance further describes in detail some of these requirements to assist medical device manufacturers (software developers) in ensuring compliance thereto.

FDA Guidance on Distinguishing Medical Device Recalls from Enhancements: Key Concepts and Definitions


One of the first requirements described in the guidance is robustness.

  • General Robustness: DiGA should function without disruptions, data loss, or connection issues. Any errors in data entries or transfers must not compromise the integrity of the database.
  • External Events: Manufacturers must address common malfunctions, such as power failures and internet disconnections, ensuring no data loss. Users should also have the ability to reset the DiGA to its default state.
  • Connection of Devices: DiGAs using external devices or sensors should have mechanisms to confirm their proper functioning.
    For instance, a camera-based DiGA might require users to photograph a reference image to test its functionality.
  • Operational Errors: DiGA should minimize errors by subjecting all data to plausibility checks, ensuring consistency and application status.

Consumer Protection

Another set of requirements described in the guidance relates to consumer protection. According to the document, these requirements include:

  • Transparency: Manufacturers must be transparent about the purpose, functionality, and pricing of the DiGA on the sales platform or application website.
  • Compatibility: Clear compatibility details for hardware and software must be provided to ensure users can ascertain if the DiGA fits their needs and technical circumstances.
  • In-App Purchases: While additional in-app purchases can be offered, they must adhere to specific guidelines.
    They shouldn’t be automatically renewed, and accidental purchases should be avoidable.
  • Advertising: Advertising, whether for the manufacturer’s products or third-party offers, is strictly prohibited in DiGA.

User Friendliness

As further explained by the authority, DiGA must be intuitive and user-friendly. While experienced users should find the interface familiar, newcomers should also find it easy to navigate.
Additionally, DiGA should offer accessibility features for those with disabilities, addressing vision, hearing, and motor skills challenges.

Support for Service Providers

In accordance with the applicable legislation, medical device manufacturers (software developers) should also provide proper support to customers and service providers.

In particular, the following requirements should be followed:

  • Information Provision: DiGA manufacturers must provide clear information about user roles and how service providers fit into the application’s context.
  • Additional Information: For each role outlined, manufacturers must provide further details addressing responsibilities, legal frameworks, interactions, and explanations for the DiGA’s therapeutic use.

Medical Knowledge and Patient Safety 

DiGA must be based on secure medical knowledge and comply with the relevant professional standards.

The information provided to insured users should be current and derived from reliable sources, such as medical guidelines or established studies.

Any studies related to the DiGA’s claims should be explicitly mentioned.

Manufacturers are also obliged to ensure the safety of DiGA users.

Thus, additional measures are necessary to address potential residual risks.

Users must be made aware of any conditions where they might need to consult professionals or discontinue the use of a DiGA.


In summary, the present guidance provides a comprehensive overview of the quality requirements for Digital Health Applications as set forth under the existing legal framework.
It emphasizes the importance of robustness, user-friendliness, transparency, consumer protection, support for service providers, adherence to medical standards, and patient safety.

How Can RegDesk Help?

RegDesk is a holistic Regulatory Information Management System that provides medical device and pharma companies with regulatory intelligence for over 120 markets worldwide. It can help you prepare and publish global applications, manage standards, run change assessments, and obtain real-time alerts on regulatory changes through a centralized platform. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Global expansion has never been this simple.