The new article highlights the aspects related to post market activities intended to ensure continuous safety and proper performance of medical devices allowed to be marketed and used in the country.

The Medicines and Healthcare Products Regulatory Agency (MHRA), the UK regulating authority in the sphere of healthcare products, has published a guidance document dedicated to the changes to be implemented to the existing regulatory framework for software and Artificial Intelligence (AI)-based products subject to regulation as medical devices. The document outlines the most important changes and amendments the authority intends to implement in order to facilitate and streamline the regulatory procedures and reduce the regulatory burden while ensuring the safety, quality, and proper performance of medical devices allowed to be marketed and used in the country. Provisions of the document are non-binding in their legal nature, nor are intended to introduce new rules or impose new obligations. The authority also reserves the right to make changes to the approach suggested, should such changes be reasonably necessary based on the new information becoming available to the MHRA

Post Market: Problematic

When it takes to post market surveillance activities, the authority acknowledges the need for further improvement of the signaling system ensuring the authority is duly notified of any issues associated with the products placed on the country’s market. This is vitally important in order to allow the authority to identify potential risks and take the actions necessary to ensure the safety of patients by preventing incidents and mitigating the consequences of the ones that occurred. Furthermore, efficient change management procedures are required in order to ensure the changes made to software- and AI-based medical devices would not affect their safety and performance. 

According to the document, the main objectives established by the authority are:

  1. Strengthen [the] post market surveillance system to support quicker and more comprehensive capture of adverse incidents for SaMD, enabling better detection of safety signals;
  2. Consider how to utilize real-world evidence to provide further assistance that SaMD functions as intended, maintains performance, and continues to provide assurance with respect to safety by supporting investigation of signals;
  3. Articulate clear change management requirements for SaMD. 

The document further describes in detail how exactly each of the abovementioned goals could be achieved. 


First of all, the authority intends to review the existing system of adverse incident signal detection applicable with respect to SaMD. The authority has already carried out a high-level analysis and identified the points requiring the most attention. In order to improve the existing framework and the overall effectiveness of the regulatory processes it provides, the authority intends to: 

  • Assess the use of additional sources of data related to adverse events;
  • Take the steps encouraging further use of the Yellow Card Scheme for reporting adverse events;
  • Improve the effectiveness of data processing;
  • Assess and determine the need for additional revision of standard operating procedures ensuring prompt notifications about adverse events associated with software- and AI-based medical devices. 

As a result, the authority expects to reduce the delay in receiving the details of adverse events taking place, as well as to improve the accuracy of the signals the authority receives. 

Regulatory Guidance 

In order to assist medical device manufacturers and all the parties involved in operations with medical devices allowed to be marketed and used in the country, the authority also intends to revise existing ones and issue additional guidance documents providing additional clarifications regarding the applicable regulatory requirements in the sphere of incident reporting. The authority acknowledges that some of the concepts are quite unclear, and this creates certain issues for the interpretation of the requirements set forth by the current regulations. According to the guidance, additional clarifications the authority intends to issue would cover: 

  • Determination of a reportable event, including the use of a concept of “indirect harm”;
  • Reporting requirements (examples will be provided to illustrate the way the requirements should be followed);
  • Harm resulting from medical decisions, actions taken and not taken based on the information provided by the device;
  • Further steps to be taken once an incident has been identified;
  • Ensuring populations within the intended purpose are considered within the vigilance process. 

Change Management 

Apart from the abovementioned points, the authority will pay special attention to change management. In particular, the authority intends to issue guidance documents providing additional clarification regarding the change management requirements in the context of ensuring continuous safety and proper performance of a medical device. The new guidance document to be issued by the MHRA is expected to outline and establish the following:

  • The key principles of change management in software and how change management links to the earlier deliverable Best practice SaMD development and deployment;
  • How change management links to quality management systems, risk management, and other requirements;
  • That change should be anticipated, planned, and documented;
  • That there is an obligation to actively monitor and collect information to avoid degradation in performance over time;
  • [Distinction] between international change anticipated by the predetermined change control plan, intentional or unintentional change not anticipated by that plan, and changes to the intended purpose of the device.


Secondary Legislation 

The authority also intends to make certain changes to the secondary legislation addressing specific matters associated with post market surveillance activities for software- and AI-based medical devices. In particular, these changes would address the following aspects:

  • Change management process in connection to the current quality management and risk management procedures;
  • The way the performance of the device should be tracked (metrics to be used);
  • The way the above is connected to the product’s lifecycle.


In summary, the present roadmap issued by the MHRA outlines the key points related to the upcoming changes to the regulatory framework the authority intends to implement in order to ensure the continuous safety and effectiveness of SaMD. Apart from introducing amendments to the respective legislation, the authority intends to issue guidance documents providing additional clarifications and recommendations to be considered by the parties involved. 

How Can RegDesk Help?

RegDesk is a holistic Regulatory Information Management System that provides medical device and pharma companies with regulatory intelligence for over 120 markets worldwide. It can help you prepare and publish global applications, manage standards, run change assessments, and obtain real-time alerts on regulatory changes through a centralized platform. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Global expansion has never been this simple.