Software, including mobile apps, is classified as a medical device under section “41BD of the Therapeutic Goods Act of 1989”, unless an exception applies. The term "software-based medical device" refers to software that fit the definition of a medical device under one of two circumstances: either it is integrated into, or depends on, specific hardware to operate as intended, or it is a standalone piece of software that is also referred to as a medical device (SaMD). In Australia, the Therapeutic Goods Administration (TGA) is in charge of regulating both.

The guidance includes the
classification rules, and it hence allows manufacturers to determine how their software-based active medical devices will be classified as.

The TGA has made changes to the legislation governing software-based medical devices, including software that serves as a medical device itself. The regulation of software-based medical devices is including software as a medical device (SaMD). The revision took effect on 25 February 2021 and are summarised in the
guidance that provides a summary for the devices that require reclassification and the transitional options available.

Due to the severity of the cybersecurity issue with software,
guidance on cybersecurity for medical devices and IVDs has been released to users including consumers and health professionals.

Considering data collection components used by Software as a Medical Device (SaMD) integrated into smart devices, tablets, laptops and similar digital hardware, regulatory updates released by the TGA are outlined as follows:

  • The smart devices, which are end consumer products (e.g. smart phones, tablets and laptops) where the data collection component is integrated, such as sensors, are not required to be included in Australian Register of Therapeutic Goods (ARTG);
  • The SaMD is required to be validated against the data collection component(s) and/or smart device to demonstrate compliance with the essential principles for the intended use of the SaMD to ensure it is safe and meet with the intended purpose;
  • The level of scrutiny applied to the data collection component(s) would reflect with the level of risk in relation to the intended use. Here is an example provided by the TGA:
  • Given that there is a Class III SaMD intended for diagnosis of a life-threatening disease or condition, a high level of scrutiny is expected, requiring the validation of any sensors used to fulfill its intended use, such as a camera.

In conclusion, SaMDs must be included in the ARTG in order to be supplied in Australia, together with documentation of validation against the data collection component(s) using the appropriate testing. However, the data collection component(s) itself is not necessary to be included in the ARTG if it is integrated into a smart device to the end consumer.

The TGA has provided a guideline and FAQs to assist developers and users of software to be supplied for use in Australia on the purpose of health or medical care. For further information on the regulation of software-based medical devices, please see the guidance on the topic published on the TGA website.



TGA References:

  1. Regulation of software based medical devices
  2. Software-based medical devices FAQs
  3. Is my software regulated?
  4. Examples of regulated and unregulated software (excluded) software based medical devices
  5. Clinical decision support software
  6. Cyber security for medical devices and IVDs