CE marking certification for Medical Device Software: a step-by-step guide

Małgorzata Kawałkowska

Content Specialist

The recent introduction of EU MDR brought many changes to the CE marking certification process. There are more requirements to fulfill, which makes the process more complex and much more time-consuming.  

To avoid a scenario when the only thing that stops you from releasing your Medical Device Software to the market is the ongoing CE marking certification, you should know when to take the first steps in this process and how to include it in your overall business strategy.  

From this blog post, prepared based on an interview with Krzysztof Minicki, Director of Healthcare and Life Sciences, you’ll get to know the steps of the CE marking process for Medical Device Software. You’ll also learn your responsibilities as a manufacturer, and thus get a better understanding of how to plan and optimise the process to avoid possible bottlenecks. 

Does your software need a CE marking?  

Since the introduction of EU MDR in May 2021, software is now classified as an active medical device. All Medical Device Software that is released to the EU market is required to have the CE marking. Otherwise, it cannot be sold within the EU. 

How to get the CE marking for Medical Device Software in the EU? What does the CE marking process look like step by step?  

As a Medical Device Software manufacturer, regardless of whether or not you outsource the manufacturing process, you are responsible for acquiring the CE marking.  

In general, the path towards obtaining the CE marking depends on the medical device’s class. Since in the light of the EU MDR Medical Device Software is considered as an active medical device, it belongs at least to class IIa. 

As per the EU MDR rules, medical devices from classes IIa, IIb and III, have to go through the conformity assessment conducted by a Notified Body. A Notified Body is a third-party organisation, accredited by a European Competent Authority, that reviews medical device technical documentation against the medical regulations and harmonised standards. As a medical device manufacturer, you can select which Notified Body you want to do the assessment for you.  

Let’s move on now to how the CE marking process for Medical Device Software looks like step by step. 

Implement a Quality Management System 

As you determine the classification of your Medical Device Software and appoint a person responsible for regulatory compliance in your organization, the next step is to create and implement a Quality Management System in accordance with Annex VIII of the MDR and ISO 13485. The compliance must be assessed and certified by a Notified Body. Moreover, the Quality Management System must include Clinical Evaluation, Post Market Surveillance and Post Market Clinical Follow-up plans.  

Technical File preparation 

In the Technical File or Design Dossier (for class III medical devices) you have to include the information about the Intended Use of your Medical Device Software, all the testing reports as well as the Clinical Evaluation Report, your risk management plan and other information specified in Annex II of the MDR. 

Also, your Medical Device Software needs to have a Unique Device Identifier (UDI), which is a special individual code that allows identifying it on the market. According to the EU MDR, it must be placed on a label on a device or its packaging. In the case of Medical Device Software, it’s usually placed in the “About” or footer section. If you have a doubt how to properly manage your labelling you can ask us about help. 

Manufacturer registration in the the EUDAMED database 

Register your Authorised Representative who will handle the regulatory matters as well as your company as a medical device manufacturer in the EUDAMED database. 

You don’t have to necessarily do it at this point. It can also be done earlier or later in the process.  

Notified Body audit

Your QMS and Technical File must now go through a Notified Body audit. Usually, the audit is conducted in two stages. First, a Notified Body checks whether the quality management processes and procedures in your company are properly implemented and compliant with ISO 13485, and then audits the Technical File. 

Issuing the CE marking certificate 

Once a Notified Body audit is completed successfully, your Medical Device Software will get a CE marking certificate, while your organisation will be granted an ISO 13485 certificate.  

The ISO 13485 certification must be renewed every year. The CE marking certificate is valid for three years but is reviewed annually during the ISO 13485 surveillance audit conducted by a Notified Body.  

Mind you, the ISO13485 certificate cannot be issued solely for a Quality Management System if you don’t have a related product.  

Declaration of Conformity  

The next step for you, the manufacturer, is to prepare a Declaration of Conformity. It’s a legally binding document in which you affirm that your Medical Device Software is compliant with the MDR. At this stage, your product becomes officially CE marked. 

Registration of the Medical Device Software in the EUDAMED database 

Now it’s time to register your software in the EUDAMED database. Keep in mind, that the UDI number must be placed for example in the “footer” or “About” section or other visible and easy-to-access places.  

That’s it – your Medical Device Software is ready to be sold on the EU market. Your duty as a manufacturer is now to keep it safe and effective. In this regard, the EU MDR requires that manufacturers conduct the Post Market Surveillance Activities. Also, each year you will undergo a Notified Body audit (also known as Post Market Clinical Follow-ups) to ensure compliance with the EU MDR. If you fail to pass it, your CE marking will become invalid.  

This is especially important for software released to the market before the introduction of the EU MDR in May 2021 because of their classification change from class I to, at least, class IIa. During the transitional period for reclassification, the manufacturers are required to perform the Clinical Evaluation, Post Market Surveillance Activities and Post Market Clinical Follow-ups required by MDR, even though their CE marking certification for class I is still valid.  

How long is the CE marking certification valid? 

The CE marking certification for classes IIa, IIb and III is valid for five years. After the five-year period, the registration of the certification must be renewed. It’s key to have it on the radar and plan the process in advance. It’s recommended to start the registration renewal at least six months before the certification expires. 

What are the estimated costs of acquiring the CE marking certification? 

The total cost of the CE marking certification process is proportionate to a device’s class. The higher the class, the bigger the risk and the more complex the process. Hence, the cost is also higher. The CE Marking certification is the most expensive for class III devices and can reach even tens of thousands of dollars. 

How long does the CE marking certification process take? 

Since there are still very few Notified Bodies, conducting the conformity assessment may take quite a long time. The time to begin a Notified Body audit varies between half a year and a year. In comparison, under the MDD it was usually a quarter. The time between an audit and approval may take up from two to even seven months. 

Why so long? The EU MDR brought in more requirements, especially for the QMS. This makes the whole process more complex and time-consuming.  

In total, the CE marking certification process may last more than a year. It’s important to take it into consideration when planning your business strategy. For example, you can optimise the process by creating an MVP first and start the CE marking Certification in the meantime, while at the same time developing your product further on.  

Need support in the CE marking certification process?  

We provide a technical file ready to be assessed for conformity by a Notified Body. Moreover, our specialists can conduct an independent conformity assessment before the official one to check what areas need improvement.  

The software we create is compliant with all legal requirements, also the IEC 62304 and ISO14971. In addition, we also provide a Technical File and offer consultation and support with completing the CE marking certification process.  

For more information, use the form below to contact Krzysztof Minicki, our Director of Healthcare and Life Sciences. 

Contact us

Leave your contact details if you need help with reclassification of your medical product
Krzysztof Minicki

    Spyrosoft collects the above data to contact you in order to process your inquiry. You can opt out of communication at any time. More information can be found in our Privacy Policy.
    background triangle