Skip to main content

New European IVDR Guidelines Issued for Cybersecurity

NEW YORK – The European Commission's Medical Device Coordination Group recently posted a new guidance related to the new In Vitro Diagnostic Regulation in Europe. Issued in December, the 46-page document advises test makers on how to best implement cybersecurity measures under the new regulation.

MDCG includes representatives from all EU member states and is chaired by a representative of the European Commission. The same group last month published a separate guidance concerning the technical assessment of certain devices under the IVDR, which will come into force in 2022.

The cybersecurity guidance covers requirements not only contained in the IVDR, but the Medical Device Regulation, which is slated to come into force this May. It discusses security measures, including security risk management, in depth information for both manufacturers and operators related to secure design and use of IVDs, IT requirements for test makers and users, how best to liaise with healthcare providers, and issues related to postmarket surveillance.

The new guidance also covers the use of International Medical Device Regulators Forum codes to report device problems related to cybersecurity, and reviews other legislation in the area of cybersecurity, including the European General Data Protection Regulation. The document also includes an annex that provides examples of cybersecurity incidents.