MDR (Regulation (EU) 2017/745)

We are not lawyers, this is not legal advise.

It is your responsibility to discover what law applies to you and how to best comply with it. In case of doubt, consult your Data Protection Officer (DPO) or equivalent.

Note

CE certification of a medical device according to the EU MDR can lead a huge commercial benefit, but it is a significant project. To start the certification process thorough knowledge of the regulation is required.

This page only points you to the MDR concerns relevant for Compliant Kubernetes.

If you place or make a medical device available, or put them into service, on the European market, then you must comply with the Medical Device Regulation (MDR).

As of 2023, there is at least one Medical Device Software running on Compliant Kubernetes that is CE certified according to MDR class IIa.

Article 110: Data protection

This article makes explicit reference to GDPR. See GDPR controls.

Annex I: General Safety and Performance Requirements

This annex makes reference to information security, for example in 17.2. You might want to check ISO 27001 controls, since that is one of the most recognized information security standards.

Annex VI: UDI-related

This annex makes explicit reference to change management, for example in 6.5.2 and 6.5.3.

See how many environments to reduce the risk associated with updating the Compliant Kubernetes environments hosting your software medical device. While rather unlikely, you really want to make sure that your software medical device preserves its original performance with the new version of Kubernetes.

MDR Annex VI UDI-related

• How many environments?

Further reading

• Regulation (EU) 2017/745 on Medical Devices
• Medicintekniska produkter on IVO