Skip to content

MDR (Regulation (EU) 2017/745)

We are not lawyers, this is not legal advise.

It is your responsibility to discover what law applies to you and how to best comply with it. In case of doubt, consult your Data Protection Officer (DPO) or equivalent.


Fully implementing MDR entails a lot of work. Start by employing, hiring or training a person responsible for compliance with MDR. (MDR Art. 15)

This page only points you to the MDR concerns relevant for Compliant Kubernetes.

If you place or make a medical device available, or put them into service, on the European market, then you must comply with the Medical Device Regulation (MDR).

At least one application running on top of Compliant Kubernetes was certified according to MDR as a software medical device class IIa.

Article 110: Data protection

This article makes explicit reference to GDPR. See GDPR controls.

Annex I: General Safety and Performance Requirements

This annex makes reference to information security, for example in 17.2. You might want to check ISO 27001 controls, since that is one of the most recognized information security standards.

This annex makes explicit reference to change management, for example in 6.5.2 and 6.5.3.

See how many environments to reduce the risk associated with updating the Compliant Kubernetes environments hosting your software medical device. While rather unlikely, you really want to make sure that your software medical device preserves its original performance with the new version of Kubernetes.

Further reading