The medical device products at the European Union market must be safe and effective. To ensure this, medical device manufacturers must comply to the new regulatory requirements brought by the Medical Device Regulation (MDR) and the In Vitro Diagnostic Medical Device Regulation (IVDR). In general, the new regulations increase regulatory requirements and oversight, especially for medical software, and this is also true for requirements related to cybersecurity, which are now explicitly addressed in the legislation. The significant legislation changes currently underway, combined with increased cybersecurity requirements, create unique challenges for manufacturers to comply with the regulatory framework. In this paper, we review the new cybersecurity requirements in the light of currently available guidance documents, and pinpoint four core concepts around which cybersecurity compliance can be built. We argue that these core concepts form a foundations for cybersecurity compliance in the European Union regulatory framework.
翻译:为确保安全有效,医疗设备制造商必须遵守《医疗设备条例》和《体外诊断医疗设备条例》提出的新的监管要求。一般而言,新条例增加了监管要求和监督,特别是对医疗软件的监管要求和监督,对于目前立法中明确述及的与网络安全有关的要求也是如此。目前正在进行的重大立法改革,加上网络安全要求的增加,给制造商遵守监管框架带来了独特的挑战。我们在本文件中根据现有的指导文件审查了新的网络安全要求,并确定了可以围绕这些概念建立网络安全合规的四项核心概念。我们主张,这些核心概念构成了欧洲联盟监管框架遵守网络安全的基础。