Digital health is reshaping care through software that diagnoses, treats and monitors conditions across clinics, homes and remote settings. As innovation accelerates, developers face complex requirements to demonstrate safety, performance and clinical value before reaching patients. Software as a Medical Device (SaMD) and its therapeutic subset, digital therapeutics (DTx), must align with distinct yet overlapping rules in the United States and the European Union, while digital biomarkers and decentralised trial methods add further considerations. Fragmented definitions, evolving reimbursement and uneven guidance for biomarker qualification can slow progress. A clear view of core frameworks, evidence expectations and data protection duties helps teams plan compliant pathways from design to market access and post-market evaluation.
Core Frameworks and Risk Pathways
Regulatory oversight rests primarily with the US Food and Drug Administration and the European system built around the Medical Device Regulation 2017/745. SaMD encompasses software intended for medical purposes independent of hardware. DTx are software-based interventions designed to prevent, manage or treat disease and fall within SaMD. Market access hinges on correctly determining whether software is a medical device at all, since administrative or general wellbeing tools sit outside scope. Once in scope, risk classification drives the route to approval: categories span low to high risk, with guidance issued by international and regional bodies to support consistent classification.
Must Read: Strengthening Evidence for High-Risk Medical Devices
The EU’s Medical Device Regulation replaced earlier directives to tighten evidence and surveillance, extending scope, strengthening clinical study expectations for higher risk devices and reinforcing post-market duties. A transition from the previous directive has been prolonged, with deadlines extended by risk class to mitigate supply disruption. In the US, device classes link to premarket routes that include notification, de novo and premarket approval, alongside design controls, nonclinical testing and quality system obligations. Both jurisdictions require device listing and unique device identifiers, with efforts underway to improve international database interoperability.
DTx navigate the same device rules yet reimbursement remains country specific. Germany’s programme enables prescription of approved low-risk applications and coverage by insurers, while other European markets rely on emerging schemes or individual assessments. Evidence expectations for such national pathways can include proof of positive care effects, local applicability and economic analyses through health technology assessment. The United Kingdom has tailored assessment criteria for digital technologies, and France has introduced a fast-track route, while US payer coverage leans on clinical effectiveness, cost impact and coding availability.
Standards and Clinical Evidence for Market Access
Safe SaMD demands structured quality and risk management embedded from early development. International standards provide the backbone: risk management, quality management, software life cycle, cybersecurity activities and usability engineering guide development and documentation. European requirements reference these standards through general safety and performance obligations, while US rules align with comparable expectations for quality systems and good manufacturing practice.
Clinical evaluation is mandatory in both regions and persists across the product lifecycle. Manufacturers document valid clinical association between outputs and targeted conditions, verify technical performance such as accuracy and reliability and demonstrate clinical performance through appropriate measures consistent with intended use. Guidance details acceptable evidence sources, verification and validation methods and the role of curated data. Higher risk software may require prospective clinical investigations, and post-market studies support ongoing assessment, incident learning and potential reclassification if risk profiles change. When software runs on mobile platforms, regulators assess the software function rather than the device itself, so manufacturers should specify or justify platform equivalence within the clinical evaluation.
Digital Biomarkers, Trials and Data Protection
Biomarker qualification is voluntary but can streamline development decisions. In the US, tools can be qualified for device development, whereas European processes support qualification of digital methodologies for medicinal product development. Traditional biomarker categories apply, and digital biomarkers extend these through technology-enabled, often continuous measurement. Examples include image-based assessment of joint swelling, speech and gait metrics for neurological disease and smartphone-based eye tracking for mental fatigue. Despite promise of remote monitoring and personalised care, guidance for digital biomarker validation remains limited, and linking raw signals from wearables or apps to validated endpoints is resource intensive.
Digital elements are increasingly embedded in trials through electronic data capture, wearables, remote assessments and decentralised designs. Authorities have issued guidance on using real-world evidence to support device decisions and on ensuring data integrity when computerised systems underpin trial conduct. Pandemic-era flexibility catalysed decentralised approaches, with subsequent recommendations focusing on participant safety, rights and data reliability. Mixed trials that involve approved devices, investigational devices or both can trigger intersecting rules, creating complexity for investigators and ethics committees.
Data protection is integral to digital health. In Europe, the General Data Protection Regulation governs processing of sensitive health data, including obligations for organisations outside the EU handling EU residents’ data. In the US, HIPAA protections are narrower and historically have not covered all consumer wearable data. Developers must implement technical, organisational and physical safeguards and address cybersecurity expectations in line with international guidance and new statutory provisions. Ethical review remains attentive to equity, digital literacy and potential harm such as overuse.
Bringing SaMD, DTx and digital biomarkers to market requires careful alignment with risk-based pathways, robust adherence to software and quality standards and clinical evidence that matches intended use. Reimbursement for DTx is uneven and often contingent on local demonstrations of clinical and economic value. Biomarker qualification frameworks are advancing but offer limited specificity for digital measures, and decentralised research methods raise new operational and ethical considerations. As regulators work toward harmonisation and address AI-enabled functions, teams that plan early for classification, evidence generation, data protection and lifecycle monitoring will be better placed to deliver safe, effective and trustworthy digital health solutions.
Source: Health Informatics Journal
Image Credit: iStock
