Distribution of Medical Device Software via app stores

MDCG 2025-4 provides guidance on how medical device software (MDSW) apps should be safely offered on online platforms such as app stores. It clarifies responsibilities under the EU Medical Device Regulation (MDR), In Vitro Diagnostic Regulation (IVDR), and the Digital Services Act (DSA). The aim is to ensure that apps meet regulatory requirements and protect patient safety when distributed digitally.

Purpose

The document addresses the growing use of online platforms for healthcare apps and explains how MDR/IVDR obligations interact with DSA rules. It focuses on preventing unsafe or non-compliant apps from reaching users.

Key Definitions

• Placing on the market: When a manufacturer first introduces an app.
• Making available on the market: When an app remains accessible through a platform.

Roles of Online Platforms

Two main roles are defined:

1. Intermediary Service Provider (DSA)
   Platforms that only host apps without transferring ownership are intermediaries. They are not economic operators under MDR/IVDR but must:
   • Implement notice-and-action systems to remove illegal or unsafe apps.
   • Ensure transparency, allowing manufacturers to display compliance details.
   • For very large platforms (VLOPs), perform risk assessments and mitigation measures.
2. Distributor or Importer (MDR/IVDR)
   If a platform actively sells or transfers ownership of apps:
   • It becomes part of the MDR/IVDR supply chain.
   • Distributor duties: Verify CE marking, labeling, and compliance.
   • Importer duties: Apply when the manufacturer is outside the EU and the platform is EU-based.
   • Cooperate with authorities and maintain documentation.

Information Requirements

Apps must clearly show:

• CE marking and manufacturer details.
• Correct classification (medical device vs. wellness app). Platforms should make this information visible to users and verify its accuracy.

Why It Matters

This guidance closes gaps between MDR/IVDR and DSA for digital health apps. It helps manufacturers and platforms understand their obligations, avoid compliance risks, and ensure patient safety in an increasingly digital healthcare environment.