0 of 16 completed
0%
1
Foundation: the regulatory architecture
Read in order. These establish the legal and conceptual framework everything else depends on.
UK MDR 2002 (SI 2002 No 618) — Part II and Annex IX classification rules
The primary legislation. Focus on the general provisions and the Annex IX classification rules, specifically Rule 10a (active diagnostic software), Rule 11, and Rule 12. You do not need every article.
Key question: what makes something a medical device under UK law, and which classification rules apply specifically to software?
MHRA DMHT guidance v1.2 (July 2025)
The most important document for your practice. Read it cover to cover at least once. The two-gate qualification test, the functionality categories A through G, and the worked examples are the core. This is what you apply to every client product.
Key question: which A-G functionality category does a given product fall into, and does it meet gate one (intended to influence clinical management) and gate two (SaMD under UK MDR)?
MHRA software borderline and classification guidance
Broader than DMHT. Covers all software classification, including products on the borderline between wellness and SaMD. The worked examples are essential reading for developing classification judgement.
Key question: where is the line between a wellness app and a SaMD, and what specific claims or functions push a product across it?
IMDRF SaMD N12: definition and framework
Short (17 pages) and foundational. The IMDRF 3x3 risk matrix classifies SaMD by state of healthcare situation and significance of information provided. Referenced in UK guidance and used by Approved Bodies globally.
Key question: how does the IMDRF 3x3 matrix map onto UK MDR classification, and where do they diverge?
2
Clinical safety standards
Your core professional territory. Consolidate and formalise what you already know.
DCB0129 standard and implementation guidance
The mandatory NHS clinical risk management standard for manufacturers. Read the standard itself and the implementation guidance. The hazard log, CRMP, and CSCR structure flows directly from this document.
Key question: what are the mandatory deliverables, what does the CSO specifically sign off, and what constitutes an acceptable residual risk?
ISO 14971:2019 — risk management for medical devices
The international standard underlying both DCB0129 and the MHRA technical file requirements. Understand the full risk management process: hazard identification, risk estimation, risk evaluation, controls, and residual risk. The standard requires purchase but extensive free guidance exists.
Key question: how does ALARP apply in practice, and what is the distinction between risk estimation, risk evaluation, and risk control?
BS AAMI 34971 — ISO 14971 applied to machine learning
Essential for any AI or ML product. Extends ISO 14971 to cover ML-specific risks: data drift, model failure modes, opacity of decision-making. Directly relevant to AI chatbot and DMHT products across your client base.
Key question: how do you identify and document foreseeable failure modes in an AI model that you cannot fully inspect?
3
Clinical evidence and conformity assessment
For Class IIa and above. This is where your current gaps are most consequential.
UK MDR 2002 Annex X and Schedule 2A — clinical evidence requirements
The legal basis for what clinical evidence is required and what forms it can take. Schedule 2A modifies Annex X for the UK post-Brexit context. Understand the distinction between clinical evidence and clinical investigation.
Key question: when is a prospective clinical investigation required, and when is literature-based clinical evaluation sufficient?
MEDDEV 2.7/1 rev 4 — clinical evaluation guidance
The EU guidance that UK practice closely follows for clinical evaluation reports. Defines the CER structure, equivalence assessment, and what state-of-the-art assessment means in practice. Not UK law but accepted by UK Approved Bodies.
Key question: what are the specific requirements for demonstrating equivalence, and how do you structure a CER for a novel SaMD with no direct comparator?
MHRA conformity assessment and UKCA mark guidance
Explains which conformity assessment route applies to each device class, how UK Approved Bodies work, and the UKCA marking process. Essential for advising clients on timeline and cost.
Key question: what does an Approved Body actually review at each class, and what triggers a full QMS audit versus a design dossier examination?
NHS DTAC framework documentation
The procurement-facing framework that wraps DCB0129 plus data protection, cybersecurity, and interoperability. Understanding how DTAC relates to MHRA classification is essential for advising clients on the full pathway to NHS deployment.
Key question: what is the relationship between DTAC, DCB0129, and MHRA SaMD classification: which is required for what, and in what order?
4
AI, children's code, and emerging regulation
Directly relevant to your DMHT client base and proprietary frameworks.
EU AI Act — Annex III and Article 6 (high-risk AI systems)
Not UK law but increasingly referenced by clients and Approved Bodies. AI systems intended to influence clinical decisions in health fall under high-risk classification. The overlap with SaMD regulation is directly relevant to AI chatbot and DMHT products.
Key question: which AI systems in digital mental health fall under EU AI Act high-risk classification, and how does this interact with CE and UKCA marking obligations?
ICO Age Appropriate Design Code (Children's Code)
Mandatory for any product likely to be accessed by under-18s. 15 standards covering data minimisation, profiling, and nudge techniques. Standard 13 on nudge techniques is the most significant for DMHT. Directly underpins the PERF framework.
Key question: which of the 15 standards create the highest risk exposure for a digital mental health product targeting or foreseeably accessed by children?
MHRA AI Airlock — DMHT pre-deployment assessment programme
The MHRA's voluntary pre-deployment assessment for AI-enabled digital mental health tools. Summer 2026 call. Understanding eligibility criteria and the assessment process is essential for supporting clients through this pathway.
Key question: what does the MHRA assess in the AI Airlock, and what documentation would a product need before applying?
MHRA recorded webinars — DMHT regulation series
Watching two or three MHRA webinars gives you a sense of how the regulator frames classification questions in practice, which differs from reading the guidance text. The gap between the written guidance and the regulator's live reasoning is where classification judgement lives.
Key question: what worked examples does the MHRA use to illustrate the SaMD boundary, and do any map onto your current client products?