Ten modules for the hardest judgement calls in DMHT classification
Built for working advisors. Each module covers a problem the MHRA guidance does not resolve cleanly on the page, with structured exercises to practise the underlying judgement.
- Module 1Foundational30 to 45 min
The Medical Purpose Battlefield
The boundary between a wellbeing tool and a medical device, why it can be difficult to draw, and a two-step test that weighs both what a product does and what it claims.
Advisors struggle with: Some products perform clinical functions but are marketed as wellness; others claim clinical benefit they cannot support. This module gives advisors a two-step test for medical purpose that covers both.
Open module → - Module 2Intermediate30 to 45 min
Functionality Forensics
Operationalising the “easily verifiable” test, separating configurable from adaptive logic, and seeing through multi-week lookback windows that look more sophisticated than they are.
Advisors struggle with: Distinguishing Category D from Category F, especially for rule-based algorithms.
Open module → - Module 3Advanced60 to 90 min
SaMD Classification Rules: UK MDR, EU MDR, and How to Apply Them to DMHT
How to determine the risk class of a DMHT product once SaMD status is confirmed. The UK MDR 2002 framework (Rule 9, Rule 10, Rule 12 carried forward from the EU MDD), the EU MDR 2017/745 Rule 11 three-step severity test, MDCG 2019-11, and the practical Class IIb / Class III boundary in a digital mental health context.
Advisors struggle with: Applying the wrong rule for the market; conflating the UK MDR direct-diagnosis analysis with the EU MDR Rule 11 severity test; defaulting every SaMD to Class IIa; or treating disclaimers and clinician-in-the-loop arrangements as classification reductions when they are not.
Open module → - Module 4Intermediate45 to 60 min
The Multi-Modular Minefield
Before asking what class a product is, ask how it should be structured for regulation. Getting this wrong can turn Class IIa into Class III, a 9-month timeline into 30, and a manageable technical file into an unmanageable one.
Advisors struggle with: When to separate modules for regulation versus bundle them as one device.
Open module → - Module 5Foundational30 to 45 min
The Competitor Audit
When a client says "but Company X does this and they are not regulated," they are making a category error. They are confusing being on the market with being compliant. These are not the same thing. This module gives you the knowledge, the ethical framework, and the practical tools to handle that conversation correctly every time.
Advisors struggle with: Clients say “but X company does this and they're not regulated”. How should advisors respond?
Open module → - Module 6Advanced60 to 90 min
ISO 13485 — The Quality Management System Behind the Technical File
What ISO 13485 actually is, why it is the critical path item for any Class IIa+ DMHT product, the clauses most relevant to SaMD, how it interacts with ISO 14971 and DCB0129, and what a minimum viable QMS looks like for a small DMHT manufacturer.
Advisors struggle with: ISO 13485 is treated as a documentation task to complete before Approved Body submission, when in fact it is an operational system that must be running six to twelve months beforehand and underpins the defensibility of every other regulatory output.
Open module → - Module 7Advanced90 to 120 min
ISO 14971:2019 — Risk Management for Medical Devices
A self-study walkthrough of ISO 14971:2019 for digital mental-health products: planning, hazard identification, controls, and the risk management report — all illustrated through Kova, a fictional NHS IAPT waiting-list AI companion.
Advisors struggle with: Translating ISO 14971 into a defensible risk management file for a DMHT product, including the clinical hazards a technical team will not find on its own.
Open module → - Module 8Advanced90 to 120 min
AAMI TIR34971 — Risk Management for AI and ML in Medical Devices
An ML-aware companion to the ISO 14971 module: training-data documentation, subgroup validation, drift monitoring, explainability, predetermined change control and human oversight — illustrated through Kova, a conversational AI on the NHS IAPT waiting list.
Advisors struggle with: Extending an ISO 14971 risk file cleanly to AI/ML — bias, subgroup performance, drift, opacity, change control and human oversight — without hand-waving.
Open module → - Module 9Intermediate45 to 60 min
NHS DTAC — the procurement gate, not a regulatory approval
What the Digital Technology Assessment Criteria actually are, the five domains, what an NHS reviewer is looking for in the C1 clinical safety pack, common failure modes, and how DTAC sits alongside (not instead of) UKCA classification.
Advisors struggle with: Suppliers and advisors routinely treat DTAC as a certification or as a substitute for MHRA clearance. It is neither. It is a locally-administered procurement gate, and the clinical safety domain is where most DMHT packs fail.
Open module → - Module 10Advanced60 to 90 min
Likelihood, Severity and the Risk Matrix Problem
Risk matrices under-specify likelihood by treating it as a single score, which fails for DMHT's sociotechnical harm pathways. The problem is structural across standards. Decomposing likelihood into exposure, conversion and control effectiveness keeps your ratings defensible and your hazard library clean.
Advisors struggle with: CSOs score likelihood confidently in the matrix but cannot articulate what they are actually estimating, or explain to a reviewer why the residual score is lower than the initial one.
Open module →
These modules are educational. They do not constitute formal regulatory or legal advice. Always verify against current MHRA publications.
