SaMD Curious? Preparing to Become a Regulated Digital Health Product in the UK
Posted on
8foldGovernance supports businesses to accelerate MedTech, Digital Health or Medical Service compliance, ensuring both product and business quality. The team join a host of subject matter experts as part of the RADIANT CERSI DigitalHealth.London Innovator Support programme, leading informative webinars on key topics including defining Software as Medical Device and AI as Medical Device, Quality Management and Post-market Surveillance.
In this guest blog, 8foldGovernance provides an introduction to Software as a Medical Device (SaMD), highlighting how regulatory alignment can elevate a digital health product’s credibility – particularly when engaging with the NHS and UK healthcare markets. We also hear from DigitalHealth.London Accelerator companies who have worked with 8foldGovernance, TORTUS and Neu Health. The innovators share first-hand experiences of how embracing regulation has supported engagement, spread and adoption.
The healthcare industry is increasingly utilising specialist software. The recent 10-Year Health Plan for England reflected this, pointing to ambitions to create a new ‘innovator passport‘ by 2026. This would potentially mean that once a specialist software has been robustly tested by one NHS trust, no further assessments would be required for spread and adoption across the system. A key component of this will be understanding and preparing for regulatory compliance.
As software functionality expands, particularly with the integration of AI solutions, your product may meet the definition of Software as a Medical Device (SaMD). While this can broaden your product’s appeal, it also introduces a higher level of regulatory scrutiny.
In this blog, 8Fold Governance, healthcare compliance experts who kicked off the RADIANT-CERSI DigitalHealth.London Innovator Support programme outlines the key considerations for digital health innovators looking to transition to Software as a Medical Device (SaMD), as well as some of the advantages of taking the regulated path to access opportunities in the NHS.
What is Software as a Medical Device (SaMD)?
A medical device is any device, including software, intended for human medical use that is defined by its intended purpose to treat, diagnose or monitor medical issues, support the human body, or help patients regain independence. SaMD specifically refers to software designed to perform medical functions independently of a physical device (e.g. running on a desktop computer, laptop, tablet or smartphone).
The Medicines and Healthcare products Regulatory Agency (MHRA), the UK’s regulator, includes software applications used for diagnosing, preventing, monitoring, or treating diseases within the scope of SaMD. The intended purpose is crucial in determining if software qualifies as a medical device, as it dictates the level of risk, classification, and regulatory requirements.
In the UK, SaMDs are categorised into three classifications based on function and risk:
- Class IIb (Highest Risk): Devices controlling hazardous energy delivery or monitoring other active devices (e.g., pacemakers, insulin pumps).
- Class IIa (Medium Risk): Devices providing diagnostic information or controlling pharmaceutical delivery.
- Class I (Low Risk): SaMD that does not fit into the other categories
Ongoing activities for regulated SaMDs include routine internal and external audits to ensure conformity with standards, and post-market surveillance to monitor product effectiveness and safety after it’s in use, including reviewing feedback and reporting hazardous incidents to authorities.
Is AI considered a Software as a Medical Device (SaMD) in the UK?
Many AI products are considered medical devices if their intended purpose aligns with the definition of a medical device, such as diagnosing, preventing, monitoring, or treating diseases. The increasing ease of implementing AI-based solutions means that more software products may fit the definition of SaMD.
Ambient Voice Technologies (AVTs), also known as ‘digital scribes’ or ‘ambient scribes,’ are gaining significant interest in healthcare. Their functionality is evolving to integrate directly into electronic patient records, draft referral letters, or convert speech into other structured medical documentation. While earlier versions like traditional speech recognition, were not typically medical devices, the use of Generative AI for further processing, such as summarisation, means many AVTs now fall under the classification of a medical device.
A recent letter from Alec Price-Forbes, the NHS England Chief Clinical Information Officer (CCIO), emphasises that AVTs need to be compliant with medical device regulations as well as NHS-specific compliance requirements, which make up the NHS Digital Technology Assessment Criteria (DTAC), highlighting the regulatory focus on AI-powered health technologies.
At TORTUS we believe AI in healthcare will have a transformative effect on both clinician wellbeing and productivity and patient outcomes. Any such powerful technology however must be properly and safely implemented, to the highest possible standard, and that is core to how TORTUS approaches our work. We have run the largest clinical trials of AVT in Europe, built and published in Nature Digital Medicine the technical guardrail systems that enable such enterprise-level capability, and continue to push the state-of-the-art in clinical safety in this area. We were the first Class I medical device for this reason in the NHS, a full year before any other competitor, and we are on track to be the first to pass the much more rigorous Class II process as we expand capability once more. This is the TORTUS way – “as fast we can, as slow as we need
– Dr Dom Pimenta, CEO and Founder, TORTUS
How can you prepare to become SaMD in the UK market?
Before selling your product as a medical device, several crucial activities are necessary to ensure compliance with regulatory requirements in your target markets.
- Regulatory Strategy: Begin by thoroughly understanding the scope of work. A regulatory strategy helps you compile a list of relevant standards and regulations based on your product’s features, potential patient impact, and intended markets. This strategy will guide the structure of your quality management system (QMS) and technical documentation (Technical File). It’s also worth noting that organisations like the NHS already impose strict compliance requirements through the NHS DTAC to meet their minimum standards for use, even if a product isn’t yet a medical device. Compliance with the NHS DTAC should be considered as part of your overall compliance activities.
- Identifying Standards and Certification: Many international standards and technical documents pertain to medical devices and SaMD, some requiring external certification, while others may just need to be followed. Key standards include:
- ISO 13485 (Medical Device Quality Management Systems): This is foundational for your quality processes and procedures, covering product development and delivery, document management, competence and training, and quality assurance through objectives.
- ISO 14971 (Medical Device Risk Management): Outlines considerations for risk management, particularly concerning clinical and patient safety, and provides a framework for addressing these risks.
- IEC 62304 (Medical Device Software Lifecycle): Specifies requirements for structuring your software lifecycle, including verification and validation, usability, and risk management.
- ISO 27001 (Information Security Management): While not directly related to medical devices, you will be required to have a cybersecurity framework in place to protect the integrity of your product, and ISO 27001 is a great way to structure that as part of a wider management system.
- Clinical Safety: Products are assessed to ensure clinical safety measures are in place and that organisations undertake clinical risk management activities. This includes compliance with standards like DCB0129 for manufacturers.
- Data Protection: Products are assessed to ensure data protection and privacy by design, protecting individual rights. This involves compliance with UK GDPR and completing the Data Security and Protection Toolkit (DSPT).
- Technical Security: Products are assessed for security and stability, including cybersecurity measures like Cyber Essentials certification and penetration testing.
- Interoperability: Products are assessed to ensure data is communicated accurately and quickly while remaining safe and secure, supporting integration with existing NHS infrastructure.
You can find more information about the NHS DTAC on the NHS Transformation Directorate website.
- Build Technical Documentation: To sell SaMD in various territories, you will need to produce a Technical File. This structured set of documents, which varies by country, details your software’s technical aspects, including testing plans and results, usability evaluation, and clinical and technical functions.
- Training: Achieving compliance and certification goes beyond documentation. All personnel involved with the product must be familiar with your QMS and their roles within it. ISO 13485 also imposes requirements on production and preservation processes, including managing supplier risks, maintaining product records for identification and recall, and general awareness of the company’s quality policy.
Advantages of being a Regulated Product in the UK Market and the NHS
Becoming a regulated digital health product brings an increased level of clinical and regulatory rigour.
As part of the Clinical Evaluation process, all medical devices should undertake a review of peer-reviewed materials and sometimes have to conduct clinical studies or clinical trials before the product can be placed on the market, based on their risk classification. This helps to inspire confidence from healthcare professionals in the efficacy of the device and its potential impact.
Furthermore, the National Institute for Health and Care Excellence (NICE) recently welcomed the inclusion of measures for equal treatment of medicines and health technologies. This significant announcement brings benefits to regulated innovators through the potential for reimbursement channels. This has the potential to support market access, indicating a more structured pathway for health technologies, including SaMD, to be evaluated and adopted within the NHS.
People living with neurodegenerative conditions deserve the highest quality of care and access to solutions they and their families can trust. Neu Health has achieved DSPT, DTAC, DCB0129, ISO 13485 and Cyber Essentials. We are also an MHRA-registered, UKCA-marked medical device in the UK, and FDA-recognised in the US. These achievements provide the credibility and assurance needed for safe adoption across the NHS and lasting impact.
– Lorna Sharpe, Director of Business Operations, Neu Health
Summary
The regulatory landscape for Software as a Medical Device in the UK, particularly with the rise of AI-driven solutions like Ambient Voice Technologies, is a complex but crucial endeavour for digital health innovators. By understanding the definition of SaMD, acknowledging the regulatory considerations for AI, diligently preparing for compliance through strategic planning, adherence to key standards and frameworks like ISO 13485 and the NHS DTAC, and robust technical documentation, companies can confidently bring their innovations to market.
This not only ensures product safety and efficacy but also unlocks significant advantages within the UK healthcare system, fostering trust among healthcare professionals and facilitating broader adoption in the NHS.
By working in partnership with Radiant-CERSI and DigitalHealth.London, we hope to make vital resources available to innovators about SaMD and AI-Medical Devices, elevating not only the safety of digital health solutions but also bringing improved outcomes across the NHS.
If you’re building a cutting-edge solution for healthcare and need help navigating the NHS and international landscape of compliance and regulations, get in touch with 8foldGovernance.
The RADIANT-CERSI DigitalHealth.London Innovator Support programme is designed to improve understanding of the regulatory landscape and compliance process for Software as a Medical Device (SaMD) and Artificial Intelligence as a Medical Device (AIaMD), with the goal of supporting valuable UK medical innovations to reach the market safely and efficiently.
The DigitalHealth.London RADIANT-CERSI Innovator Support programme is delivered by DigitalHealth.London and the Health Innovation Network South London, in partnership with RADIANT-CERSI and experts in regulation.
RADIANT-CERSI is one of seven Centre of Excellence in Regulatory Science and Innovation (CERSI) in Transformative Digital Health and AI across the UK. It is funded by Innovate UK, in partnership with the Medical Research Council, the Medicines and Healthcare Products Regulatory Agency (MHRA) and the Office for Life Sciences (OLS).
Related content
Canada: regional profile for digital health innovators
Throughout 2025 and 2026, the Health Innovation Network (HIN) South London and its DigitalHealth.London programmes will be supporting innovators considering international expansion.
AI in Health Summit
This two-day conference brings together the sharpest minds in healthcare – frontline clinicians, digital health pioneers, system leaders, and innovators – for an experience that’s anything but ordinary.
Future of Health Europe
Join Economist Impact for the second annual Future of Health Europe summit, with insights on strategies for building resilient, future-proofed health systems.
