How MedRegChat Works
MedRegChat runs in two phases. Phase 1 is a structured Q&A that determines which EU regulations apply to your product. Phase 2 (optional) digs deeper into your intended use to generate a draft Instructions for Use (IFU) document — a legal requirement for CE marking under MDR.
MDR Medical Device Regulation (EU) 2017/745
Determines whether your product qualifies as a medical device and assigns a risk class. Applies to any device with a medical purpose, from bandages to implants to diagnostic software.
Decision path
- Is it a medical device? — Does it have a medical purpose: diagnosis, treatment, monitoring, or prevention of disease or injury?
- SaMD or physical device? — Software as a Medical Device (SaMD) that runs on its own follows a sub-path based on clinical significance and the severity of the condition it addresses.
- For physical devices — Is it invasive (enters the body surgically or through a natural opening) or non-invasive? Duration of use also affects the class.
- Classification result — Class I (lowest risk), IIa, IIb, or III (highest risk, requires Notified Body involvement for CE marking).
IVDR In Vitro Diagnostic Regulation (EU) 2017/746
Assessed separately from MDR. Applies if your product tests specimens taken from the human body — blood, urine, saliva, tissue — to obtain diagnostic or monitoring information.
Decision path
- Is it an IVD? — Does it analyse body specimens (in vitro = outside the body)?
- IVD type — Self-testing (e.g. home pregnancy test), companion diagnostic (guides therapy choice), blood/organ screening, transmissible-agent detection, or general lab-based IVD.
- Risk of incorrect result — What happens if the test gives a false positive or false negative? Low impact → Class A; life-threatening impact → Class D.
AI Act EU Artificial Intelligence Act (2024/1689)
The world's first comprehensive AI law. Determines whether your product uses AI or machine learning (ML) and assigns a risk tier, which drives transparency and conformity obligations.
Decision path
- Does it use AI/ML? — Machine learning, neural networks, or any system trained on data to make predictions. Simple rule-based logic (if/then) does not count.
- Primary use case — Clinical diagnosis, medical image analysis, or patient triage → automatically High risk. Administrative/workflow use → depends on patient data contact.
- Patient data contact — Administrative AI that interacts with patient data is Limited risk; administrative AI with no patient data is Minimal risk.
GDPR General Data Protection Regulation (EU) 2016/679
Applies whenever your product processes personal data — any information that can identify a living person, directly or indirectly. Health and biometric data are "special category" data with stricter rules.
Decision path
- Personal data? — Names, health records, diagnoses, biometric data (fingerprints, face scans), IP addresses, or device identifiers linked to a person.
- Your organisation's role — Do you decide why and how data is processed (Data Controller), or do you process data on instructions from another organisation (Data Processor), or both jointly (Joint Controller)?
IFU Deep-Dive Instructions for Use — MDR Annex I, Section 23
An optional second phase that collects the details needed to draft your Instructions for Use (IFU) — the document that must accompany every CE-marked medical device. The IFU describes the intended purpose and safe-use conditions. It is also the foundation for your clinical evaluation and predicate identification under MDR.
5 questions — what each one feeds into
- Specific indications — The exact medical conditions or clinical problems the device addresses. This becomes the "Indications for Use" section.
- Intended users — Healthcare Professional, Patient/Caregiver, Trained Technician, or multiple. Determines the required training and labelling language.
- Patient population — Demographics (age, sex), clinical criteria, and exclusion criteria. Required under MDR Article 10 and Annex I §23.4.
- Clinical setting — Hospital/Clinic, Home Use, Operating Room, Point-of-Care, or multiple. Affects safety requirements and post-market surveillance.
- Contraindications — Patient groups or situations where the device must NOT be used (e.g. pacemaker wearers, pregnant patients, latex allergy).
Abbreviations & Key Terms
| Term | Full name & meaning |
|---|---|
| MDR | Medical Device Regulation — EU Regulation 2017/745. The primary law governing medical devices placed on the EU market. Replaced the older MDD (Medical Device Directive) from 2021. |
| IVDR | In Vitro Diagnostic Regulation — EU Regulation 2017/746. Governs diagnostic products that test specimens (blood, urine, tissue) taken outside the body. Replaced the old IVDD (IVD Directive) from 2022. |
| IVD | In Vitro Diagnostic — Any reagent, instrument, or system used to examine a specimen derived from the human body for diagnostic or monitoring purposes. "In vitro" means "in glass" (outside the body). |
| SaMD | Software as a Medical Device — Software that performs a medical function on its own, without being embedded in physical hardware. An AI diagnostic app is SaMD; firmware inside a blood pressure monitor is not. |
| AI Act | EU Artificial Intelligence Act — Regulation (EU) 2024/1689. The world's first comprehensive AI law, using a risk-based approach: Minimal, Limited, High, and Unacceptable risk tiers. |
| ML | Machine Learning — A type of AI where a system learns patterns from data rather than following explicit rules. Includes neural networks, deep learning, and classical ML models. |
| GDPR | General Data Protection Regulation — EU Regulation 2016/679. Governs the collection, storage, and processing of personal data of EU residents. Health data is "special category" data requiring explicit consent and stricter safeguards. |
| IFU | Instructions for Use — The document accompanying a medical device that describes its intended purpose, how to use it safely, indications, contraindications, and warnings. Mandated by MDR Annex I, Section 23. |
| CE marking | Conformité Européenne — The mark showing a product meets EU safety, health, and environmental requirements. Required to legally sell medical devices in the EU/EEA. |
| Notified Body | An independent organisation designated by EU member states to audit and certify that higher-risk devices (Class IIa, IIb, III under MDR; Class B, C, D under IVDR) meet regulatory requirements before CE marking. |
| EUDAMED | European Database on Medical Devices — The EU's central database for registering devices, manufacturers, and clinical investigations under MDR/IVDR. |
| Clinical Evaluation | The systematic process a manufacturer uses to demonstrate that a device is safe and performs as intended, based on clinical data. Required for all CE-marked medical devices under MDR Annex XIV. |
| Predicate Device | An existing legally marketed device with a similar intended use, used as a reference point in a clinical evaluation to demonstrate equivalence. |
| MDD | Medical Device Directive (93/42/EEC) — The predecessor to MDR, now replaced. Devices certified under MDD required re-certification under MDR by September 2025 at the latest. |
| DPIA | Data Protection Impact Assessment — A GDPR requirement for processing activities that are likely to result in a high risk to individuals, such as large-scale health data processing. Data Controllers must conduct a DPIA before starting such processing. |
Each phase is independent. Phase 1 evaluates all four regulatory frameworks — your product may fall under one, several, or all of them. Phase 2 is optional and focused solely on drafting IFU content. The final PDF report consolidates everything.
Disclaimer: MedRegChat provides educational guidance only and does not constitute legal or regulatory advice. Always consult a qualified Regulatory Affairs specialist or Notified Body before making compliance decisions.
Start Assessment