New MDCG guidance clarifies rules for medical device software available on online platforms

On 16 June 2025, the MDCG published guidance MDCG 2025-4 on the safe making available of medical device software (MDSW) apps on online platforms. This guidance seeks to clarify the obligations of app platform providers and define their regulatory roles under the EU MDR and the IVDR as well as the DSA¹ with respect to MDSW.

This guidance is published amid the growing availability of health-related applications through app stores and digital marketplaces, raising concerns around safety, compliance with applicable legal requirements and transparency.

Key takeaways from MDCG 2025-4 include:

1. Distinct roles of app platform providers

The guidance distinguishes between the regulatory roles that app platform providers might fulfil based on the activities they undertake in the supply chain of MDSW. App platform providers may act as either:

• intermediary service providers, including as an online marketplace under the DSA, when they host third-party MDSW apps on their platform and allow consumers to conclude distance contracts with MDSW manufacturers, importers or distributors; or
• distributors or importers under the MDR/IVDR, in the following scenarios:
  • the MDSW is made available on an app platform and the app platform provider in turn makes that product directly available to users (as a distributor or importer) through transfer of ownership or any other right to the user;
  • the MDSW manufacturer is established in a third country and the app platform provider is established in the EU. In this scenario, the app platform provider assumes the role of an importer and is subject to the relevant requirements laid down in Article 13 of the MDR/IVDR; or
  • an app platform provider is making its own MDSW available to users/patients. In this scenario, the app platform provider fully qualifies as an economic operator in the distribution chain of that medical device.

In the former case, DSA obligations apply, such as notice-and-action mechanisms for illegal content, user transparency and online interface design that allows MDSW manufacturers/app developers to comply with their respective obligations under the MDR/IVDR (e.g., information requirements). In the latter, app platform providers must ensure compliance with MDR/IVDR requirements and cooperation with competent authorities.

2. Placing on the market vs. Making available of a MDSW

The guidance also clarifies that uploading of a MDSW app by a manufacturer qualifies as “placing on the market”, while the time during which the MDSW app is hosted and made available in the app platform corresponds to the “making available on the market”.

3. Product categorization

App platform providers are encouraged to clearly separate medical device apps/MDSW from lifestyle or wellness apps without an intended medical purpose. Only software that meets MDR/IVDR requirements—and for which key compliance information has been provided—should be listed under the medical device category.

4. Mandatory Information Requirements to be provided by MDSW economic operators to App Platforms

App platform providers must design their platforms in a way that enables MDSW manufacturers, distributors or importers to comply with their traceability and information obligations under the MDR/IVDR, by providing the following information on the app platform:²

• name, address and contact details of the economic operator;
• information necessary for the clear and unambiguous identification of the products offered on their platform;
• any sign identifying the trader such as the trademark, symbol or logo
• labelling/marking requirements applicable under the MDR/IVDR (e.g., name or trade name of the device; name, registered trade name or registered trademark of the manufacturer and the address of its registered place of business; and Single Registration Number (SRN); MD or IVD symbol or indication; Unique Device Identification number (UDI-DI); intended purpose, warnings, and precautions; link to eIFU; etc.)

5. App Platform Provider Responsibilities under the DSA

App platform providers must make best efforts to verify the information provided by MDSW manufacturers/distributors/importers before allowing them to offer their MDSW on their platforms,. They must also make reasonable efforts to check official online databases to verify if any listed MDSW has been flagged as illegal.³

Very Large Online Platforms, including designated app platform providers, must carry out annual risk assessments under the DSA to identify and analyse systemic risks linked to the functioning or use of their services—particularly risks related to the dissemination of illegal content, such as non-compliant MDSW—and take appropriate mitigation measures.⁴

Please contact our team if you have any questions.

Authored by Fabien Roy and Anastasia Vernikou.