[en] The present document addresses the topic of legal compliance of medical systems, that is, hardware and software devices medically used on people for clinical tests, diagnosis, study, and similar purposes, mainly with respect to EU law. The work briefly overviews the applicable laws and regulations and discusses the relevance on medical systems of concepts that General Data Protection Regulation (GDPR) covers in a wider scope, such as data protection and transparency. The document looks into the practical meaning of legal compliance in a medical system and in the software that defines its behavior. Granted that any lawfulness decision is a prerogative of the judicial authority, the document concludes by suggesting currently-available means, such as official conformity checks, standards, but also conformity guidelines during development, to build a reasonably compliant medical system, or to check for its conformity.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)