Certifying a medical wearable: where to start
Guide, medical wearable
A wearable with a medical purpose, a watch that detects an arrhythmia, a glucose-monitoring patch, a connected blood-pressure cuff, stacks an unusual number of certification regimes. It is at once a medical device, medical electrical equipment, a software product, radio equipment and a battery product, each with its own framework. This page is the overview map. It first sets the boundary between a medical device and a wellness product, then lists the compliance building blocks in the order they chain together, with a pointer to the detailed guide for each. The aim is not to explain everything here, but to give you the lay of the land and the sequence.
The first question: medical device or wellness?
Section titled “The first question: medical device or wellness?”Everything hinges on this boundary, and it is not decided at the sensor but at the level of the claimed intended purpose. Two physically identical watches can fall under different regimes depending on what the manufacturer says about them.
Article 2(1) of MDR (EU) 2017/745 defines a medical device by its medical purpose, diagnosis, prevention, monitoring, prediction, prognosis, treatment or alleviation of disease. If you claim one of these purposes, you are within the scope of the MDR. If you stay on general fitness tracking, you are outside it.
| Claim | Likely status | Consequence |
|---|---|---|
| Counts steps, estimates calories, tracks sleep | Wellness (lifestyle) | Outside MDR, but radio and battery still apply |
| Displays a heart rate for information only | Grey zone, must be documented | Depends on the exact wording of the instructions |
| Detects atrial fibrillation, alerts the user | Medical device | MDR, class IIa likely, notified body |
| Measures blood glucose to adjust insulin therapy | Higher-risk medical device | MDR, class IIb to III (up to class III for life-sustaining dosing decisions), reinforced file |
The decision is taken early and documented. A medical claim slipped into the marketing of a product designed as a wellness object exposes you to illegal placing on the market. Conversely, over-classifying a lifestyle product needlessly burdens the project. The MDR (EU) 2017/745 guide details qualification and classification.
MDR classification drives everything else
Section titled “MDR classification drives everything else”Once the medical-device status is established, the risk class governs the conformity assessment route, the need for a notified body and the depth of clinical evaluation. For a wearable, the software function is almost always the deciding factor through rule 11 of Annex VIII.
| Wearable profile | Typical MDR class | Notified body |
|---|---|---|
| Basic physiological information software with a medical purpose | IIa | Yes |
| Continuous monitoring whose failure could cause serious harm | IIb | Yes, design dossier examination possible |
| Device with no measuring function and no decision software | I (rare for a medical wearable) | No, except sub-categories Is, Im, Ir |
Plain class I is rare for a wearable with an active medical purpose, because the presence of decision software or a measuring function shifts it to IIa or above. The detail of the 22 rules sits in the MDR guide.
The harmonised technical standards to mobilise
Section titled “The harmonised technical standards to mobilise”CE marking under MDR rests on the general safety and performance requirements of Annex I. In practice you meet them through a bundle of harmonised standards, each addressing one aspect of the design. No single standard covers a wearable on its own, so the work consists of assembling the right set and showing, document by document, that every applicable clause has been addressed. For a wearable, the base layer is as follows.
Electrical safety and EMC
Section titled “Electrical safety and EMC”The standard IEC 60601-1 covers basic safety and essential performance of medical electrical equipment. Its collateral standard IEC 60601-1-2 deals with electromagnetic compatibility, a sensitive point for a device worn in a home environment saturated with emitters. Usability runs through IEC 60601-1-6 coupled with IEC 62366-1. The IEC 60601-1 medical electrical safety guide goes into the tests and particular standards.
Software and risk
Section titled “Software and risk”The life cycle of embedded and application software follows IEC 62304, which requires a safety classification (A, B or C) and proportionate activities. Cross-cutting risk management follows ISO 14971, the backbone of the file, which links each identified hazard to a control measure and a verification. See the ISO 14971 risk management guide.
| Building block | Main standard | What it requires |
|---|---|---|
| Electrical safety | IEC 60601-1 | Basic safety and essential performance tests |
| EMC | IEC 60601-1-2 | Immunity and emissions in a home healthcare environment |
| Usability | IEC 60601-1-6 and IEC 62366-1 | User-centred design, use errors |
| Software | IEC 62304 | Safety class, life cycle, defect management |
| Risk | ISO 14971 | Analysis, control and acceptability of residual risk |
| Quality system | ISO 13485 | Quality management dedicated to medical devices |
The radio layer, distinct from the medical regime
Section titled “The radio layer, distinct from the medical regime”Almost every wearable communicates wirelessly, most often over Bluetooth Low Energy, sometimes adding a cellular or LPWAN link for direct connectivity. This radio layer has its own regime that stacks with the MDR, it does not replace it. A common mistake is to assume that medical conformity somehow absorbs the radio requirements, when in fact a wearable that is fully MDR compliant can still be barred from sale for missing a radio approval. Each of the three sub-layers below is assessed and documented on its own track.
Spectrum compliance
Section titled “Spectrum compliance”In Europe the directive RED (EU) 2014/53 applies, with the standard EN 300 328 for the 2.4 GHz band. In the US, authorisation falls under FCC Part 15 with an FCC ID. The RED checklist guide and the FCC ID, grantee and TCB guide cover these two routes.
Human exposure, SAR
Section titled “Human exposure, SAR”A device worn against the body triggers a radiofrequency exposure assessment, the SAR. Measurement follows IEC 62209 and the European exposure recommendation. See the SAR procedures IEC 62209 and EN 50360 guide.
Bluetooth SIG qualification
Section titled “Bluetooth SIG qualification”Independently of regulatory compliance, use of the Bluetooth mark requires qualification with the Bluetooth SIG. It is an interoperability certification, not a market authorisation. See the Bluetooth SIG qualification guide.
The US market, FDA and cybersecurity
Section titled “The US market, FDA and cybersecurity”Selling in the United States adds a whole regime. The most common route for a medical wearable is the FDA 510(k) premarket notification, which demonstrates substantial equivalence to a legally marketed predicate device. With no predicate, the De Novo route applies, and higher-risk devices fall under PMA. The FDA 510(k), De Novo and PMA guide details these routes.
Since 2023, the FDA has required a cybersecurity section in the premarket submission under section 524B of the FD&C Act, applicable to connected devices. On the EU side, cybersecurity sits in Annex I section 17.2 of the MDR, elaborated by guidance MDCG 2019-16. The Cyber Resilience Act (EU) 2024/2847 explicitly excludes medical devices covered by the MDR to avoid a double regime, but it does not reduce the MDR requirements at all. The Cyber Resilience Act (CRA) guide sets out this scope.
The battery, an independent regime
Section titled “The battery, an independent regime”A wearable's lithium-ion pack falls under two requirements that do not depend on the medical status. Cell and pack safety follows IEC 62133-2, and air and sea transport falls under the UN Manual of Tests and Criteria section UN 38.3. For the European market, Regulation Battery Regulation (EU) 2023/1542 adds obligations on marking, recycled content and, where applicable, end-user removability. See the battery safety and transport guide.
The compliance checklist, overview
Section titled “The compliance checklist, overview”The sequence below lists the building blocks in a realistic order of work. It is not strictly linear, several streams run in parallel, but MDR qualification governs everything.
- Qualify the product, medical device or wellness, and freeze the claim.
- Classify the device under Annex VIII of the MDR and choose the conformity route.
- Launch ISO 14971 risk management and the ISO 13485 quality system.
- Frame the IEC 62304 software life cycle and its safety class.
- Plan IEC 60601-1 safety testing and IEC 60601-1-2 EMC.
- Document IEC 62366-1 usability.
- Freeze the radio hardware, then launch RED or FCC and SAR.
- Engage Bluetooth SIG qualification if the mark is used.
- Handle the battery, IEC 62133-2, UN 38.3, EU battery regulation.
- Integrate cybersecurity, MDCG 2019-16 for the EU, section 524B for the FDA.
- Compile the technical file, see the dedicated file-contents guide.
- Notified-body audit (EU) then 510(k) submission (US).
| Market | Final document | Regime |
|---|---|---|
| European Union | EU declaration of conformity, CE marking | MDR plus RED plus battery |
| United States | FDA clearance letter, FCC ID | 510(k) or De Novo plus FCC Part 15 |
| Interoperability | Qualified Design ID | Bluetooth SIG |
The EU declaration of conformity guide and the technical documentation file contents guide close the documentary loop.
Common pitfalls
Section titled “Common pitfalls”| Pitfall | Consequence | Countermeasure |
|---|---|---|
| Medical claim in the marketing of a product designed as wellness | Illegal placing on the market under MDR | Align design, instructions and marketing from the start |
| Software class set too low through an optimistic reading of rule 11 | Rejection during audit, route change | Document the classification with an MDCG rationale |
| Believing Bluetooth SIG qualification equals regulatory compliance | Product non-compliant with RED or FCC | Treat the three radio layers separately |
| Forgetting SAR for a device worn against the body | Human-exposure non-compliance | Plan the SAR measurement as soon as the radio is frozen |
| Assuming the CRA replaces the MDR cyber requirements | Incomplete cyber file | Apply MDCG 2019-16, the CRA excludes MDR medical devices |
| Treating the battery as a mere component | Transport or market refusal | Require IEC 62133-2 and UN 38.3 from the pack supplier |
Further reading
Section titled “Further reading”- MDR (EU) 2017/745, medical devices
- IEC 60601-1, medical electrical safety
- ISO 14971 risk management
- FDA 510(k), De Novo and PMA
- SAR procedures IEC 62209 and EN 50360
- Where to start with certification
Sources and references
Section titled “Sources and references”Sources & references
- Regulation (EU) 2017/745 on medical devices (MDR) , EUR-Lex eur-lex.europa.eu/eli/reg/2017/745/oj
- IEC 60601-1, medical electrical equipment, general requirements for basic safety , IEC webstore.iec.ch/publication/2612
- IEC 62304, medical device software, software life cycle processes , IEC webstore.iec.ch/publication/22794
- ISO 14971, application of risk management to medical devices , ISO www.iso.org/standard/72704.html
- FDA, Premarket Notification 510(k) , FDA www.fda.gov/medical-devices/premarket-submissions-selecting-and-preparing-correct-submission/premarket-notification-510k
- RED Directive (EU) 2014/53 on radio equipment , EUR-Lex eur-lex.europa.eu/eli/dir/2014/53/oj
- MDCG 2019-16, guidance on cybersecurity for medical devices , European Commission health.ec.europa.eu/medical-devices-sector/new-regulations/guidance-mdcg-endorsed-documents-and-other-guidance_en
Frequently asked questions
- Is my connected wristband a medical device or a wellness product?
- The boundary depends on the intended purpose claimed by the manufacturer, not on the sensor. If you claim diagnosis, monitoring, prediction or treatment of a disease (for example detecting atrial fibrillation), the product falls under MDR (EU) 2017/745 and is a medical device. If you stay within general fitness tracking (steps, sleep, calories) with no medical claim, it is a wellness product outside MDR. Labelling, the instructions for use and marketing make the decision. See the MDR guide for qualification.
- Which MDR class applies to a medical wearable?
- Most often class IIa, sometimes IIb. The software function that provides information for a diagnostic or therapeutic purpose is classified by rule 11 of Annex VIII of the MDR, which raises the class quickly once a clinical decision is at stake. A wearable performing continuous physiological monitoring typically lands in IIa, and a device whose failure could cause a serious deterioration in health may reach IIb. Self-declared class I is rare for a wearable with an active medical purpose.
- Do I need IEC 60601-1 for a battery-powered worn device?
- Yes, if the wearable is medical electrical equipment within the meaning of the standard, that is, electrical equipment in contact with the patient intended for diagnosis, treatment or monitoring. Internal battery power does not exempt you from compliance, it only changes which tests apply (for example the clauses on internally powered equipment). Electromagnetic compatibility is covered by the collateral standard IEC 60601-1-2, and usability by IEC 60601-1-6 together with IEC 62366-1.
- What is the difference between medical CE marking and FDA 510(k)?
- CE marking under MDR is a declaratory regime with a notified body involved from class IIa upward, based on general safety and performance requirements and a conformity assessment. The US 510(k) is a submission to the FDA that demonstrates substantial equivalence to a legally marketed predicate device. The two regimes are distinct, a device sold in the EU and the US must satisfy both. See the FDA 510(k), De Novo and PMA guide.
- Which radio certifications apply to a wearable's Bluetooth link?
- Three distinct layers. Spectrum compliance, RED (EU) 2014/53 in Europe with EN 300 328, and FCC Part 15 authorisation in the US with an FCC ID. Human exposure, the SAR assessment under IEC 62209 and the European recommendation, which applies to a device worn close to the body. And Bluetooth SIG qualification, separate from regulatory compliance, mandatory to use the Bluetooth mark. These three requirements stack and do not substitute for one another.
- Does cybersecurity apply, and under which regime?
- For a medical device under MDR, the cybersecurity requirements sit in Annex I section 17.2 of the MDR, elaborated by guidance MDCG 2019-16. The Cyber Resilience Act (EU) 2024/2847 explicitly excludes medical devices covered by the MDR to avoid a double regime. In the US, the FDA has required a premarket cybersecurity section since 2023 (section 524B of the FD&C Act) in the submission. Cyber risk management is folded into the ISO 14971 file.
- Does the battery need separate certification?
- Yes, two strands. Cell and pack safety to IEC 62133-2 for lithium-ion elements, and transport to the UN Manual of Tests and Criteria section 38.3. For the EU market, add Regulation (EU) 2023/1542 on batteries (marking, recycled content, end-user removability where applicable). These requirements are independent of the medical-device status and apply in addition.
- In what order should these certifications be tackled?
- Start with MDR qualification and classification, because they govern everything else. Run ISO 14971 risk management and the IEC 62304 software life cycle in parallel, since they feed the file. IEC 60601-1 safety testing and IEC 60601-1-2 EMC follow on a representative prototype. Radio compliance (RED or FCC) and SAR are planned as soon as the radio hardware is frozen. Reserve the notified-body audit and the FDA submission for the end, on a complete file.