In the latest installment of our BrightInsight Digital Health C-Suite Series, we spoke with Cooley Partner Elisabethann Wright, who brings 40 years of experience to bear on the European Union’s regulatory landscape. We discussed recent changes in pharmaceutical, medical device and AI regulation, best practices for compliance in an ever-changing regulatory environment and her prediction for the biggest trend in digital health this year. Watch the discussion below, or read on for a recap.
The first step on the regulatory pathway is determining what type of product is involved—pharmaceutical, medical device, lab, food or cosmetic? “We have to start with, ‘What is the product?’, because these are such highly regulated areas in the EU. So we start with determining the product, then determining how to get it to market, what regulations must be followed.” The next step is conducting clinical trials, interacting with regulatory authorities and notified bodies, to obtain CE Mark certification for medical devices or authorization for a pharmaceutical product.
“And then after authorization, how to promote it, how to market it. In the EU, it's an offense to promote a prescription-only medicinal product to a non-healthcare professional, which, for many of our clients who promote outside the EU, is a challenge.”
A raft of new, intersecting regulations are coming into play in the EU. One, concerning pharmaceutical clinical trials, took effect Jan. 31, 2023. The new requirements change a relatively simple process to one with much more sophisticated obligations, including a central authorization as the first step.
“A single reference member state will review the application, concerned member states will then review it. You will get a single first authorization for the procedural parts.” Then each national member state grants individual authorization. “So you start with a global authorization, which we've never had before, which should be helpful, but it is not at all what people are used to in clinical trials.”
On the medical device side, the legislation has completely changed in the last two years. Newly revised proposals published in January would extend the transitional provisions in both medical device legislation and in vitro diagnostics. And on the digital health side, new AI regulation is on the horizon—but not just for medical devices using the technology, in much the same way that electromagnetic compatibility legislation standardized that field. “The intention is to administer, generally, AI. Not just for medical devices, but AI in general.”
There are concerns that there will be conflicts between the AI legislation and the medical device legislation. For example, consider a company developing an AI technology platform. Is it a medical device? Is it a partial medical device, or are medical devices installed on the platform? Whatever the configuration, the relevant regulations need to be followed. But what rules? Under the medical device legislation, it’s been very clear for quite a number of years that AI software as a stand-alone medical device must be governed by the medical device legislation. Now there’s an additional layer of obligations from the AI legislation. For entrepreneurs in the digital health, pharma and medical device spaces—whose innovation are outpacing regulators—it’s a classic chicken-and-egg conundrum.
The solution for navigating potentially conflicting requirements is to document the process. “If you're developing a product, and the legislation is not necessarily keeping up with you, if you decide to pursue a particular route, document it. That way, if in the future someone says, ‘Well, why did you do it that way?’, you can say, ‘These are the standards. This is what we followed.’” That means a quality management system is mandatory. “You've got to document what your quality management system is. You've got to demonstrate how you got to where you were.”
For example, the new clinical trials legislation, first adopted in 2014 but only in effect as of January 2023, involved “trans-legislation” designed to bridge the gap between the old and new regulatory structures. The trans-legislation allows trial sponsors to ask patients to allow them to use their data in the future. But the General Data Protection Regulation (GDPR) adopted in 2016 specifically excludes that possibility. “GDPR entered into force before the clinical trials regulation came into force, so we now have potential conflicts of laws. You need to address that. If you don't address it, you could undermine the results of your clinical trial. Nobody wants that.”
Take a continuous glucose monitor as another example, in which the monitor “talks” to the insulin pump via a third-party AI platform. The continuous glucose monitor is a medical device. The insulin pump is a drug delivery system, governed largely by the pharma rules. The third-party AI developer and the device manufacturer need to agree on what they're talking about, what each is bringing to the table and set the expectations in writing in some detail. That includes—in the misfortune that something goes wrong—detailing how to determine what goes wrong.
“Having a good, robust structure in place demonstrates protection of the patient, protection of the products, shows the authorities you know what you're doing and then of course helps with any liability that may arise.”
Looking ahead to 2023, two dominant trends appear: increasing integration and communication between medical devices and pharma, as well as software as a diagnostic—which until recently was not a specifically legislated product category in the EU. “Companion diagnostics bring so much to the treatment of patients. Personally, I'm very fond of this area, and it is important that those who are developing these companion diagnostics follow the rules. You’ve got to get it right. You have a patient's life here and you risk serious consequences if you don't.”
You can find all of the videos from our C-Suite Series on our YouTube Channel.